Reviewed by Adele.
authormjs <mjs@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sun, 13 Mar 2005 01:58:09 +0000 (01:58 +0000)
committermjs <mjs@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sun, 13 Mar 2005 01:58:09 +0000 (01:58 +0000)
<rdar://problem/4046144> RSS pages leave a hole in local file security policy (need to revert feed: exemption)

* kwq/WebCoreBridge.mm:
        (-[WebCoreBridge canLoadURL:fromReferrer:hideReferrer:]): Revert
emergency workaround for Safari RSS, now that a new Syndication
has been submitted.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@8869 268f45cc-cd09-0410-ab3c-d52691b4dbfc

WebCore/ChangeLog-2005-08-23
WebCore/kwq/WebCoreBridge.mm

index 7479a30c878e6c8bdd3e4cc2b2cef68680c320da..65c857e2c2c53c9d0f58a0aef81692446edb2b6e 100644 (file)
@@ -1,3 +1,14 @@
+2005-03-12  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Adele.
+
+       <rdar://problem/4046144> RSS pages leave a hole in local file security policy (need to revert feed: exemption)
+        
+       * kwq/WebCoreBridge.mm:
+        (-[WebCoreBridge canLoadURL:fromReferrer:hideReferrer:]): Revert
+       emergency workaround for Safari RSS, now that a new Syndication
+       has been submitted.
+
 2005-03-11  Maciej Stachowiak  <mjs@apple.com>
 
         Reviewed by Kevin.
index 345b184dce54e0a8dbcbaf855ecdfb2355bea321..2da669893d87446671f8a144c417fe5b3d2b2ad9 100644 (file)
@@ -391,13 +391,9 @@ static bool initializedKJS = FALSE;
     *hideReferrer = !hasCaseInsensitivePrefix(referrer,@"http:") && !hasCaseInsensitivePrefix(referrer, @"https:");
     BOOL referrerIsFileURL = hasCaseInsensitivePrefix(referrer, @"file:");
 
-    // FIXME: temporarily let Safari RSS load local file resources, this is a
-    // hole in the security check but can be fixed later.
-    BOOL referrerIsFeedURL = hasCaseInsensitivePrefix(referrer, @"feed:") || hasCaseInsensitivePrefix(referrer, @"feeds:");
-
     BOOL URLIsFileURL = [[URL scheme] compare:@"file" options:(NSCaseInsensitiveSearch|NSLiteralSearch)] == NSOrderedSame;
 
-    return referrerIsFileURL  || !URLIsFileURL || referrerIsFeedURL;
+    return !URLIsFileURL || referrerIsFileURL;
 }
 
 - (void)saveDocumentState