Diff
Modified: branches/safari-534.54-branch/LayoutTests/ChangeLog (104249 => 104250)
--- branches/safari-534.54-branch/LayoutTests/ChangeLog 2012-01-06 01:02:07 UTC (rev 104249)
+++ branches/safari-534.54-branch/LayoutTests/ChangeLog 2012-01-06 01:05:10 UTC (rev 104250)
@@ -1,5 +1,23 @@
2011-1-5 Lucas Forschler <[email protected]>
+ Merge 100203
+
+ 2011-11-14 Adam Barth <[email protected]>
+
+ Cross-origin drag-and-drop prevention ineffective
+ https://bugs.webkit.org/show_bug.cgi?id=72322
+
+ Reviewed by Eric Seidel.
+
+ Split drag-drop-dead-frame.html into two tests: one that tests for the
+ previous crash and one that tests out data URL drag-and-drop behavior.
+
+ * editing/pasteboard/drag-drop-dead-frame.html:
+ * editing/pasteboard/drag-drop-to-data-url-expected.txt: Added.
+ * editing/pasteboard/drag-drop-to-data-url.html: Added.
+
+2011-1-5 Lucas Forschler <[email protected]>
+
Merge 99756
2011-11-09 Ken Buchanan <[email protected]>
Modified: branches/safari-534.54-branch/LayoutTests/editing/pasteboard/drag-drop-dead-frame.html (104249 => 104250)
--- branches/safari-534.54-branch/LayoutTests/editing/pasteboard/drag-drop-dead-frame.html 2012-01-06 01:02:07 UTC (rev 104249)
+++ branches/safari-534.54-branch/LayoutTests/editing/pasteboard/drag-drop-dead-frame.html 2012-01-06 01:05:10 UTC (rev 104250)
@@ -74,7 +74,7 @@
<p>Check you don't crash when your previous drag target frame is deleted <rdar://problem/5049842></p>
<div><span id="dragme">hello</span></div>
-<iframe id=targetframe src=""
+<iframe id=targetframe src=""
<script>runEditingTest();</script>
</body>
</html>
Copied: branches/safari-534.54-branch/LayoutTests/editing/pasteboard/drag-drop-to-data-url-expected.txt (from rev 100203, trunk/LayoutTests/editing/pasteboard/drag-drop-to-data-url-expected.txt) (0 => 104250)
--- branches/safari-534.54-branch/LayoutTests/editing/pasteboard/drag-drop-to-data-url-expected.txt (rev 0)
+++ branches/safari-534.54-branch/LayoutTests/editing/pasteboard/drag-drop-to-data-url-expected.txt 2012-01-06 01:05:10 UTC (rev 104250)
@@ -0,0 +1,5 @@
+EDITING DELEGATE: webViewDidChangeSelection:WebViewDidChangeSelectionNotification
+Check you can't drag into a data URL
+
+hello
+
Copied: branches/safari-534.54-branch/LayoutTests/editing/pasteboard/drag-drop-to-data-url.html (from rev 100203, trunk/LayoutTests/editing/pasteboard/drag-drop-to-data-url.html) (0 => 104250)
--- branches/safari-534.54-branch/LayoutTests/editing/pasteboard/drag-drop-to-data-url.html (rev 0)
+++ branches/safari-534.54-branch/LayoutTests/editing/pasteboard/drag-drop-to-data-url.html 2012-01-06 01:05:10 UTC (rev 104250)
@@ -0,0 +1,60 @@
+<html>
+<head>
+<script src="" type="text/_javascript_"></script>
+<script>
+
+var framex;
+var framey;
+
+function editingTest() {
+
+ if (!window.layoutTestController) {
+ alert('This test requires layoutTestController to run!');
+ return;
+ }
+
+ layoutTestController.waitUntilDone();
+ layoutTestController.dumpAsText();
+
+ var t = document.getElementById("targetframe");
+ framex = t.offsetLeft + 10;
+ framey = t.offsetTop + t.offsetHeight / 2;
+
+ // Drag 'hello'
+ dragDropIt();
+}
+
+
+function dragDropIt() {
+ var e = document.getElementById("dragme");
+ window.getSelection().setBaseAndExtent(e, 0, e, 4);
+ x = e.offsetLeft + 10;
+ y = e.offsetTop + e.offsetHeight / 2;
+ eventSender.mouseMoveTo(x, y);
+ eventSender.mouseDown();
+
+ eventSender.leapForward(500);
+ eventSender.mouseMoveTo(framex, framey);
+ setTimeout(dropIt, 100);
+}
+
+function dropIt() {
+
+ // Drop it off to the frame
+ eventSender.mouseUp();
+ if (window.layoutTestController)
+ layoutTestController.notifyDone();
+}
+
+
+</script>
+<title>Check you can't drag into a data URL</title>
+</head>
+<body>
+
+<p>Check you can't drag into a data URL</p>
+<div><span id="dragme">hello</span></div>
+<iframe id=targetframe src=""
+<script>runEditingTest();</script>
+</body>
+</html>
Copied: branches/safari-534.54-branch/LayoutTests/editing/pasteboard/resources/editable-iframe.html (from rev 100203, trunk/LayoutTests/editing/pasteboard/resources/editable-iframe.html) (0 => 104250)
--- branches/safari-534.54-branch/LayoutTests/editing/pasteboard/resources/editable-iframe.html (rev 0)
+++ branches/safari-534.54-branch/LayoutTests/editing/pasteboard/resources/editable-iframe.html 2012-01-06 01:05:10 UTC (rev 104250)
@@ -0,0 +1 @@
+<body contentEditable=true>
Modified: branches/safari-534.54-branch/Source/WebCore/ChangeLog (104249 => 104250)
--- branches/safari-534.54-branch/Source/WebCore/ChangeLog 2012-01-06 01:02:07 UTC (rev 104249)
+++ branches/safari-534.54-branch/Source/WebCore/ChangeLog 2012-01-06 01:05:10 UTC (rev 104250)
@@ -1,5 +1,23 @@
2011-1-5 Lucas Forschler <[email protected]>
+ Merge 100203
+
+ 2011-11-14 Adam Barth <[email protected]>
+
+ Don't special-case "data" URLs in drag-and-drop logic
+ https://bugs.webkit.org/show_bug.cgi?id=72322
+
+ Reviewed by Eric Seidel.
+
+ See the bug for more details.
+
+ Test: editing/pasteboard/drag-drop-to-data-url.html
+
+ * page/SecurityOrigin.cpp:
+ (WebCore::SecurityOrigin::canReceiveDragData):
+
+2011-1-5 Lucas Forschler <[email protected]>
+
Merge 99999
2011-11-11 David Kilzer <[email protected]>
Modified: branches/safari-534.54-branch/Source/WebCore/page/SecurityOrigin.cpp (104249 => 104250)
--- branches/safari-534.54-branch/Source/WebCore/page/SecurityOrigin.cpp 2012-01-06 01:02:07 UTC (rev 104249)
+++ branches/safari-534.54-branch/Source/WebCore/page/SecurityOrigin.cpp 2012-01-06 01:05:10 UTC (rev 104250)
@@ -304,13 +304,6 @@
if (this == dragInitiator)
return true;
- // FIXME: Currently we treat data URLs as having a unique origin, contrary to the
- // current (9/19/2009) draft of the HTML5 specification. We still want to allow
- // drop across data URLs, so we special case data URLs below. If we change to
- // match HTML5 w.r.t. data URL security, then we can remove this check.
- if (m_protocol == "data")
- return true;
-
return canAccess(dragInitiator);
}
