Skip to site navigation (Press enter)

[webkit-changes] [143508] branches/chromium/1364

cevans Wed, 20 Feb 2013 14:37:25 -0800

Title: [143508] branches/chromium/1364

Revision: 143508
Author: cev...@google.com
Date: 2013-02-20 14:39:26 -0800 (Wed, 20 Feb 2013)

Log Message

Merge 142063
BUG=173906
Review URL: https://codereview.chromium.org/12324023


Modified Paths

branches/chromium/1364/LayoutTests/http/tests/security/xssAuditor/full-block-script-tag-expected.txt
branches/chromium/1364/LayoutTests/http/tests/security/xssAuditor/full-block-script-tag.html
branches/chromium/1364/Source/WebCore/html/parser/XSSAuditor.cpp

Diff

Modified: branches/chromium/1364/LayoutTests/http/tests/security/xssAuditor/full-block-script-tag-expected.txt (143507 => 143508)


--- branches/chromium/1364/LayoutTests/http/tests/security/xssAuditor/full-block-script-tag-expected.txt	2013-02-20 22:24:20 UTC (rev 143507)
+++ branches/chromium/1364/LayoutTests/http/tests/security/xssAuditor/full-block-script-tag-expected.txt	2013-02-20 22:39:26 UTC (rev 143508)
@@ -1,5 +1,6 @@
 CONSOLE MESSAGE: line 4: Refused to execute a _javascript_ script. Source code of script found within request.
 
+ALERT: Referrer is ""
 There should be no content in the iframe below:

Modified: branches/chromium/1364/LayoutTests/http/tests/security/xssAuditor/full-block-script-tag.html (143507 => 143508)


--- branches/chromium/1364/LayoutTests/http/tests/security/xssAuditor/full-block-script-tag.html	2013-02-20 22:24:20 UTC (rev 143507)
+++ branches/chromium/1364/LayoutTests/http/tests/security/xssAuditor/full-block-script-tag.html	2013-02-20 22:39:26 UTC (rev 143508)
@@ -9,11 +9,20 @@
     testRunner.waitUntilDone();
     testRunner.setXSSAuditorEnabled(true);
 }
+
+function checkframe()
+{
+    try {
+      var ref = document.getElementById("frame").contentDocument.referrer;
+      alert('Referrer is "' + ref + '"'); 
+    } catch (e) {}
+    checkIfFrameLocationMatchesURLAndCallDone('frame', 'about:blank');
+}
 </script>
 </head>
 <body>
 <p>There should be no content in the iframe below:</p>
-<iframe id="frame" _onload_="checkIfFrameLocationMatchesURLAndCallDone('frame', 'about:blank')" src=""
+<iframe id="frame" _onload_="checkframe()" src=""
 </iframe>
 </body>
 </html>

Modified: branches/chromium/1364/Source/WebCore/html/parser/XSSAuditor.cpp (143507 => 143508)


--- branches/chromium/1364/Source/WebCore/html/parser/XSSAuditor.cpp	2013-02-20 22:24:20 UTC (rev 143507)
+++ branches/chromium/1364/Source/WebCore/html/parser/XSSAuditor.cpp	2013-02-20 22:39:26 UTC (rev 143508)
@@ -318,7 +318,7 @@
         }
 
         if (didBlockEntirePage)
-            m_parser->document()->frame()->navigationScheduler()->scheduleLocationChange(m_parser->document()->securityOrigin(), blankURL(), String());
+            m_parser->document()->frame()->navigationScheduler()->scheduleLocationChange(m_parser->document()->securityOrigin(), blankURL(), blankURL());
     }
 }

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes