WebKit should prevent push/replace state with username in URL.
authorbeidson@apple.com <beidson@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 15 Jul 2016 18:39:27 +0000 (18:39 +0000)
committerbeidson@apple.com <beidson@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 15 Jul 2016 18:39:27 +0000 (18:39 +0000)
commit240bf547605ef7a772397cfa00a87ded4d827c99
treee135e4520705fcd2d75123767634f0f5666f9230
parent0599c12d9213f9c908f1a7658f44134dd1435701
WebKit should prevent push/replace state with username in URL.
<rdar://problem/27361737> and https://bugs.webkit.org/show_bug.cgi?id=159818

Reviewed by Brent Fulgham.

Source/WebCore:

Test: http/tests/security/history-username-password.html

* page/History.cpp:
(WebCore::History::stateObjectAdded): Don't allow URLs with usernames/passwords.

LayoutTests:

* http/tests/security/history-username-password-expected.txt: Added.
* http/tests/security/history-username-password.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@203288 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog
LayoutTests/http/tests/security/history-username-password-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/history-username-password.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/page/History.cpp