Cross-protocol, cross-site scripting (XPSS) using HTML forms
https://bugs.webkit.org/show_bug.cgi?id=153017
<rdar://problem/5873254>
Reviewed by David Kilzer.
* loader/DocumentLoader.cpp:
(WebCore::DocumentLoader::responseReceived): If response HTTP version is 0.9,
sandbox against script execution and plugins.
* loader/ResourceLoader.cpp:
(WebCore::ResourceLoader::didReceiveResponse): Ditto.
* loader/SubresourceLoader.cpp:
(WebCore::SubresourceLoader::didReceiveResponse): Ditto.
* platform/network/ResourceResponseBase.cpp:
(WebCore::ResourceResponseBase::adopt): Update for HTTP version.
(WebCore::ResourceResponseBase::copyData): Ditto.
(WebCore::ResourceResponseBase::httpVersion): Added.
(WebCore::ResourceResponseBase::setHTTPVersion): Ditto.
* platform/network/ResourceResponseBase.h:
(WebCore::ResourceResponseBase::encode): Update for HTTP version.
(WebCore::ResourceResponseBase::decode): Ditto.
* platform/network/cf/ResourceResponseCFNet.cpp:
(WebCore::ResourceResponse::platformLazyInit): Capture HTTP version.
* platform/network/cocoa/ResourceResponseCocoa.mm:
(WebCore::ResourceResponse::platformLazyInit): Ditto.
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195004
268f45cc-cd09-0410-ab3c-
d52691b4dbfc
git://git.webkit.org / WebKit-https.git / commit