Diff
Modified: branches/safari-603-branch/LayoutTests/ChangeLog (213157 => 213158)
--- branches/safari-603-branch/LayoutTests/ChangeLog 2017-02-28 19:31:30 UTC (rev 213157)
+++ branches/safari-603-branch/LayoutTests/ChangeLog 2017-02-28 19:36:56 UTC (rev 213158)
@@ -1,3 +1,32 @@
+2017-02-28 Matthew Hanson <matthew_han...@apple.com>
+
+ Merge r213076. rdar://problem/30704432
+
+ 2017-02-27 Matthew Hanson <matthew_han...@apple.com>
+
+ Merge r212972. rdar://problem/30704432
+
+ 2017-02-24 Chris Dumez <cdu...@apple.com>
+
+ Download attribute should be sanitized before being used as suggested filename
+ https://bugs.webkit.org/show_bug.cgi?id=168839
+ <rdar://problem/30683109>
+
+ Reviewed by Darin Adler.
+
+ Add layout test coverage.
+
+ * fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-doublequote-expected.txt: Added.
+ * fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-doublequote.html: Added.
+ * fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-slashes-expected.txt: Added.
+ * fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-slashes.html: Added.
+ * fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-unicode-expected.txt: Added.
+ * fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-unicode.html: Added.
+ * platform/ios-simulator-wk1/TestExpectations:
+ * platform/ios-simulator-wk2/TestExpectations:
+ * platform/mac-wk1/TestExpectations:
+ * platform/win/TestExpectations:
+
2017-02-23 Matthew Hanson <matthew_han...@apple.com>
Rollout r212740. rdar://problem/30636274
Added: branches/safari-603-branch/LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-doublequote-expected.txt (0 => 213158)
--- branches/safari-603-branch/LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-doublequote-expected.txt (rev 0)
+++ branches/safari-603-branch/LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-doublequote-expected.txt 2017-02-28 19:36:56 UTC (rev 213158)
@@ -0,0 +1,6 @@
+Download started.
+Downloading URL with suggested filename "test"abe.png"
+Download completed.
+The suggested filename above should be 'test"abe.png' and the download should succeed.
+
+File backed blob URL
Added: branches/safari-603-branch/LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-doublequote.html (0 => 213158)
--- branches/safari-603-branch/LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-doublequote.html (rev 0)
+++ branches/safari-603-branch/LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-doublequote.html 2017-02-28 19:36:56 UTC (rev 213158)
@@ -0,0 +1,36 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script type='text/_javascript_'>
+if (window.testRunner) {
+ testRunner.dumpAsText();
+ testRunner.waitUntilDone();
+}
+</script>
+</head>
+<body>
+<p>The suggested filename above should be 'test"abe.png' and the download should succeed.</p>
+<a id="blob-url" download='test"abe.png'>File backed blob URL</a>
+<script>
+function click(elmt)
+{
+ if (!window.eventSender) {
+ alert('Click the link to run the test.');
+ return;
+ }
+ eventSender.mouseMoveTo(elmt.offsetLeft + 5, elmt.offsetTop + 5);
+ eventSender.mouseDown();
+ eventSender.mouseUp();
+}
+
+function runTest()
+{
+ file = internals.createFile("../resources/abe.png");
+ var link = document.getElementById("blob-url");
+ link.href = ""
+ click(link);
+}
+runTest();
+</script>
+</body>
+</html>
Added: branches/safari-603-branch/LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-slashes-expected.txt (0 => 213158)
--- branches/safari-603-branch/LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-slashes-expected.txt (rev 0)
+++ branches/safari-603-branch/LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-slashes-expected.txt 2017-02-28 19:36:56 UTC (rev 213158)
@@ -0,0 +1,6 @@
+Download started.
+Downloading URL with suggested filename "test1_test2abe.png"
+Download completed.
+The suggested filename above should NOT include slashes or backslashes and the download should succeed.
+
+File backed blob URL
Added: branches/safari-603-branch/LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-slashes.html (0 => 213158)
--- branches/safari-603-branch/LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-slashes.html (rev 0)
+++ branches/safari-603-branch/LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-slashes.html 2017-02-28 19:36:56 UTC (rev 213158)
@@ -0,0 +1,36 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script type='text/_javascript_'>
+if (window.testRunner) {
+ testRunner.dumpAsText();
+ testRunner.waitUntilDone();
+}
+</script>
+</head>
+<body>
+<p>The suggested filename above should NOT include slashes or backslashes and the download should succeed.</p>
+<a id="blob-url" download="test1/test2\\abe.png">File backed blob URL</a>
+<script>
+function click(elmt)
+{
+ if (!window.eventSender) {
+ alert('Click the link to run the test.');
+ return;
+ }
+ eventSender.mouseMoveTo(elmt.offsetLeft + 5, elmt.offsetTop + 5);
+ eventSender.mouseDown();
+ eventSender.mouseUp();
+}
+
+function runTest()
+{
+ file = internals.createFile("../resources/abe.png");
+ var link = document.getElementById("blob-url");
+ link.href = ""
+ click(link);
+}
+runTest();
+</script>
+</body>
+</html>
Added: branches/safari-603-branch/LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-unicode-expected.txt (0 => 213158)
--- branches/safari-603-branch/LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-unicode-expected.txt (rev 0)
+++ branches/safari-603-branch/LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-unicode-expected.txt 2017-02-28 19:36:56 UTC (rev 213158)
@@ -0,0 +1,6 @@
+Download started.
+Downloading URL with suggested filename "你好.png"
+Download completed.
+The suggested filename above should be "你好.png" and the download should succeed.
+
+File backed blob URL
Added: branches/safari-603-branch/LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-unicode.html (0 => 213158)
--- branches/safari-603-branch/LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-unicode.html (rev 0)
+++ branches/safari-603-branch/LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-unicode.html 2017-02-28 19:36:56 UTC (rev 213158)
@@ -0,0 +1,37 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta charset="utf-8">
+<script type='text/_javascript_'>
+if (window.testRunner) {
+ testRunner.dumpAsText();
+ testRunner.waitUntilDone();
+}
+</script>
+</head>
+<body>
+<p>The suggested filename above should be "你好.png" and the download should succeed.</p>
+<a id="blob-url" download='你好.png'>File backed blob URL</a>
+<script>
+function click(elmt)
+{
+ if (!window.eventSender) {
+ alert('Click the link to run the test.');
+ return;
+ }
+ eventSender.mouseMoveTo(elmt.offsetLeft + 5, elmt.offsetTop + 5);
+ eventSender.mouseDown();
+ eventSender.mouseUp();
+}
+
+function runTest()
+{
+ file = internals.createFile("../resources/abe.png");
+ var link = document.getElementById("blob-url");
+ link.href = ""
+ click(link);
+}
+runTest();
+</script>
+</body>
+</html>
Modified: branches/safari-603-branch/LayoutTests/platform/ios-simulator-wk1/TestExpectations (213157 => 213158)
--- branches/safari-603-branch/LayoutTests/platform/ios-simulator-wk1/TestExpectations 2017-02-28 19:31:30 UTC (rev 213157)
+++ branches/safari-603-branch/LayoutTests/platform/ios-simulator-wk1/TestExpectations 2017-02-28 19:36:56 UTC (rev 213158)
@@ -1339,6 +1339,9 @@
webkit.org/b/156069 fast/dom/HTMLAnchorElement/anchor-download-synthetic-click.html [ Skip ]
webkit.org/b/156069 fast/dom/HTMLAnchorElement/anchor-download-user-triggered-synthetic-click.html [ Skip ]
webkit.org/b/156069 fast/dom/HTMLAnchorElement/anchor-file-blob-download.html [ Skip ]
+webkit.org/b/156069 fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-doublequote.html [ Skip ]
+webkit.org/b/156069 fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-slashes.html [ Skip ]
+webkit.org/b/156069 fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-unicode.html [ Skip ]
webkit.org/b/156069 http/tests/download/area-download.html [ Skip ]
webkit.org/b/156069 http/tests/security/anchor-download-allow-blob.html [ Skip ]
webkit.org/b/156069 http/tests/security/anchor-download-allow-data.html [ Skip ]
Modified: branches/safari-603-branch/LayoutTests/platform/ios-simulator-wk2/TestExpectations (213157 => 213158)
--- branches/safari-603-branch/LayoutTests/platform/ios-simulator-wk2/TestExpectations 2017-02-28 19:31:30 UTC (rev 213157)
+++ branches/safari-603-branch/LayoutTests/platform/ios-simulator-wk2/TestExpectations 2017-02-28 19:36:56 UTC (rev 213158)
@@ -1833,6 +1833,9 @@
webkit.org/b/156067 fast/dom/HTMLAnchorElement/anchor-download.html [ Skip ]
webkit.org/b/156067 fast/dom/HTMLAnchorElement/anchor-file-blob-convert-to-download.html [ Skip ]
webkit.org/b/156067 fast/dom/HTMLAnchorElement/anchor-file-blob-download.html [ Skip ]
+webkit.org/b/156067 fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-doublequote.html [ Skip ]
+webkit.org/b/156067 fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-slashes.html [ Skip ]
+webkit.org/b/156067 fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-unicode.html [ Skip ]
webkit.org/b/156067 fast/dom/HTMLAnchorElement/anchor-nodownload-set.html [ Skip ]
webkit.org/b/156067 fast/dom/HTMLAnchorElement/anchor-nodownload.html [ Skip ]
webkit.org/b/156067 fast/dom/HTMLAnchorElement/anchor-download-synthetic-click.html [ Skip ]
Modified: branches/safari-603-branch/LayoutTests/platform/mac-wk1/TestExpectations (213157 => 213158)
--- branches/safari-603-branch/LayoutTests/platform/mac-wk1/TestExpectations 2017-02-28 19:31:30 UTC (rev 213157)
+++ branches/safari-603-branch/LayoutTests/platform/mac-wk1/TestExpectations 2017-02-28 19:36:56 UTC (rev 213158)
@@ -209,6 +209,9 @@
webkit.org/b/156069 fast/dom/HTMLAnchorElement/anchor-download-synthetic-click.html [ Skip ]
webkit.org/b/156069 fast/dom/HTMLAnchorElement/anchor-download-user-triggered-synthetic-click.html [ Skip ]
webkit.org/b/156069 fast/dom/HTMLAnchorElement/anchor-file-blob-download.html [ Skip ]
+webkit.org/b/156069 fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-doublequote.html [ Skip ]
+webkit.org/b/156069 fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-slashes.html [ Skip ]
+webkit.org/b/156069 fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-unicode.html [ Skip ]
webkit.org/b/156069 http/tests/download/area-download.html [ Skip ]
webkit.org/b/156069 http/tests/security/anchor-download-allow-blob.html [ Skip ]
webkit.org/b/156069 http/tests/security/anchor-download-allow-data.html [ Skip ]
Modified: branches/safari-603-branch/LayoutTests/platform/win/TestExpectations (213157 => 213158)
--- branches/safari-603-branch/LayoutTests/platform/win/TestExpectations 2017-02-28 19:31:30 UTC (rev 213157)
+++ branches/safari-603-branch/LayoutTests/platform/win/TestExpectations 2017-02-28 19:36:56 UTC (rev 213158)
@@ -448,6 +448,9 @@
fast/dom/HTMLAnchorElement/anchor-download-synthetic-click.html [ Skip ]
fast/dom/HTMLAnchorElement/anchor-download-user-triggered-synthetic-click.html [ Skip ]
fast/dom/HTMLAnchorElement/anchor-file-blob-download.html [ Skip ]
+fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-doublequote.html [ Skip ]
+fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-slashes.html [ Skip ]
+fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-unicode.html [ Skip ]
http/tests/download/area-download.html [ Skip ]
http/tests/security/anchor-download-allow-data.html [ Skip ]
http/tests/security/anchor-download-allow-sameorigin.html [ Skip ]
Modified: branches/safari-603-branch/Source/WebCore/ChangeLog (213157 => 213158)
--- branches/safari-603-branch/Source/WebCore/ChangeLog 2017-02-28 19:31:30 UTC (rev 213157)
+++ branches/safari-603-branch/Source/WebCore/ChangeLog 2017-02-28 19:36:56 UTC (rev 213158)
@@ -1,3 +1,33 @@
+2017-02-28 Matthew Hanson <matthew_han...@apple.com>
+
+ Merge r213076. rdar://problem/30704432
+
+ 2017-02-27 Matthew Hanson <matthew_han...@apple.com>
+
+ Merge r212972. rdar://problem/30704432
+
+ 2017-02-24 Chris Dumez <cdu...@apple.com>
+
+ Download attribute should be sanitized before being used as suggested filename
+ https://bugs.webkit.org/show_bug.cgi?id=168839
+ <rdar://problem/30683109>
+
+ Reviewed by Darin Adler.
+
+ Sanitize Download attribute before using it as a suggested filename for the download.
+ We rely on ResourceResponse's sanitizing of the suggested filename to do so, which has
+ the benefit of being consistent with downloads without the download attribute.
+
+ Tests: fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-doublequote.html
+ fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-slashes.html
+ fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-unicode.html
+
+ * html/HTMLAnchorElement.cpp:
+ (WebCore::HTMLAnchorElement::handleClick):
+ * platform/network/ResourceResponseBase.cpp:
+ (WebCore::ResourceResponseBase::sanitizeSuggestedFilename):
+ * platform/network/ResourceResponseBase.h:
+
2017-02-22 Brent Fulgham <bfulg...@apple.com>
Merge r212828. rdar://problem/30636274
Modified: branches/safari-603-branch/Source/WebCore/html/HTMLAnchorElement.cpp (213157 => 213158)
--- branches/safari-603-branch/Source/WebCore/html/HTMLAnchorElement.cpp 2017-02-28 19:31:30 UTC (rev 213157)
+++ branches/safari-603-branch/Source/WebCore/html/HTMLAnchorElement.cpp 2017-02-28 19:36:56 UTC (rev 213158)
@@ -377,13 +377,13 @@
appendServerMapMousePosition(url, event);
URL completedURL = document().completeURL(url.toString());
- auto downloadAttribute = nullAtom;
+ String downloadAttribute;
#if ENABLE(DOWNLOAD_ATTRIBUTE)
if (RuntimeEnabledFeatures::sharedFeatures().downloadAttributeEnabled()) {
// Ignore the download attribute completely if the href URL is cross origin.
bool isSameOrigin = completedURL.protocolIsData() || document().securityOrigin()->canRequest(completedURL);
if (isSameOrigin)
- downloadAttribute = attributeWithoutSynchronization(downloadAttr);
+ downloadAttribute = ResourceResponse::sanitizeSuggestedFilename(attributeWithoutSynchronization(downloadAttr));
else if (hasAttributeWithoutSynchronization(downloadAttr))
document().addConsoleMessage(MessageSource::Security, MessageLevel::Warning, "The download attribute on anchor was ignored because its href URL has a different security origin.");
}
Modified: branches/safari-603-branch/Source/WebCore/platform/network/ResourceResponseBase.cpp (213157 => 213158)
--- branches/safari-603-branch/Source/WebCore/platform/network/ResourceResponseBase.cpp 2017-02-28 19:31:30 UTC (rev 213157)
+++ branches/safari-603-branch/Source/WebCore/platform/network/ResourceResponseBase.cpp 2017-02-28 19:36:56 UTC (rev 213158)
@@ -224,6 +224,19 @@
return static_cast<const ResourceResponse*>(this)->platformSuggestedFilename();
}
+String ResourceResponseBase::sanitizeSuggestedFilename(const String& suggestedFilename)
+{
+ if (suggestedFilename.isEmpty())
+ return suggestedFilename;
+
+ ResourceResponse response(URL(ParsedURLString, "http://example.com"), String(), -1, String());
+ response.setHTTPStatusCode(200);
+ String escapedSuggestedFilename = String(suggestedFilename).replace('\"', "\\\"");
+ String value = makeString("attachment; filename=\"", escapedSuggestedFilename, '"');
+ response.setHTTPHeaderField(HTTPHeaderName::ContentDisposition, value);
+ return response.suggestedFilename();
+}
+
bool ResourceResponseBase::isSuccessful() const
{
int code = httpStatusCode();
Modified: branches/safari-603-branch/Source/WebCore/platform/network/ResourceResponseBase.h (213157 => 213158)
--- branches/safari-603-branch/Source/WebCore/platform/network/ResourceResponseBase.h 2017-02-28 19:31:30 UTC (rev 213157)
+++ branches/safari-603-branch/Source/WebCore/platform/network/ResourceResponseBase.h 2017-02-28 19:36:56 UTC (rev 213158)
@@ -113,6 +113,7 @@
WEBCORE_EXPORT bool isAttachment() const;
WEBCORE_EXPORT String suggestedFilename() const;
+ WEBCORE_EXPORT static String sanitizeSuggestedFilename(const String&);
WEBCORE_EXPORT void includeCertificateInfo() const;
const std::optional<CertificateInfo>& certificateInfo() const { return m_certificateInfo; };