[webkit-changes] [115148] trunk

Tue, 24 Apr 2012 17:43:04 -0700

Title: [115148] trunk
Revision
115148
Author
[email protected]
Date
2012-04-24 17:43:31 -0700 (Tue, 24 Apr 2012)

Log Message

Prevent drag and drop from setting file URLs
https://bugs.webkit.org/show_bug.cgi?id=76596

Reviewed by Enrica Casucci.

Source/WebCore:

Blacklisted file URLs from being set via dataTransfer.setData for specific types.

* platform/mac/ClipboardMac.mm:
(WebCore::ClipboardMac::setData):

LayoutTests:

Updated tests to reflect new expectations.

* http/tests/security/dataTransfer-set-data-file-url.html:
* platform/mac/editing/pasteboard/dataTransfer-set-data-file-url.html:

Modified Paths

Diff

Modified: trunk/LayoutTests/ChangeLog (115147 => 115148)


--- trunk/LayoutTests/ChangeLog	2012-04-25 00:33:25 UTC (rev 115147)
+++ trunk/LayoutTests/ChangeLog	2012-04-25 00:43:31 UTC (rev 115148)
@@ -1,3 +1,15 @@
+2012-04-24  Jeffrey Pfau  <[email protected]>
+
+        Prevent drag and drop from setting file URLs
+        https://bugs.webkit.org/show_bug.cgi?id=76596
+
+        Reviewed by Enrica Casucci.
+
+        Updated tests to reflect new expectations.
+
+        * http/tests/security/dataTransfer-set-data-file-url.html:
+        * platform/mac/editing/pasteboard/dataTransfer-set-data-file-url.html:
+
 2012-04-24  Alpha Lam  <[email protected]>
 
         [chromium] Unreviewed test expectations update.

Modified: trunk/LayoutTests/http/tests/security/dataTransfer-set-data-file-url.html (115147 => 115148)


--- trunk/LayoutTests/http/tests/security/dataTransfer-set-data-file-url.html	2012-04-25 00:33:25 UTC (rev 115147)
+++ trunk/LayoutTests/http/tests/security/dataTransfer-set-data-file-url.html	2012-04-25 00:43:31 UTC (rev 115148)
@@ -8,10 +8,7 @@
             objCPlugin.removeBridgeRestrictions_(window);
             var pasteboard = objc('NSPasteboard').pasteboardWithName_('Apple CFPasteboard drag');
             var data = ""
-            var isPageLocal = (window.location.protocol == 'file:');
-            if (isPageLocal && !data) {
-                alert('NSFilenamesPboardType was incorrectly missing.');
-            } else if (!isPageLocal && data) {
+            if (data) {
                 alert('NSFilenamesPboardType was incorrectly present.');
             }
         } catch (ex) {

Modified: trunk/LayoutTests/platform/mac/editing/pasteboard/dataTransfer-set-data-file-url.html (115147 => 115148)


--- trunk/LayoutTests/platform/mac/editing/pasteboard/dataTransfer-set-data-file-url.html	2012-04-25 00:33:25 UTC (rev 115147)
+++ trunk/LayoutTests/platform/mac/editing/pasteboard/dataTransfer-set-data-file-url.html	2012-04-25 00:43:31 UTC (rev 115148)
@@ -8,10 +8,7 @@
             objCPlugin.removeBridgeRestrictions_(window);
             var pasteboard = objc('NSPasteboard').pasteboardWithName_('Apple CFPasteboard drag');
             var data = ""
-            var isPageLocal = (window.location.protocol == 'file:');
-            if (isPageLocal && !data) {
-                alert('NSFilenamesPboardType was incorrectly missing.');
-            } else if (!isPageLocal && data) {
+            if (data) {
                 alert('NSFilenamesPboardType was incorrectly present.');
             }
         } catch (ex) {

Modified: trunk/Source/WebCore/ChangeLog (115147 => 115148)


--- trunk/Source/WebCore/ChangeLog	2012-04-25 00:33:25 UTC (rev 115147)
+++ trunk/Source/WebCore/ChangeLog	2012-04-25 00:43:31 UTC (rev 115148)
@@ -1,3 +1,15 @@
+2012-04-24  Jeffrey Pfau  <[email protected]>
+
+        Prevent drag and drop from setting file URLs
+        https://bugs.webkit.org/show_bug.cgi?id=76596
+
+        Reviewed by Enrica Casucci.
+
+        Blacklisted file URLs from being set via dataTransfer.setData for specific types.
+
+        * platform/mac/ClipboardMac.mm:
+        (WebCore::ClipboardMac::setData):
+
 2012-04-24  Enrica Casucci  <[email protected]>
 
         REGRESSION (r109022) Safari not placing service data on pasteboard.

Modified: trunk/Source/WebCore/platform/mac/ClipboardMac.mm (115147 => 115148)


--- trunk/Source/WebCore/platform/mac/ClipboardMac.mm	2012-04-25 00:33:25 UTC (rev 115147)
+++ trunk/Source/WebCore/platform/mac/ClipboardMac.mm	2012-04-25 00:43:31 UTC (rev 115148)
@@ -249,23 +249,16 @@
     const String& cocoaType = cocoaTypeFromHTMLClipboardType(type);
     String cocoaData = data;
 
-    if (cocoaType == String(NSURLPboardType)) {
+    if (cocoaType == String(NSURLPboardType) || cocoaType == String(kUTTypeFileURL)) {
+        NSURL *url = "" URLWithString:cocoaData];
+        if ([url isFileURL])
+            return false;
+
         Vector<String> types;
-        types.append(String(NSURLPboardType));
+        types.append(cocoaType);
+        platformStrategies()->pasteboardStrategy()->setTypes(types, m_pasteboardName);
+        platformStrategies()->pasteboardStrategy()->setStringForType(cocoaData, cocoaType, m_pasteboardName);
 
-        platformStrategies()->pasteboardStrategy()->addTypes(types, m_pasteboardName);
-        platformStrategies()->pasteboardStrategy()->setStringForType(cocoaData, String(NSURLPboardType), m_pasteboardName);
-        NSURL *url = "" alloc] initWithString:cocoaData];
-
-        if ([url isFileURL] && m_frame->document()->securityOrigin()->canLoadLocalResources()) {
-            types.append(String(NSFilenamesPboardType));
-            platformStrategies()->pasteboardStrategy()->addTypes(types, m_pasteboardName);
-            Vector<String> fileList;
-            fileList.append(String([url path]));
-            platformStrategies()->pasteboardStrategy()->setPathnamesForType(fileList, String(NSFilenamesPboardType), m_pasteboardName);
-        }
-
-        [url release];
         return true;
     }
 

_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes

Reply via email to