Skip to site navigation (Press enter)

[webkit-changes] [129585] trunk

abarth Tue, 25 Sep 2012 19:24:50 -0700

Title: [129585] trunk

Revision: 129585
Author: [email protected]
Date: 2012-09-25 19:25:50 -0700 (Tue, 25 Sep 2012)

Log Message

[Chromium] Network requests without a networking context can be started
https://bugs.webkit.org/show_bug.cgi?id=97498


Reviewed by Eric Seidel.

Source/WebCore:

We shouldn't try to start network requests without a networking
context. Other ports have a similar null check.

* platform/network/chromium/ResourceHandle.cpp:
(WebCore::ResourceHandle::start):

LayoutTests:

* http/tests/security/svg-img-leak.html: Added.
* http/tests/security/svg-img-leak-expected.txt: Added.
* http/tests/security/resources/set-cookie.php: Added.

Modified Paths

trunk/LayoutTests/ChangeLog
trunk/Source/WebCore/ChangeLog
trunk/Source/WebCore/platform/network/chromium/ResourceHandle.cpp

Added Paths

trunk/LayoutTests/http/tests/security/resources/set-cookie.php
trunk/LayoutTests/http/tests/security/svg-image-leak-expected.txt
trunk/LayoutTests/http/tests/security/svg-image-leak.html

Diff

Modified: trunk/LayoutTests/ChangeLog (129584 => 129585)


--- trunk/LayoutTests/ChangeLog	2012-09-26 02:16:25 UTC (rev 129584)
+++ trunk/LayoutTests/ChangeLog	2012-09-26 02:25:50 UTC (rev 129585)
@@ -1,3 +1,14 @@
+2012-09-25  Adam Barth  <[email protected]>
+
+        [Chromium] Network requests without a networking context can be started
+        https://bugs.webkit.org/show_bug.cgi?id=97498
+
+        Reviewed by Eric Seidel.
+
+        * http/tests/security/svg-img-leak.html: Added.
+        * http/tests/security/svg-img-leak-expected.txt: Added.
+        * http/tests/security/resources/set-cookie.php: Added.
+
 2012-09-25  Alpha Lam  <[email protected]>
 
         Unreviewed test expectations update. Round two.

Added: trunk/LayoutTests/http/tests/security/resources/set-cookie.php (0 => 129585)


--- trunk/LayoutTests/http/tests/security/resources/set-cookie.php	                        (rev 0)
+++ trunk/LayoutTests/http/tests/security/resources/set-cookie.php	2012-09-26 02:25:50 UTC (rev 129585)
@@ -0,0 +1,4 @@
+<?php
+setcookie($_GET["name"], $_GET["value"], 0, "/");
+?>
+Set <?= $_GET["name"] ?>=<?= $_GET["value"] ?>

Added: trunk/LayoutTests/http/tests/security/svg-image-leak-expected.txt (0 => 129585)


--- trunk/LayoutTests/http/tests/security/svg-image-leak-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/http/tests/security/svg-image-leak-expected.txt	2012-09-26 02:25:50 UTC (rev 129585)
@@ -0,0 +1,4 @@
+ALERT: PASS
+First we load an image as a control to make sure we can set cookies:
+ Then we load an SVGImage to see if we can issue network requests from inside the image:
+

Added: trunk/LayoutTests/http/tests/security/svg-image-leak.html (0 => 129585)


--- trunk/LayoutTests/http/tests/security/svg-image-leak.html	                        (rev 0)
+++ trunk/LayoutTests/http/tests/security/svg-image-leak.html	2012-09-26 02:25:50 UTC (rev 129585)
@@ -0,0 +1,51 @@
+<script>
+if (window.testRunner) {
+    testRunner.dumpAsText();
+    testRunner.waitUntilDone();
+}
+
+window.addEventListener("load", function() {
+    var cookie = document.cookie;
+
+    if (/font/.test(cookie) || /import/.test(cookie))
+        alert("FAIL! Cookies received: " + cookie);
+    else if (/img/.test(cookie))
+        alert("PASS");
+    else
+        alert("FAIL: Did not receive any cookies.")
+
+    document.cookie = "img=; Max-Age=-1; Path=/";
+    document.cookie = "font=; Max-Age=-1; Path=/";
+    document.cookie = "import=; Max-Age=-1; Path=/";
+
+    if (window.testRunner)
+        testRunner.notifyDone();
+}, false);
+</script>
+First we load an image as a control to make sure we can set cookies:<br>
+<img src=""
+
+Then we load an SVGImage to see if we can issue network requests from inside the image:<br>
+<img height=200px src=''>

Modified: trunk/Source/WebCore/ChangeLog (129584 => 129585)


--- trunk/Source/WebCore/ChangeLog	2012-09-26 02:16:25 UTC (rev 129584)
+++ trunk/Source/WebCore/ChangeLog	2012-09-26 02:25:50 UTC (rev 129585)
@@ -1,3 +1,16 @@
+2012-09-25  Adam Barth  <[email protected]>
+
+        [Chromium] Network requests without a networking context can be started
+        https://bugs.webkit.org/show_bug.cgi?id=97498
+
+        Reviewed by Eric Seidel.
+
+        We shouldn't try to start network requests without a networking
+        context. Other ports have a similar null check.
+
+        * platform/network/chromium/ResourceHandle.cpp:
+        (WebCore::ResourceHandle::start):
+
 2012-09-25  Justin Schuh  <[email protected]>
 
         Mask RenderArena freelist entries.

Modified: trunk/Source/WebCore/platform/network/chromium/ResourceHandle.cpp (129584 => 129585)


--- trunk/Source/WebCore/platform/network/chromium/ResourceHandle.cpp	2012-09-26 02:16:25 UTC (rev 129584)
+++ trunk/Source/WebCore/platform/network/chromium/ResourceHandle.cpp	2012-09-26 02:25:50 UTC (rev 129585)
@@ -218,6 +218,9 @@
 
 bool ResourceHandle::start(NetworkingContext* context)
 {
+    if (!context)
+        return false;
+
     d->start();
     return true;
 }

_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo/webkit-changes