Diff
Modified: trunk/LayoutTests/ChangeLog (253945 => 253946)
--- trunk/LayoutTests/ChangeLog 2019-12-30 17:01:16 UTC (rev 253945)
+++ trunk/LayoutTests/ChangeLog 2019-12-30 17:10:13 UTC (rev 253946)
@@ -1,3 +1,19 @@
+2019-12-30 youenn fablet <[email protected]>
+
+ Ignore URL host for schemes that are not using host information
+ https://bugs.webkit.org/show_bug.cgi?id=205157
+
+ Reviewed by Darin Adler.
+
+ * http/tests/local/file-url-host-expected.txt: Added.
+ * http/tests/local/file-url-host.html: Added.
+ * http/tests/security/about-url-host-expected.txt: Added.
+ * http/tests/security/about-url-host.html: Added.
+ * http/tests/security/data-url-host-expected.txt: Added.
+ * http/tests/security/data-url-host.html: Added.
+ * http/tests/security/_javascript_-url-host-expected.txt: Added.
+ * http/tests/security/_javascript_-url-host.html: Added.
+
2019-12-27 Dean Jackson <[email protected]>
[WebGL] Add a pure virtual base class for GraphicsContext3D
Added: trunk/LayoutTests/http/tests/local/file-url-host-expected.txt (0 => 253946)
--- trunk/LayoutTests/http/tests/local/file-url-host-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/local/file-url-host-expected.txt 2019-12-30 17:10:13 UTC (rev 253946)
@@ -0,0 +1 @@
+PASS
Added: trunk/LayoutTests/http/tests/local/file-url-host.html (0 => 253946)
--- trunk/LayoutTests/http/tests/local/file-url-host.html (rev 0)
+++ trunk/LayoutTests/http/tests/local/file-url-host.html 2019-12-30 17:10:13 UTC (rev 253946)
@@ -0,0 +1,18 @@
+<!DOCTYPE html>
+<body>
+<script>
+ if (window.testRunner) {
+ testRunner.waitUntilDone();
+ testRunner.dumpAsText();
+ }
+ if (location.hash === "")
+ window.location = window.location.href.replace("file:///", "file://example.org/") + "?test#test-host";
+ else if (location.hash === "#test")
+ window.location = window.location.href.replace("file://example.org/", "file:///").replace("?test#test-host", "") + "?test2#test-host" + window.location.host;
+ else {
+ document.body.innerHTML = window.location.hash === "#test-host" ? "PASS": ("FAIL, got: " + window.location.hash);
+ if (window.testRunner)
+ testRunner.notifyDone();
+ }
+</script>
+</body>
Added: trunk/LayoutTests/http/tests/security/about-url-host-expected.txt (0 => 253946)
--- trunk/LayoutTests/http/tests/security/about-url-host-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/security/about-url-host-expected.txt 2019-12-30 17:10:13 UTC (rev 253946)
@@ -0,0 +1 @@
+PASS
Added: trunk/LayoutTests/http/tests/security/about-url-host.html (0 => 253946)
--- trunk/LayoutTests/http/tests/security/about-url-host.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/about-url-host.html 2019-12-30 17:10:13 UTC (rev 253946)
@@ -0,0 +1,23 @@
+<!DOCTYPE html>
+<body>
+<script>
+if (window.testRunner) {
+ testRunner.waitUntilDone();
+ testRunner.dumpAsText();
+}
+function test() {
+ try {
+ if (window.internals) {
+ const host = internals.windowLocationHost(testFrame.contentWindow);
+ document.body.innerHTML = host === "" ? "PASS" : "FAIL, got " + host;
+ }
+ } catch (e) {
+ console.log(e);
+ }
+
+ if (window.testRunner)
+ testRunner.notifyDone();
+}
+</script>
+<iframe id="testFrame" _onload_="test()" src=""
+</body>
Added: trunk/LayoutTests/http/tests/security/data-url-host-expected.txt (0 => 253946)
--- trunk/LayoutTests/http/tests/security/data-url-host-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/security/data-url-host-expected.txt 2019-12-30 17:10:13 UTC (rev 253946)
@@ -0,0 +1 @@
+PASS
Added: trunk/LayoutTests/http/tests/security/data-url-host.html (0 => 253946)
--- trunk/LayoutTests/http/tests/security/data-url-host.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/data-url-host.html 2019-12-30 17:10:13 UTC (rev 253946)
@@ -0,0 +1,23 @@
+<!DOCTYPE html>
+<body>
+<script>
+if (window.testRunner) {
+ testRunner.waitUntilDone();
+ testRunner.dumpAsText();
+}
+function test() {
+ try {
+ if (window.internals) {
+ const host = internals.windowLocationHost(testFrame.contentWindow);
+ document.body.innerHTML = host === "" ? "PASS" : "FAIL, got " + host;
+ }
+ } catch (e) {
+ console.log(e);
+ }
+
+ if (window.testRunner)
+ testRunner.notifyDone();
+}
+</script>
+<iframe id="testFrame" _onload_="test()" src=""
+</body>
Added: trunk/LayoutTests/http/tests/security/_javascript_-url-host-expected.txt (0 => 253946)
--- trunk/LayoutTests/http/tests/security/_javascript_-url-host-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/security/_javascript_-url-host-expected.txt 2019-12-30 17:10:13 UTC (rev 253946)
@@ -0,0 +1 @@
+PASS
Added: trunk/LayoutTests/http/tests/security/_javascript_-url-host.html (0 => 253946)
--- trunk/LayoutTests/http/tests/security/_javascript_-url-host.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/_javascript_-url-host.html 2019-12-30 17:10:13 UTC (rev 253946)
@@ -0,0 +1,23 @@
+<!DOCTYPE html>
+<body>
+<script>
+if (window.testRunner) {
+ testRunner.waitUntilDone();
+ testRunner.dumpAsText();
+}
+function test() {
+ try {
+ if (window.internals) {
+ const host = internals.windowLocationHost(testFrame.contentWindow);
+ document.body.innerHTML = host === "" ? "PASS" : "FAIL, got " + host;
+ }
+ } catch (e) {
+ console.log(e);
+ }
+
+ if (window.testRunner)
+ testRunner.notifyDone();
+}
+</script>
+<iframe id="testFrame" _onload_="test()" src=""
+</body>
Modified: trunk/Source/WTF/ChangeLog (253945 => 253946)
--- trunk/Source/WTF/ChangeLog 2019-12-30 17:01:16 UTC (rev 253945)
+++ trunk/Source/WTF/ChangeLog 2019-12-30 17:10:13 UTC (rev 253946)
@@ -1,3 +1,15 @@
+2019-12-30 youenn fablet <[email protected]>
+
+ Ignore URL host for schemes that are not using host information
+ https://bugs.webkit.org/show_bug.cgi?id=205157
+ <rdar://problem/57825963>
+
+ Reviewed by Darin Adler.
+
+ * wtf/URL.cpp:
+ (WTF::URL::removeHostAndPort):
+ * wtf/URL.h:
+
2019-12-25 Dean Jackson <[email protected]>
[WebGL] Enable ANGLE by default for Cocoa platforms (except simulator)
Modified: trunk/Source/WTF/wtf/URL.cpp (253945 => 253946)
--- trunk/Source/WTF/wtf/URL.cpp 2019-12-30 17:01:16 UTC (rev 253945)
+++ trunk/Source/WTF/wtf/URL.cpp 2019-12-30 17:10:13 UTC (rev 253946)
@@ -474,6 +474,15 @@
*this = parser.result();
}
+void URL::removeHostAndPort()
+{
+ if (!m_isValid)
+ return;
+ if (!host().isEmpty())
+ setHost({ });
+ removePort();
+}
+
void URL::setHostAndPort(const String& hostAndPort)
{
if (!m_isValid)
Modified: trunk/Source/WTF/wtf/URL.h (253945 => 253946)
--- trunk/Source/WTF/wtf/URL.h 2019-12-30 17:01:16 UTC (rev 253945)
+++ trunk/Source/WTF/wtf/URL.h 2019-12-30 17:10:13 UTC (rev 253946)
@@ -145,6 +145,7 @@
// Input is like "foo.com" or "foo.com:8000".
void setHostAndPort(const String&);
+ void removeHostAndPort();
void setUser(const String&);
void setPass(const String&);
Modified: trunk/Source/WebCore/ChangeLog (253945 => 253946)
--- trunk/Source/WebCore/ChangeLog 2019-12-30 17:01:16 UTC (rev 253945)
+++ trunk/Source/WebCore/ChangeLog 2019-12-30 17:10:13 UTC (rev 253946)
@@ -1,3 +1,34 @@
+2019-12-30 youenn fablet <[email protected]>
+
+ Ignore URL host for schemes that are not using host information
+ https://bugs.webkit.org/show_bug.cgi?id=205157
+ rdar://problem/57825963
+
+ Reviewed by Darin Adler.
+
+ Tests: http/tests/local/file-url-host.html
+ http/tests/security/about-url-host.html
+ http/tests/security/data-url-host.html
+ http/tests/security/_javascript_-url-host.html
+
+ Whenever setting the document URL, remove the host information if its scheme is not supposed to have a host.
+ This is done for file, data and about schemes.
+
+ Add internals APIs to test this.
+
+ * dom/Document.cpp:
+ (WebCore::Document::setURL):
+ * page/DOMWindow.h:
+ * page/Location.h:
+ * page/Location.idl:
+ * page/SecurityOrigin.cpp:
+ (WebCore::SecurityOrigin::shouldIgnoreHost):
+ * page/SecurityOrigin.h:
+ * testing/Internals.cpp:
+ (WebCore::Internals::windowLocationHost):
+ * testing/Internals.h:
+ * testing/Internals.idl:
+
2019-12-29 Yusuke Suzuki <[email protected]>
Unreviewed, build fix after r253938
Modified: trunk/Source/WebCore/dom/Document.cpp (253945 => 253946)
--- trunk/Source/WebCore/dom/Document.cpp 2019-12-30 17:01:16 UTC (rev 253945)
+++ trunk/Source/WebCore/dom/Document.cpp 2019-12-30 17:10:13 UTC (rev 253946)
@@ -3235,6 +3235,9 @@
return;
m_url = newURL;
+ if (SecurityOrigin::shouldIgnoreHost(m_url))
+ m_url.removeHostAndPort();
+
m_documentURI = m_url.string();
updateBaseURL();
}
Modified: trunk/Source/WebCore/page/DOMWindow.h (253945 => 253946)
--- trunk/Source/WebCore/page/DOMWindow.h 2019-12-30 17:01:16 UTC (rev 253945)
+++ trunk/Source/WebCore/page/DOMWindow.h 2019-12-30 17:10:13 UTC (rev 253946)
@@ -176,7 +176,7 @@
Navigator* optionalNavigator() const { return m_navigator.get(); }
Navigator& clientInformation() { return navigator(); }
- Location& location();
+ WEBCORE_EXPORT Location& location();
void setLocation(DOMWindow& activeWindow, const URL& completedURL, SetLocationLocking = LockHistoryBasedOnGestureState);
DOMSelection* getSelection();
Modified: trunk/Source/WebCore/page/Location.h (253945 => 253946)
--- trunk/Source/WebCore/page/Location.h 2019-12-30 17:01:16 UTC (rev 253945)
+++ trunk/Source/WebCore/page/Location.h 2019-12-30 17:10:13 UTC (rev 253946)
@@ -52,7 +52,7 @@
ExceptionOr<void> setProtocol(DOMWindow& activeWindow, DOMWindow& firstWindow, const String&);
String protocol() const;
ExceptionOr<void> setHost(DOMWindow& activeWindow, DOMWindow& firstWindow, const String&);
- String host() const;
+ WEBCORE_EXPORT String host() const;
ExceptionOr<void> setHostname(DOMWindow& activeWindow, DOMWindow& firstWindow, const String&);
String hostname() const;
ExceptionOr<void> setPort(DOMWindow& activeWindow, DOMWindow& firstWindow, const String&);
Modified: trunk/Source/WebCore/page/Location.idl (253945 => 253946)
--- trunk/Source/WebCore/page/Location.idl 2019-12-30 17:01:16 UTC (rev 253945)
+++ trunk/Source/WebCore/page/Location.idl 2019-12-30 17:10:13 UTC (rev 253946)
@@ -38,6 +38,7 @@
CustomPut,
CustomPutOnPrototype,
CustomToStringName,
+ ExportMacro=WEBCORE_EXPORT,
GenerateIsReachable=ReachableFromDOMWindow,
IsImmutablePrototypeExoticObject,
ImplementationLacksVTable,
Modified: trunk/Source/WebCore/page/SecurityOrigin.cpp (253945 => 253946)
--- trunk/Source/WebCore/page/SecurityOrigin.cpp 2019-12-30 17:01:16 UTC (rev 253945)
+++ trunk/Source/WebCore/page/SecurityOrigin.cpp 2019-12-30 17:10:13 UTC (rev 253946)
@@ -56,6 +56,11 @@
return url.protocolIsInHTTPFamily() || url.protocolIs("ftp");
}
+bool SecurityOrigin::shouldIgnoreHost(const URL& url)
+{
+ return url.protocolIsData() || url.protocolIsAbout() || protocolIsJavaScript(url) || url.protocolIs("file");
+}
+
bool SecurityOrigin::shouldUseInnerURL(const URL& url)
{
// FIXME: Blob URLs don't have inner URLs. Their form is "blob:<inner-origin>/<UUID>", so treating the part after "blob:" as a URL is incorrect.
Modified: trunk/Source/WebCore/page/SecurityOrigin.h (253945 => 253946)
--- trunk/Source/WebCore/page/SecurityOrigin.h 2019-12-30 17:01:16 UTC (rev 253945)
+++ trunk/Source/WebCore/page/SecurityOrigin.h 2019-12-30 17:10:13 UTC (rev 253946)
@@ -88,6 +88,8 @@
const String& domain() const { return m_domain; }
Optional<uint16_t> port() const { return m_data.port; }
+ static bool shouldIgnoreHost(const URL&);
+
// Returns true if a given URL is secure, based either directly on its
// own protocol, or, when relevant, on the protocol of its "inner URL"
// Protocols like blob: and filesystem: fall into this latter category.
Modified: trunk/Source/WebCore/testing/Internals.cpp (253945 => 253946)
--- trunk/Source/WebCore/testing/Internals.cpp 2019-12-30 17:01:16 UTC (rev 253945)
+++ trunk/Source/WebCore/testing/Internals.cpp 2019-12-30 17:10:13 UTC (rev 253946)
@@ -116,6 +116,7 @@
#include "LegacySchemeRegistry.h"
#include "LibWebRTCProvider.h"
#include "LoaderStrategy.h"
+#include "Location.h"
#include "MallocStatistics.h"
#include "MediaDevices.h"
#include "MediaEngineConfigurationFactory.h"
@@ -5392,4 +5393,9 @@
#endif
}
+String Internals::windowLocationHost(DOMWindow& window)
+{
+ return window.location().host();
+}
+
} // namespace WebCore
Modified: trunk/Source/WebCore/testing/Internals.h (253945 => 253946)
--- trunk/Source/WebCore/testing/Internals.h 2019-12-30 17:01:16 UTC (rev 253945)
+++ trunk/Source/WebCore/testing/Internals.h 2019-12-30 17:10:13 UTC (rev 253946)
@@ -78,6 +78,7 @@
class InternalsMapLike;
class InternalSettings;
class InternalsSetLike;
+class Location;
class MallocStatistics;
class MediaSession;
class MediaStream;
@@ -919,6 +920,8 @@
String highlightPseudoElementColor(const String& highlightName, Element&);
+ String windowLocationHost(DOMWindow&);
+
private:
explicit Internals(Document&);
Document* contextDocument() const;
Modified: trunk/Source/WebCore/testing/Internals.idl (253945 => 253946)
--- trunk/Source/WebCore/testing/Internals.idl 2019-12-30 17:01:16 UTC (rev 253945)
+++ trunk/Source/WebCore/testing/Internals.idl 2019-12-30 17:10:13 UTC (rev 253946)
@@ -770,6 +770,8 @@
[CallWith=Document] void queueTaskToQueueMicrotask(DOMString source, VoidCallback callback);
[MayThrowException] boolean hasSameEventLoopAs(WindowProxy windowProxy);
+ DOMString windowLocationHost(DOMWindow window);
+
void markContextAsInsecure();
void setMaxCanvasPixelMemory(unsigned long size);
