Title: [99466] trunk
- Revision
- 99466
- Author
- [email protected]
- Date
- 2011-11-07 13:05:06 -0800 (Mon, 07 Nov 2011)
Log Message
iframe sandbox treats vertical tab as a valid delimiter
https://bugs.webkit.org/show_bug.cgi?id=71704
Reviewed by Eric Seidel.
Source/WebCore:
This patch adjusts our parser slightly to match the HTML5 spec. The
only difference is in how we handle vertical tabs. Previously, we
treated them as a delimiter, but we're not supposed to do that.
Test: fast/frames/sandboxed-iframe-parsing-space-characters.html
* page/SecurityOrigin.cpp:
(WebCore::SecurityOrigin::parseSandboxPolicy):
LayoutTests:
Test which space-like charaters are treating as delimiters.
* fast/frames/sandboxed-iframe-parsing-space-characters-expected.txt: Added.
* fast/frames/sandboxed-iframe-parsing-space-characters.html: Added.
Modified Paths
Added Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (99465 => 99466)
--- trunk/LayoutTests/ChangeLog 2011-11-07 21:01:45 UTC (rev 99465)
+++ trunk/LayoutTests/ChangeLog 2011-11-07 21:05:06 UTC (rev 99466)
@@ -1,3 +1,15 @@
+2011-11-07 Adam Barth <[email protected]>
+
+ iframe sandbox treats vertical tab as a valid delimiter
+ https://bugs.webkit.org/show_bug.cgi?id=71704
+
+ Reviewed by Eric Seidel.
+
+ Test which space-like charaters are treating as delimiters.
+
+ * fast/frames/sandboxed-iframe-parsing-space-characters-expected.txt: Added.
+ * fast/frames/sandboxed-iframe-parsing-space-characters.html: Added.
+
2011-11-07 Ken Buchanan <[email protected]>
Crash due to mixed direction text runs
Added: trunk/LayoutTests/fast/frames/sandboxed-iframe-parsing-space-characters-expected.txt (0 => 99466)
--- trunk/LayoutTests/fast/frames/sandboxed-iframe-parsing-space-characters-expected.txt (rev 0)
+++ trunk/LayoutTests/fast/frames/sandboxed-iframe-parsing-space-characters-expected.txt 2011-11-07 21:05:06 UTC (rev 99466)
@@ -0,0 +1,7 @@
+ALERT: PASS: Form feed is a delimiter.
+ALERT: PASS: Newline is a delimiter.
+ALERT: PASS: Return is a delimiter.
+ALERT: PASS: Tab is a delimiter.
+ALERT: PASS: Space is a delimiter character.
+This tests whether we correct parse various space characters in the sandbox attribute.
+
Added: trunk/LayoutTests/fast/frames/sandboxed-iframe-parsing-space-characters.html (0 => 99466)
--- trunk/LayoutTests/fast/frames/sandboxed-iframe-parsing-space-characters.html (rev 0)
+++ trunk/LayoutTests/fast/frames/sandboxed-iframe-parsing-space-characters.html 2011-11-07 21:05:06 UTC (rev 99466)
@@ -0,0 +1,40 @@
+This tests whether we correct parse various space characters in the sandbox attribute.<br>
+<script>
+var testCases = [
+ [' ', 'PASS: Space is a delimiter character.'],
+ ['\t', 'PASS: Tab is a delimiter.'],
+ ['x', 'FAIL: x is not a delimiter.'],
+ ['\r', 'PASS: Return is a delimiter.'],
+ ['\n', 'PASS: Newline is a delimiter.'],
+ ['\v', 'FAIL: Vertical tab is not a delimiter.'],
+ ['\f', 'PASS: Form feed is a delimiter.'],
+]
+
+function next() {
+ if (testCases.length) {
+ var testCase = testCases.pop();
+ testCharacter.apply(null, testCase);
+ return;
+ }
+
+ if (window.layoutTestController)
+ layoutTestController.notifyDone();
+}
+
+function testCharacter(possibleDelimiter, message) {
+ var policy = "allow-scripts" + possibleDelimiter + "allow-forms";
+ var iframe = document.createElement('iframe');
+ iframe.sandbox = policy;
+ iframe.src = "" + message + "');<\/script>";
+ iframe._onload_ = next;
+ document.body.appendChild(iframe);
+}
+
+if (window.layoutTestController) {
+ layoutTestController.dumpAsText();
+ layoutTestController.waitUntilDone();
+}
+
+next();
+
+</script>
Modified: trunk/Source/WebCore/ChangeLog (99465 => 99466)
--- trunk/Source/WebCore/ChangeLog 2011-11-07 21:01:45 UTC (rev 99465)
+++ trunk/Source/WebCore/ChangeLog 2011-11-07 21:05:06 UTC (rev 99466)
@@ -1,5 +1,21 @@
2011-11-07 Adam Barth <[email protected]>
+ iframe sandbox treats vertical tab as a valid delimiter
+ https://bugs.webkit.org/show_bug.cgi?id=71704
+
+ Reviewed by Eric Seidel.
+
+ This patch adjusts our parser slightly to match the HTML5 spec. The
+ only difference is in how we handle vertical tabs. Previously, we
+ treated them as a delimiter, but we're not supposed to do that.
+
+ Test: fast/frames/sandboxed-iframe-parsing-space-characters.html
+
+ * page/SecurityOrigin.cpp:
+ (WebCore::SecurityOrigin::parseSandboxPolicy):
+
+2011-11-07 Adam Barth <[email protected]>
+
Factor SecurityContext out of ScriptExecutionContext
https://bugs.webkit.org/show_bug.cgi?id=71721
Modified: trunk/Source/WebCore/page/SecurityOrigin.cpp (99465 => 99466)
--- trunk/Source/WebCore/page/SecurityOrigin.cpp 2011-11-07 21:01:45 UTC (rev 99465)
+++ trunk/Source/WebCore/page/SecurityOrigin.cpp 2011-11-07 21:05:06 UTC (rev 99466)
@@ -32,6 +32,7 @@
#include "BlobURL.h"
#include "Document.h"
#include "FileSystem.h"
+#include "HTMLParserIdioms.h"
#include "KURL.h"
#include "OriginAccessEntry.h"
#include "SchemeRegistry.h"
@@ -551,12 +552,12 @@
unsigned length = policy.length();
unsigned start = 0;
while (true) {
- while (start < length && isASCIISpace(characters[start]))
+ while (start < length && isHTMLSpace(characters[start]))
++start;
if (start >= length)
break;
unsigned end = start + 1;
- while (end < length && !isASCIISpace(characters[end]))
+ while (end < length && !isHTMLSpace(characters[end]))
++end;
// Turn off the corresponding sandbox flag if it's set as "allowed".
_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
