[webkit-changes] [95812] branches/chromium/874

[inferno]

Title: [95812] branches/chromium/874

Revision

95812

Author

infe...@chromium.org

Date

2011-09-23 09:17:49 -0700 (Fri, 23 Sep 2011)

Log Message

Merge 95580 - Invoke CachedResourceLoader::canRequest for all URLs in a redirect chain
BUG=97278
Review URL: http://codereview.chromium.org/8002026

Modified Paths

branches/chromium/874/Source/WebCore/loader/cache/CachedResourceLoader.h
branches/chromium/874/Source/WebCore/loader/cache/CachedResourceRequest.cpp


Added Paths

branches/chromium/874/LayoutTests/http/tests/security/cross-origin-xsl-redirect-BLOCKED-expected.txt
branches/chromium/874/LayoutTests/http/tests/security/cross-origin-xsl-redirect-BLOCKED.html
branches/chromium/874/LayoutTests/http/tests/security/resources/cross-origin-xsl-redirect.xml

Diff

Copied: branches/chromium/874/LayoutTests/http/tests/security/cross-origin-xsl-redirect-BLOCKED-expected.txt (from rev 95580, trunk/LayoutTests/http/tests/security/cross-origin-xsl-redirect-BLOCKED-expected.txt) (0 => 95812)

--- branches/chromium/874/LayoutTests/http/tests/security/cross-origin-xsl-redirect-BLOCKED-expected.txt	                        (rev 0)
+++ branches/chromium/874/LayoutTests/http/tests/security/cross-origin-xsl-redirect-BLOCKED-expected.txt	2011-09-23 16:17:49 UTC (rev 95812)
@@ -0,0 +1,5 @@
+CONSOLE MESSAGE: line 1: Unsafe attempt to load URL http://localhost:8000/security/resources/forbidden-stylesheet.xsl from frame with URL http://127.0.0.1:8000/security/resources/cross-origin-xsl-redirect.xml. Domains, protocols and ports must match.
+
+This test loads the XML document in an iframe so that it can call dumpAsText(). This test passes if the iframe below is blank.
+
+

Copied: branches/chromium/874/LayoutTests/http/tests/security/cross-origin-xsl-redirect-BLOCKED.html (from rev 95580, trunk/LayoutTests/http/tests/security/cross-origin-xsl-redirect-BLOCKED.html) (0 => 95812)

--- branches/chromium/874/LayoutTests/http/tests/security/cross-origin-xsl-redirect-BLOCKED.html	                        (rev 0)
+++ branches/chromium/874/LayoutTests/http/tests/security/cross-origin-xsl-redirect-BLOCKED.html	2011-09-23 16:17:49 UTC (rev 95812)
@@ -0,0 +1,22 @@
+<html>
+<head>
+<script>
+if (window.layoutTestController) {
+  layoutTestController.dumpAsText();
+  layoutTestController.dumpChildFramesAsText();
+  layoutTestController.waitUntilDone();
+}
+
+function done() {
+  if (window.layoutTestController)
+    layoutTestController.notifyDone();
+}
+</script>
+</head>
+<body>
+<div>This test loads the XML document in an iframe so that it can call
+dumpAsText().  This test passes if the iframe below is blank.</div>
+<iframe name="uses-xsl" _onload_="done()"
+        src=""
+</body>
+</html>

Copied: branches/chromium/874/LayoutTests/http/tests/security/resources/cross-origin-xsl-redirect.xml (from rev 95580, trunk/LayoutTests/http/tests/security/resources/cross-origin-xsl-redirect.xml) (0 => 95812)

--- branches/chromium/874/LayoutTests/http/tests/security/resources/cross-origin-xsl-redirect.xml	                        (rev 0)
+++ branches/chromium/874/LayoutTests/http/tests/security/resources/cross-origin-xsl-redirect.xml	2011-09-23 16:17:49 UTC (rev 95812)
@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<?xml-stylesheet type="text/xsl" href=""
+<html xmlns="http://www.w3.org/1999/xhtml">
+<body>
+<script>
+if (window.layoutTestController)
+  layoutTestController.dumpAsText();
+</script>
+PASS: Forbidden XML stylesheet did not run.
+</body>
+</html>

Modified: branches/chromium/874/Source/WebCore/loader/cache/CachedResourceLoader.h (95811 => 95812)

--- branches/chromium/874/Source/WebCore/loader/cache/CachedResourceLoader.h	2011-09-23 16:14:44 UTC (rev 95811)
+++ branches/chromium/874/Source/WebCore/loader/cache/CachedResourceLoader.h	2011-09-23 16:17:49 UTC (rev 95812)
@@ -104,7 +104,7 @@
     void preload(CachedResource::Type, ResourceRequest&, const String& charset, bool referencedFromBody);
     void checkForPendingPreloads();
     void printPreloadStats();
-    bool checkInsecureContent(CachedResource::Type, const KURL&) const;
+    bool canRequest(CachedResource::Type, const KURL&, bool forPreload = false);
     
 private:
     // FIXME: The default value for ResourceLoaderOptions will always be used currently.
@@ -118,7 +118,7 @@
     RevalidationPolicy determineRevalidationPolicy(CachedResource::Type, ResourceRequest&, bool forPreload, CachedResource* existingResource) const;
     
     void notifyLoadedFromMemoryCache(CachedResource*);
-    bool canRequest(CachedResource::Type, const KURL&, bool forPreload = false);
+    bool checkInsecureContent(CachedResource::Type, const KURL&) const;
 
     void garbageCollectDocumentResourcesTimerFired(Timer<CachedResourceLoader>*);
     void performPostLoadActions();

Modified: branches/chromium/874/Source/WebCore/loader/cache/CachedResourceRequest.cpp (95811 => 95812)

--- branches/chromium/874/Source/WebCore/loader/cache/CachedResourceRequest.cpp	2011-09-23 16:14:44 UTC (rev 95811)
+++ branches/chromium/874/Source/WebCore/loader/cache/CachedResourceRequest.cpp	2011-09-23 16:17:49 UTC (rev 95812)
@@ -139,7 +139,7 @@
 
 void CachedResourceRequest::willSendRequest(SubresourceLoader* loader, ResourceRequest& req, const ResourceResponse&)
 {
-    if (!m_cachedResourceLoader->checkInsecureContent(m_resource->type(), req.url())) {
+    if (!m_cachedResourceLoader->canRequest(m_resource->type(), req.url())) {
         loader->cancel();
         return;
     }

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes