LayoutTests:
authorkmccullo <kmccullo@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 6 Mar 2007 07:04:16 +0000 (07:04 +0000)
committerkmccullo <kmccullo@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 6 Mar 2007 07:04:16 +0000 (07:04 +0000)
commitbac0e68c92a14dc18fa874a0e8b26ab6be4dcbfe
treea6f87b1a12c7a448cc5985310582059e08d2157f
parentcaa31a5465ccb73c7438d126e4fc34751a6ffdf1
LayoutTests:

        Reviewed by Mark and Dave H.

- rdar://problem/5038491
        An oversite of the security fix that prevented remote from loading local is that it
        prevents user style sheets when the site is remote.  This fixes that.

        * http/tests/security/local-user-CSS-from-remote-expected.txt: Added.
        * http/tests/security/local-user-CSS-from-remote.html: Added.

WebCore:

        Reviewed by Mark and Dave H.

        - rdar://problem/5038491
        An oversite of the security fix that prevented remote from loading local is that it
        prevents user style sheets when the site is remote.  This fixes that.

        * loader/Cache.cpp: Propogate and check user style sheet flag.
        (WebCore::createResource):
        (WebCore::Cache::requestResource):
        * loader/Cache.h: Propogate user style sheet flag.
        * loader/CachedCSSStyleSheet.cpp: Propogate user style sheet flag.
        (WebCore::CachedCSSStyleSheet::CachedCSSStyleSheet):
        * loader/CachedCSSStyleSheet.h: Propogate user style sheet flag.
        * loader/DocLoader.cpp: Propogate user style sheet flag.
        (WebCore::DocLoader::requestResource):
        * loader/SubresourceLoader.cpp: Propogate and check user style sheet flag.
        (WebCore::SubresourceLoader::create):
        * loader/SubresourceLoader.h: Add check for user style sheet flag.
        * loader/loader.cpp: Propogate user style sheet flag.
        (WebCore::Loader::load):
        (WebCore::Loader::servePendingRequests):
        * loader/loader.h: Propogate user style sheet flag.

WebKitTools:

        Reviewed by Mark and Dave H.

        - rdar://problem/4922454
        - This fixes a security issue by making remote referrers not able to access local
        resources, unless they register their schemes to be treated as local. The result is
        that those schemes can access local resources and cannot be accessed by remote
        referrers.
        Because this behavior is new a link-on-or-after check is made to determine if the
        app should use the older, less safe, behavior.

        * DumpRenderTree/DumpRenderTree.m: Add ability to set user style sheet to DRT.
        (+[LayoutTestController isSelectorExcludedFromWebScript:]):
        (+[LayoutTestController webScriptNameForSelector:]):
        (-[LayoutTestController setUserStyleSheetLocation:]):
        (-[LayoutTestController setUserStyleSheetEnabled:]):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@19977 268f45cc-cd09-0410-ab3c-d52691b4dbfc
15 files changed:
LayoutTests/ChangeLog
LayoutTests/http/tests/security/local-user-CSS-from-remote-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/local-user-CSS-from-remote.html [new file with mode: 0644]
WebCore/ChangeLog
WebCore/loader/Cache.cpp
WebCore/loader/Cache.h
WebCore/loader/CachedCSSStyleSheet.cpp
WebCore/loader/CachedCSSStyleSheet.h
WebCore/loader/DocLoader.cpp
WebCore/loader/SubresourceLoader.cpp
WebCore/loader/SubresourceLoader.h
WebCore/loader/loader.cpp
WebCore/loader/loader.h
WebKitTools/ChangeLog
WebKitTools/DumpRenderTree/DumpRenderTree.m