WebCore:
authordarin@apple.com <darin@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 14 Jan 2009 18:23:37 +0000 (18:23 +0000)
committerdarin@apple.com <darin@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 14 Jan 2009 18:23:37 +0000 (18:23 +0000)
2009-01-14  Nigel Tao  <nigel.tao.gnome@gmail.com>

        Reviewed by Darin Adler.

        - fix https://bugs.webkit.org/show_bug.cgi?id=22476
        Check that the document's SecurityOrigin canLoadLocalResources,
        when pages try to put NSFilenamesPboardtype data on the clipboard,
        by calling event.dataTransfer.setData('URL', 'file:///foo/bar');

        Tests: http/tests/security/dataTransfer-set-data-file-url.html
               platform/mac/editing/pasteboard/dataTransfer-set-data-file-url.html

        * platform/mac/ClipboardMac.mm:
        (WebCore::ClipboardMac::setData):

LayoutTests:

2009-01-14  Nigel Tao  <nigel.tao.gnome@gmail.com>

        Reviewed by Darin Adler.

        - tests for https://bugs.webkit.org/show_bug.cgi?id=22476
        Added tests that calling dataTransfer.setData('URL', aFileUrl)
        only puts NSFilenamesPboardtype data on the clipboard if called
        from a locally served page.

        * http/tests/security/dataTransfer-set-data-file-url-expected.txt: Added.
        * http/tests/security/dataTransfer-set-data-file-url.html: Added.
        * platform/mac/editing/pasteboard/dataTransfer-set-data-file-url-expected.txt: Added.
        * platform/mac/editing/pasteboard/dataTransfer-set-data-file-url.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@39893 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/ChangeLog
LayoutTests/http/tests/security/dataTransfer-set-data-file-url-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/dataTransfer-set-data-file-url.html [new file with mode: 0644]
LayoutTests/platform/mac/editing/pasteboard/dataTransfer-set-data-file-url-expected.txt [new file with mode: 0644]
LayoutTests/platform/mac/editing/pasteboard/dataTransfer-set-data-file-url.html [new file with mode: 0644]
WebCore/ChangeLog
WebCore/platform/mac/ClipboardMac.mm

index e048577..aa0315c 100644 (file)
@@ -1,3 +1,17 @@
+2009-01-14  Nigel Tao  <nigel.tao.gnome@gmail.com>
+
+        Reviewed by Darin Adler.
+
+        - tests for https://bugs.webkit.org/show_bug.cgi?id=22476
+        Added tests that calling dataTransfer.setData('URL', aFileUrl)
+        only puts NSFilenamesPboardtype data on the clipboard if called
+        from a locally served page.
+
+        * http/tests/security/dataTransfer-set-data-file-url-expected.txt: Added.
+        * http/tests/security/dataTransfer-set-data-file-url.html: Added.
+        * platform/mac/editing/pasteboard/dataTransfer-set-data-file-url-expected.txt: Added.
+        * platform/mac/editing/pasteboard/dataTransfer-set-data-file-url.html: Added.
+
 2009-01-14  Alexey Proskuryakov  <ap@webkit.org>
 
         Reviewed by Darin Adler.
diff --git a/LayoutTests/http/tests/security/dataTransfer-set-data-file-url-expected.txt b/LayoutTests/http/tests/security/dataTransfer-set-data-file-url-expected.txt
new file mode 100644 (file)
index 0000000..33f0e4e
--- /dev/null
@@ -0,0 +1,18 @@
+layer at (0,0) size 800x600
+  RenderView at (0,0) size 800x600
+layer at (0,0) size 800x600
+  RenderBlock {HTML} at (0,0) size 800x600
+    RenderBody {BODY} at (8,8) size 784x584
+      RenderBlock {P} at (0,0) size 784x36
+        RenderText {#text} at (0,0) size 770x36
+          text run at (0,0) width 770: "This tests that calling dataTransfer.setData('URL', aFileURL) sets NSFilenamesPboardType type data on the pasteboard if"
+          text run at (0,18) width 225: "and only if this page is a local page."
+      RenderBlock {P} at (0,52) size 784x36
+        RenderText {#text} at (0,0) size 751x36
+          text run at (0,0) width 751: "This test cannot be run manually, as it is not possible to tell whether or not NSFilenamesPboardType type data is on the"
+          text run at (0,18) width 267: "pasteboard, without Objective-C bindings."
+      RenderBlock (anonymous) at (0,104) size 784x103
+        RenderImage {IMG} at (0,0) size 76x103
+        RenderText {#text} at (0,0) size 0x0
+        RenderText {#text} at (0,0) size 0x0
+        RenderText {#text} at (0,0) size 0x0
diff --git a/LayoutTests/http/tests/security/dataTransfer-set-data-file-url.html b/LayoutTests/http/tests/security/dataTransfer-set-data-file-url.html
new file mode 100644 (file)
index 0000000..8ee235e
--- /dev/null
@@ -0,0 +1,55 @@
+<html> 
+<head>
+<script>
+function onImgDragStart() {
+    if (window.objCPlugin) {
+        try {
+            window.event.dataTransfer.setData('URL', 'file:///etc/passwd');
+            objCPlugin.removeBridgeRestrictions_(window);
+            var pasteboard = objc('NSPasteboard').pasteboardWithName_('Apple CFPasteboard drag');
+            var data = pasteboard.dataForType_('NSFilenamesPboardType');
+            var isPageLocal = (window.location.protocol == 'file:');
+            if (isPageLocal && !data) {
+                alert('NSFilenamesPboardType was incorrectly missing.');
+            } else if (!isPageLocal && data) {
+                alert('NSFilenamesPboardType was incorrectly present.');
+            }
+        } catch (ex) {
+            alert(ex.message);
+        }
+    } else {
+        // If there is no objCPlugin, then we are not on OS-X WebKit, and hence
+        // we don't worry about checking for NSFilenamesPboardType type data.
+    }
+    layoutTestController.notifyDone();
+}
+
+function runTest() {
+    if (!window.layoutTestController) {
+        return;
+    }
+
+    layoutTestController.waitUntilDone();
+
+    // Find abe
+    var dragme = document.getElementById("dragme");
+    x1 = dragme.offsetLeft + 20;
+    y1 = dragme.offsetTop + 20;
+    
+    // Drag abe
+    eventSender.mouseMoveTo(x1, y1);
+    eventSender.mouseDown();
+    eventSender.leapForward(500);
+    eventSender.mouseMoveTo(x1 + 20, y1);
+    eventSender.mouseUp();
+}
+
+</script>
+<title>Only let local pages add NSFilenamesPboardType data via dataTransfer.setData('URL', aFileUrl).</title> 
+</head>
+<body onload="runTest();">
+    <p>This tests that calling dataTransfer.setData('URL', aFileURL) sets NSFilenamesPboardType type data on the pasteboard if and only if this page is a local page.</p>
+    <p>This test cannot be run manually, as it is not possible to tell whether or not NSFilenamesPboardType type data is on the pasteboard, without Objective-C bindings.</p>
+    <img id="dragme" src="resources/abe.png"/ ondragstart="onImgDragStart()">
+</body>
+</html>
diff --git a/LayoutTests/platform/mac/editing/pasteboard/dataTransfer-set-data-file-url-expected.txt b/LayoutTests/platform/mac/editing/pasteboard/dataTransfer-set-data-file-url-expected.txt
new file mode 100644 (file)
index 0000000..33f0e4e
--- /dev/null
@@ -0,0 +1,18 @@
+layer at (0,0) size 800x600
+  RenderView at (0,0) size 800x600
+layer at (0,0) size 800x600
+  RenderBlock {HTML} at (0,0) size 800x600
+    RenderBody {BODY} at (8,8) size 784x584
+      RenderBlock {P} at (0,0) size 784x36
+        RenderText {#text} at (0,0) size 770x36
+          text run at (0,0) width 770: "This tests that calling dataTransfer.setData('URL', aFileURL) sets NSFilenamesPboardType type data on the pasteboard if"
+          text run at (0,18) width 225: "and only if this page is a local page."
+      RenderBlock {P} at (0,52) size 784x36
+        RenderText {#text} at (0,0) size 751x36
+          text run at (0,0) width 751: "This test cannot be run manually, as it is not possible to tell whether or not NSFilenamesPboardType type data is on the"
+          text run at (0,18) width 267: "pasteboard, without Objective-C bindings."
+      RenderBlock (anonymous) at (0,104) size 784x103
+        RenderImage {IMG} at (0,0) size 76x103
+        RenderText {#text} at (0,0) size 0x0
+        RenderText {#text} at (0,0) size 0x0
+        RenderText {#text} at (0,0) size 0x0
diff --git a/LayoutTests/platform/mac/editing/pasteboard/dataTransfer-set-data-file-url.html b/LayoutTests/platform/mac/editing/pasteboard/dataTransfer-set-data-file-url.html
new file mode 100644 (file)
index 0000000..e187155
--- /dev/null
@@ -0,0 +1,55 @@
+<html> 
+<head>
+<script>
+function onImgDragStart() {
+    if (window.objCPlugin) {
+        try {
+            window.event.dataTransfer.setData('URL', 'file:///etc/passwd');
+            objCPlugin.removeBridgeRestrictions_(window);
+            var pasteboard = objc('NSPasteboard').pasteboardWithName_('Apple CFPasteboard drag');
+            var data = pasteboard.dataForType_('NSFilenamesPboardType');
+            var isPageLocal = (window.location.protocol == 'file:');
+            if (isPageLocal && !data) {
+                alert('NSFilenamesPboardType was incorrectly missing.');
+            } else if (!isPageLocal && data) {
+                alert('NSFilenamesPboardType was incorrectly present.');
+            }
+        } catch (ex) {
+            alert(ex.message);
+        }
+    } else {
+        // If there is no objCPlugin, then we are not on OS-X WebKit, and hence
+        // we don't worry about checking for NSFilenamesPboardType type data.
+    }
+    layoutTestController.notifyDone();
+}
+
+function runTest() {
+    if (!window.layoutTestController) {
+        return;
+    }
+
+    layoutTestController.waitUntilDone();
+
+    // Find abe
+    var dragme = document.getElementById("dragme");
+    x1 = dragme.offsetLeft + 20;
+    y1 = dragme.offsetTop + 20;
+    
+    // Drag abe
+    eventSender.mouseMoveTo(x1, y1);
+    eventSender.mouseDown();
+    eventSender.leapForward(500);
+    eventSender.mouseMoveTo(x1 + 20, y1);
+    eventSender.mouseUp();
+}
+
+</script>
+<title>Only let local pages add NSFilenamesPboardType data via dataTransfer.setData('URL', aFileUrl).</title> 
+</head>
+<body onload="runTest();">
+    <p>This tests that calling dataTransfer.setData('URL', aFileURL) sets NSFilenamesPboardType type data on the pasteboard if and only if this page is a local page.</p>
+    <p>This test cannot be run manually, as it is not possible to tell whether or not NSFilenamesPboardType type data is on the pasteboard, without Objective-C bindings.</p>
+    <img id="dragme" src="../../../../editing/resources/abe.png"/ ondragstart="onImgDragStart()">
+</body>
+</html>
index f45213e..c4f03f8 100644 (file)
@@ -1,3 +1,18 @@
+2009-01-14  Nigel Tao  <nigel.tao.gnome@gmail.com>
+
+        Reviewed by Darin Adler.
+
+        - fix https://bugs.webkit.org/show_bug.cgi?id=22476
+        Check that the document's SecurityOrigin canLoadLocalResources,
+        when pages try to put NSFilenamesPboardtype data on the clipboard,
+        by calling event.dataTransfer.setData('URL', 'file:///foo/bar');
+
+        Tests: http/tests/security/dataTransfer-set-data-file-url.html
+               platform/mac/editing/pasteboard/dataTransfer-set-data-file-url.html
+
+        * platform/mac/ClipboardMac.mm:
+        (WebCore::ClipboardMac::setData):
+
 2009-01-14  Dan Bernstein  <mitz@apple.com>
 
         Reviewed by John Sullivan.
index 8117b2b..cfa334b 100644 (file)
@@ -36,6 +36,7 @@
 #import "Page.h"
 #import "Pasteboard.h"
 #import "RenderImage.h"
+#import "SecurityOrigin.h"
 #import "WebCoreSystemInterface.h"
 
 namespace WebCore {
@@ -211,7 +212,7 @@ bool ClipboardMac::setData(const String &type, const String &data)
         NSURL *url = [[NSURL alloc] initWithString:cocoaData];
         [url writeToPasteboard:m_pasteboard.get()];
 
-        if ([url isFileURL]) {
+        if ([url isFileURL] && m_frame->document()->securityOrigin()->canLoadLocalResources()) {
             [m_pasteboard.get() addTypes:[NSArray arrayWithObject:NSFilenamesPboardType] owner:nil];
             NSArray *fileList = [NSArray arrayWithObject:[url path]];
             [m_pasteboard.get() setPropertyList:fileList forType:NSFilenamesPboardType];