Title: [92926] branches/safari-534.51-branch
- Revision
- 92926
- Author
- [email protected]
- Date
- 2011-08-11 22:25:33 -0700 (Thu, 11 Aug 2011)
Log Message
Merge r91152.
Modified Paths
Added Paths
Diff
Modified: branches/safari-534.51-branch/LayoutTests/ChangeLog (92925 => 92926)
--- branches/safari-534.51-branch/LayoutTests/ChangeLog 2011-08-12 05:23:40 UTC (rev 92925)
+++ branches/safari-534.51-branch/LayoutTests/ChangeLog 2011-08-12 05:25:33 UTC (rev 92926)
@@ -1,5 +1,20 @@
2011-08-11 Lucas Forschler <[email protected]>
+ Merged 91152
+
+ 2011-07-16 Sergey Glazunov <[email protected]>
+
+ DOMWindow::open performs a security check on a wrong window
+ https://bugs.webkit.org/show_bug.cgi?id=64651
+
+ Reviewed by Adam Barth.
+
+ * http/tests/security/resources/xss-DENIED-window-open-parent-attacker.html: Added.
+ * http/tests/security/xss-DENIED-window-open-parent-expected.txt: Added.
+ * http/tests/security/xss-DENIED-window-open-parent.html: Added.
+
+2011-08-11 Lucas Forschler <[email protected]>
+
Merged 91044
2011-07-14 Adam Barth <[email protected]>
Copied: branches/safari-534.51-branch/LayoutTests/http/tests/security/resources/xss-DENIED-window-open-parent-attacker.html (from rev 91152, trunk/LayoutTests/http/tests/security/resources/xss-DENIED-window-open-parent-attacker.html) (0 => 92926)
--- branches/safari-534.51-branch/LayoutTests/http/tests/security/resources/xss-DENIED-window-open-parent-attacker.html (rev 0)
+++ branches/safari-534.51-branch/LayoutTests/http/tests/security/resources/xss-DENIED-window-open-parent-attacker.html 2011-08-12 05:25:33 UTC (rev 92926)
@@ -0,0 +1,4 @@
+<script>
+open("_javascript_:alert('failed')", "_top");
+parent.postMessage("", "*");
+</script>
Copied: branches/safari-534.51-branch/LayoutTests/http/tests/security/xss-DENIED-window-open-parent-expected.txt (from rev 91152, trunk/LayoutTests/http/tests/security/xss-DENIED-window-open-parent-expected.txt) (0 => 92926)
--- branches/safari-534.51-branch/LayoutTests/http/tests/security/xss-DENIED-window-open-parent-expected.txt (rev 0)
+++ branches/safari-534.51-branch/LayoutTests/http/tests/security/xss-DENIED-window-open-parent-expected.txt 2011-08-12 05:25:33 UTC (rev 92926)
@@ -0,0 +1,4 @@
+CONSOLE MESSAGE: line 1: Unsafe _javascript_ attempt to access frame with URL http://127.0.0.1:8000/security/xss-DENIED-window-open-parent.html from frame with URL http://localhost:8080/security/resources/xss-DENIED-window-open-parent-attacker.html. Domains, protocols and ports must match.
+
+This test passes if there is no alert dialog.
+
Copied: branches/safari-534.51-branch/LayoutTests/http/tests/security/xss-DENIED-window-open-parent.html (from rev 91152, trunk/LayoutTests/http/tests/security/xss-DENIED-window-open-parent.html) (0 => 92926)
--- branches/safari-534.51-branch/LayoutTests/http/tests/security/xss-DENIED-window-open-parent.html (rev 0)
+++ branches/safari-534.51-branch/LayoutTests/http/tests/security/xss-DENIED-window-open-parent.html 2011-08-12 05:25:33 UTC (rev 92926)
@@ -0,0 +1,21 @@
+<html>
+<head>
+<script>
+if (window.layoutTestController) {
+ layoutTestController.dumpAsText();
+ layoutTestController.waitUntilDone();
+}
+
+
+window._onmessage_ = function()
+{
+ if (window.layoutTestController)
+ layoutTestController.notifyDone();
+}
+</script>
+</head>
+<body>
+This test passes if there is no alert dialog.<br>
+<iframe src=""
+</body>
+</html>
Modified: branches/safari-534.51-branch/Source/WebCore/ChangeLog (92925 => 92926)
--- branches/safari-534.51-branch/Source/WebCore/ChangeLog 2011-08-12 05:23:40 UTC (rev 92925)
+++ branches/safari-534.51-branch/Source/WebCore/ChangeLog 2011-08-12 05:25:33 UTC (rev 92926)
@@ -1,5 +1,21 @@
2011-08-11 Lucas Forschler <[email protected]>
+ Merged 91152
+
+ 2011-07-16 Sergey Glazunov <[email protected]>
+
+ DOMWindow::open performs a security check on a wrong window
+ https://bugs.webkit.org/show_bug.cgi?id=64651
+
+ Reviewed by Adam Barth.
+
+ Test: http/tests/security/xss-DENIED-window-open-parent.html
+
+ * page/DOMWindow.cpp:
+ (WebCore::DOMWindow::open):
+
+2011-08-11 Lucas Forschler <[email protected]>
+
Merged 91097
2011-07-15 Dan Bernstein <[email protected]>
Modified: branches/safari-534.51-branch/Source/WebCore/page/DOMWindow.cpp (92925 => 92926)
--- branches/safari-534.51-branch/Source/WebCore/page/DOMWindow.cpp 2011-08-12 05:23:40 UTC (rev 92925)
+++ branches/safari-534.51-branch/Source/WebCore/page/DOMWindow.cpp 2011-08-12 05:25:33 UTC (rev 92926)
@@ -1799,7 +1799,7 @@
if (!activeFrame->loader()->shouldAllowNavigation(targetFrame))
return 0;
- if (isInsecureScriptAccess(activeWindow, urlString))
+ if (targetFrame->domWindow()->isInsecureScriptAccess(activeWindow, urlString))
return targetFrame->domWindow();
if (urlString.isEmpty())
_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
