Disallow drag and drop of non-displayable resources.
authormhock@apple.com <mhock@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 12 May 2014 19:47:12 +0000 (19:47 +0000)
committermhock@apple.com <mhock@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 12 May 2014 19:47:12 +0000 (19:47 +0000)
https://bugs.webkit.org/show_bug.cgi?id=132745
<rdar://problem/10562662>

Reviewed by Alexey Proskuryakov.

Source/WebCore:
Test: http/tests/security/drag-drop-local-file.html

* page/DragController.cpp:
(WebCore::DragController::startDrag):

LayoutTests:
* http/tests/security/drag-drop-local-file-expected.txt: Added.
* http/tests/security/drag-drop-local-file.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@168636 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/ChangeLog
LayoutTests/http/tests/security/drag-drop-local-file-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/drag-drop-local-file.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/page/DragController.cpp

index f4e8f40..1846d5b 100644 (file)
@@ -1,3 +1,14 @@
+2014-05-12  Martin Hock  <mhock@apple.com>
+
+        Disallow drag and drop of non-displayable resources.
+        https://bugs.webkit.org/show_bug.cgi?id=132745
+        <rdar://problem/10562662>
+
+        Reviewed by Alexey Proskuryakov.
+
+        * http/tests/security/drag-drop-local-file-expected.txt: Added.
+        * http/tests/security/drag-drop-local-file.html: Added.
+
 2014-05-12  Radu Stavila  <stavila@adobe.com>
 
         fast/multicol/newmulticol/first-letter-create.html is very flaky
diff --git a/LayoutTests/http/tests/security/drag-drop-local-file-expected.txt b/LayoutTests/http/tests/security/drag-drop-local-file-expected.txt
new file mode 100644 (file)
index 0000000..750a16c
--- /dev/null
@@ -0,0 +1,3 @@
+CONSOLE MESSAGE: Not allowed to drag local resource: foobar
+ALERT: PASS
+Dragme 
diff --git a/LayoutTests/http/tests/security/drag-drop-local-file.html b/LayoutTests/http/tests/security/drag-drop-local-file.html
new file mode 100644 (file)
index 0000000..0b2833f
--- /dev/null
@@ -0,0 +1,36 @@
+<html>
+<head>
+<script>
+if (window.testRunner) {
+    testRunner.dumpAsText();
+    testRunner.waitUntilDone();
+}
+
+function moveToCenter(element)
+{
+    x = element.offsetParent.offsetLeft + element.offsetLeft + element.offsetWidth / 2;
+    y = element.offsetParent.offsetTop + element.offsetTop + element.offsetHeight / 2;
+    eventSender.mouseMoveTo(x, y);
+}
+
+function runTest() {
+
+    var x, y;
+    var span = document.getElementById("span");
+    moveToCenter(span);
+    eventSender.mouseDown();
+    eventSender.leapForward(500);
+    var input = document.getElementById("target");
+    moveToCenter(input);
+    eventSender.leapForward(500);
+    eventSender.mouseUp();
+
+    input.contentWindow.postMessage("go", "*");
+}
+</script>
+</head>
+<body onload="runTest()">
+<span id="span"><a href="file:///foobar">Dragme</a></span>
+<iframe id="target" src="http://127.0.0.1:8000/security/resources/drag-drop.html"></iframe>
+</body>
+</html>
index 4433c56..15752f9 100644 (file)
@@ -1,3 +1,16 @@
+2014-05-12  Martin Hock  <mhock@apple.com>
+
+        Disallow drag and drop of non-displayable resources.
+        https://bugs.webkit.org/show_bug.cgi?id=132745
+        <rdar://problem/10562662>
+
+        Reviewed by Alexey Proskuryakov.
+
+        Test: http/tests/security/drag-drop-local-file.html
+
+        * page/DragController.cpp:
+        (WebCore::DragController::startDrag):
+
 2014-05-12  Jozsef Berta  <jberta.u-szeged@partner.samsung.com>
 
         WinCairo buildfix after r168611
index ebefd1d..1b19fe9 100644 (file)
@@ -791,6 +791,9 @@ bool DragController::startDrag(Frame& src, const DragState& state, DragOperation
             m_dragOffset = IntPoint(dragOrigin.x() - dragLoc.x(), dragOrigin.y() - dragLoc.y());
         }
         doSystemDrag(dragImage, dragLoc, dragOrigin, dataTransfer, src, false);
+    } else if (!src.document()->securityOrigin()->canDisplay(linkURL)) {
+        src.document()->addConsoleMessage(MessageSource::Security, MessageLevel::Error, "Not allowed to drag local resource: " + linkURL.stringCenterEllipsizedToLength());
+        startedDrag = false;
     } else if (!imageURL.isEmpty() && image && !image->isNull() && (m_dragSourceAction & DragSourceActionImage)) {
         // We shouldn't be starting a drag for an image that can't provide an extension.
         // This is an early detection for problems encountered later upon drop.