LayoutTests:
authorkmccullo <kmccullo@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 6 Apr 2007 01:05:58 +0000 (01:05 +0000)
committerkmccullo <kmccullo@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 6 Apr 2007 01:05:58 +0000 (01:05 +0000)
        Reviewed by Darin.

        - Now we add a console message when local resources are blocked.

        * http/tests/security/local-CSS-from-remote-expected.txt:
        * http/tests/security/local-JavaScript-from-remote-expected.txt:
        * http/tests/security/local-iFrame-from-remote-expected.txt:
        * http/tests/security/local-image-from-remote-expected.txt:

WebCore:

        Reviewed by Darin.

        - Added reportLocalLoadFailed to FrameLoader to send an error to the console when
        calls to canLoad fail.

        * loader/Cache.cpp:
        (WebCore::Cache::requestResource):
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::loadSubframe):
        (WebCore::FrameLoader::loadPlugin):
        (WebCore::FrameLoader::load):
        (WebCore::FrameLoader::reportLocalLoadFailed):
        * loader/FrameLoader.h:
        * loader/SubresourceLoader.cpp:
        (WebCore::SubresourceLoader::create):

WebKit:

        Reviewed by Darin.

        - Moved registerURLSchemeAsLocal to the public API.

        * WebView/WebView.h:
        * WebView/WebView.mm:
        (+[WebView registerURLSchemeAsLocal:]):
        * WebView/WebViewPrivate.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@20740 268f45cc-cd09-0410-ab3c-d52691b4dbfc

14 files changed:
LayoutTests/ChangeLog
LayoutTests/http/tests/security/local-CSS-from-remote-expected.txt
LayoutTests/http/tests/security/local-JavaScript-from-remote-expected.txt
LayoutTests/http/tests/security/local-iFrame-from-remote-expected.txt
LayoutTests/http/tests/security/local-image-from-remote-expected.txt
WebCore/ChangeLog
WebCore/loader/Cache.cpp
WebCore/loader/FrameLoader.cpp
WebCore/loader/FrameLoader.h
WebCore/loader/SubresourceLoader.cpp
WebKit/ChangeLog
WebKit/WebView/WebView.h
WebKit/WebView/WebView.mm
WebKit/WebView/WebViewPrivate.h

index dd5b5830d358ccb02cbbd7f9b5f30d6ac49ce40f..fa3c91b502f87afd2be3f8284c5d8ab22d4f644c 100644 (file)
@@ -1,3 +1,14 @@
+2007-04-05  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by Darin.
+
+        - Now we add a console message when local resources are blocked.
+
+        * http/tests/security/local-CSS-from-remote-expected.txt:
+        * http/tests/security/local-JavaScript-from-remote-expected.txt:
+        * http/tests/security/local-iFrame-from-remote-expected.txt:
+        * http/tests/security/local-image-from-remote-expected.txt:
+
 2007-04-05  Oliver Hunt  <oliver@apple.com>
 
         Reviewed by Adam.
index 1af2a7e22575026d6aed04a23f379fc318d47f3f..ee3a52ae17803f1391f0a2e8c74391b59ebdca35 100644 (file)
@@ -1,3 +1,4 @@
+CONSOLE MESSAGE: line 0: Not allowed to load local resource: file:///tmp/LayoutTests/http/tests/security/resources/cssStyle.css
 This test is to see if a remote file can include a local CSS style. 
 If the background is yellow then the CSS was loaded.
 
index 8e4308ea92f2ef1ecf1d28a08e7cc4cecc427f1e..ef7686c169ae4ec0409f1278658fb5f39561f4af 100644 (file)
@@ -1,3 +1,4 @@
+CONSOLE MESSAGE: line 0: Not allowed to load local resource: file:///tmp/LayoutTests/http/tests/security/resources/localScript.js
 This test is to see if a remote file can run a local script.
 
 Test Passed.
index cd4b7c8a23aa75c10761d300a4e5ed3ab3e8337b..e042de4af294df45f4ae541ad573fc559377b091 100644 (file)
@@ -1,3 +1,4 @@
+CONSOLE MESSAGE: line 0: Not allowed to load local resource: file:///tmp/LayoutTests/http/tests/security/resources/localPage.html
 This test is to see if a remote file can include a local page in an iFrame.
 
 Test Passed.
index 5fed28fd4402440da4cd98d67875ae4ee54aa683..e8e326337c8f08dcf24891d9b83bbf09cad37d58 100644 (file)
@@ -1,3 +1,4 @@
+CONSOLE MESSAGE: line 0: Not allowed to load local resource: file:///tmp/LayoutTests/http/tests/security/resources/compass.jpg
 This test is to see if a remote file can include a local image.
 
 Test Passed.
index 41cdcd72f9abd5856b8ba9fb3e118bc6381cb2c8..7259724474813c253d8374ecc08d2549b8525ecf 100644 (file)
@@ -1,3 +1,21 @@
+2007-04-05  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by Darin.
+
+        - Added reportLocalLoadFailed to FrameLoader to send an error to the console when
+        calls to canLoad fail. 
+
+        * loader/Cache.cpp:
+        (WebCore::Cache::requestResource):
+        * loader/FrameLoader.cpp:
+        (WebCore::FrameLoader::loadSubframe):
+        (WebCore::FrameLoader::loadPlugin):
+        (WebCore::FrameLoader::load):
+        (WebCore::FrameLoader::reportLocalLoadFailed):
+        * loader/FrameLoader.h:
+        * loader/SubresourceLoader.cpp:
+        (WebCore::SubresourceLoader::create):
+
 2007-04-05  Adele Peterson  <adele@apple.com>
 
         Reviewed by Maciej.
index c2b542bc00459891df15ef9b6a96f95df597faf1..a7cd5479c5f45183cc7a3a28d19ddc565400b4a2 100644 (file)
@@ -91,11 +91,21 @@ CachedResource* Cache::requestResource(DocLoader* docLoader, CachedResource::Typ
     CachedResource* resource = m_resources.get(url.url());
 
     if (resource) {
-        if (!skipCanLoadCheck && FrameLoader::restrictAccessToLocal() && !FrameLoader::canLoad(*resource, docLoader->doc()))
+        if (!skipCanLoadCheck && FrameLoader::restrictAccessToLocal() && !FrameLoader::canLoad(*resource, docLoader->doc())) {
+            Document* doc = docLoader->doc();
+            if(doc)
+                FrameLoader::reportLocalLoadFailed(doc->page(), resource->url());
+
             return 0;
+        }
     } else {
-        if (!skipCanLoadCheck && FrameLoader::restrictAccessToLocal() && !FrameLoader::canLoad(url, docLoader->doc()))
+        if (!skipCanLoadCheck && FrameLoader::restrictAccessToLocal() && !FrameLoader::canLoad(url, docLoader->doc())) {
+            Document* doc = docLoader->doc();
+            if(doc)
+                FrameLoader::reportLocalLoadFailed(doc->page(), url.url());
+
             return 0;
+        }
 
         // The resource does not exist.  Create it.
         resource = createResource(type, docLoader, url, charset, skipCanLoadCheck);
index fb10f125a61094bd74bfe35643a753bca10181b5..cbb8604620ca0bbc12a405a702d7cd6bd08025a2 100644 (file)
@@ -394,8 +394,10 @@ Frame* FrameLoader::loadSubframe(HTMLFrameOwnerElement* ownerElement, const KURL
     }
 
     bool hideReferrer;
-    if (!canLoad(url, referrer, hideReferrer))
+    if (!canLoad(url, referrer, hideReferrer)) {
+        FrameLoader::reportLocalLoadFailed(frame()->page(), url.url());
         return 0;
+    }
 
     Frame* frame = m_client->createFrame(url, name, ownerElement, hideReferrer ? String() : referrer,
                                          allowsScrolling, marginWidth, marginHeight);
@@ -1387,8 +1389,10 @@ bool FrameLoader::loadPlugin(RenderPart* renderer, const KURL& url, const String
         if (renderer->node() && renderer->node()->isElementNode())
             pluginElement = static_cast<Element*>(renderer->node());
 
-        if (!canLoad(url, frame()->document()))
+        if (!canLoad(url, frame()->document())) {
+            FrameLoader::reportLocalLoadFailed(frame()->page(), url.url());
             return false;
+        }
 
         widget = m_client->createPlugin(pluginElement, url, paramNames, paramValues, mimeType,
                                         m_frame->document()->isPluginDocument());
@@ -1719,8 +1723,11 @@ void FrameLoader::load(const FrameLoadRequest& request, bool userGesture, Event*
         referrer = m_outgoingReferrer;
  
     bool hideReferrer;
-    if (!canLoad(request.resourceRequest().url(), referrer, hideReferrer))
+    if (!canLoad(request.resourceRequest().url(), referrer, hideReferrer)) {
+        FrameLoader::reportLocalLoadFailed(frame()->page(), request.resourceRequest().url().url());
         return;
+    }
+
     if (hideReferrer)
         referrer = String();
     
@@ -1907,6 +1914,7 @@ void FrameLoader::load(DocumentLoader* loader, FrameLoadType type, PassRefPtr<Fo
         callContinueLoadAfterNavigationPolicy, this);
 }
 
+// FIXME: It would be nice if we could collapse these into one or two functions.
 bool FrameLoader::canLoad(const KURL& url, const String& referrer, bool& hideReferrer)
 {
     hideReferrer = shouldHideReferrer(url, referrer);
@@ -1933,6 +1941,13 @@ bool FrameLoader::canLoad(const CachedResource& resource, const Document* doc)
     return doc && doc->isAllowedToLoadLocalResources();
 }
 
+void FrameLoader::reportLocalLoadFailed(const Page* page, const String& url)
+{
+    ASSERT(!url.isEmpty());
+    if(page)
+        page->chrome()->addMessageToConsole("Not allowed to load local resource: " + url, 0, String());
+}
+
 bool FrameLoader::shouldHideReferrer(const KURL& url, const String& referrer)
 {
     bool referrerIsSecureURL = referrer.startsWith("https:", false);
index 8cccaed204a8a53b7ecb987c86023457c47c40b4..4d70379ee8d7ff8e9ebdd022e83a1cd821bcc215 100644 (file)
@@ -65,6 +65,7 @@ namespace WebCore {
     class IntSize;
     class NavigationAction;
     class Node;
+    class Page;
     class PageCache;
     class PageState;
     class RenderPart;
@@ -151,6 +152,7 @@ namespace WebCore {
         static bool canLoad(const KURL&, const String& referrer, bool& hideReferrer);
         static bool canLoad(const KURL&, const Document*);
         static bool canLoad(const CachedResource&, const Document*);
+        static void reportLocalLoadFailed(const Page*, const String& url);
 
         static bool shouldHideReferrer(const KURL& url, const String& referrer);
 
index 8a652480fd6194fd6bcc10902ff797b5efac6261..3134434c80a5a4bc022957c2f6d6a1f932632d9d 100644 (file)
@@ -95,8 +95,10 @@ PassRefPtr<SubresourceLoader> SubresourceLoader::create(Frame* frame, Subresourc
 
     if (!skipCanLoadCheck
     && FrameLoader::restrictAccessToLocal()
-    && !FrameLoader::canLoad(request.url(), frame->document()))
+    && !FrameLoader::canLoad(request.url(), frame->document())) {
+        FrameLoader::reportLocalLoadFailed(frame->page(), request.url().url());
         return 0;
+    }
     
     if (FrameLoader::shouldHideReferrer(request.url(), fl->outgoingReferrer()))
         newRequest.clearHTTPReferrer();
index b2d6eb8a35f5233416e9b7cde11be9d6aadb1bad..89b510c9216abceb0254efcfc71a2787d01b5dd3 100644 (file)
@@ -1,3 +1,14 @@
+2007-04-05  Kevin McCullough  <kmccullough@apple.com>
+
+        Reviewed by Darin.
+
+        - Moved registerURLSchemeAsLocal to the public API.
+
+        * WebView/WebView.h:
+        * WebView/WebView.mm:
+        (+[WebView registerURLSchemeAsLocal:]):
+        * WebView/WebViewPrivate.h:
+
 2007-04-04  Anders Carlsson  <andersca@apple.com>
 
         Reviewed by John.
index 25c69530cd14fa5ba590234b5bd783778333f30d..30b934230cd4af3c9900e86d68bcdcf8bf2081d0 100644 (file)
@@ -170,6 +170,13 @@ extern NSString *WebViewProgressFinishedNotification;
 */
 + (NSString *)URLTitleFromPasteboard:(NSPasteboard *)pasteboard;
 
+/*!
+    @method registerURLSchemeAsLocal:
+    @abstract Adds the scheme to the list of schemes to be treated as local.
+    @param scheme The scheme to register
+*/
++ (void)registerURLSchemeAsLocal:(NSString *)scheme;
+
 /*!
     @method initWithFrame:frameName:groupName:
     @abstract The designated initializer for WebView.
index af693c902e37ced436b95313e319e3ce10d7d240..c73e51dec51845f4a218145f18f03faf56be0357 100644 (file)
@@ -1604,6 +1604,11 @@ NSMutableDictionary *countInvocations;
     return [pasteboard stringForType:WebURLNamePboardType];
 }
 
++ (void)registerURLSchemeAsLocal:(NSString *)protocol
+{
+    FrameLoader::registerURLSchemeAsLocal(protocol);
+}
+
 - (void)_registerDraggedTypes
 {
     NSArray *editableTypes = [WebHTMLView _insertablePasteboardTypes];
@@ -2864,11 +2869,6 @@ static WebFrame *incrementFrame(WebFrame *curr, BOOL forward, BOOL wrapFlag)
     _private->allowsUndo = flag;
 }
 
-+ (void)registerURLSchemeAsLocal:(NSString *)protocol
-{
-    FrameLoader::registerURLSchemeAsLocal(protocol);
-}
-
 @end
 
 @implementation WebView (WebViewPrintingPrivate)
index 6a50c5d49e6353b97325b1de184d91308b075731..a0eb4946e9fef241d0b21ba8dd73fb1e54a6bcba 100644 (file)
@@ -171,8 +171,6 @@ typedef enum {
 - (BOOL)allowsUndo;
 - (void)setAllowsUndo:(BOOL)flag;
 
-+ (void)registerURLSchemeAsLocal:(NSString *)scheme;
-
 @end
 
 @interface WebView (WebPrivate)