Changeset 48761 in webkit


Ignore:
Timestamp:
Sep 25, 2009 10:53:43 AM (15 years ago)
Author:
eric@webkit.org
Message:

2009-09-25 Yuan Song <song.yuan@ericsson.com>

Reviewed by Darin Adler.

https://bugs.webkit.org/show_bug.cgi?id=14566

Add test "invalid-domain-change-throws-exception.html" to ensure a SECURITY_ERR exception is raised if an attempt is made to change document.domain to an invalid value. In the existing test case "basic-textareas.html", fix the faulty behavior of setting document.domain to invalid value, and replace the data URL to a file URL that points to "basic-textareas-standards.html" in order to make "basic-textareas.html" runnable in a browser.

  • fast/forms/basic-textareas.html:
  • fast/forms/resources/basic-textareas-standards.html: Added.
  • fast/js/invalid-domain-change-throws-exception-expected.txt: Added.
  • fast/js/invalid-domain-change-throws-exception.html: Added.
  • fast/js/resources/invalid-domain-change-throws-exception.js: Added.

2009-09-25 Yuan Song <song.yuan@ericsson.com>

Reviewed by Darin Adler.

https://bugs.webkit.org/show_bug.cgi?id=14566

Raise SECURITY_ERR exception if an attempt is made to change document.domain to an invalid value.

Test: fast/js/invalid-domain-change-throws-exception.html

  • dom/Document.cpp: (WebCore::Document::setDomain):
  • dom/Document.h:
  • dom/Document.idl:
Location:
trunk
Files:
4 added
6 edited

Legend:

Unmodified
Added
Removed
  • trunk/LayoutTests/ChangeLog

    r48759 r48761  
     12009-09-25  Yuan Song  <song.yuan@ericsson.com>
     2
     3        Reviewed by Darin Adler.
     4
     5        https://bugs.webkit.org/show_bug.cgi?id=14566
     6
     7        Add test "invalid-domain-change-throws-exception.html" to ensure a SECURITY_ERR exception is raised if an attempt is made to change document.domain to an invalid value. In the existing test case "basic-textareas.html", fix the faulty behavior of setting document.domain to invalid value, and replace the data URL to a file URL that points to "basic-textareas-standards.html" in order to make "basic-textareas.html" runnable in a browser.
     8
     9        * fast/forms/basic-textareas.html:
     10        * fast/forms/resources/basic-textareas-standards.html: Added.
     11        * fast/js/invalid-domain-change-throws-exception-expected.txt: Added.
     12        * fast/js/invalid-domain-change-throws-exception.html: Added.
     13        * fast/js/resources/invalid-domain-change-throws-exception.js: Added.
     14
    1152009-09-25  Adam Barth  <abarth@webkit.org>
    216
  • trunk/LayoutTests/fast/forms/basic-textareas.html

    r45966 r48761  
    8282}
    8383
    84 // Set the domain in the top-level page as well as the iframe.
    85 // So they can communicate despite use of the data url.
    86 document.domain = 'mydummydomain';
    8784document.body.style.margin = 0;
    8885
    8986var standardsIframe = document.createElement('iframe');
    90 // Create a page with a doctype so it's standards mode.
    91 standardsIframe.src = 'data:text/html;charset=utf-8,%3C!DOCTYPE%20HTML%3E%3Cbody%3E%3Cscript%3Edocument.domain%20%3D%20"mydummydomain"%3B%3C%2Fbody%3E%3C%2Fhtml%3E%0D%0A';
     87// Reference a page with a doctype so it's standards mode.
     88standardsIframe.src = 'resources/basic-textareas-standards.html';
    9289standardsIframe.onload = function(e) {
    9390    addAllTextareas(e.target, 'CSS1Compat');
  • trunk/WebCore/ChangeLog

    r48759 r48761  
     12009-09-25  Yuan Song  <song.yuan@ericsson.com>
     2
     3        Reviewed by Darin Adler.
     4
     5        https://bugs.webkit.org/show_bug.cgi?id=14566
     6
     7        Raise SECURITY_ERR exception if an attempt is made to change document.domain to an invalid value.
     8
     9        Test: fast/js/invalid-domain-change-throws-exception.html
     10
     11        * dom/Document.cpp:
     12        (WebCore::Document::setDomain):
     13        * dom/Document.h:
     14        * dom/Document.idl:
     15
    1162009-09-25  Adam Barth  <abarth@webkit.org>
    217
  • trunk/WebCore/dom/Document.cpp

    r48701 r48761  
    30123012}
    30133013
    3014 void Document::setDomain(const String& newDomain)
     3014void Document::setDomain(const String& newDomain, ExceptionCode& ec)
    30153015{
    30163016    // Both NS and IE specify that changing the domain is only allowed when
     
    30353035    int newLength = newDomain.length();
    30363036    // e.g. newDomain = webkit.org (10) and domain() = www.webkit.org (14)
    3037     if (newLength >= oldLength)
    3038         return;
     3037    if (newLength >= oldLength) {
     3038        ec = SECURITY_ERR;
     3039        return;
     3040    }
    30393041
    30403042    String test = domain();
    30413043    // Check that it's a subdomain, not e.g. "ebkit.org"
    3042     if (test[oldLength - newLength - 1] != '.')
    3043         return;
     3044    if (test[oldLength - newLength - 1] != '.') {
     3045        ec = SECURITY_ERR;
     3046        return;
     3047    }
    30443048
    30453049    // Now test is "webkit.org" from domain()
    30463050    // and we check that it's the same thing as newDomain
    30473051    test.remove(0, oldLength - newLength);
    3048     if (test != newDomain)
    3049         return;
     3052    if (test != newDomain) {
     3053        ec = SECURITY_ERR;
     3054        return;
     3055    }
    30503056
    30513057    securityOrigin()->setDomainFromDOM(newDomain);
  • trunk/WebCore/dom/Document.h

    r48701 r48761  
    673673
    674674    String domain() const;
    675     void setDomain(const String& newDomain);
     675    void setDomain(const String& newDomain, ExceptionCode&);
    676676
    677677    String lastModified() const;
  • trunk/WebCore/dom/Document.idl

    r48190 r48761  
    156156        readonly attribute DOMString referrer;
    157157#if defined(LANGUAGE_JAVASCRIPT) && LANGUAGE_JAVASCRIPT
    158                  attribute [ConvertNullToNullString] DOMString domain;
     158                 attribute [ConvertNullToNullString] DOMString domain
     159                     setter raises (DOMException);
    159160#else
    160161        readonly attribute DOMString domain;
Note: See TracChangeset for help on using the changeset viewer.