Diff
Modified: trunk/LayoutTests/ChangeLog (95579 => 95580)
--- trunk/LayoutTests/ChangeLog 2011-09-20 23:17:10 UTC (rev 95579)
+++ trunk/LayoutTests/ChangeLog 2011-09-20 23:31:17 UTC (rev 95580)
@@ -1,3 +1,16 @@
+2011-09-20 Jochen Eisinger <[email protected]>
+
+ Invoke CachedResourceLoader::canRequest for all URLs in a redirect chain
+ https://bugs.webkit.org/show_bug.cgi?id=68279
+
+ Reviewed by Adam Barth.
+
+ * http/tests/security/resources/cross-origin-xsl-redirect.xml:
+ * http/tests/security/cross-origin-xsl-redirect-BLOCKED-expected.txt:
+ * http/tests/security/cross-origin-xsl-redirect-BLOCKED.html:
+ * platform/chromium/http/tests/permissionclient/image-permissions-expected.txt:
+ * platform/chromium/http/tests/permissionclient/image-permissions.html:
+
2011-09-18 Ojan Vafai <[email protected]>
change RenderFlexibleBox to act on logical coordinates
Added: trunk/LayoutTests/http/tests/security/cross-origin-xsl-redirect-BLOCKED-expected.txt (0 => 95580)
--- trunk/LayoutTests/http/tests/security/cross-origin-xsl-redirect-BLOCKED-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/security/cross-origin-xsl-redirect-BLOCKED-expected.txt 2011-09-20 23:31:17 UTC (rev 95580)
@@ -0,0 +1,5 @@
+CONSOLE MESSAGE: line 1: Unsafe attempt to load URL http://localhost:8000/security/resources/forbidden-stylesheet.xsl from frame with URL http://127.0.0.1:8000/security/resources/cross-origin-xsl-redirect.xml. Domains, protocols and ports must match.
+
+This test loads the XML document in an iframe so that it can call dumpAsText(). This test passes if the iframe below is blank.
+
+
Added: trunk/LayoutTests/http/tests/security/cross-origin-xsl-redirect-BLOCKED.html (0 => 95580)
--- trunk/LayoutTests/http/tests/security/cross-origin-xsl-redirect-BLOCKED.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/cross-origin-xsl-redirect-BLOCKED.html 2011-09-20 23:31:17 UTC (rev 95580)
@@ -0,0 +1,22 @@
+<html>
+<head>
+<script>
+if (window.layoutTestController) {
+ layoutTestController.dumpAsText();
+ layoutTestController.dumpChildFramesAsText();
+ layoutTestController.waitUntilDone();
+}
+
+function done() {
+ if (window.layoutTestController)
+ layoutTestController.notifyDone();
+}
+</script>
+</head>
+<body>
+<div>This test loads the XML document in an iframe so that it can call
+dumpAsText(). This test passes if the iframe below is blank.</div>
+<iframe name="uses-xsl" _onload_="done()"
+ src=""
+</body>
+</html>
Added: trunk/LayoutTests/http/tests/security/resources/cross-origin-xsl-redirect.xml (0 => 95580)
--- trunk/LayoutTests/http/tests/security/resources/cross-origin-xsl-redirect.xml (rev 0)
+++ trunk/LayoutTests/http/tests/security/resources/cross-origin-xsl-redirect.xml 2011-09-20 23:31:17 UTC (rev 95580)
@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<?xml-stylesheet type="text/xsl" href=""
+<html xmlns="http://www.w3.org/1999/xhtml">
+<body>
+<script>
+if (window.layoutTestController)
+ layoutTestController.dumpAsText();
+</script>
+PASS: Forbidden XML stylesheet did not run.
+</body>
+</html>
Modified: trunk/LayoutTests/platform/chromium/http/tests/permissionclient/image-permissions-expected.txt (95579 => 95580)
--- trunk/LayoutTests/platform/chromium/http/tests/permissionclient/image-permissions-expected.txt 2011-09-20 23:17:10 UTC (rev 95579)
+++ trunk/LayoutTests/platform/chromium/http/tests/permissionclient/image-permissions-expected.txt 2011-09-20 23:31:17 UTC (rev 95580)
@@ -1,5 +1,6 @@
PERMISSION CLIENT: allowImage(http://127.0.0.1:8000/permissionclient/resources/redir.php?url="" true
-This test checks that all URLs in a redirect chain are passed to the PermissionClient. Due to bug 68279, currently only the first URL is checked.
+PERMISSION CLIENT: allowImage(http://127.0.0.1:8000/permissionclient/resources/boston.gif): true
+This test checks that all URLs in a redirect chain are passed to the PermissionClient.
Modified: trunk/LayoutTests/platform/chromium/http/tests/permissionclient/image-permissions.html (95579 => 95580)
--- trunk/LayoutTests/platform/chromium/http/tests/permissionclient/image-permissions.html 2011-09-20 23:17:10 UTC (rev 95579)
+++ trunk/LayoutTests/platform/chromium/http/tests/permissionclient/image-permissions.html 2011-09-20 23:31:17 UTC (rev 95580)
@@ -15,9 +15,7 @@
<body>
<p>
This test checks that all URLs in a redirect chain are passed to the
-PermissionClient. Due to <a
-href="" 68279</a>, currently
-only the first URL is checked.
+PermissionClient.
</p>
<img src="" _onerror_="log('FAIL: error event for first image')">
<div id="results"></div>
Modified: trunk/Source/WebCore/ChangeLog (95579 => 95580)
--- trunk/Source/WebCore/ChangeLog 2011-09-20 23:17:10 UTC (rev 95579)
+++ trunk/Source/WebCore/ChangeLog 2011-09-20 23:31:17 UTC (rev 95580)
@@ -1,3 +1,14 @@
+2011-09-20 Jochen Eisinger <[email protected]>
+
+ Invoke CachedResourceLoader::canRequest for all URLs in a redirect chain
+ https://bugs.webkit.org/show_bug.cgi?id=68279
+
+ Reviewed by Adam Barth.
+
+ * loader/cache/CachedResourceLoader.h:
+ * loader/cache/CachedResourceRequest.cpp:
+ (WebCore::CachedResourceRequest::willSendRequest):
+
2011-09-18 Ojan Vafai <[email protected]>
change RenderFlexibleBox to act on logical coordinates
Modified: trunk/Source/WebCore/loader/cache/CachedResourceLoader.h (95579 => 95580)
--- trunk/Source/WebCore/loader/cache/CachedResourceLoader.h 2011-09-20 23:17:10 UTC (rev 95579)
+++ trunk/Source/WebCore/loader/cache/CachedResourceLoader.h 2011-09-20 23:31:17 UTC (rev 95580)
@@ -104,7 +104,7 @@
void preload(CachedResource::Type, ResourceRequest&, const String& charset, bool referencedFromBody);
void checkForPendingPreloads();
void printPreloadStats();
- bool checkInsecureContent(CachedResource::Type, const KURL&) const;
+ bool canRequest(CachedResource::Type, const KURL&, bool forPreload = false);
private:
// FIXME: The default value for ResourceLoaderOptions will always be used currently.
@@ -118,7 +118,7 @@
RevalidationPolicy determineRevalidationPolicy(CachedResource::Type, ResourceRequest&, bool forPreload, CachedResource* existingResource) const;
void notifyLoadedFromMemoryCache(CachedResource*);
- bool canRequest(CachedResource::Type, const KURL&, bool forPreload = false);
+ bool checkInsecureContent(CachedResource::Type, const KURL&) const;
void garbageCollectDocumentResourcesTimerFired(Timer<CachedResourceLoader>*);
void performPostLoadActions();
Modified: trunk/Source/WebCore/loader/cache/CachedResourceRequest.cpp (95579 => 95580)
--- trunk/Source/WebCore/loader/cache/CachedResourceRequest.cpp 2011-09-20 23:17:10 UTC (rev 95579)
+++ trunk/Source/WebCore/loader/cache/CachedResourceRequest.cpp 2011-09-20 23:31:17 UTC (rev 95580)
@@ -139,7 +139,7 @@
void CachedResourceRequest::willSendRequest(SubresourceLoader* loader, ResourceRequest& req, const ResourceResponse&)
{
- if (!m_cachedResourceLoader->checkInsecureContent(m_resource->type(), req.url())) {
+ if (!m_cachedResourceLoader->canRequest(m_resource->type(), req.url())) {
loader->cancel();
return;
}
