WebCore:
authorabarth@webkit.org <abarth@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 9 Jun 2008 04:37:49 +0000 (04:37 +0000)
committerabarth@webkit.org <abarth@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 9 Jun 2008 04:37:49 +0000 (04:37 +0000)
2008-06-08  Adam Barth  <abarth@webkit.org>

        Reviewed by Darin Adler.

        Inherit document.URL from parent's document.URL, not document.baseURI.

        https://bugs.webkit.org/show_bug.cgi?id=19257

        Tests: http/tests/security/cookies/assign-document-url.html
               http/tests/security/cookies/base-about-blank.html
               http/tests/security/cookies/base-tag.html
               http/tests/security/cookies/basic.html

        * dom/Document.cpp:
        (WebCore::Document::open):

LayoutTests:

2008-06-08  Adam Barth  <abarth@webkit.org>

        Reviewed by Darin Alder.

        Add a number of tests for document.cookie access.

        https://bugs.webkit.org/show_bug.cgi?id=19257

        * http/tests/security/cookies: Added.
        * http/tests/security/cookies/assign-document-url-expected.txt: Added.
        * http/tests/security/cookies/assign-document-url.html: Added.
        * http/tests/security/cookies/base-about-blank-expected.txt: Added.
        * http/tests/security/cookies/base-about-blank.html: Added.
        * http/tests/security/cookies/base-tag-expected.txt: Added.
        * http/tests/security/cookies/base-tag.html: Added.
        * http/tests/security/cookies/basic-expected.txt: Added.
        * http/tests/security/cookies/basic.html: Added.
        * http/tests/security/cookies/resources: Added.
        * http/tests/security/cookies/resources/set-a-cookie.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@34460 268f45cc-cd09-0410-ab3c-d52691b4dbfc

12 files changed:
LayoutTests/ChangeLog
LayoutTests/http/tests/security/cookies/assign-document-url-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/cookies/assign-document-url.html [new file with mode: 0644]
LayoutTests/http/tests/security/cookies/base-about-blank-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/cookies/base-about-blank.html [new file with mode: 0644]
LayoutTests/http/tests/security/cookies/base-tag-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/cookies/base-tag.html [new file with mode: 0644]
LayoutTests/http/tests/security/cookies/basic-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/cookies/basic.html [new file with mode: 0644]
LayoutTests/http/tests/security/cookies/resources/set-a-cookie.html [new file with mode: 0644]
WebCore/ChangeLog
WebCore/dom/Document.cpp

index 634a827506a61219300a17fd16a1f1f33d5e31be..03de9beaf9658e0ce786c2203137e6a3af9ce67e 100644 (file)
@@ -1,3 +1,23 @@
+2008-06-08  Adam Barth  <abarth@webkit.org>
+
+        Reviewed by Darin Alder.
+
+        Add a number of tests for document.cookie access.
+
+        https://bugs.webkit.org/show_bug.cgi?id=19257
+
+        * http/tests/security/cookies: Added.
+        * http/tests/security/cookies/assign-document-url-expected.txt: Added.
+        * http/tests/security/cookies/assign-document-url.html: Added.
+        * http/tests/security/cookies/base-about-blank-expected.txt: Added.
+        * http/tests/security/cookies/base-about-blank.html: Added.
+        * http/tests/security/cookies/base-tag-expected.txt: Added.
+        * http/tests/security/cookies/base-tag.html: Added.
+        * http/tests/security/cookies/basic-expected.txt: Added.
+        * http/tests/security/cookies/basic.html: Added.
+        * http/tests/security/cookies/resources: Added.
+        * http/tests/security/cookies/resources/set-a-cookie.html: Added.
+
 2008-06-08  Dan Bernstein  <mitz@apple.com>
 
         - test for <rdar://problem/5961977> Crash in RenderBlock::layoutColumns()
diff --git a/LayoutTests/http/tests/security/cookies/assign-document-url-expected.txt b/LayoutTests/http/tests/security/cookies/assign-document-url-expected.txt
new file mode 100644 (file)
index 0000000..263d0de
--- /dev/null
@@ -0,0 +1,5 @@
+http://127.0.0.1:8000/security/cookies/assign-document-url.html
+http://127.0.0.1:8000/security/cookies/assign-document-url.html
+secret=PASS
+
+
diff --git a/LayoutTests/http/tests/security/cookies/assign-document-url.html b/LayoutTests/http/tests/security/cookies/assign-document-url.html
new file mode 100644 (file)
index 0000000..023794e
--- /dev/null
@@ -0,0 +1,17 @@
+<html>
+<body>
+<pre>
+<script>
+if (window.layoutTestController)
+    layoutTestController.dumpAsText();
+
+document.cookie = "secret=PASS";
+document.write(document.URL + "\n");
+document.URL = "http://localhost:8000/";
+// Should match previous line.
+document.write(document.URL + "\n");
+document.write(document.cookie + "\n");
+</script>
+</pre>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/security/cookies/base-about-blank-expected.txt b/LayoutTests/http/tests/security/cookies/base-about-blank-expected.txt
new file mode 100644 (file)
index 0000000..24b52d7
--- /dev/null
@@ -0,0 +1,4 @@
+Running test.
+secret=PASS
+Test complete.
diff --git a/LayoutTests/http/tests/security/cookies/base-about-blank.html b/LayoutTests/http/tests/security/cookies/base-about-blank.html
new file mode 100644 (file)
index 0000000..9177425
--- /dev/null
@@ -0,0 +1,37 @@
+<html>
+<head>
+<script>
+if (window.layoutTestController) {
+    layoutTestController.dumpAsText();
+    layoutTestController.waitUntilDone();
+}
+
+document.cookie = "secret=PASS"; 
+
+function log(msg) {
+    var line = document.createElement("div");
+    line.appendChild(document.createTextNode(msg));
+    document.getElementById("console").appendChild(line);
+}
+
+function runTest() {
+    log("Running test.");
+    frames[1].document.open();
+    log(frames[1].document.cookie);
+    log("Test complete.");
+
+    if (window.layoutTestController)
+        layoutTestController.notifyDone();
+}
+</script>
+<base href="http://localhost:8000/security/cookies/resources/set-a-cookie.html">
+</head>
+<body>
+<iframe
+  onload="runTest()"
+  src="http://localhost:8000/security/cookies/resources/set-a-cookie.html">
+</iframe>
+<iframe></iframe>
+<div id="console"></div>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/security/cookies/base-tag-expected.txt b/LayoutTests/http/tests/security/cookies/base-tag-expected.txt
new file mode 100644 (file)
index 0000000..ac71250
--- /dev/null
@@ -0,0 +1,4 @@
+
+Running test.
+secret=PASS
+Test complete.
diff --git a/LayoutTests/http/tests/security/cookies/base-tag.html b/LayoutTests/http/tests/security/cookies/base-tag.html
new file mode 100644 (file)
index 0000000..42b91f6
--- /dev/null
@@ -0,0 +1,35 @@
+<html>
+<head>
+<script>
+if (window.layoutTestController) {
+    layoutTestController.dumpAsText();
+    layoutTestController.waitUntilDone();
+}
+
+document.cookie = "secret=PASS";
+
+function log(msg) {
+    var line = document.createElement("div");
+    line.appendChild(document.createTextNode(msg));
+    document.getElementById("console").appendChild(line);
+}
+
+function runTest() {
+    log("Running test.");
+    log(document.cookie);
+    log("Test complete.");
+
+    if (window.layoutTestController)
+        layoutTestController.notifyDone();
+}
+</script>
+<base href="http://localhost:8000/">
+</head>
+<body>
+<iframe
+  onload="runTest()"
+  src="http://localhost:8000/security/cookies/resources/set-a-cookie.html">
+</iframe>
+<div id="console"></div>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/security/cookies/basic-expected.txt b/LayoutTests/http/tests/security/cookies/basic-expected.txt
new file mode 100644 (file)
index 0000000..ac71250
--- /dev/null
@@ -0,0 +1,4 @@
+
+Running test.
+secret=PASS
+Test complete.
diff --git a/LayoutTests/http/tests/security/cookies/basic.html b/LayoutTests/http/tests/security/cookies/basic.html
new file mode 100644 (file)
index 0000000..67e86eb
--- /dev/null
@@ -0,0 +1,34 @@
+<html>
+<head>
+<script>
+if (window.layoutTestController) {
+    layoutTestController.dumpAsText();
+    layoutTestController.waitUntilDone();
+}
+
+document.cookie = "secret=PASS";
+
+function log(msg) {
+    var line = document.createElement("div");
+    line.appendChild(document.createTextNode(msg));
+    document.getElementById("console").appendChild(line);
+}
+
+function runTest() {
+    log("Running test.");
+    log(document.cookie);
+    log("Test complete.");
+
+    if (window.layoutTestController)
+        layoutTestController.notifyDone();
+}
+</script>
+</head>
+<body>
+<iframe
+  onload="runTest()"
+  src="http://localhost:8000/security/cookies/resources/set-a-cookie.html">
+</iframe>
+<div id="console"></div>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/security/cookies/resources/set-a-cookie.html b/LayoutTests/http/tests/security/cookies/resources/set-a-cookie.html
new file mode 100644 (file)
index 0000000..744275d
--- /dev/null
@@ -0,0 +1,13 @@
+<html>
+<head>
+<script>
+document.cookie = "secret=FAIL"; 
+</script>
+</head>
+<body>
+<script>
+document.write(window.location.href);
+</script>
+has set a secret cookie.
+</body>
+</html>
index bd180ad9c34af2a73b8eeb306f6393e7f0d46297..843bcb92bb21da98727e219f8c72b56c4f49f316 100644 (file)
@@ -1,3 +1,19 @@
+2008-06-08  Adam Barth  <abarth@webkit.org>
+
+        Reviewed by Darin Adler.
+
+        Inherit document.URL from parent's document.URL, not document.baseURI.
+
+        https://bugs.webkit.org/show_bug.cgi?id=19257
+
+        Tests: http/tests/security/cookies/assign-document-url.html
+               http/tests/security/cookies/base-about-blank.html
+               http/tests/security/cookies/base-tag.html
+               http/tests/security/cookies/basic.html
+
+        * dom/Document.cpp:
+        (WebCore::Document::open):
+
 2008-06-08  Kevin Ollivier  <kevino@theolliviers.com>
 
         Reviewed by Darin Adler.
index 4d6d5a1e9fae0d259925ab1958eba836644ad360..8a73bd13a2826dae29ae671ca7142c70a8d5d4c3 100644 (file)
@@ -1395,7 +1395,7 @@ void Document::open()
     // happen when implicitOpen() is called unless we reorganize Frame code.
     if (Document* parent = parentDocument()) {
         if (m_url.isEmpty() || m_url == blankURL())
-            setURL(parent->baseURL());
+            setURL(parent->url());
         if (m_baseURL.isEmpty() || m_baseURL == blankURL())
             setBaseURL(parent->baseURL());
     }