Changeset 224609 in webkit


Ignore:
Timestamp:
Nov 8, 2017 4:46:33 PM (6 years ago)
Author:
Brent Fulgham
Message:

XMLHttpRequest should not treat file URLs as same origin
https://bugs.webkit.org/show_bug.cgi?id=178565
<rdar://problem/11115901>

Reviewed by Daniel Bates.

Source/WebCore:

Based on a Blink patch by <jannhorn@googlemail.com>.
https://chromium.googlesource.com/chromium/src/+/c362e001551abc2bea392773f32eaf043d8bc29f

Test: security/cannot-read-self-from-file.html

  • page/SecurityOrigin.cpp:

(WebCore::SecurityOrigin::passesFileCheck const): Do not treat file as same-origin.

LayoutTests:

  • security/cannot-read-self-from-file-expected.txt: Added.
  • security/cannot-read-self-from-file.html: Added.
  • security/resources/cannot-read-self-from-file.html: Added.
Location:
trunk
Files:
3 added
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/LayoutTests/ChangeLog

    r224606 r224609  
     12017-11-08  Brent Fulgham  <bfulgham@apple.com>
     2
     3        XMLHttpRequest should not treat file URLs as same origin
     4        https://bugs.webkit.org/show_bug.cgi?id=178565
     5        <rdar://problem/11115901>
     6
     7        Reviewed by Daniel Bates.
     8
     9        * security/cannot-read-self-from-file-expected.txt: Added.
     10        * security/cannot-read-self-from-file.html: Added.
     11        * security/resources/cannot-read-self-from-file.html: Added.
     12
    1132017-11-08  Joseph Pecoraro  <pecoraro@apple.com>
    214
  • trunk/Source/WebCore/ChangeLog

    r224607 r224609  
     12017-11-08  Brent Fulgham  <bfulgham@apple.com>
     2
     3        XMLHttpRequest should not treat file URLs as same origin
     4        https://bugs.webkit.org/show_bug.cgi?id=178565
     5        <rdar://problem/11115901>
     6
     7        Reviewed by Daniel Bates.
     8
     9        Based on a Blink patch by <jannhorn@googlemail.com>.
     10        https://chromium.googlesource.com/chromium/src/+/c362e001551abc2bea392773f32eaf043d8bc29f
     11
     12        Test: security/cannot-read-self-from-file.html
     13
     14        * page/SecurityOrigin.cpp:
     15        (WebCore::SecurityOrigin::passesFileCheck const): Do not treat file as same-origin.
     16
    1172017-11-08  Jeremy Jones  <jeremyj@apple.com>
    218
  • trunk/Source/WebCore/page/SecurityOrigin.cpp

    r224371 r224609  
    284284    ASSERT(isLocal() && other.isLocal());
    285285
    286     if (!m_enforceFilePathSeparation && !other.m_enforceFilePathSeparation)
    287         return true;
    288 
    289     return (m_filePath == other.m_filePath);
     286    return !m_enforceFilePathSeparation && !other.m_enforceFilePathSeparation;
    290287}
    291288
Note: See TracChangeset for help on using the changeset viewer.