[webkit-changes] [133538] trunk

[pdr]

Title: [133538] trunk

Revision

133538

Author

p...@google.com

Date

2012-11-05 16:13:50 -0800 (Mon, 05 Nov 2012)

Log Message

Unblock SVG external references
https://bugs.webkit.org/show_bug.cgi?id=100635

Reviewed by Adam Barth.

This patch reverts r132849 and r132869 because the potential XSS issue
turned out to not be an issue after all.

Covered by existing tests, many of which are re-whitelisted with this patch.

Source/WebCore:

* loader/cache/CachedResourceLoader.cpp:
(WebCore::CachedResourceLoader::canRequest):

Source/WTF:

* wtf/Platform.h:

LayoutTests:

* platform/chromium/TestExpectations:

Modified Paths

• trunk/LayoutTests/ChangeLog
• trunk/LayoutTests/platform/chromium/TestExpectations
• trunk/Source/WTF/ChangeLog
• trunk/Source/WTF/wtf/Platform.h
• trunk/Source/WebCore/ChangeLog
• trunk/Source/WebCore/loader/cache/CachedResourceLoader.cpp

Diff

Modified: trunk/LayoutTests/ChangeLog (133537 => 133538)

--- trunk/LayoutTests/ChangeLog	2012-11-05 23:41:25 UTC (rev 133537)
+++ trunk/LayoutTests/ChangeLog	2012-11-06 00:13:50 UTC (rev 133538)
@@ -1,3 +1,17 @@
+2012-11-05  Philip Rogers  <p...@google.com>
+
+        Unblock SVG external references
+        https://bugs.webkit.org/show_bug.cgi?id=100635
+
+        Reviewed by Adam Barth.
+
+        This patch reverts r132849 and r132869 because the potential XSS issue
+        turned out to not be an issue after all.
+
+        Covered by existing tests, many of which are re-whitelisted with this patch.
+
+        * platform/chromium/TestExpectations:
+
 2012-11-05  Beth Dakin  <bda...@apple.com>
 
         https://bugs.webkit.org/show_bug.cgi?id=101001

Modified: trunk/LayoutTests/platform/chromium/TestExpectations (133537 => 133538)

--- trunk/LayoutTests/platform/chromium/TestExpectations	2012-11-05 23:41:25 UTC (rev 133537)
+++ trunk/LayoutTests/platform/chromium/TestExpectations	2012-11-06 00:13:50 UTC (rev 133538)
@@ -1360,6 +1360,13 @@
 
 webkit.org/b/84719 [ Win ] svg/text/select-text-svgfont.html [ Failure Pass ]
 
+webkit.org/b/84854 [ Android Linux ] svg/batik/text/textOnPath.svg [ ImageOnlyFailure Pass ]
+webkit.org/b/84854 [ Android Linux ] svg/batik/text/verticalTextOnPath.svg [ ImageOnlyFailure Pass ]
+
+# Just need a rebaseline.
+webkit.org/b/101248 svg/dynamic-updates/SVGUseElement-dom-href1-attr.html [ ImageOnlyFailure ]
+webkit.org/b/101248 svg/dynamic-updates/SVGUseElement-svgdom-href1-prop.html [ ImageOnlyFailure ]
+
 webkit.org/b/85107 svg/as-image/svg-as-relative-image-with-explicit-size.html [ ImageOnlyFailure Pass ]
 webkit.org/b/85107 svg/as-image/animated-svg-as-image.html [ ImageOnlyFailure Pass ]
 
@@ -2141,6 +2148,8 @@
 crbug.com/40680 fast/media/media-query-list-06.html
 crbug.com/40680 fast/media/media-query-list-07.html
 
+crbug.com/117597 svg/batik/filters/feTile.svg [ ImageOnlyFailure ] 
+
 # Caused by http://trac.webkit.org/changeset/56394.
 crbug.com/143475 [ Win ] http/tests/xmlhttprequest/xmlhttprequest-50ms-download-dispatch.html [ Failure Pass Timeout ]
 
@@ -3913,42 +3922,6 @@
 crbug.com/152953 [ Mac Win ] platform/chromium/virtual/softwarecompositing/absolute-position-changed-with-composited-parent-layer.html [ Skip ]
 crbug.com/152953 [ Win ] platform/chromium/virtual/softwarecompositing/iframes/composited-iframe-alignment.html [ ImageOnlyFailure ]
 
-# These tests disabled pending a security review of external SVG references.
-webkit.org/b/100635 css3/filters/effect-reference-external.html [ ImageOnlyFailure ]
-webkit.org/b/100635 svg/W3C-SVG-1.2-Tiny/struct-use-recursion-02-t.svg [ Failure ]
-webkit.org/b/100635 svg/W3C-SVG-1.2-Tiny/struct-use-recursion-03-t.svg [ Failure ]
-webkit.org/b/100635 svg/batik/filters/feTile.svg [ Failure ImageOnlyFailure ]
-webkit.org/b/100635 svg/batik/filters/filterRegions.svg [ Failure ]
-webkit.org/b/100635 svg/batik/masking/maskRegions.svg [ Failure ]
-webkit.org/b/100635 svg/batik/paints/patternPreserveAspectRatioA.svg [ Failure ]
-webkit.org/b/100635 svg/batik/paints/patternRegionA.svg [ Failure ]
-webkit.org/b/100635 svg/batik/text/longTextOnPath.svg [ Failure ]
-webkit.org/b/100635 svg/batik/text/smallFonts.svg [ Failure ]
-webkit.org/b/100635 svg/batik/text/textAnchor.svg [ Failure ]
-webkit.org/b/100635 svg/batik/text/textDecoration.svg [ Failure ]
-webkit.org/b/100635 svg/batik/text/textEffect2.svg [ Failure ]
-webkit.org/b/100635 svg/batik/text/textFeatures.svg [ Failure ]
-webkit.org/b/100635 svg/batik/text/textLayout.svg [ Failure ]
-webkit.org/b/100635 svg/batik/text/textLayout2.svg [ Failure ]
-webkit.org/b/100635 svg/batik/text/textLength.svg [ Failure ]
-webkit.org/b/100635 svg/batik/text/textOnPath.svg [ Failure ]
-webkit.org/b/100635 svg/batik/text/textOnPathSpaces.svg [ Failure ]
-webkit.org/b/100635 svg/batik/text/textPosition.svg [ Failure ]
-webkit.org/b/100635 svg/batik/text/textPosition2.svg [ Failure ]
-webkit.org/b/100635 svg/batik/text/textProperties.svg [ Failure ]
-webkit.org/b/100635 svg/batik/text/textProperties2.svg [ Failure ]
-webkit.org/b/100635 svg/batik/text/textStyles.svg [ Failure ]
-webkit.org/b/100635 svg/batik/text/verticalText.svg [ Failure ]
-webkit.org/b/100635 svg/batik/text/verticalTextOnPath.svg [ Failure ]
-webkit.org/b/100635 svg/custom/use-extern-href.svg [ Failure ]
-webkit.org/b/100635 svg/custom/use-referencing-indirectly-itself.svg [ ImageOnlyFailure ]
-webkit.org/b/100635 svg/dynamic-updates/SVGUseElement-dom-href1-attr.html [ Timeout ]
-webkit.org/b/100635 svg/dynamic-updates/SVGUseElement-dom-href2-attr.html [ Timeout ]
-webkit.org/b/100635 svg/dynamic-updates/SVGUseElement-svgdom-href1-prop.html [ Timeout ]
-webkit.org/b/100635 svg/dynamic-updates/SVGUseElement-svgdom-href2-prop.html [ Timeout ]
-webkit.org/b/100635 svg/hixie/error/014.xml [ Failure ]
-webkit.org/b/100635 svg/hixie/use/002.xml [ Failure ]
-
 # Render surfaces do not draw anything in the software compositor.
 crbug.com/150010 platform/chromium/virtual/softwarecompositing/culling/filter-occlusion-alpha-large.html [ ImageOnlyFailure ]
 crbug.com/150010 platform/chromium/virtual/softwarecompositing/culling/filter-occlusion-alpha.html [ ImageOnlyFailure ]

Modified: trunk/Source/WTF/ChangeLog (133537 => 133538)

--- trunk/Source/WTF/ChangeLog	2012-11-05 23:41:25 UTC (rev 133537)
+++ trunk/Source/WTF/ChangeLog	2012-11-06 00:13:50 UTC (rev 133538)
@@ -1,3 +1,17 @@
+2012-11-05  Philip Rogers  <p...@google.com>
+
+        Unblock SVG external references
+        https://bugs.webkit.org/show_bug.cgi?id=100635
+
+        Reviewed by Adam Barth.
+
+        This patch reverts r132849 and r132869 because the potential XSS issue
+        turned out to not be an issue after all.
+
+        Covered by existing tests, many of which are re-whitelisted with this patch.
+
+        * wtf/Platform.h:
+
 2012-11-05  Dima Gorbik  <dgor...@apple.com>
 
         Back out controversial changes from Bug 98665.

Modified: trunk/Source/WTF/wtf/Platform.h (133537 => 133538)

--- trunk/Source/WTF/wtf/Platform.h	2012-11-05 23:41:25 UTC (rev 133537)
+++ trunk/Source/WTF/wtf/Platform.h	2012-11-06 00:13:50 UTC (rev 133538)
@@ -1184,14 +1184,6 @@
 #define ENABLE_TEXT_NOTIFICATIONS_ONLY 1
 #endif
 
-#if !defined(ENABLE_EXTERNAL_SVG_REFERENCES)
-#if PLATFORM(CHROMIUM)
-#define ENABLE_EXTERNAL_SVG_REFERENCES 0
-#else
-#define ENABLE_EXTERNAL_SVG_REFERENCES 1
-#endif // PLATFORM(CHROMIUM)
-#endif // !defined(ENABLE_EXTERNAL_SVG_REFERENCES)
-
 #if !defined(WTF_USE_ZLIB) && !PLATFORM(QT)
 #define WTF_USE_ZLIB 1
 #endif

Modified: trunk/Source/WebCore/ChangeLog (133537 => 133538)

--- trunk/Source/WebCore/ChangeLog	2012-11-05 23:41:25 UTC (rev 133537)
+++ trunk/Source/WebCore/ChangeLog	2012-11-06 00:13:50 UTC (rev 133538)
@@ -1,3 +1,18 @@
+2012-11-05  Philip Rogers  <p...@google.com>
+
+        Unblock SVG external references
+        https://bugs.webkit.org/show_bug.cgi?id=100635
+
+        Reviewed by Adam Barth.
+
+        This patch reverts r132849 and r132869 because the potential XSS issue
+        turned out to not be an issue after all.
+
+        Covered by existing tests, many of which are re-whitelisted with this patch.
+
+        * loader/cache/CachedResourceLoader.cpp:
+        (WebCore::CachedResourceLoader::canRequest):
+
 2012-11-05  Beth Dakin  <bda...@apple.com>
 
         https://bugs.webkit.org/show_bug.cgi?id=101001

Modified: trunk/Source/WebCore/loader/cache/CachedResourceLoader.cpp (133537 => 133538)

--- trunk/Source/WebCore/loader/cache/CachedResourceLoader.cpp	2012-11-05 23:41:25 UTC (rev 133537)
+++ trunk/Source/WebCore/loader/cache/CachedResourceLoader.cpp	2012-11-06 00:13:50 UTC (rev 133538)
@@ -306,11 +306,6 @@
         return 0;
     }
 
-#if ENABLE(SVG) && !ENABLE(EXTERNAL_SVG_REFERENCES)
-    if (type == CachedResource::SVGDocumentResource)
-        return false;
-#endif
-
     bool shouldBypassMainWorldContentSecurityPolicy = (frame() && frame()->script()->shouldBypassMainWorldContentSecurityPolicy());
 
     // Some types of resources can be loaded only from the same origin.  Other

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo/webkit-changes