[webkit-changes] [96957] branches/chromium/874

[inferno]

Title: [96957] branches/chromium/874

Revision

96957

Author

infe...@chromium.org

Date

2011-10-07 10:33:55 -0700 (Fri, 07 Oct 2011)

Log Message

Merge 96610 - Resource loader should block HTTP redirects to local resources

BUG=95374
Review URL: http://codereview.chromium.org/8198008

Modified Paths

• branches/chromium/874/Source/WebCore/loader/FrameLoader.cpp
• branches/chromium/874/Source/WebCore/loader/MainResourceLoader.cpp
• branches/chromium/874/Source/WebCore/page/SecurityOrigin.cpp

Added Paths

• branches/chromium/874/LayoutTests/http/tests/security/redirect-BLOCKED-to-localURL-expected.txt
• branches/chromium/874/LayoutTests/http/tests/security/redirect-BLOCKED-to-localURL.html
• branches/chromium/874/LayoutTests/http/tests/security/resources/file-redirect-target.html

Diff

Copied: branches/chromium/874/LayoutTests/http/tests/security/redirect-BLOCKED-to-localURL-expected.txt (from rev 96610, trunk/LayoutTests/http/tests/security/redirect-BLOCKED-to-localURL-expected.txt) (0 => 96957)

--- branches/chromium/874/LayoutTests/http/tests/security/redirect-BLOCKED-to-localURL-expected.txt	                        (rev 0)
+++ branches/chromium/874/LayoutTests/http/tests/security/redirect-BLOCKED-to-localURL-expected.txt	2011-10-07 17:33:55 UTC (rev 96957)
@@ -0,0 +1,3 @@
+CONSOLE MESSAGE: line 0: Not allowed to load local resource: file-redirect-target.html
+
+This attempts to open a redirect link to a file URL, which should be blocked.

Copied: branches/chromium/874/LayoutTests/http/tests/security/redirect-BLOCKED-to-localURL.html (from rev 96610, trunk/LayoutTests/http/tests/security/redirect-BLOCKED-to-localURL.html) (0 => 96957)

--- branches/chromium/874/LayoutTests/http/tests/security/redirect-BLOCKED-to-localURL.html	                        (rev 0)
+++ branches/chromium/874/LayoutTests/http/tests/security/redirect-BLOCKED-to-localURL.html	2011-10-07 17:33:55 UTC (rev 96957)
@@ -0,0 +1,11 @@
+<html>
+<body>
+<iframe src=""
+<script>
+    if (window.layoutTestController) {
+        layoutTestController.dumpAsText();
+    }
+</script>
+<p>This attempts to open a redirect link to a file URL, which should be blocked.</p>
+</body>
+</html>

Copied: branches/chromium/874/LayoutTests/http/tests/security/resources/file-redirect-target.html (from rev 96610, trunk/LayoutTests/http/tests/security/resources/file-redirect-target.html) (0 => 96957)

--- branches/chromium/874/LayoutTests/http/tests/security/resources/file-redirect-target.html	                        (rev 0)
+++ branches/chromium/874/LayoutTests/http/tests/security/resources/file-redirect-target.html	2011-10-07 17:33:55 UTC (rev 96957)
@@ -0,0 +1,3 @@
+<html>
+FAIL: This page shouldn't load via HTTP redirect to file:
+</html>

Modified: branches/chromium/874/Source/WebCore/loader/FrameLoader.cpp (96956 => 96957)

--- branches/chromium/874/Source/WebCore/loader/FrameLoader.cpp	2011-10-07 17:20:55 UTC (rev 96956)
+++ branches/chromium/874/Source/WebCore/loader/FrameLoader.cpp	2011-10-07 17:33:55 UTC (rev 96957)
@@ -1124,21 +1124,6 @@
     detachChildren();
 }
 
-// This is a hack to allow keep navigation to http/https feeds working. To remove this
-// we need to introduce new API akin to registerURLSchemeAsLocal, that registers a
-// protocols navigation policy.
-static bool isFeedWithNestedProtocolInHTTPFamily(const KURL& url)
-{
-    const String& urlString = url.string();
-    if (!urlString.startsWith("feed", false))
-        return false;
-
-    return urlString.startsWith("feed://", false) 
-        || urlString.startsWith("feed:http:", false) || urlString.startsWith("feed:https:", false)
-        || urlString.startsWith("feeds:http:", false) || urlString.startsWith("feeds:https:", false)
-        || urlString.startsWith("feedsearch:http:", false) || urlString.startsWith("feedsearch:https:", false);
-}
-
 void FrameLoader::loadFrameRequest(const FrameLoadRequest& request, bool lockHistory, bool lockBackForwardList,
     PassRefPtr<Event> event, PassRefPtr<FormState> formState, ReferrerPolicy referrerPolicy)
 {    
@@ -1148,8 +1133,7 @@
     KURL url = ""
 
     ASSERT(m_frame->document());
-    // FIXME: Should we move the isFeedWithNestedProtocolInHTTPFamily logic inside SecurityOrigin::canDisplay?
-    if (!isFeedWithNestedProtocolInHTTPFamily(url) && !request.requester()->canDisplay(url)) {
+    if (!request.requester()->canDisplay(url)) {
         reportLocalLoadFailed(m_frame, url.string());
         return;
     }

Modified: branches/chromium/874/Source/WebCore/loader/MainResourceLoader.cpp (96956 => 96957)

--- branches/chromium/874/Source/WebCore/loader/MainResourceLoader.cpp	2011-10-07 17:20:55 UTC (rev 96956)
+++ branches/chromium/874/Source/WebCore/loader/MainResourceLoader.cpp	2011-10-07 17:33:55 UTC (rev 96957)
@@ -182,6 +182,15 @@
 
     ASSERT(documentLoader()->timing()->fetchStart);
     if (!redirectResponse.isNull()) {
+        // If the redirecting url is not allowed to display content from the target origin,
+        // then block the redirect.
+        RefPtr<SecurityOrigin> redirectingOrigin = SecurityOrigin::create(redirectResponse.url());
+        if (!redirectingOrigin->canDisplay(newRequest.url())) {
+            FrameLoader::reportLocalLoadFailed(m_frame.get(), newRequest.url().string());
+            cancel();
+            return;
+        }
+
         DocumentLoadTiming* documentLoadTiming = documentLoader()->timing();
 
         // Check if the redirected url is allowed to access the redirecting url's timing information.

Modified: branches/chromium/874/Source/WebCore/page/SecurityOrigin.cpp (96956 => 96957)

--- branches/chromium/874/Source/WebCore/page/SecurityOrigin.cpp	2011-10-07 17:20:55 UTC (rev 96956)
+++ branches/chromium/874/Source/WebCore/page/SecurityOrigin.cpp	2011-10-07 17:33:55 UTC (rev 96957)
@@ -331,10 +331,33 @@
     return isAccessWhiteListed(targetOrigin.get());
 }
 
+// This is a hack to allow keep navigation to http/https feeds working. To remove this
+// we need to introduce new API akin to registerURLSchemeAsLocal, that registers a
+// protocols navigation policy.
+// feed(|s|search): is considered a 'nesting' scheme by embedders that support it, so it can be
+// local or remote depending on what is nested. Currently we just check if we are nesting
+// http or https, otherwise we ignore the nesting for the purpose of a security check. We need
+// a facility for registering nesting schemes, and some generalized logic for them.
+// This function should be removed as an outcome of https://bugs.webkit.org/show_bug.cgi?id=69196
+static bool isFeedWithNestedProtocolInHTTPFamily(const KURL& url)
+{
+    const String& urlString = url.string();
+    if (!urlString.startsWith("feed", false))
+        return false;
+
+    return urlString.startsWith("feed://", false) 
+        || urlString.startsWith("feed:http:", false) || urlString.startsWith("feed:https:", false)
+        || urlString.startsWith("feeds:http:", false) || urlString.startsWith("feeds:https:", false)
+        || urlString.startsWith("feedsearch:http:", false) || urlString.startsWith("feedsearch:https:", false);
+}
+
 bool SecurityOrigin::canDisplay(const KURL& url) const
 {
     String protocol = url.protocol().lower();
 
+    if (isFeedWithNestedProtocolInHTTPFamily(url))
+        return true;
+
     if (SchemeRegistry::canDisplayOnlyIfCanRequest(protocol))
         return canRequest(url);
 

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes