LayoutTests:
authormjs <mjs@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 13 Aug 2007 03:25:11 +0000 (03:25 +0000)
committermjs <mjs@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 13 Aug 2007 03:25:11 +0000 (03:25 +0000)
commitc9b25236a45641a67e534ebf74472d829d2f7cdc
tree5a4db33b748ccbc16a0e35bb62cef8eea62eaa75
parent9566ec515e3f27490affdf092a32e8cd9e8c533d
LayoutTests:

        Reviewed by Darin and Sam.

        - test cases for <rdar://problem/5395213> cross-domain access to individual components of location object should be denied.

        * http/tests/security/cross-frame-access-location-expected.txt: This test's results changed, there are more debug messages due to access being legitimately denied.

        The remainder are new tests and support:

        * http/tests/security/resources/xss-DENIED-assign-location-hash-attacker.html: Added.
        * http/tests/security/resources/xss-DENIED-assign-location-host-attacker.html: Added.
        * http/tests/security/resources/xss-DENIED-assign-location-host-failure.html: Added.
        * http/tests/security/resources/xss-DENIED-assign-location-hostname-attacker.html: Added.
        * http/tests/security/resources/xss-DENIED-assign-location-hostname-failure.html: Added.
        * http/tests/security/resources/xss-DENIED-assign-location-nonstandardProperty-attacker.html: Added.
        * http/tests/security/resources/xss-DENIED-assign-location-pathname-attacker.html: Added.
        * http/tests/security/resources/xss-DENIED-assign-location-pathname-failure.html: Added.
        * http/tests/security/resources/xss-DENIED-assign-location-protocol-attacker.html: Added.
        * http/tests/security/resources/xss-DENIED-assign-location-protocol-failure.html: Added.
        * http/tests/security/resources/xss-DENIED-assign-location-reload-attacker.html: Added.
        * http/tests/security/resources/xss-DENIED-assign-location-search-attacker.html: Added.
        * http/tests/security/xss-DENIED-assign-location-hash-expected.txt: Added.
        * http/tests/security/xss-DENIED-assign-location-hash.html: Added.
        * http/tests/security/xss-DENIED-assign-location-host-expected.txt: Added.
        * http/tests/security/xss-DENIED-assign-location-host.html: Added.
        * http/tests/security/xss-DENIED-assign-location-hostname-expected.txt: Added.
        * http/tests/security/xss-DENIED-assign-location-hostname.html: Added.
        * http/tests/security/xss-DENIED-assign-location-nonstandardProperty-expected.txt: Added.
        * http/tests/security/xss-DENIED-assign-location-nonstandardProperty.html: Added.
        * http/tests/security/xss-DENIED-assign-location-pathname-expected.txt: Added.
        * http/tests/security/xss-DENIED-assign-location-pathname.html: Added.
        * http/tests/security/xss-DENIED-assign-location-protocol-expected.txt: Added.
        * http/tests/security/xss-DENIED-assign-location-protocol.html: Added.
        * http/tests/security/xss-DENIED-assign-location-reload-expected.txt: Added.
        * http/tests/security/xss-DENIED-assign-location-reload.html: Added.
        * http/tests/security/xss-DENIED-assign-location-search-expected.txt: Added.
        * http/tests/security/xss-DENIED-assign-location-search.html: Added.

WebCore:

        Reviewed by Darin and Sam.

        <rdar://problem/5395213> cross-domain access to individual components of location object should be denied.

        * bindings/js/kjs_window.cpp:
        (KJS::Location::put): Add the appropriate cross-domain access checks.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@25028 268f45cc-cd09-0410-ab3c-d52691b4dbfc
32 files changed:
LayoutTests/ChangeLog
LayoutTests/http/tests/security/cross-frame-access-location-expected.txt
LayoutTests/http/tests/security/resources/xss-DENIED-assign-location-hash-attacker.html [new file with mode: 0644]
LayoutTests/http/tests/security/resources/xss-DENIED-assign-location-host-attacker.html [new file with mode: 0644]
LayoutTests/http/tests/security/resources/xss-DENIED-assign-location-host-failure.html [new file with mode: 0644]
LayoutTests/http/tests/security/resources/xss-DENIED-assign-location-hostname-attacker.html [new file with mode: 0644]
LayoutTests/http/tests/security/resources/xss-DENIED-assign-location-hostname-failure.html [new file with mode: 0644]
LayoutTests/http/tests/security/resources/xss-DENIED-assign-location-nonstandardProperty-attacker.html [new file with mode: 0644]
LayoutTests/http/tests/security/resources/xss-DENIED-assign-location-pathname-attacker.html [new file with mode: 0644]
LayoutTests/http/tests/security/resources/xss-DENIED-assign-location-pathname-failure.html [new file with mode: 0644]
LayoutTests/http/tests/security/resources/xss-DENIED-assign-location-protocol-attacker.html [new file with mode: 0644]
LayoutTests/http/tests/security/resources/xss-DENIED-assign-location-protocol-failure.html [new file with mode: 0644]
LayoutTests/http/tests/security/resources/xss-DENIED-assign-location-reload-attacker.html [new file with mode: 0644]
LayoutTests/http/tests/security/resources/xss-DENIED-assign-location-search-attacker.html [new file with mode: 0644]
LayoutTests/http/tests/security/xss-DENIED-assign-location-hash-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/xss-DENIED-assign-location-hash.html [new file with mode: 0644]
LayoutTests/http/tests/security/xss-DENIED-assign-location-host-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/xss-DENIED-assign-location-host.html [new file with mode: 0644]
LayoutTests/http/tests/security/xss-DENIED-assign-location-hostname-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/xss-DENIED-assign-location-hostname.html [new file with mode: 0644]
LayoutTests/http/tests/security/xss-DENIED-assign-location-nonstandardProperty-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/xss-DENIED-assign-location-nonstandardProperty.html [new file with mode: 0644]
LayoutTests/http/tests/security/xss-DENIED-assign-location-pathname-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/xss-DENIED-assign-location-pathname.html [new file with mode: 0644]
LayoutTests/http/tests/security/xss-DENIED-assign-location-protocol-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/xss-DENIED-assign-location-protocol.html [new file with mode: 0644]
LayoutTests/http/tests/security/xss-DENIED-assign-location-reload-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/xss-DENIED-assign-location-reload.html [new file with mode: 0644]
LayoutTests/http/tests/security/xss-DENIED-assign-location-search-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/xss-DENIED-assign-location-search.html [new file with mode: 0644]
WebCore/ChangeLog
WebCore/bindings/js/kjs_window.cpp