Changeset 66985 in webkit
- Timestamp:
- Sep 8, 2010 8:18:36 AM (14 years ago)
- Location:
- trunk/LayoutTests
- Files:
-
- 3 edited
-
ChangeLog (modified) (1 diff)
-
http/tests/security/resources/send-mime-types.php (modified) (1 diff)
-
http/tests/security/xss-DENIED-mime-type-execute-as-html.html (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r66983 r66985 1 2010-09-08 Sergio Villar Senin <svillar@igalia.com> 2 3 Reviewed by Adam Barth. 4 5 Errors in LayoutTests/http/tests/security/xss-DENIED-mime-type-execute-as-html.html 6 https://bugs.webkit.org/show_bug.cgi?id=45377 7 8 The test passes a MIME type as argument of a URL. A PHP code uses 9 that MIME type to fill the Content-Type of the response. If the 10 MIME type is application/rss+xml the php decodes the '+' as a 11 blank space and thus the returned content type is incorrectly set 12 to "rss xml" instead of "rss+xml". 13 14 * http/tests/security/resources/send-mime-types.php: 15 * http/tests/security/xss-DENIED-mime-type-execute-as-html.html: 16 1 17 2010-09-07 Martin Robinson <mrobinson@igalia.com> 2 18 -
trunk/LayoutTests/http/tests/security/resources/send-mime-types.php
r57386 r66985 1 1 <?php 2 $mime_type = urldecode($_GET["mt"]);2 $mime_type = $_GET["mt"]; 3 3 4 4 header("Content-Type: ".$mime_type); -
trunk/LayoutTests/http/tests/security/xss-DENIED-mime-type-execute-as-html.html
r58604 r66985 17 17 for(var i in mime_types) { 18 18 var ifr = document.createElement('iframe'); 19 ifr.src = "http://localhost:8000/security/resources/send-mime-types.php?mt=" + e scape(mime_types[i]);19 ifr.src = "http://localhost:8000/security/resources/send-mime-types.php?mt=" + encodeURIComponent(mime_types[i]); 20 20 document.body.appendChild(ifr); 21 21 }
Note: See TracChangeset
for help on using the changeset viewer.
