Changeset 50587 in webkit
- Timestamp:
- Nov 5, 2009 10:05:31 PM (14 years ago)
- Location:
- trunk
- Files:
-
- 4 added
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r50584 r50587 1 2009-11-05 Adam Barth <abarth@webkit.org> 2 3 Reviewed by Sam Weinig. 4 5 Cross-domain access to stylesheet text should not be allowed 6 https://bugs.webkit.org/show_bug.cgi?id=20527 7 8 Test that a script cannot read cross-origin cssRules. 9 10 * http/tests/security/cannot-read-cssrules-expected.txt: Added. 11 * http/tests/security/cannot-read-cssrules-redirect-expected.txt: Added. 12 * http/tests/security/cannot-read-cssrules-redirect.html: Added. 13 * http/tests/security/cannot-read-cssrules.html: Added. 14 1 15 2009-11-05 Alice Liu <alice.liu@apple.com> 2 16 -
trunk/WebCore/ChangeLog
r50585 r50587 1 2009-11-05 Adam Barth <abarth@webkit.org> 2 3 Reviewed by Sam Weinig. 4 5 Cross-domain access to stylesheet text should not be allowed 6 https://bugs.webkit.org/show_bug.cgi?id=20527 7 8 Check whether whether the current document can read the cssRules from 9 the style sheet. Firefox throws a security error here, but we return 10 null instead because that's what we usually do in these cases. 11 12 Test: http/tests/security/cannot-read-cssrules-redirect.html 13 http/tests/security/cannot-read-cssrules.html 14 15 * css/CSSStyleSheet.cpp: 16 (WebCore::CSSStyleSheet::cssRules): 17 1 18 2009-11-05 Steve Block <steveblock@google.com> 2 19 -
trunk/WebCore/css/CSSStyleSheet.cpp
r48773 r50587 29 29 #include "ExceptionCode.h" 30 30 #include "Node.h" 31 #include "SecurityOrigin.h" 31 32 #include "TextEncoding.h" 32 33 #include <wtf/Deque.h> … … 119 120 PassRefPtr<CSSRuleList> CSSStyleSheet::cssRules(bool omitCharsetRules) 120 121 { 122 if (doc() && !doc()->securityOrigin()->canRequest(baseURL())) 123 return 0; 121 124 return CSSRuleList::create(this, omitCharsetRules); 122 125 }
Note: See TracChangeset
for help on using the changeset viewer.