Reviewed by Dan Bernstein.
authorap@webkit.org <ap@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 15 May 2008 17:22:44 +0000 (17:22 +0000)
committerap@webkit.org <ap@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 15 May 2008 17:22:44 +0000 (17:22 +0000)
        https://bugs.webkit.org/show_bug.cgi?id=10707
        DumpRenderTree should not be able to access non-local resources

        * DumpRenderTree/mac/ResourceLoadDelegate.mm:
        (-[ResourceLoadDelegate webView:resource:willSendRequest:redirectResponse:fromDataSource:]):
        Block them, and complain.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@33491 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/ChangeLog
LayoutTests/fast/doctypes/resources/TestDoctype.js
LayoutTests/svg/custom/loadevents-capturing.svg
LayoutTests/svg/custom/loadevents-externalresourcesrequired-displaynone.svg
LayoutTests/svg/custom/loadevents-externalresourcesrequired.svg
LayoutTests/svg/custom/loadevents-normal-displaynone.svg
LayoutTests/svg/custom/loadevents-normal.svg
WebKitTools/ChangeLog
WebKitTools/DumpRenderTree/mac/ResourceLoadDelegate.mm

index 6887db7..d8a4fa3 100644 (file)
@@ -1,5 +1,19 @@
 2008-05-15  Alexey Proskuryakov  <ap@webkit.org>
 
+        Reviewed by Dan Bernstein.
+
+        https://bugs.webkit.org/show_bug.cgi?id=10707
+        DumpRenderTree should not be able to access non-local resources
+
+        * fast/doctypes/resources/TestDoctype.js:
+        * svg/custom/loadevents-capturing.svg:
+        * svg/custom/loadevents-externalresourcesrequired-displaynone.svg:
+        * svg/custom/loadevents-externalresourcesrequired.svg:
+        * svg/custom/loadevents-normal-displaynone.svg:
+        * svg/custom/loadevents-normal.svg:
+
+2008-05-15  Alexey Proskuryakov  <ap@webkit.org>
+
         Use TextIterator in +[NSAttributedString _web_attributedStringFromRange:].
 
         * platform/mac/fast/text/attributed-substring-from-range-001-expected.txt:
index 62c3318..3e09baa 100644 (file)
@@ -6,7 +6,7 @@ log = function(msg)
 hasAlmostStandardsModeQuirk = function(doc)
 {
     var div = doc.createElement('div');
-    div.innerHTML = "<img src='http://www.google.com/intl/en_ALL/images/logo.gif' style='background-color: green; width: 100px; height: 100px'><br><img src='http://www.google.com/intl/en_ALL/images/logo.gif' style='background-color: green; width: 100px; height: 100px'>";
+    div.innerHTML = "<img src='' style='background-color: green; width: 100px; height: 100px'><br><img src='' style='background-color: green; width: 100px; height: 100px'>";
     doc.body.appendChild(div);
     var hasQuirk = doc.defaultView.getComputedStyle(div, "").getPropertyValue("height") == "200px";
     doc.body.removeChild(div);
index c038bc9..faff677 100644 (file)
@@ -28,7 +28,7 @@
     ]]>
   </script>
   <g>
-    <image externalResourcesRequired="false" id="image" width="100" height="100" xlink:href="http://trac.webkit.org/projects/webkit/browser/trunk/LayoutTests/svg/custom/resources/green-checker.png?format=raw" />
+    <image externalResourcesRequired="false" id="image" width="100" height="100" xlink:href="resources/green-checker.png" />
     <text y="130" x="20">This tests that load dispatching works when there are no</text>
     <text y="150" x="20">direct listeners, but there are capturing event listeners on an ancestor. Bug 16447</text>
     <text y="170" x="20" id="console" />
index e330fff..bbca197 100644 (file)
@@ -23,7 +23,7 @@
     ]]>
   </script>
   <g onload="reportLoadEvent(this)">
-    <image display="none" externalResourcesRequired="true" id="image" onload="reportLoadEvent(this)" width="100" height="100" xlink:href="http://trac.webkit.org/projects/webkit/browser/trunk/LayoutTests/svg/custom/resources/green-checker.png?format=raw" />
+    <image display="none" externalResourcesRequired="true" id="image" onload="reportLoadEvent(this)" width="100" height="100" xlink:href="resources/green-checker.png" />
     <text y="130" x="20">This tests load dispatching order with externalResourcesRequired and an image that does not render(display=none). Bug 16447</text>
     <text y="150" x="20" id="console" onload="reportLoadEvent(this)"/>
   </g>
index 9920620..3656a3c 100644 (file)
@@ -23,7 +23,7 @@
     ]]>
   </script>
   <g onload="reportLoadEvent(this)">
-    <image externalResourcesRequired="true" id="image" onload="reportLoadEvent(this)" width="100" height="100" xlink:href="http://trac.webkit.org/projects/webkit/browser/trunk/LayoutTests/svg/custom/resources/green-checker.png?format=raw" />
+    <image externalResourcesRequired="true" id="image" onload="reportLoadEvent(this)" width="100" height="100" xlink:href="resources/green-checker.png" />
     <text y="130" x="20">This tests load dispatching order with externalResourcesRequired. Bug 16447</text>
     <text y="150" x="20" id="console" onload="reportLoadEvent(this)"/>
   </g>
index b27ee13..2b89336 100644 (file)
@@ -23,7 +23,7 @@
     ]]>
   </script>
   <g onload="reportLoadEvent(this)">
-    <image display="none" externalResourcesRequired="false" id="image" onload="reportLoadEvent(this)" width="100" height="100" xlink:href="http://trac.webkit.org/projects/webkit/browser/trunk/LayoutTests/svg/custom/resources/green-checker.png?format=raw" />
+    <image display="none" externalResourcesRequired="false" id="image" onload="reportLoadEvent(this)" width="100" height="100" xlink:href="resources/green-checker.png" />
     <text y="130" x="20">This tests normal load dispatching order and an image that does not render(display=none). Bug 16447</text>
     <text y="150" x="20" id="console" onload="reportLoadEvent(this)"/>
   </g>
index e9cd52f..8bdb31a 100644 (file)
@@ -23,7 +23,7 @@
     ]]>
   </script>
   <g onload="reportLoadEvent(this)">
-    <image externalResourcesRequired="false" id="image" onload="reportLoadEvent(this)" width="100" height="100" xlink:href="http://trac.webkit.org/projects/webkit/browser/trunk/LayoutTests/svg/custom/resources/green-checker.png?format=raw" />
+    <image externalResourcesRequired="false" id="image" onload="reportLoadEvent(this)" width="100" height="100" xlink:href="resources/green-checker.png" />
     <text y="130" x="20">This tests normal load dispatching order. Bug 16447</text>
     <text y="150" x="20" id="console" onload="reportLoadEvent(this)"/>
   </g>
index c7c1c1a..69c5979 100644 (file)
@@ -1,3 +1,14 @@
+2008-05-15  Alexey Proskuryakov  <ap@webkit.org>
+
+        Reviewed by Dan Bernstein.
+
+        https://bugs.webkit.org/show_bug.cgi?id=10707
+        DumpRenderTree should not be able to access non-local resources
+
+        * DumpRenderTree/mac/ResourceLoadDelegate.mm:
+        (-[ResourceLoadDelegate webView:resource:willSendRequest:redirectResponse:fromDataSource:]):
+        Block them, and complain.
+
 2008-05-15  Kevin Ollivier  <kevino@theolliviers.com>
 
         wx build fix. Update the version of libpng to download and instsall.
index ed39d1b..d15a9bd 100644 (file)
     if (!done && layoutTestController->dumpResourceLoadCallbacks()) {
         NSString *string = [NSString stringWithFormat:@"%@ - willSendRequest %@ redirectResponse %@", identifier, [newRequest _drt_descriptionSuitableForTestResult],
             [redirectResponse _drt_descriptionSuitableForTestResult]];
-        printf ("%s\n", [string UTF8String]);
+        printf("%s\n", [string UTF8String]);
     }    
-    
-    if (disallowedURLs && CFSetContainsValue(disallowedURLs, [newRequest URL]))
+
+    NSURL *url = [newRequest URL];
+    NSString *host = [url host];
+    if (host
+        && (NSOrderedSame == [[url scheme] caseInsensitiveCompare:@"http"] || NSOrderedSame == [[url scheme] caseInsensitiveCompare:@"https"])
+        && NSOrderedSame != [host compare:@"127.0.0.1"]
+        && NSOrderedSame != [host compare:@"255.255.255.255"] // used in some tests that expect to get back an error
+        && NSOrderedSame != [host caseInsensitiveCompare:@"localhost"]) {
+        fprintf(stderr, "Blocked access to external URL %s\n", [[url absoluteString] cStringUsingEncoding:NSUTF8StringEncoding]);
+        return nil;
+    }
+
+    if (disallowedURLs && CFSetContainsValue(disallowedURLs, url))
         return nil;
     
     return newRequest;