Context Navigation

← Previous Changeset
Next Changeset →

Changeset 33491 in webkit

Timestamp:

May 15, 2008 10:22:44 AM (16 years ago)

Author:

ap@webkit.org

Message:

Reviewed by Dan Bernstein.

https://bugs.webkit.org/show_bug.cgi?id=10707
DumpRenderTree should not be able to access non-local resources

DumpRenderTree/mac/ResourceLoadDelegate.mm: (-[ResourceLoadDelegate webView:resource:willSendRequest:redirectResponse:fromDataSource:]): Block them, and complain.

Location:

trunk

Files:

: 9 edited

LayoutTests/ChangeLog (modified) (1 diff)
LayoutTests/fast/doctypes/resources/TestDoctype.js (modified) (1 diff)
LayoutTests/svg/custom/loadevents-capturing.svg (modified) (1 diff)
LayoutTests/svg/custom/loadevents-externalresourcesrequired-displaynone.svg (modified) (1 diff)
LayoutTests/svg/custom/loadevents-externalresourcesrequired.svg (modified) (1 diff)
LayoutTests/svg/custom/loadevents-normal-displaynone.svg (modified) (1 diff)
LayoutTests/svg/custom/loadevents-normal.svg (modified) (1 diff)
WebKitTools/ChangeLog (modified) (1 diff)
WebKitTools/DumpRenderTree/mac/ResourceLoadDelegate.mm (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

trunk/LayoutTests/ChangeLog

-                      r33486
+                      r33491
+-05-15  Alexey Proskuryakov  <ap@webkit.org>
+        Reviewed by Dan Bernstein.
+        https://bugs.webkit.org/show_bug.cgi?id=10707
+        DumpRenderTree should not be able to access non-local resources
+        * fast/doctypes/resources/TestDoctype.js:
+        * svg/custom/loadevents-capturing.svg:
+        * svg/custom/loadevents-externalresourcesrequired-displaynone.svg:
+        * svg/custom/loadevents-externalresourcesrequired.svg:
+        * svg/custom/loadevents-normal-displaynone.svg:
+        * svg/custom/loadevents-normal.svg:
 -05-15  Alexey Proskuryakov  <ap@webkit.org>

trunk/LayoutTests/fast/doctypes/resources/TestDoctype.js

r30431	r33491
7	7	{
8	8	var div = doc.createElement('div');
9		div.innerHTML = "<img src='~~http://www.google.com/intl/en_ALL/images/logo.gif' style='background-color: green; width: 100px; height: 100px'><br><img src='http://www.google.com/intl/en_ALL/images/logo.gif~~' style='background-color: green; width: 100px; height: 100px'>";
	9	div.innerHTML = "<img src='' style='background-color: green; width: 100px; height: 100px'><br><img src='' style='background-color: green; width: 100px; height: 100px'>";
10	10	doc.body.appendChild(div);
11	11	var hasQuirk = doc.defaultView.getComputedStyle(div, "").getPropertyValue("height") == "200px";

trunk/LayoutTests/svg/custom/loadevents-capturing.svg

r32738	r33491
29	29	</script>
30	30	<g>
31		<image externalResourcesRequired="false" id="image" width="100" height="100" xlink:href="~~http://trac.webkit.org/projects/webkit/browser/trunk/LayoutTests/svg/custom/resources/green-checker.png?format=raw~~" />
	31	<image externalResourcesRequired="false" id="image" width="100" height="100" xlink:href="resources/green-checker.png" />
32	32	<text y="130" x="20">This tests that load dispatching works when there are no</text>
33	33	<text y="150" x="20">direct listeners, but there are capturing event listeners on an ancestor. Bug 16447</text>

trunk/LayoutTests/svg/custom/loadevents-externalresourcesrequired-displaynone.svg

r32738	r33491
24	24	</script>
25	25	<g onload="reportLoadEvent(this)">
26		<image display="none" externalResourcesRequired="true" id="image" onload="reportLoadEvent(this)" width="100" height="100" xlink:href="~~http://trac.webkit.org/projects/webkit/browser/trunk/LayoutTests/svg/custom/resources/green-checker.png?format=raw~~" />
	26	<image display="none" externalResourcesRequired="true" id="image" onload="reportLoadEvent(this)" width="100" height="100" xlink:href="resources/green-checker.png" />
27	27	<text y="130" x="20">This tests load dispatching order with externalResourcesRequired and an image that does not render(display=none). Bug 16447</text>
28	28	<text y="150" x="20" id="console" onload="reportLoadEvent(this)"/>

trunk/LayoutTests/svg/custom/loadevents-externalresourcesrequired.svg

r32738	r33491
24	24	</script>
25	25	<g onload="reportLoadEvent(this)">
26		<image externalResourcesRequired="true" id="image" onload="reportLoadEvent(this)" width="100" height="100" xlink:href="~~http://trac.webkit.org/projects/webkit/browser/trunk/LayoutTests/svg/custom/resources/green-checker.png?format=raw~~" />
	26	<image externalResourcesRequired="true" id="image" onload="reportLoadEvent(this)" width="100" height="100" xlink:href="resources/green-checker.png" />
27	27	<text y="130" x="20">This tests load dispatching order with externalResourcesRequired. Bug 16447</text>
28	28	<text y="150" x="20" id="console" onload="reportLoadEvent(this)"/>

trunk/LayoutTests/svg/custom/loadevents-normal-displaynone.svg

r32738	r33491
24	24	</script>
25	25	<g onload="reportLoadEvent(this)">
26		<image display="none" externalResourcesRequired="false" id="image" onload="reportLoadEvent(this)" width="100" height="100" xlink:href="~~http://trac.webkit.org/projects/webkit/browser/trunk/LayoutTests/svg/custom/resources/green-checker.png?format=raw~~" />
	26	<image display="none" externalResourcesRequired="false" id="image" onload="reportLoadEvent(this)" width="100" height="100" xlink:href="resources/green-checker.png" />
27	27	<text y="130" x="20">This tests normal load dispatching order and an image that does not render(display=none). Bug 16447</text>
28	28	<text y="150" x="20" id="console" onload="reportLoadEvent(this)"/>

trunk/LayoutTests/svg/custom/loadevents-normal.svg

r32738	r33491
24	24	</script>
25	25	<g onload="reportLoadEvent(this)">
26		<image externalResourcesRequired="false" id="image" onload="reportLoadEvent(this)" width="100" height="100" xlink:href="~~http://trac.webkit.org/projects/webkit/browser/trunk/LayoutTests/svg/custom/resources/green-checker.png?format=raw~~" />
	26	<image externalResourcesRequired="false" id="image" onload="reportLoadEvent(this)" width="100" height="100" xlink:href="resources/green-checker.png" />
27	27	<text y="130" x="20">This tests normal load dispatching order. Bug 16447</text>
28	28	<text y="150" x="20" id="console" onload="reportLoadEvent(this)"/>

trunk/WebKitTools/ChangeLog

-                      r33489
+                      r33491
+-05-15  Alexey Proskuryakov  <ap@webkit.org>
+        Reviewed by Dan Bernstein.
+        https://bugs.webkit.org/show_bug.cgi?id=10707
+        DumpRenderTree should not be able to access non-local resources
+        * DumpRenderTree/mac/ResourceLoadDelegate.mm:
+        (-[ResourceLoadDelegate webView:resource:willSendRequest:redirectResponse:fromDataSource:]):
+        Block them, and complain.
 -05-15  Kevin Ollivier  <kevino@theolliviers.com>

trunk/WebKitTools/DumpRenderTree/mac/ResourceLoadDelegate.mm

-                      r30895
+                      r33491
         NSString *string = [NSString stringWithFormat:@"%@ - willSendRequest %@ redirectResponse %@", identifier, [newRequest _drt_descriptionSuitableForTestResult],
             [redirectResponse _drt_descriptionSuitableForTestResult]];
         printf ("%s\n", [string UTF8String]);
+        printf("%s\n", [string UTF8String]);
+    }
+    if (disallowedURLs && CFSetContainsValue(disallowedURLs, [newRequest URL]))
+    NSURL *url = [newRequest URL];
+    NSString *host = [url host];
+    if (host
+        && (NSOrderedSame == [[url scheme] caseInsensitiveCompare:@"http"] || NSOrderedSame == [[url scheme] caseInsensitiveCompare:@"https"])
+        && NSOrderedSame != [host compare:@"127.0.0.1"]
+        && NSOrderedSame != [host compare:@"255.255.255.255"] // used in some tests that expect to get back an error
+        && NSOrderedSame != [host caseInsensitiveCompare:@"localhost"]) {
+        fprintf(stderr, "Blocked access to external URL %s\n", [[url absoluteString] cStringUsingEncoding:NSUTF8StringEncoding]);
+        return nil;
+    }
+    if (disallowedURLs && CFSetContainsValue(disallowedURLs, url))
         return nil;

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 33491 in webkit

Legend:

Download in other formats: