WebKit:
authorcblu <cblu@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 17 May 2005 16:28:20 +0000 (16:28 +0000)
committercblu <cblu@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 17 May 2005 16:28:20 +0000 (16:28 +0000)
Fixed: <rdar://problem/4120255> web archives on remote servers can be viewed directly (with major security issues); should download instead

        Reviewed by mjs.

        * WebView.subproj/WebBaseResourceHandleDelegate.h:
        * WebView.subproj/WebMainResourceClient.m:
        (-[WebMainResourceClient continueAfterContentPolicy:response:]): if the WebKit client has chosen to "use" a remote web archive, stop the load with an error

WebBrowser:

Fixed: <rdar://problem/4120255> web archives on remote servers can be viewed directly (with major security issues); should download instead

        * BrowserWebView.m:
        (-[BrowserWebView webView:decidePolicyForMIMEType:request:frame:decisionListener:]): download remote web archives

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@9176 268f45cc-cd09-0410-ab3c-d52691b4dbfc

WebKit/ChangeLog
WebKit/WebView.subproj/WebBaseResourceHandleDelegate.h
WebKit/WebView.subproj/WebLoader.h
WebKit/WebView.subproj/WebMainResourceClient.m
WebKit/WebView.subproj/WebMainResourceLoader.m

index 39341e3934f76eb5c1764ce74dd4874c4dde1816..d1861dcca77e1f3d6dc68f187f0e14d424708c64 100644 (file)
@@ -1,3 +1,13 @@
+2005-05-17  Chris Blumenberg  <cblu@apple.com>
+
+       Fixed: <rdar://problem/4120255> web archives on remote servers can be viewed directly (with major security issues); should download instead
+
+        Reviewed by mjs.
+
+        * WebView.subproj/WebBaseResourceHandleDelegate.h:
+        * WebView.subproj/WebMainResourceClient.m:
+        (-[WebMainResourceClient continueAfterContentPolicy:response:]): if the WebKit client has chosen to "use" a remote web archive, stop the load with an error
+
 2005-05-16  Darin Adler  <darin@apple.com>
 
         - attempt to get things building under "Saffron" development tools
index 729293eb0e6df45d2f8fb258307a246ad4566468..dd716ca9faa0121ca49854d9691df0896393f30b 100644 (file)
@@ -24,6 +24,7 @@
     WebDataSource *dataSource;
     NSURLConnection *connection;
     NSURLRequest *request;
+    BOOL reachedTerminalState;
 @private
     WebView *webView;
     NSURLResponse *response;
@@ -33,7 +34,6 @@
     NSURLAuthenticationChallenge *currentConnectionChallenge;
     NSURLAuthenticationChallenge *currentWebChallenge;
     BOOL cancelledFlag;
-    BOOL reachedTerminalState;
     BOOL defersCallbacks;
     BOOL waitingToDeliverResource;
     BOOL deliveredResource;
index 729293eb0e6df45d2f8fb258307a246ad4566468..dd716ca9faa0121ca49854d9691df0896393f30b 100644 (file)
@@ -24,6 +24,7 @@
     WebDataSource *dataSource;
     NSURLConnection *connection;
     NSURLRequest *request;
+    BOOL reachedTerminalState;
 @private
     WebView *webView;
     NSURLResponse *response;
@@ -33,7 +34,6 @@
     NSURLAuthenticationChallenge *currentConnectionChallenge;
     NSURLAuthenticationChallenge *currentWebChallenge;
     BOOL cancelledFlag;
-    BOOL reachedTerminalState;
     BOOL defersCallbacks;
     BOOL waitingToDeliverResource;
     BOOL deliveredResource;
index 433e37a3e56692b5d668bbf5c17b54f519051d31..c8eb15e13e4130d7e7be6c5caf903d242accafff 100644 (file)
@@ -16,6 +16,7 @@
 #import <Foundation/NSURLResponse.h>
 #import <Foundation/NSURLResponsePrivate.h>
 
+#import <WebKit/WebDataProtocol.h>
 #import <WebKit/WebDataSourcePrivate.h>
 #import <WebKit/WebDefaultPolicyDelegate.h>
 #import <WebKit/WebDocument.h>
 
 -(void)continueAfterContentPolicy:(WebPolicyAction)contentPolicy response:(NSURLResponse *)r
 {
+    NSURL *URL = [request URL];
+    NSString *MIMEType = [r MIMEType]; 
+    
     switch (contentPolicy) {
     case WebPolicyUse:
-       if (![WebView canShowMIMEType:[r MIMEType]]) {
-           [[dataSource webFrame] _handleUnimplementablePolicyWithErrorCode:WebKitErrorCannotShowMIMEType forURL:[[dataSource request] URL]];
-           [self stopLoadingForPolicyChange];
+    {
+        // Prevent remote web archives from loading because they can claim to be from any domain and thus avoid cross-domain security checks (4120255).
+        BOOL isRemote = ![URL isFileURL] && ![WebDataProtocol _webIsDataProtocolURL:URL];
+       BOOL isRemoteWebArchive = isRemote && [MIMEType _web_isCaseInsensitiveEqualToString:@"application/x-webarchive"];
+        if (![WebView canShowMIMEType:MIMEType] || isRemoteWebArchive) {
+           [[dataSource webFrame] _handleUnimplementablePolicyWithErrorCode:WebKitErrorCannotShowMIMEType forURL:URL];
+            // Check reachedTerminalState since the load may have already been cancelled inside of _handleUnimplementablePolicyWithErrorCode::.
+            if (!reachedTerminalState) {
+                [self stopLoadingForPolicyChange];
+            }
            return;
        }
         break;
-
+    }
     case WebPolicyDownload:
         [proxy setDelegate:nil];
         [WebDownload _downloadWithLoadingConnection:connection
 
     if ([r isKindOfClass:[NSHTTPURLResponse class]]) {
         int status = [(NSHTTPURLResponse *)r statusCode];
-        if (status < 200 || status >= 300)
+        if (status < 200 || status >= 300) {
             // Handle <object> fallback for error cases.
             [[[dataSource webFrame] _bridge] mainResourceError];
+        }
     }
 
     [super connection:connection didReceiveResponse:r];
 
-    if (![dataSource _isStopping]
-            && ([[request URL] _webkit_shouldLoadAsEmptyDocument]
-               || [WebView _representationExistsForURLScheme:[[request URL] scheme]])) {
+    if (![dataSource _isStopping] && ([URL _webkit_shouldLoadAsEmptyDocument] || [WebView _representationExistsForURLScheme:[URL scheme]])) {
         [self connectionDidFinishLoading:connection];
     }
     
index 433e37a3e56692b5d668bbf5c17b54f519051d31..c8eb15e13e4130d7e7be6c5caf903d242accafff 100644 (file)
@@ -16,6 +16,7 @@
 #import <Foundation/NSURLResponse.h>
 #import <Foundation/NSURLResponsePrivate.h>
 
+#import <WebKit/WebDataProtocol.h>
 #import <WebKit/WebDataSourcePrivate.h>
 #import <WebKit/WebDefaultPolicyDelegate.h>
 #import <WebKit/WebDocument.h>
 
 -(void)continueAfterContentPolicy:(WebPolicyAction)contentPolicy response:(NSURLResponse *)r
 {
+    NSURL *URL = [request URL];
+    NSString *MIMEType = [r MIMEType]; 
+    
     switch (contentPolicy) {
     case WebPolicyUse:
-       if (![WebView canShowMIMEType:[r MIMEType]]) {
-           [[dataSource webFrame] _handleUnimplementablePolicyWithErrorCode:WebKitErrorCannotShowMIMEType forURL:[[dataSource request] URL]];
-           [self stopLoadingForPolicyChange];
+    {
+        // Prevent remote web archives from loading because they can claim to be from any domain and thus avoid cross-domain security checks (4120255).
+        BOOL isRemote = ![URL isFileURL] && ![WebDataProtocol _webIsDataProtocolURL:URL];
+       BOOL isRemoteWebArchive = isRemote && [MIMEType _web_isCaseInsensitiveEqualToString:@"application/x-webarchive"];
+        if (![WebView canShowMIMEType:MIMEType] || isRemoteWebArchive) {
+           [[dataSource webFrame] _handleUnimplementablePolicyWithErrorCode:WebKitErrorCannotShowMIMEType forURL:URL];
+            // Check reachedTerminalState since the load may have already been cancelled inside of _handleUnimplementablePolicyWithErrorCode::.
+            if (!reachedTerminalState) {
+                [self stopLoadingForPolicyChange];
+            }
            return;
        }
         break;
-
+    }
     case WebPolicyDownload:
         [proxy setDelegate:nil];
         [WebDownload _downloadWithLoadingConnection:connection
 
     if ([r isKindOfClass:[NSHTTPURLResponse class]]) {
         int status = [(NSHTTPURLResponse *)r statusCode];
-        if (status < 200 || status >= 300)
+        if (status < 200 || status >= 300) {
             // Handle <object> fallback for error cases.
             [[[dataSource webFrame] _bridge] mainResourceError];
+        }
     }
 
     [super connection:connection didReceiveResponse:r];
 
-    if (![dataSource _isStopping]
-            && ([[request URL] _webkit_shouldLoadAsEmptyDocument]
-               || [WebView _representationExistsForURLScheme:[[request URL] scheme]])) {
+    if (![dataSource _isStopping] && ([URL _webkit_shouldLoadAsEmptyDocument] || [WebView _representationExistsForURLScheme:[URL scheme]])) {
         [self connectionDidFinishLoading:connection];
     }