- Revision
- 195493
- Author
- [email protected]
- Date
- 2016-01-22 16:19:02 -0800 (Fri, 22 Jan 2016)
Log Message
LayoutTest http/tests/security/xssAuditor/embed-tag-in-path-unterminated.html crashing
https://bugs.webkit.org/show_bug.cgi?id=153250
<rdar://problem/12172843>
And
<rdar://problem/24248040>
Reviewed by Alexey Proskuryakov.
Source/WebCore:
Remove an incorrect assertion that the absolute URL associated with a protection space cannot
contain consecutive forward slash (/) characters. A URL can contain consecutive forward slashes.
This also makes the invariants for CredentialStorage::findDefaultProtectionSpaceForURL() symmetric
with the invariants for WebCore::protectionSpaceMapKeyFromURL().
Tests: http/tests/loading/basic-auth-load-URL-with-consecutive-slashes.html
http/tests/xmlhttprequest/basic-auth-load-URL-with-consecutive-slashes.html
* platform/network/CredentialStorage.cpp:
(WebCore::CredentialStorage::findDefaultProtectionSpaceForURL):
LayoutTests:
The test case http/tests/xmlhttprequest/basic-auth-load-URL-with-consecutive-slashes.html was derived
from a test case written by Yongjun Zhang in <https://bugs.webkit.org/attachment.cgi?id=65189> (bug #44461).
* http/tests/loading/basic-auth-load-URL-with-consecutive-slashes-expected.txt: Added.
* http/tests/loading/basic-auth-load-URL-with-consecutive-slashes.html: Added.
* http/tests/xmlhttprequest/basic-auth-load-URL-with-consecutive-slashes-expected.txt: Added.
* http/tests/xmlhttprequest/basic-auth-load-URL-with-consecutive-slashes.html: Added.
* platform/wk2/http/tests/loading/basic-auth-load-URL-with-consecutive-slashes-expected.txt: Added.
Modified Paths
Added Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (195492 => 195493)
--- trunk/LayoutTests/ChangeLog 2016-01-22 23:45:13 UTC (rev 195492)
+++ trunk/LayoutTests/ChangeLog 2016-01-23 00:19:02 UTC (rev 195493)
@@ -1,3 +1,22 @@
+2016-01-22 Daniel Bates <[email protected]>
+
+ LayoutTest http/tests/security/xssAuditor/embed-tag-in-path-unterminated.html crashing
+ https://bugs.webkit.org/show_bug.cgi?id=153250
+ <rdar://problem/12172843>
+ And
+ <rdar://problem/24248040>
+
+ Reviewed by Alexey Proskuryakov.
+
+ The test case http/tests/xmlhttprequest/basic-auth-load-URL-with-consecutive-slashes.html was derived
+ from a test case written by Yongjun Zhang in <https://bugs.webkit.org/attachment.cgi?id=65189> (bug #44461).
+
+ * http/tests/loading/basic-auth-load-URL-with-consecutive-slashes-expected.txt: Added.
+ * http/tests/loading/basic-auth-load-URL-with-consecutive-slashes.html: Added.
+ * http/tests/xmlhttprequest/basic-auth-load-URL-with-consecutive-slashes-expected.txt: Added.
+ * http/tests/xmlhttprequest/basic-auth-load-URL-with-consecutive-slashes.html: Added.
+ * platform/wk2/http/tests/loading/basic-auth-load-URL-with-consecutive-slashes-expected.txt: Added.
+
2016-01-22 Ryan Haddad <[email protected]>
Rebaselining http/tests/security/originHeader/origin-header-for-https.html after r195477
Added: trunk/LayoutTests/http/tests/loading/basic-auth-load-URL-with-consecutive-slashes-expected.txt (0 => 195493)
--- trunk/LayoutTests/http/tests/loading/basic-auth-load-URL-with-consecutive-slashes-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/loading/basic-auth-load-URL-with-consecutive-slashes-expected.txt 2016-01-23 00:19:02 UTC (rev 195493)
@@ -0,0 +1,19 @@
+main frame - didStartProvisionalLoadForFrame
+main frame - didCommitLoadForFrame
+frame "frame" - didStartProvisionalLoadForFrame
+main frame - didFinishDocumentLoadForFrame
+http://127.0.0.1:8000/loading/resources/basic-auth-testing.php?username=webkit&password=rocks - didReceiveAuthenticationChallenge - Responding with webkit:rocks
+frame "frame" - didCommitLoadForFrame
+frame "frame" - didFinishDocumentLoadForFrame
+frame "frame" - willPerformClientRedirectToURL: http://127.0.0.1:8000/a//b/non-existent-file.html
+frame "frame" - didHandleOnloadEventsForFrame
+main frame - didHandleOnloadEventsForFrame
+frame "frame" - didFinishLoadForFrame
+main frame - didFinishLoadForFrame
+frame "frame" - didStartProvisionalLoadForFrame
+frame "frame" - didCancelClientRedirectForFrame
+frame "frame" - didCommitLoadForFrame
+frame "frame" - didReceiveTitle: 404 Not Found
+frame "frame" - didFinishDocumentLoadForFrame
+frame "frame" - didFailLoadWithError
+PASS did not cause assertion failure.
Added: trunk/LayoutTests/http/tests/loading/basic-auth-load-URL-with-consecutive-slashes.html (0 => 195493)
--- trunk/LayoutTests/http/tests/loading/basic-auth-load-URL-with-consecutive-slashes.html (rev 0)
+++ trunk/LayoutTests/http/tests/loading/basic-auth-load-URL-with-consecutive-slashes.html 2016-01-23 00:19:02 UTC (rev 195493)
@@ -0,0 +1,31 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script>
+if (window.testRunner) {
+ testRunner.dumpAsText();
+ testRunner.setHandlesAuthenticationChallenges(true);
+ testRunner.setAuthenticationUsername("webkit");
+ testRunner.setAuthenticationPassword("rocks");
+ testRunner.waitUntilDone();
+}
+
+function done()
+{
+ document.body.removeChild(document.getElementById("frame"));
+ if (window.testRunner)
+ testRunner.notifyDone();
+}
+
+function notifyFrameDidLoad(frame)
+{
+ frame._onload_ = done;
+ frame.src = ""
+}
+</script>
+</head>
+<body>
+<iframe id="frame" src="" _onload_="notifyFrameDidLoad(this)"></iframe>
+<p>PASS did not cause assertion failure.</p>
+</body>
+</html>
Added: trunk/LayoutTests/http/tests/xmlhttprequest/basic-auth-load-URL-with-consecutive-slashes-expected.txt (0 => 195493)
--- trunk/LayoutTests/http/tests/xmlhttprequest/basic-auth-load-URL-with-consecutive-slashes-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/xmlhttprequest/basic-auth-load-URL-with-consecutive-slashes-expected.txt 2016-01-23 00:19:02 UTC (rev 195493)
@@ -0,0 +1 @@
+PASS did not cause assertion failure.
Added: trunk/LayoutTests/http/tests/xmlhttprequest/basic-auth-load-URL-with-consecutive-slashes.html (0 => 195493)
--- trunk/LayoutTests/http/tests/xmlhttprequest/basic-auth-load-URL-with-consecutive-slashes.html (rev 0)
+++ trunk/LayoutTests/http/tests/xmlhttprequest/basic-auth-load-URL-with-consecutive-slashes.html 2016-01-23 00:19:02 UTC (rev 195493)
@@ -0,0 +1,35 @@
+<!DOCTYPE html>
+<html>
+<body>
+<script>
+if (window.testRunner)
+ testRunner.dumpAsText()
+
+function sendWithCredentials()
+{
+ var xhr = new XMLHttpRequest;
+ xhr.open("GET", "resources/remember-bad-password/count-failures.php", false, "foo", "bar");
+ xhr.send("");
+}
+
+function sendWithoutCredentials()
+{
+ var xhr = new XMLHttpRequest;
+ xhr.open("GET", "resources/remember-bad-password//count-failures.php", false);
+ xhr.send("");
+}
+
+function reset()
+{
+ var xhr = new XMLHttpRequest;
+ xhr.open("GET", "resources/remember-bad-password/count-failures.php?command=reset", false);
+ xhr.send("");
+}
+
+sendWithCredentials();
+sendWithoutCredentials();
+reset();
+</script>
+<p>PASS did not cause assertion failure.</p>
+</body>
+</html>
Added: trunk/LayoutTests/platform/wk2/http/tests/loading/basic-auth-load-URL-with-consecutive-slashes-expected.txt (0 => 195493)
--- trunk/LayoutTests/platform/wk2/http/tests/loading/basic-auth-load-URL-with-consecutive-slashes-expected.txt (rev 0)
+++ trunk/LayoutTests/platform/wk2/http/tests/loading/basic-auth-load-URL-with-consecutive-slashes-expected.txt 2016-01-23 00:19:02 UTC (rev 195493)
@@ -0,0 +1,19 @@
+main frame - didStartProvisionalLoadForFrame
+main frame - didCommitLoadForFrame
+frame "frame" - didStartProvisionalLoadForFrame
+main frame - didFinishDocumentLoadForFrame
+127.0.0.1:8000 - didReceiveAuthenticationChallenge - Responding with webkit:rocks
+frame "frame" - didCommitLoadForFrame
+frame "frame" - didFinishDocumentLoadForFrame
+frame "frame" - willPerformClientRedirectToURL: http://127.0.0.1:8000/a//b/non-existent-file.html
+frame "frame" - didHandleOnloadEventsForFrame
+main frame - didHandleOnloadEventsForFrame
+frame "frame" - didFinishLoadForFrame
+main frame - didFinishLoadForFrame
+frame "frame" - didStartProvisionalLoadForFrame
+frame "frame" - didCancelClientRedirectForFrame
+frame "frame" - didCommitLoadForFrame
+frame "frame" - didReceiveTitle: 404 Not Found
+frame "frame" - didFinishDocumentLoadForFrame
+frame "frame" - didFailLoadWithError
+PASS did not cause assertion failure.
Modified: trunk/Source/WebCore/ChangeLog (195492 => 195493)
--- trunk/Source/WebCore/ChangeLog 2016-01-22 23:45:13 UTC (rev 195492)
+++ trunk/Source/WebCore/ChangeLog 2016-01-23 00:19:02 UTC (rev 195493)
@@ -1,3 +1,24 @@
+2016-01-22 Daniel Bates <[email protected]>
+
+ LayoutTest http/tests/security/xssAuditor/embed-tag-in-path-unterminated.html crashing
+ https://bugs.webkit.org/show_bug.cgi?id=153250
+ <rdar://problem/12172843>
+ And
+ <rdar://problem/24248040>
+
+ Reviewed by Alexey Proskuryakov.
+
+ Remove an incorrect assertion that the absolute URL associated with a protection space cannot
+ contain consecutive forward slash (/) characters. A URL can contain consecutive forward slashes.
+ This also makes the invariants for CredentialStorage::findDefaultProtectionSpaceForURL() symmetric
+ with the invariants for WebCore::protectionSpaceMapKeyFromURL().
+
+ Tests: http/tests/loading/basic-auth-load-URL-with-consecutive-slashes.html
+ http/tests/xmlhttprequest/basic-auth-load-URL-with-consecutive-slashes.html
+
+ * platform/network/CredentialStorage.cpp:
+ (WebCore::CredentialStorage::findDefaultProtectionSpaceForURL):
+
2016-01-22 Chris Dumez <[email protected]>
DOMImplementation.createHTMLDocument("") should append an empty Text Node to the title Element
Modified: trunk/Source/WebCore/platform/network/CredentialStorage.cpp (195492 => 195493)
--- trunk/Source/WebCore/platform/network/CredentialStorage.cpp 2016-01-22 23:45:13 UTC (rev 195492)
+++ trunk/Source/WebCore/platform/network/CredentialStorage.cpp 2016-01-23 00:19:02 UTC (rev 195493)
@@ -123,7 +123,6 @@
ASSERT(index != notFound);
directoryURL = directoryURL.substring(0, (index == directoryURLPathStart) ? index + 1 : index);
ASSERT(directoryURL.length() > directoryURLPathStart);
- ASSERT(directoryURL.length() == directoryURLPathStart + 1 || directoryURL[directoryURL.length() - 1] != '/');
}
}
