[webkit-changes] [105548] trunk

[ap]

Title: [105548] trunk

Revision

105548

Author

a...@apple.com

Date

2012-01-20 15:22:46 -0800 (Fri, 20 Jan 2012)

Log Message

        WebCore should not send invalid URLs to client createWindow methods.
        https://bugs.webkit.org/show_bug.cgi?id=39017

        Reviewed by Sam Weinig.

        Test: fast/dom/window/open-invalid-url.html

        * page/DOMWindow.cpp: (WebCore::DOMWindow::createWindow): Bail out early for invalid URLs.

Modified Paths

• trunk/LayoutTests/ChangeLog
• trunk/Source/WebCore/ChangeLog
• trunk/Source/WebCore/page/DOMWindow.cpp

Added Paths

• trunk/LayoutTests/fast/dom/Window/open-invalid-url-expected.txt
• trunk/LayoutTests/fast/dom/Window/open-invalid-url.html

Diff

Modified: trunk/LayoutTests/ChangeLog (105547 => 105548)

--- trunk/LayoutTests/ChangeLog	2012-01-20 23:21:08 UTC (rev 105547)
+++ trunk/LayoutTests/ChangeLog	2012-01-20 23:22:46 UTC (rev 105548)
@@ -1,3 +1,13 @@
+2012-01-20  Alexey Proskuryakov  <a...@apple.com>
+
+        WebCore should not send invalid URLs to client createWindow methods.
+        https://bugs.webkit.org/show_bug.cgi?id=39017
+
+        Reviewed by Sam Weinig.
+
+        * fast/dom/window/open-invalid-url-expected.txt: Added.
+        * fast/dom/window/open-invalid-url.html: Added.
+
 2012-01-20  Julien Chaffraix  <jchaffr...@webkit.org>
 
         Crash in RenderTable::borderBefore

Added: trunk/LayoutTests/fast/dom/Window/open-invalid-url-expected.txt (0 => 105548)

--- trunk/LayoutTests/fast/dom/Window/open-invalid-url-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/fast/dom/Window/open-invalid-url-expected.txt	2012-01-20 23:22:46 UTC (rev 105548)
@@ -0,0 +1,4 @@
+CONSOLE MESSAGE: Unable to open a window with invalid URL '/'.
+
+ALERT: PASS
+
Property changes on: trunk/LayoutTests/fast/dom/Window/open-invalid-url-expected.txt
___________________________________________________________________

Added: svn:mime-type

Added: svn:eol-style

Added: trunk/LayoutTests/fast/dom/Window/open-invalid-url.html (0 => 105548)

--- trunk/LayoutTests/fast/dom/Window/open-invalid-url.html	                        (rev 0)
+++ trunk/LayoutTests/fast/dom/Window/open-invalid-url.html	2012-01-20 23:22:46 UTC (rev 105548)
@@ -0,0 +1,19 @@
+<html>
+<head>
+</head>
+<body>
+<script>
+if (window.layoutTestController) {
+    layoutTestController.dumpAsText();
+    layoutTestController.waitUntilDone();
+    layoutTestController.setCanOpenWindows();
+}
+
+var a = window.open("about:blank","moonshine")
+function mountainGoat() {
+        a.window.eval('setTimeout("alert(window.open(\'/\') ? \'FAIL\' : \'PASS\'); if (window.layoutTestController) layoutTestController.notifyDone()", 0)')
+}
+setTimeout("mountainGoat()", 0)
+</script>
+</body>
+</html>
Property changes on: trunk/LayoutTests/fast/dom/Window/open-invalid-url.html
___________________________________________________________________

Added: svn:mime-type

Modified: trunk/Source/WebCore/ChangeLog (105547 => 105548)

--- trunk/Source/WebCore/ChangeLog	2012-01-20 23:21:08 UTC (rev 105547)
+++ trunk/Source/WebCore/ChangeLog	2012-01-20 23:22:46 UTC (rev 105548)
@@ -1,3 +1,14 @@
+2012-01-20  Alexey Proskuryakov  <a...@apple.com>
+
+        WebCore should not send invalid URLs to client createWindow methods.
+        https://bugs.webkit.org/show_bug.cgi?id=39017
+
+        Reviewed by Sam Weinig.
+
+        Test: fast/dom/window/open-invalid-url.html
+
+        * page/DOMWindow.cpp: (WebCore::DOMWindow::createWindow): Bail out early for invalid URLs.
+
 2012-01-20  Caio Marcelo de Oliveira Filho  <caio.olive...@openbossa.org>
 
         Remove unused variable in RenderReplaced after r105513

Modified: trunk/Source/WebCore/page/DOMWindow.cpp (105547 => 105548)

--- trunk/Source/WebCore/page/DOMWindow.cpp	2012-01-20 23:21:08 UTC (rev 105547)
+++ trunk/Source/WebCore/page/DOMWindow.cpp	2012-01-20 23:22:46 UTC (rev 105548)
@@ -1773,6 +1773,12 @@
     String referrer = firstFrame->loader()->outgoingReferrer();
 
     KURL completedURL = urlString.isEmpty() ? KURL(ParsedURLString, emptyString()) : firstFrame->document()->completeURL(urlString);
+    if (!completedURL.isValid()) {
+        // Don't expose client code to invalid URLs.
+        activeWindow->printErrorMessage("Unable to open a window with invalid URL '" + completedURL.string() + "'.\n");
+        return 0;
+    }
+
     ResourceRequest request(completedURL, referrer);
     FrameLoader::addHTTPOriginIfNeeded(request, firstFrame->loader()->outgoingOrigin());
     FrameLoadRequest frameRequest(activeWindow->securityOrigin(), request, frameName);

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes