Changeset 224609 in webkit
- Timestamp:
- Nov 8, 2017 4:46:33 PM (6 years ago)
- Location:
- trunk
- Files:
-
- 3 added
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r224606 r224609 1 2017-11-08 Brent Fulgham <bfulgham@apple.com> 2 3 XMLHttpRequest should not treat file URLs as same origin 4 https://bugs.webkit.org/show_bug.cgi?id=178565 5 <rdar://problem/11115901> 6 7 Reviewed by Daniel Bates. 8 9 * security/cannot-read-self-from-file-expected.txt: Added. 10 * security/cannot-read-self-from-file.html: Added. 11 * security/resources/cannot-read-self-from-file.html: Added. 12 1 13 2017-11-08 Joseph Pecoraro <pecoraro@apple.com> 2 14 -
trunk/Source/WebCore/ChangeLog
r224607 r224609 1 2017-11-08 Brent Fulgham <bfulgham@apple.com> 2 3 XMLHttpRequest should not treat file URLs as same origin 4 https://bugs.webkit.org/show_bug.cgi?id=178565 5 <rdar://problem/11115901> 6 7 Reviewed by Daniel Bates. 8 9 Based on a Blink patch by <jannhorn@googlemail.com>. 10 https://chromium.googlesource.com/chromium/src/+/c362e001551abc2bea392773f32eaf043d8bc29f 11 12 Test: security/cannot-read-self-from-file.html 13 14 * page/SecurityOrigin.cpp: 15 (WebCore::SecurityOrigin::passesFileCheck const): Do not treat file as same-origin. 16 1 17 2017-11-08 Jeremy Jones <jeremyj@apple.com> 2 18 -
trunk/Source/WebCore/page/SecurityOrigin.cpp
r224371 r224609 284 284 ASSERT(isLocal() && other.isLocal()); 285 285 286 if (!m_enforceFilePathSeparation && !other.m_enforceFilePathSeparation) 287 return true; 288 289 return (m_filePath == other.m_filePath); 286 return !m_enforceFilePathSeparation && !other.m_enforceFilePathSeparation; 290 287 } 291 288
Note: See TracChangeset
for help on using the changeset viewer.