Title: [202174] trunk
- Revision
- 202174
- Author
- [email protected]
- Date
- 2016-06-17 12:50:45 -0700 (Fri, 17 Jun 2016)
Log Message
Ignore case in the check for security origin inheritance
https://bugs.webkit.org/show_bug.cgi?id=158878
Reviewed by Alex Christensen.
Source/WebCore:
Darin Adler commented in https://bugs.webkit.org/show_bug.cgi?id=158855:
"Are these comparisons intentionally case sensitive? Shouldn’t they ignore ASCII
case? We could use equalIgnoringASCIICase and equalLettersIgnoringASCIICase for
those two lines instead of using ==. URL::parse normalizes letters in the scheme
and host by using toASCIILower, but does not normalize letters elsewhere in the
URL, such as in the "blank" or "srcdoc" in the above URLs."
Test: http/tests/dom/window-open-about-uppercase-blank-and-access-document.html
* platform/URL.cpp:
(WebCore::URL::shouldInheritSecurityOriginFromOwner):
LayoutTests:
* http/tests/dom/window-open-about-uppercase-blank-and-access-document-expected.txt: Added.
* http/tests/dom/window-open-about-uppercase-blank-and-access-document.html: Added.
Modified Paths
Added Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (202173 => 202174)
--- trunk/LayoutTests/ChangeLog 2016-06-17 19:22:02 UTC (rev 202173)
+++ trunk/LayoutTests/ChangeLog 2016-06-17 19:50:45 UTC (rev 202174)
@@ -1,3 +1,13 @@
+2016-06-17 John Wilander <[email protected]>
+
+ Ignore case in the check for security origin inheritance
+ https://bugs.webkit.org/show_bug.cgi?id=158878
+
+ Reviewed by Alex Christensen.
+
+ * http/tests/dom/window-open-about-uppercase-blank-and-access-document-expected.txt: Added.
+ * http/tests/dom/window-open-about-uppercase-blank-and-access-document.html: Added.
+
2016-06-17 Ryan Haddad <[email protected]>
Skipping two new LayoutTests that rely on mouse events on ios-simulator.
Added: trunk/LayoutTests/http/tests/dom/window-open-about-uppercase-blank-and-access-document-expected.txt (0 => 202174)
--- trunk/LayoutTests/http/tests/dom/window-open-about-uppercase-blank-and-access-document-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/dom/window-open-about-uppercase-blank-and-access-document-expected.txt 2016-06-17 19:50:45 UTC (rev 202174)
@@ -0,0 +1,3 @@
+CONSOLE MESSAGE: line 1: Injected script running.
+PASS newWindow.document is defined.
+
Added: trunk/LayoutTests/http/tests/dom/window-open-about-uppercase-blank-and-access-document.html (0 => 202174)
--- trunk/LayoutTests/http/tests/dom/window-open-about-uppercase-blank-and-access-document.html (rev 0)
+++ trunk/LayoutTests/http/tests/dom/window-open-about-uppercase-blank-and-access-document.html 2016-06-17 19:50:45 UTC (rev 202174)
@@ -0,0 +1,38 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+ <meta charset="UTF-8">
+ <title>Tests opening a new about:blank window and accessing its document</title>
+ <script src=""
+ <script>
+ var newWindow;
+
+ if (window.testRunner) {
+ testRunner.setCanOpenWindows();
+ testRunner.waitUntilDone();
+ testRunner.setPopupBlockingEnabled(false);
+ }
+
+ function checkNewWindowDocumentIsDefined () {
+ shouldBeDefined("newWindow.document");
+ if (window.testRunner)
+ testRunner.notifyDone();
+ }
+
+ function run() {
+ newWindow = window.open("about:BLANK");
+ try {
+ newWindow.document.write("<scri" + "pt>console.log('Injected script running.')</sc" + "ript>");
+ setTimeout(checkNewWindowDocumentIsDefined, 500);
+ } catch (e) {
+ testFailed("Was not able to write to the new window's document.");
+ if (window.testRunner)
+ testRunner.notifyDone();
+ }
+ }
+ </script>
+</head>
+<body _onload_="run()">
+<div id="console"></div>
+</body>
+</html>
\ No newline at end of file
Modified: trunk/Source/WebCore/ChangeLog (202173 => 202174)
--- trunk/Source/WebCore/ChangeLog 2016-06-17 19:22:02 UTC (rev 202173)
+++ trunk/Source/WebCore/ChangeLog 2016-06-17 19:50:45 UTC (rev 202174)
@@ -1,3 +1,22 @@
+2016-06-17 John Wilander <[email protected]>
+
+ Ignore case in the check for security origin inheritance
+ https://bugs.webkit.org/show_bug.cgi?id=158878
+
+ Reviewed by Alex Christensen.
+
+ Darin Adler commented in https://bugs.webkit.org/show_bug.cgi?id=158855:
+ "Are these comparisons intentionally case sensitive? Shouldn’t they ignore ASCII
+ case? We could use equalIgnoringASCIICase and equalLettersIgnoringASCIICase for
+ those two lines instead of using ==. URL::parse normalizes letters in the scheme
+ and host by using toASCIILower, but does not normalize letters elsewhere in the
+ URL, such as in the "blank" or "srcdoc" in the above URLs."
+
+ Test: http/tests/dom/window-open-about-uppercase-blank-and-access-document.html
+
+ * platform/URL.cpp:
+ (WebCore::URL::shouldInheritSecurityOriginFromOwner):
+
2016-06-17 Hyungwook Lee <[email protected]>
Fix compilation errors when we enable DUMP_NODE_STATISTICS in Node.h
Modified: trunk/Source/WebCore/platform/URL.cpp (202173 => 202174)
--- trunk/Source/WebCore/platform/URL.cpp 2016-06-17 19:22:02 UTC (rev 202173)
+++ trunk/Source/WebCore/platform/URL.cpp 2016-06-17 19:50:45 UTC (rev 202174)
@@ -2065,8 +2065,8 @@
bool URL::shouldInheritSecurityOriginFromOwner() const
{
return isEmpty()
- || m_string == blankURL().string()
- || m_string == "about:srcdoc";
+ || equalIgnoringASCIICase(m_string, blankURL().string())
+ || equalLettersIgnoringASCIICase(m_string, "about:srcdoc");
}
typedef HashMap<String, unsigned short, ASCIICaseInsensitiveHash> DefaultPortsMap;
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
