LayoutTests:
Reviewed by Brady.
Layout tests for <rdar://problem/
5017375> WebKit should disable SVG in Dashboard
Tests attempt to use SVG in a number of ways, both direct and indirect.
* http/tests/xmlhttprequest/resources/svgtest.svg: Added.
Small test SVG
* http/tests/xmlhttprequest/svg-created-by-xhr-disallowed-in-dashboard-expected.txt: Added.
* http/tests/xmlhttprequest/svg-created-by-xhr-disallowed-in-dashboard.html: Added.
Attempts to use an SVG doc created with XHR as content
* svg/custom/embedded-svg-disallowed-in-dashboard-expected.txt: Added.
* svg/custom/embedded-svg-disallowed-in-dashboard.xml: Added.
Attempts to use SVG by embedding it in an SVG doc.
* svg/custom/manually-parsed-embedded-svg-disallowed-in-dashboard-expected.txt: Added.
* svg/custom/manually-parsed-embedded-svg-disallowed-in-dashboard.html: Added.
Attempts to use SVG by using a DOMParser to manually parse XHMTL with embedded SVG
* svg/custom/manually-parsed-svg-disallowed-in-dashboard-expected.txt: Added.
* svg/custom/manually-parsed-svg-disallowed-in-dashboard.html: Added.
Attempts to use SVG by using a DOMParser to manually create an SVG doc from a string
* svg/custom/svg-disallowed-in-dashboard-object-expected.txt: Added.
* svg/custom/svg-disallowed-in-dashboard-object.html: Added.
Attempts to embed SVG with <embed>, <object>, and <iframe>
WebCore:
Reviewed by Brady.
<rdar://problem/
5017375> WebKit should disable SVG in Dashboard
Prevents an SVG document or element from being created when in
dashboard compatibility mode.
Manually parsing, or using XHR to created a document removes our
ability to detect Dashboard compatibility mode, so we also perform
the check when importing nodes from one document into another.
* dom/DOMImplementation.cpp:
(WebCore::DOMImplementation::createDocument):
Don't create an SVGDocument if we're in dashboard compatibility mode
* dom/Document.cpp:
(WebCore::Document::importNode):
Don't import SVG nodes if we're in dashboard compatibility mode
* ksvg2/scripts/make_names.pl:
Don't create SVG elements for documents that are in dashboard
compatibility mode
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@21418
268f45cc-cd09-0410-ab3c-
d52691b4dbfc
+2007-05-11 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Brady.
+
+ Layout tests for <rdar://problem/5017375> WebKit should disable SVG in Dashboard
+ Tests attempt to use SVG in a number of ways, both direct and indirect.
+
+
+ * http/tests/xmlhttprequest/resources/svgtest.svg: Added.
+ Small test SVG
+
+ * http/tests/xmlhttprequest/svg-created-by-xhr-disallowed-in-dashboard-expected.txt: Added.
+ * http/tests/xmlhttprequest/svg-created-by-xhr-disallowed-in-dashboard.html: Added.
+ Attempts to use an SVG doc created with XHR as content
+
+ * svg/custom/embedded-svg-disallowed-in-dashboard-expected.txt: Added.
+ * svg/custom/embedded-svg-disallowed-in-dashboard.xml: Added.
+ Attempts to use SVG by embedding it in an SVG doc.
+
+ * svg/custom/manually-parsed-embedded-svg-disallowed-in-dashboard-expected.txt: Added.
+ * svg/custom/manually-parsed-embedded-svg-disallowed-in-dashboard.html: Added.
+ Attempts to use SVG by using a DOMParser to manually parse XHMTL with embedded SVG
+
+ * svg/custom/manually-parsed-svg-disallowed-in-dashboard-expected.txt: Added.
+ * svg/custom/manually-parsed-svg-disallowed-in-dashboard.html: Added.
+ Attempts to use SVG by using a DOMParser to manually create an SVG doc from a string
+
+ * svg/custom/svg-disallowed-in-dashboard-object-expected.txt: Added.
+ * svg/custom/svg-disallowed-in-dashboard-object.html: Added.
+ Attempts to embed SVG with <embed>, <object>, and <iframe>
+
2007-05-11 Mark Rowe <mrowe@apple.com>
Rubber-stamped by Oliver.
--- /dev/null
+<!-- Small test SVG for http/tests/xmlhttprequest/svg-created-by-xhr-disallowed-in-dashboard.html test -->
+<svg xmlns="http://www.w3.org/2000/svg" width="100" height="100">
+ <circle id="svgCircle" cx="50" cy="50" r="50" fill="red"/>
+</svg>
--- /dev/null
+Test to make sure we can't use XHR to create usable SVG in dashboard compatibility mode. This cannot be tested manually.
+
+Received doc of type: [object Document]
+Contained circle element is of type: [object SVGCircleElement]
+PASS: Could not insert SVG element into tree
+
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+<head>
+<title>Test to ensure SVG is disabled in Dashboard compatibility mode</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<script language="JavaScript" type="text/JavaScript">
+
+ var rq;
+
+ function loadSVG()
+ {
+ url = 'resources/svgtest.svg';
+
+ rq = false;
+
+ try {
+ if (window.XMLHttpRequest) {
+ rq = new XMLHttpRequest();
+ rq.overrideMimeType('text/svg+xml');
+ rq.onreadystatechange = processReqChange;
+ rq.open('GET', url, true);
+ rq.send();
+ }
+ } catch (ex) {
+ rq = false;
+ alert(ex);
+ }
+ }
+
+ function debug(str) {
+ var c = document.getElementById('console')
+ c.appendChild(document.createTextNode(str + '\n'));
+ }
+
+ function processReqChange()
+ {
+ if (rq.readyState == 4) {
+ try {
+ var svgDoc = rq.responseXML;
+ if (rq.status == 200) {
+ debug("Received doc of type: " + svgDoc);
+ debug("Contained circle element is of type: " + svgDoc.getElementById('svgCircle'));
+ // Import SVG element into tree.
+ var importedNode = null;
+ try {
+ importedNode = document.importNode(svgDoc.getElementById('svgCircle'), true);
+ } catch(e) {
+ }
+
+ if (importedNode) {
+ debug("FAIL: Managed to insert SVG element into tree");
+ debug("Imported node of type: " + importedNode);
+ document.getElementById('targetDiv').appendChild(importedNode);
+ } else {
+ debug("PASS: Could not insert SVG element into tree");
+ }
+ } else {
+ debug('FAIL: Unable to load SVG document: ' + rq.statusText);
+ }
+ } catch (e) {
+ }
+ if (window.layoutTestController)
+ layoutTestController.notifyDone();
+ }
+ }
+</script>
+</head>
+
+<body onLoad="loadSVG();">
+<p>Test to make sure we can't use XHR to create usable SVG in dashboard compatibility mode. This cannot be tested manually.</p>
+<div id="targetDiv"></div>
+<pre id="console"></pre>
+<script>
+ if (window.layoutTestController) {
+ layoutTestController.setUseDashboardCompatiblityMode(true);
+ layoutTestController.dumpAsText();
+ layoutTestController.waitUntilDone();
+ }
+</script>
+</body>
+</html>
--- /dev/null
+This test is to ensure SVG elements can't be created by being embedded in xml documents. It can not be tested manually.
+
+ PASS: SVG Elements could not be created
+
--- /dev/null
+<html xmlns="http://www.w3.org/1999/xhtml">
+ <head>
+ <title>Make sure embedded SVG is turned off in dashboard</title>
+ </head>
+ <script>
+ if (window.layoutTestController) {
+ layoutTestController.setUseDashboardCompatiblityMode(true);
+ layoutTestController.dumpAsText();
+ }
+ function debug(str) {
+ var c = document.getElementById('console')
+ c.appendChild(document.createTextNode(str + '\n'));
+ }
+ </script>
+ <body>
+ <p>This test is to ensure SVG elements can't be created by being embedded in xml documents. It can not be tested manually.</p>
+ <svg xmlns="http://www.w3.org/2000/svg" width="200" height="200">
+ <circle id="svgCircleNode" cx="100" cy="100" r="50" fill="red"/>
+ </svg>
+ <pre id="console"></pre>
+ <script>
+ if(document.getElementById('svgCircleNode'))
+ debug("FAIL: Successfully embedded SVG in document");
+ else
+ debug("PASS: SVG Elements could not be created");
+ </script>
+ </body>
+</html>
--- /dev/null
+This test makes sure we can't add manually parsed SVG to the document when in dashboard compatibility mode. It can not be tested manually.
+
+Parsing of the document isn't prevented and produces a [object Document]
+The circle element is of type [object SVGCircleElement]
+PASS: Could not insert SVG element into tree
+
--- /dev/null
+<html xmlns="http://www.w3.org/1999/xhtml">
+ <head>
+ <title>Make sure embedded SVG is turned off in dashboard</title>
+ </head>
+ <script>
+ function debug(str) {
+ var c = document.getElementById('console')
+ c.appendChild(document.createTextNode(str + '\n'));
+ }
+
+ if (window.layoutTestController) {
+ layoutTestController.setUseDashboardCompatiblityMode(true);
+ layoutTestController.dumpAsText();
+ }
+ </script>
+ <body>
+ <p>This test makes sure we can't add manually parsed SVG to the document when in dashboard compatibility mode. It can not be tested manually.</p>
+ <div id="targetDiv"></div>
+ <pre id="console"></pre>
+ <script>
+ var documentString = '<html xmlns="http://www.w3.org/1999/xhtml">' +
+ '<body>' +
+ '<svg xmlns="http://www.w3.org/2000/svg" width="400" height="400">' +
+ '<circle id="svgCircle" cx="50" cy="50" r="50" fill="red"/></svg>' +
+ '</body></html>';
+
+ // Use DOMParser interface to create a SVGDocument datastructure from SVG content string
+ var parser = new DOMParser();
+ var xhtmlDocument = parser.parseFromString(documentString, "application/xhtml+xml");
+
+ debug("Parsing of the document isn't prevented and produces a " + xhtmlDocument);
+ debug("The circle element is of type " + xhtmlDocument.getElementById('svgCircle'));
+
+ // Import SVG element into tree.
+ var importedNode = null;
+ try {
+ importedNode = document.importNode(xhtmlDocument.firstChild, true);
+ } catch(e) {
+ }
+
+ if (importedNode) {
+ debug("FAIL: Managed to insert SVG element into tree");
+ document.getElementById('targetDiv').appendChild(importedNode);
+ } else {
+ debug("PASS: Could not insert SVG element into tree");
+ }
+ </script>
+ </body>
+</html>
--- /dev/null
+This test makes sure we can't add manually parsed SVG to the document when in dashboard compatibility mode. It can not be tested manually.
+
+Parsing of the document isn't prevented and produces a [object SVGDocument]
+PASS: Could not insert SVG element into tree
+
--- /dev/null
+<html xmlns="http://www.w3.org/1999/xhtml">
+ <head>
+ <title>Make sure embedded SVG is turned off in dashboard</title>
+ </head>
+ <script>
+ function debug(str) {
+ var c = document.getElementById('console')
+ c.appendChild(document.createTextNode(str + '\n'));
+ }
+
+ if (window.layoutTestController) {
+ layoutTestController.setUseDashboardCompatiblityMode(true);
+ layoutTestController.dumpAsText();
+ }
+ </script>
+ <body>
+ <p>This test makes sure we can't add manually parsed SVG to the document when in dashboard compatibility mode. It can not be tested manually.</p>
+ <div id="targetDiv"></div>
+ <pre id="console"></pre>
+ <script>
+ var documentString = '<svg xmlns="http://www.w3.org/2000/svg" width="100" height="100">' +
+ '<circle cx="50" cy="50" r="50" fill="red"/></svg>';
+
+ // Use DOMParser interface to create a SVGDocument datastructure from SVG content string
+ var parser = new DOMParser();
+ var svgDocument = parser.parseFromString(documentString, "image/svg+xml");
+
+ debug("Parsing of the document isn't prevented and produces a " + svgDocument);
+
+ // Import SVG element into tree.
+ var importedNode = null;
+ try {
+ importedNode = document.importNode(svgDocument.firstChild, true);
+ } catch(e) {
+ }
+
+ if (importedNode) {
+ debug("FAIL: Managed to insert SVG element into tree");
+ document.getElementById('targetDiv').appendChild(importedNode);
+ } else {
+ debug("PASS: Could not insert SVG element into tree");
+ }
+ </script>
+ </body>
+</html>
--- /dev/null
+This test makes sure we can't open SVG documents in Dashboard compatibility mode. It can not be tested manually.
+
+
+PASS: Did not load SVG document in <object> tag
+PASS: Did not load SVG document in <element> tag
+PASS: Did not load SVG document in <iframe> tag
+PASS: SVG Documents were not loaded
+
--- /dev/null
+<html>
+<body>
+<p>This test makes sure we can't open SVG documents in Dashboard compatibility mode. It can not be tested manually.</p>
+<script>
+ if (window.layoutTestController) {
+ layoutTestController.setUseDashboardCompatiblityMode(true);
+ layoutTestController.dumpAsText();
+ layoutTestController.waitUntilDone();
+ }
+
+ function debug(str) {
+ var c = document.getElementById('console')
+ c.appendChild(document.createTextNode(str + '\n'));
+ }
+
+ setTimeout("timeOut()", 500);
+ function timeOut() {
+ try {
+ var failed = false;
+ var svgDoc = null;
+ try {
+ svgDoc = document.getElementById('svgObject').getSVGDocument();
+ } catch (e) {
+ svgDoc = null;
+ }
+ if (svgDoc) {
+ debug("FAIL: Loaded SVG document in <object> tag.");
+ failed = true;
+ } else
+ debug("PASS: Did not load SVG document in <object> tag");
+
+ try {
+ svgDoc = document.getElementById('svgEmbed').getSVGDocument();
+ } catch (e) {
+ svgDoc = null;
+ }
+ if (svgDoc) {
+ debug("FAIL: Loaded SVG document in <element> tag.");
+ failed = true;
+ } else
+ debug("PASS: Did not load SVG document in <element> tag");
+
+ try {
+ svgDoc = document.getElementById('svgIFrame').getSVGDocument();
+ } catch (e) {
+ svgDoc = null;
+ }
+ if (svgDoc) {
+ debug("FAIL: Loaded SVG document in <iframe> tag.");
+ failed = true;
+ } else
+ debug("PASS: Did not load SVG document in <iframe> tag");
+
+ if (failed)
+ debug("FAIL: SVG Documents were loaded");
+ else
+ debug("PASS: SVG Documents were not loaded");
+ } catch (e) {
+ debug("FAIL: Exception thrown: " + e)
+ }
+ if (window.layoutTestController)
+ layoutTestController.notifyDone();
+ }
+</script>
+
+ <object id="svgObject" data="../W3C-SVG-1.1/text-ws-02-t.svg" width="100px" height="100px"></object>
+ <embed id="svgElement" src="../W3C-SVG-1.1/text-ws-02-t.svg" width="100px" height="100px"></embed>
+ <iframe id="svgIFrame" src="../W3C-SVG-1.1/text-ws-02-t.svg" width="100px" height="100px"></iframe>
+ <pre id="console"></pre>
+</body>
+</html>
+2007-05-11 Oliver Hunt <oliver@apple.com>
+
+ Reviewed by Brady.
+
+ <rdar://problem/5017375> WebKit should disable SVG in Dashboard
+
+ Prevents an SVG document or element from being created when in
+ dashboard compatibility mode.
+
+ Manually parsing, or using XHR to created a document removes our
+ ability to detect Dashboard compatibility mode, so we also perform
+ the check when importing nodes from one document into another.
+
+ * dom/DOMImplementation.cpp:
+ (WebCore::DOMImplementation::createDocument):
+ Don't create an SVGDocument if we're in dashboard compatibility mode
+
+ * dom/Document.cpp:
+ (WebCore::Document::importNode):
+ Don't import SVG nodes if we're in dashboard compatibility mode
+
+ * ksvg2/scripts/make_names.pl:
+ Don't create SVG elements for documents that are in dashboard
+ compatibility mode
+
2007-05-11 Holger Hans Peter Freyther <zecke@selfish.org>
Reviewed by Maciej.
#include "DocumentType.h"
#include "Element.h"
#include "ExceptionCode.h"
+#include "Frame.h"
#include "HTMLDocument.h"
#include "HTMLViewSourceDocument.h"
#include "Image.h"
#include "PluginDocument.h"
#include "PlugInInfoStore.h"
#include "RegularExpression.h"
+#include "Settings.h"
#include "TextDocument.h"
#include "XMLNames.h"
return new PluginDocument(this, frame);
#if ENABLE(SVG)
- if (type == "image/svg+xml")
+ if (type == "image/svg+xml" && (!frame || !frame->settings()->usesDashboardBackwardCompatibilityMode()))
return new SVGDocument(this, frame);
#endif
if (isXMLMIMEType(type))
#include "NodeFilter.h"
#include "NodeIterator.h"
#include "OverflowEvent.h"
+#include "Page.h"
#include "PlatformKeyboardEvent.h"
#include "ProcessingInstruction.h"
#include "RegisteredEventListener.h"
{
ec = 0;
- if (!importedNode) {
+ if (!importedNode || (importedNode->isSVGElement() && page() && page()->settings()->usesDashboardBackwardCompatibilityMode())) {
ec = NOT_SUPPORTED_ERR;
return 0;
}
#!/usr/bin/perl -w
-# Copyright (C) 2005, 2006 Apple Computer, Inc. All rights reserved.
+# Copyright (C) 2005, 2006, 2007 Apple, Inc. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
#include "config.h"
#include "${namespace}ElementFactory.h"
#include "${namespace}Names.h"
+#include "Page.h"
+#include "Settings.h"
END
;
${namespace}Element *${namespace}ElementFactory::create${namespace}Element(const QualifiedName& qName, Document* doc, bool createdByParser)
{
#if ENABLE(SVG)
- if (!doc)
- return 0; // Do not allow elements to ever be made without having a doc.
+ if (!doc || (doc->page() && doc->page()->settings()->usesDashboardBackwardCompatibilityMode()))
+ return 0; // Do not allow elements to ever be made without having a doc or if we're in dashboard compatibility mode.
createFunctionMapIfNecessary();
ConstructorFunc func = gFunctionMap->get(qName.localName().impl());
git://git.webkit.org / WebKit-https.git / commitdiff
