Reviewed by Mark and Dave H.
- rdar://problem/
5038491
An oversite of the security fix that prevented remote from loading local is that it
prevents user style sheets when the site is remote. This fixes that.
* http/tests/security/local-user-CSS-from-remote-expected.txt: Added.
* http/tests/security/local-user-CSS-from-remote.html: Added.
WebCore:
Reviewed by Mark and Dave H.
- rdar://problem/
5038491
An oversite of the security fix that prevented remote from loading local is that it
prevents user style sheets when the site is remote. This fixes that.
* loader/Cache.cpp: Propogate and check user style sheet flag.
(WebCore::createResource):
(WebCore::Cache::requestResource):
* loader/Cache.h: Propogate user style sheet flag.
* loader/CachedCSSStyleSheet.cpp: Propogate user style sheet flag.
(WebCore::CachedCSSStyleSheet::CachedCSSStyleSheet):
* loader/CachedCSSStyleSheet.h: Propogate user style sheet flag.
* loader/DocLoader.cpp: Propogate user style sheet flag.
(WebCore::DocLoader::requestResource):
* loader/SubresourceLoader.cpp: Propogate and check user style sheet flag.
(WebCore::SubresourceLoader::create):
* loader/SubresourceLoader.h: Add check for user style sheet flag.
* loader/loader.cpp: Propogate user style sheet flag.
(WebCore::Loader::load):
(WebCore::Loader::servePendingRequests):
* loader/loader.h: Propogate user style sheet flag.
WebKitTools:
Reviewed by Mark and Dave H.
- rdar://problem/
4922454
- This fixes a security issue by making remote referrers not able to access local
resources, unless they register their schemes to be treated as local. The result is
that those schemes can access local resources and cannot be accessed by remote
referrers.
Because this behavior is new a link-on-or-after check is made to determine if the
app should use the older, less safe, behavior.
* DumpRenderTree/DumpRenderTree.m: Add ability to set user style sheet to DRT.
(+[LayoutTestController isSelectorExcludedFromWebScript:]):
(+[LayoutTestController webScriptNameForSelector:]):
(-[LayoutTestController setUserStyleSheetLocation:]):
(-[LayoutTestController setUserStyleSheetEnabled:]):
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@19977
268f45cc-cd09-0410-ab3c-
d52691b4dbfc
+2007-03-05 Kevin McCullough <kmccullough@apple.com>
+
+ Reviewed by Mark and Dave H.
+
+ - rdar://problem/5038491
+ An oversite of the security fix that prevented remote from loading local is that it
+ prevents user style sheets when the site is remote. This fixes that.
+
+ * http/tests/security/local-user-CSS-from-remote-expected.txt: Added.
+ * http/tests/security/local-user-CSS-from-remote.html: Added.
+
2007-03-06 Nikolas Zimmermann <zimmermann@kde.org>
Reviewed by Darin.
--- /dev/null
+This test is to see if a remote file can include a local user stylesheet.
+To run this test manually you must set your user style sheet in your Safari preferences to LayoutTests/http/tests/security/resources/cssStyle.css
+If the background is yellow then the user stylesheet was loaded.
+
+Test Passed: Local user stylesheet loaded.
+
--- /dev/null
+<html>
+ <head>
+ <title>User Stylesheet Test</title>
+ <script type="text/javascript">
+ if (window.layoutTestController) {
+ layoutTestController.dumpAsText();
+
+ // This won't work outside of DRT!
+ if (window.location.hash == '') {
+ layoutTestController.waitUntilDone();
+ layoutTestController.setUserStyleSheetLocation("file:///tmp/LayoutTests/http/tests/security/resources/cssStyle.css");
+ layoutTestController.setUserStyleSheetEnabled(true);
+ location += '?#done';
+ }
+ }
+
+ function backgroundCheck() {
+ var result = document.getElementById("result");
+ var myBody = document.getElementById("myBody");
+
+ var style = document.defaultView.getComputedStyle(myBody, null);
+ var bgColor = style.getPropertyValue("background-color");
+ if (bgColor[4] == 2) {
+ result.innerHTML = "Test Passed: Local user stylesheet loaded.";
+ } else {
+ result.innerHTML = "Test Failed: Local user stylesheet not loaded into remote document.";
+ }
+
+ if (window.layoutTestController) {
+ layoutTestController.setUserStyleSheetEnabled(false);
+ layoutTestController.notifyDone();
+ }
+
+ }
+ </script>
+ </head>
+ <body id="myBody" onload="backgroundCheck()">
+ <div id="other">
+ This test is to see if a remote file can include a local user stylesheet.
+ <br />
+ To run this test manually you must set your user style sheet in your Safari preferences
+ to LayoutTests/http/tests/security/resources/cssStyle.css
+ <br/>
+ If the background is yellow then the user stylesheet was loaded.
+ </div>
+ </br>
+ <div id="result">
+ Test not run correctly.
+ </div>
+ </body>
+</html>
+2007-03-05 Kevin McCullough <kmccullough@apple.com>
+
+ Reviewed by Mark and Dave H.
+
+ - rdar://problem/5038491
+ An oversite of the security fix that prevented remote from loading local is that it
+ prevents user style sheets when the site is remote. This fixes that.
+
+ * loader/Cache.cpp: Propogate and check user style sheet flag.
+ (WebCore::createResource):
+ (WebCore::Cache::requestResource):
+ * loader/Cache.h: Propogate user style sheet flag.
+ * loader/CachedCSSStyleSheet.cpp: Propogate user style sheet flag.
+ (WebCore::CachedCSSStyleSheet::CachedCSSStyleSheet):
+ * loader/CachedCSSStyleSheet.h: Propogate user style sheet flag.
+ * loader/DocLoader.cpp: Propogate user style sheet flag.
+ (WebCore::DocLoader::requestResource):
+ * loader/SubresourceLoader.cpp: Propogate and check user style sheet flag.
+ (WebCore::SubresourceLoader::create):
+ * loader/SubresourceLoader.h: Add check for user style sheet flag.
+ * loader/loader.cpp: Propogate user style sheet flag.
+ (WebCore::Loader::load):
+ (WebCore::Loader::servePendingRequests):
+ * loader/loader.h: Propogate user style sheet flag.
+
2007-03-06 Nikolas Zimmermann <zimmermann@kde.org>
Reviewed by Darin.
{
}
-static CachedResource* createResource(CachedResource::Type type, DocLoader* docLoader, const KURL& url, time_t expireDate, const String* charset)
+static CachedResource* createResource(CachedResource::Type type, DocLoader* docLoader, const KURL& url, time_t expireDate, const String* charset, bool skipCanLoadCheck = false)
{
switch (type) {
case CachedResource::ImageResource:
// User agent images need to null check the docloader. No other resources need to.
return new CachedImage(docLoader, url.url(), docLoader ? docLoader->cachePolicy() : CachePolicyCache, expireDate);
case CachedResource::CSSStyleSheet:
- return new CachedCSSStyleSheet(docLoader, url.url(), docLoader->cachePolicy(), expireDate, *charset);
+ return new CachedCSSStyleSheet(docLoader, url.url(), docLoader->cachePolicy(), expireDate, *charset, skipCanLoadCheck);
case CachedResource::Script:
return new CachedScript(docLoader, url.url(), docLoader->cachePolicy(), expireDate, *charset);
#if ENABLE(XSLT)
return 0;
}
-CachedResource* Cache::requestResource(DocLoader* docLoader, CachedResource::Type type, const KURL& url, time_t expireDate, const String* charset)
+CachedResource* Cache::requestResource(DocLoader* docLoader, CachedResource::Type type, const KURL& url, time_t expireDate, const String* charset, bool skipCanLoadCheck)
{
// Look up the resource in our map.
CachedResource* resource = m_resources.get(url.url());
if (resource) {
- if (FrameLoader::restrictAccessToLocal()
+ if (!skipCanLoadCheck
+ && FrameLoader::restrictAccessToLocal()
&& !FrameLoader::canLoad(*resource, docLoader->doc()))
return 0;
} else {
- if (FrameLoader::restrictAccessToLocal()
+ if (!skipCanLoadCheck
+ && FrameLoader::restrictAccessToLocal()
&& !FrameLoader::canLoad(url, docLoader->doc()))
return 0;
// The resource does not exist. Create it.
- resource = createResource(type, docLoader, url, expireDate, charset);
+ resource = createResource(type, docLoader, url, expireDate, charset, skipCanLoadCheck);
ASSERT(resource);
resource->setInCache(!disabled());
if (!disabled())
// Request resources from the cache. A load will be initiated and a cache object created if the object is not
// found in the cache.
- CachedResource* requestResource(DocLoader*, CachedResource::Type, const KURL& url, time_t expireDate = 0, const String* charset = 0);
+ CachedResource* requestResource(DocLoader*, CachedResource::Type, const KURL& url, time_t expireDate = 0, const String* charset = 0, bool skipCanLoadCheck = false);
// Set/retreive the size of the cache. This will only hold approximately, since the size some
// cached objects (like stylesheets) take up in memory is not exactly known.
namespace WebCore {
-CachedCSSStyleSheet::CachedCSSStyleSheet(DocLoader* dl, const String& url, CachePolicy cachePolicy, time_t _expireDate, const String& charset)
+CachedCSSStyleSheet::CachedCSSStyleSheet(DocLoader* dl, const String& url, CachePolicy cachePolicy, time_t _expireDate, const String& charset, bool skipCanLoadCheck)
: CachedResource(url, CSSStyleSheet, cachePolicy, _expireDate)
, m_decoder(new TextResourceDecoder("text/css", charset))
{
// Prefer text/css but accept any type (dell.com serves a stylesheet
// as text/html; see <http://bugs.webkit.org/show_bug.cgi?id=11451>).
setAccept("text/css,*/*;q=0.1");
- cache()->loader()->load(dl, this, false);
+ cache()->loader()->load(dl, this, false, skipCanLoadCheck);
m_loading = true;
}
class CachedCSSStyleSheet : public CachedResource {
public:
- CachedCSSStyleSheet(DocLoader*, const String& URL, CachePolicy, time_t expireDate, const String& charset);
+ CachedCSSStyleSheet(DocLoader*, const String& URL, CachePolicy, time_t expireDate, const String& charset, bool skipCanLoadCheck = false);
virtual ~CachedCSSStyleSheet();
const String& sheet() const { return m_sheet; }
checkForReload(fullURL);
- CachedResource* resource = cache()->requestResource(this, type, fullURL, m_expireDate, charset);
+ CachedResource* resource = cache()->requestResource(this, type, fullURL, m_expireDate, charset, skipCanLoadCheck);
if (resource) {
m_docResources.set(resource->url(), resource);
checkCacheObjectStatus(resource);
return ResourceLoader::load(r);
}
-PassRefPtr<SubresourceLoader> SubresourceLoader::create(Frame* frame, SubresourceLoaderClient* client, const ResourceRequest& request)
+PassRefPtr<SubresourceLoader> SubresourceLoader::create(Frame* frame, SubresourceLoaderClient* client, const ResourceRequest& request, bool skipCanLoadCheck)
{
if (!frame)
return 0;
ResourceRequest newRequest = request;
- // If linked-on-or-after check canLoad
- if (FrameLoader::restrictAccessToLocal()
+ if (!skipCanLoadCheck
+ && FrameLoader::restrictAccessToLocal()
&& !FrameLoader::canLoad(request.url(), frame->document()))
return 0;
class SubresourceLoader : public ResourceLoader {
public:
- static PassRefPtr<SubresourceLoader> create(Frame*, SubresourceLoaderClient*, const ResourceRequest&);
+ static PassRefPtr<SubresourceLoader> create(Frame*, SubresourceLoaderClient*, const ResourceRequest&, bool skipCanLoadCheck = false);
virtual ~SubresourceLoader();
deleteAllValues(m_requestsLoading);
}
-void Loader::load(DocLoader* dl, CachedResource* object, bool incremental)
+void Loader::load(DocLoader* dl, CachedResource* object, bool incremental, bool skipCanLoadCheck)
{
Request* req = new Request(dl, object, incremental);
m_requestsPending.append(req);
- servePendingRequests();
+ servePendingRequests(skipCanLoadCheck);
}
-void Loader::servePendingRequests()
+void Loader::servePendingRequests(bool skipCanLoadCheck)
{
if (m_requestsPending.count() == 0)
return;
domain = static_cast<HTMLDocument*>(req->docLoader()->doc())->domain().deprecatedString();
}
- RefPtr<SubresourceLoader> loader = SubresourceLoader::create(req->docLoader()->doc()->frame(), this, request);
+ RefPtr<SubresourceLoader> loader = SubresourceLoader::create(req->docLoader()->doc()->frame(), this, request, skipCanLoadCheck);
if (loader)
m_requestsLoading.add(loader.release(), req);
Loader();
~Loader();
- void load(DocLoader*, CachedResource*, bool incremental = true);
+ void load(DocLoader*, CachedResource*, bool incremental = true, bool skipCanLoadCheck = false);
int numRequests(DocLoader*) const;
void cancelRequests(DocLoader*);
virtual void didFinishLoading(SubresourceLoader*);
virtual void didFail(SubresourceLoader*, const ResourceError&);
- void servePendingRequests();
+ void servePendingRequests(bool skipCanLoadCheck = false);
DeprecatedPtrList<Request> m_requestsPending;
typedef HashMap<RefPtr<SubresourceLoader>, Request*> RequestMap;
+2007-03-05 Kevin McCullough <kmccullough@apple.com>
+
+ Reviewed by Mark and Dave H.
+
+ - rdar://problem/4922454
+ - This fixes a security issue by making remote referrers not able to access local
+ resources, unless they register their schemes to be treated as local. The result is
+ that those schemes can access local resources and cannot be accessed by remote
+ referrers.
+ Because this behavior is new a link-on-or-after check is made to determine if the
+ app should use the older, less safe, behavior.
+
+ * DumpRenderTree/DumpRenderTree.m: Add ability to set user style sheet to DRT.
+ (+[LayoutTestController isSelectorExcludedFromWebScript:]):
+ (+[LayoutTestController webScriptNameForSelector:]):
+ (-[LayoutTestController setUserStyleSheetLocation:]):
+ (-[LayoutTestController setUserStyleSheetEnabled:]):
+
2007-03-05 Anders Carlsson <acarlsson@apple.com>
Reviewed by Adam, Darin.
#import <WebKit/WebHTMLViewPrivate.h>
#import <WebKit/WebHistory.h>
#import <WebKit/WebHistoryItemPrivate.h>
+#import <WebKit/WebNSURLExtras.h>
#import <WebKit/WebPluginDatabase.h>
#import <WebKit/WebPreferences.h>
#import <WebKit/WebPreferencesPrivate.h>
|| aSelector == @selector(setAcceptsEditing:)
|| aSelector == @selector(setTabKeyCyclesThroughElements:)
|| aSelector == @selector(storeWebScriptObject:)
- || aSelector == @selector(accessStoredWebScriptObject))
+ || aSelector == @selector(accessStoredWebScriptObject)
+ || aSelector == @selector(setUserStyleSheetLocation:)
+ || aSelector == @selector(setUserStyleSheetEnabled:))
return NO;
return YES;
}
return @"setTabKeyCyclesThroughElements";
if (aSelector == @selector(storeWebScriptObject:))
return @"storeWebScriptObject";
+ if (aSelector == @selector(setUserStyleSheetLocation:))
+ return @"setUserStyleSheetLocation";
+ if (aSelector == @selector(setUserStyleSheetEnabled:))
+ return @"setUserStyleSheetEnabled";
return nil;
}
dumpAsText = YES;
}
+- (void)setUserStyleSheetLocation:(NSString *)path;
+{
+ NSURL *url = [NSURL URLWithString:path];
+ [[WebPreferences standardPreferences] setUserStyleSheetLocation:url];
+}
+
+- (void)setUserStyleSheetEnabled:(BOOL)flag;
+{
+ [[WebPreferences standardPreferences] setUserStyleSheetEnabled:flag];
+}
+
- (void)dumpAsWebArchive
{
dumpAsWebArchive = YES;
git://git.webkit.org / WebKit-https.git / commitdiff