Reviewed by Alexey.
Bug 15530: XMLHttpRequest should not support certain methods
Test: http/tests/xmlhttprequest/xmlhttprequest-forbidden-methods-exception.html
* xml/XMLHttpRequest.cpp:
(WebCore::XMLHttpRequest::open):
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@27970
268f45cc-cd09-0410-ab3c-
d52691b4dbfc
+2007-11-22 Julien Chaffraix <julien.chaffraix@gmail.com>
+
+ Reviewed by Alexey.
+
+ Bug 15530: XMLHttpRequest should not support certain methods
+
+ * http/tests/xmlhttprequest/xmlhttprequest-forbidden-methods-exception-expected.txt: Added.
+ * http/tests/xmlhttprequest/xmlhttprequest-forbidden-methods-exception.html: Added.
+
2007-11-21 Dan Bernstein <mitz@apple.com>
Reviewed by Eric Seidel.
--- /dev/null
+Test bug 15530: XMLHttpRequest should not support certain methods
+
+Should see a test for the TRACE, TRACK and CONNECT methods :
+
+TRACE : PASS
+TRACK : PASS
+CONNECT : PASS
+
--- /dev/null
+<html><head></head><body>
+
+<p>Test bug 15530: XMLHttpRequest should not support certain methods</p>
+<p>Should see a test for the TRACE, TRACK and CONNECT methods :</p>
+<div id="ans"></div>
+
+<script type="text/javascript">
+function log(message)
+{
+ document.getElementById("ans").appendChild(document.createTextNode(message));
+}
+
+function insertNewLine()
+{
+ document.getElementById("ans").appendChild(document.createElement("br"));
+}
+
+function testException(method)
+{
+ try {
+ xhr.open(method, "resources/1251.html", false);
+ log("FAILED");
+ } catch (e) {
+ log("PASS");
+ }
+}
+
+if (window.layoutTestController)
+ layoutTestController.dumpAsText();
+
+var xhr;
+
+if (window.XMLHttpRequest) {
+ xhr = new XMLHttpRequest();
+} else {
+ try {
+ xhr = new ActiveXObject("Msxml2.XMLHTTP");
+ } catch (ex) {
+ xhr = new ActiveXObject("Microsoft.XMLHTTP");
+ }
+}
+
+log("TRACE : ");
+testException("TRACE");
+insertNewLine();
+
+log("TRACK : ");
+testException("TRACK");
+insertNewLine();
+
+log("CONNECT : ");
+testException("CONNECT");
+insertNewLine();
+
+if (window.layoutTestController)
+ layoutTestController.notifyDone();
+
+</script>
+
+</body></html>
+2007-11-22 Julien Chaffraix <julien.chaffraix@gmail.com>
+
+ Reviewed by Alexey.
+
+ Bug 15530: XMLHttpRequest should not support certain methods
+
+ Test: http/tests/xmlhttprequest/xmlhttprequest-forbidden-methods-exception.html
+
+ * xml/XMLHttpRequest.cpp:
+ (WebCore::XMLHttpRequest::open):
+
2007-11-22 Simon Hausmann <hausmann@kde.org>
Reviewed by George.
* This file is part of the KDE libraries
* Copyright (C) 2004, 2006 Apple Computer, Inc.
* Copyright (C) 2005-2007 Alexey Proskuryakov <ap@webkit.org>
+ * Copyright (C) 2007 Julien Chaffraix <julien.chaffraix@gmail.com>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
return;
}
- m_url = url;
-
// Method names are case sensitive. But since Firefox uppercases method names it knows, we'll do the same.
String methodUpper(method.upper());
- if (methodUpper == "CONNECT" || methodUpper == "COPY" || methodUpper == "DELETE" || methodUpper == "GET" || methodUpper == "HEAD"
- || methodUpper == "INDEX" || methodUpper == "LOCK" || methodUpper == "M-POST" || methodUpper == "MKCOL" || methodUpper == "MOVE"
+
+ if (methodUpper == "TRACE" || methodUpper == "TRACK" || methodUpper == "CONNECT") {
+ ec = PERMISSION_DENIED;
+ return;
+ }
+
+ m_url = url;
+
+ if (methodUpper == "COPY" || methodUpper == "DELETE" || methodUpper == "GET" || methodUpper == "HEAD"
+ || methodUpper == "INDEX" || methodUpper == "LOCK" || methodUpper == "M-POST" || methodUpper == "MKCOL" || methodUpper == "MOVE"
|| methodUpper == "OPTIONS" || methodUpper == "POST" || methodUpper == "PROPFIND" || methodUpper == "PROPPATCH" || methodUpper == "PUT"
- || methodUpper == "TRACE" || methodUpper == "UNLOCK")
+ || methodUpper == "UNLOCK")
m_method = methodUpper.deprecatedString();
else
m_method = method.deprecatedString();
git://git.webkit.org / WebKit-https.git / commitdiff