Changeset 29678 in webkit
- Timestamp:
- Jan 20, 2008 3:18:32 PM (16 years ago)
- Location:
- trunk
- Files:
-
- 10 added
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r29677 r29678 1 2008-01-20 Collin Jackson <webkit@collinjackson.com> 2 3 Reviewed by Sam Weinig. 4 5 Tests for http://bugs.webkit.org/show_bug.cgi?id=16775 6 7 * http/tests/security/postMessage: Added. 8 * http/tests/security/postMessage/domain-and-uri-unaffected-by-base-tag-expected.txt: Added. 9 * http/tests/security/postMessage/domain-and-uri-unaffected-by-base-tag.html: Added. 10 * http/tests/security/postMessage/domain-unaffected-by-document-domain-expected.txt: Added. 11 * http/tests/security/postMessage/domain-unaffected-by-document-domain.html: Added. 12 * http/tests/security/postMessage/javascript-page-still-sends-domain-expected.txt: Added. 13 * http/tests/security/postMessage/javascript-page-still-sends-domain.html: Added. 14 * http/tests/security/postMessage/resources: Added. 15 * http/tests/security/postMessage/resources/javascript-post-message-sender.html: Added. 16 * http/tests/security/postMessage/resources/post-message-listener.html: Added. 17 1 18 2008-01-20 Antti Koivisto <antti@apple.com> 2 19 -
trunk/WebCore/ChangeLog
r29677 r29678 1 2008-01-20 Collin Jackson <webkit@collinjackson.com> 2 3 Reviewed by Sam Weinig. 4 5 Fix for http://bugs.webkit.org/show_bug.cgi?id=16775 6 7 We now use frame()->loader()->url() for postMessage, preventing a 8 malicious sender from overwriting the uri property (using a <base> tag, 9 for example). Also, use frame->loader()->url().host() instead of 10 instead of document()->SecurityOrigin()->domain() to reflect a recent 11 clarification in the HTML5 spec. 12 13 Tests: http/tests/security/postMessage/domain-affected-by-document-domain.html 14 http/tests/security/postMessage/domain-and-uri-unaffected-by-base-tag.html 15 http/tests/security/postMessage/javascript-page-still-sends-domain.html 16 17 * bindings/js/JSDOMWindowCustom.cpp: 18 (WebCore::JSDOMWindow::postMessage): 19 1 20 2008-01-20 Antti Koivisto <antti@apple.com> 2 21 -
trunk/WebCore/bindings/js/JSDOMWindowCustom.cpp
r29663 r29678 24 24 #include "DOMWindow.h" 25 25 #include "ExceptionCode.h" 26 #include "Frame.h" 27 #include "FrameLoader.h" 26 28 #include "kjs_window.h" 27 29 #include "kjs/object.h" … … 119 121 120 122 DOMWindow* source = static_cast<JSDOMWindow*>(exec->dynamicGlobalObject())->impl(); 121 String domain = source-> document()->securityOrigin()->host();122 String uri = source-> document()->documentURI();123 String domain = source->frame()->loader()->url().host(); 124 String uri = source->frame()->loader()->url().string(); 123 125 String message = args[0]->toString(exec); 124 126
Note: See TracChangeset
for help on using the changeset viewer.