Changeset 269960 in webkit
- Timestamp:
- Nov 18, 2020 8:39:21 AM (3 years ago)
- Location:
- trunk
- Files:
-
- 4 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebCore/ChangeLog
r269957 r269960 1 2020-11-18 Chris Dumez <cdumez@apple.com> 2 3 navigator.clipboard is not exposed on *.localhost pages 4 https://bugs.webkit.org/show_bug.cgi?id=219020 5 6 Reviewed by Wenson Hsieh. 7 8 Make sure that if the host falls within ".localhost", the security origin is treated as 9 potentially trustworthy, as per: 10 - https://w3c.github.io/webappsec-secure-contexts/#is-origin-trustworthy (Step 5). 11 12 This makes sure that API that are exposed only to secure context (such as navigator.clipboad) 13 are exposed on subdomains of localhost. 14 15 * page/SecurityOrigin.cpp: 16 (WebCore::SecurityOrigin::isLocalHostOrLoopbackIPAddress): 17 1 18 2020-11-18 Chris Lord <clord@igalia.com> 2 19 -
trunk/Source/WebCore/page/SecurityOrigin.cpp
r269888 r269960 606 606 607 607 // FIXME: Ensure that localhost resolves to the loopback address. 608 if (equalLettersIgnoringASCIICase(host, "localhost") )608 if (equalLettersIgnoringASCIICase(host, "localhost") || host.endsWithIgnoringASCIICase(".localhost")) 609 609 return true; 610 610 -
trunk/Tools/ChangeLog
r269959 r269960 1 2020-11-18 Chris Dumez <cdumez@apple.com> 2 3 navigator.clipboard is not exposed on *.localhost pages 4 https://bugs.webkit.org/show_bug.cgi?id=219020 5 6 Reviewed by Wenson Hsieh. 7 8 Extend API test coverage. 9 10 * TestWebKitAPI/Tests/WebCore/SecurityOrigin.cpp: 11 (TestWebKitAPI::TEST_F): 12 1 13 2020-11-18 Aakash Jain <aakash_jain@apple.com> 2 14 -
trunk/Tools/TestWebKitAPI/Tests/WebCore/SecurityOrigin.cpp
r258494 r269960 160 160 EXPECT_TRUE(SecurityOrigin::createFromString("http://127.0.1.1")->isPotentiallyTrustworthy()); 161 161 EXPECT_TRUE(SecurityOrigin::createFromString("http://127.1.1.1")->isPotentiallyTrustworthy()); 162 EXPECT_TRUE(SecurityOrigin::createFromString("http://localhost:8000")->isPotentiallyTrustworthy()); 162 163 EXPECT_TRUE(SecurityOrigin::createFromString("http://localhost")->isPotentiallyTrustworthy()); 163 164 EXPECT_TRUE(SecurityOrigin::createFromString("http://loCALhoST")->isPotentiallyTrustworthy()); 165 EXPECT_TRUE(SecurityOrigin::createFromString("http://foo.localhost")->isPotentiallyTrustworthy()); 166 EXPECT_TRUE(SecurityOrigin::createFromString("http://Foo.loCaLhOsT")->isPotentiallyTrustworthy()); 167 EXPECT_TRUE(SecurityOrigin::createFromString("http://foo.localhost:8000")->isPotentiallyTrustworthy()); 168 EXPECT_TRUE(SecurityOrigin::createFromString("http://foo.bar.localhost:8000")->isPotentiallyTrustworthy()); 169 EXPECT_FALSE(SecurityOrigin::createFromString("http://localhost.com")->isPotentiallyTrustworthy()); 170 EXPECT_FALSE(SecurityOrigin::createFromString("http://foo.localhost.com")->isPotentiallyTrustworthy()); 164 171 EXPECT_TRUE(SecurityOrigin::createFromString("http://[::1]")->isPotentiallyTrustworthy()); 165 172 #if PLATFORM(COCOA)
Note: See TracChangeset
for help on using the changeset viewer.