Reviewed by Geoff.
- rdar://problem/
4922454
- This fixes a security issue by making remote referrers not able to access local
resources, unless they register their schemes to be treated as local. The result is
that those schemes can access local resources and cannot be accessed by remote
referrers.
Because this behavior is new a link-on-or-after check is made to determine if the
app should use the older, less safe, behavior.
* fast/loader/local-CSS-from-local-expected.txt: Added.
* fast/loader/local-CSS-from-local.html: Added.
* fast/loader/local-JavaScript-from-local-expected.txt: Added.
* fast/loader/local-JavaScript-from-local.html: Added.
* fast/loader/local-iFrame-source-from-local-expected.txt: Added.
* fast/loader/local-iFrame-source-from-local.html: Added.
* fast/loader/local-image-from-local-expected.txt: Added.
* fast/loader/local-image-from-local.html: Added.
* http/tests/security/local-CSS-from-remote-expected.txt: Added.
* http/tests/security/local-CSS-from-remote.html: Added.
* http/tests/security/local-JavaScript-from-remote-expected.txt: Added.
* http/tests/security/local-JavaScript-from-remote.html: Added.
* http/tests/security/local-iFrame-from-remote-expected.txt: Added.
* http/tests/security/local-iFrame-from-remote.html: Added.
* http/tests/security/local-image-from-remote-expected.txt: Added.
* http/tests/security/local-image-from-remote.html: Added.
* http/tests/security/resources/compass.jpg: Added.
* http/tests/security/resources/cssStyle.css: Added.
* http/tests/security/resources/localPage.html: Added.
* http/tests/security/resources/localScript.js: Added.
WebCore:
Reviewed by Geoff.
- rdar://problem/
4922454
- This fixes a security issue by making remote referrers not able to access local
resources, unless they register their schemes to be treated as local. The result is
that those schemes can access local resources and cannot be accessed by remote
referrers.
Because this behavior is new a link-on-or-after check is made to determine if the
app should use the older, less safe, behavior.
* WebCore.exp: added exported functions
* bindings/objc/DOM.mm: consolodated function to base class
(-[DOMElement image]):
(-[DOMElement _imageTIFFRepresentation]):
* dom/Document.cpp: Cache the document's ability to load local resources.
(WebCore::Document::Document):
(WebCore::Document::setURL):
(WebCore::Document::shouldBeAllowedToLoadLocalResources):
(WebCore::Document::stylesheetLoaded):
* dom/Document.h: Cache the docuent's ability to load local resources.
(WebCore::Document::getPendingSheet):
(WebCore::Document::isAllowedToLoadLocalResources):
* html/HTMLImageLoader.cpp: Moved functionality into base class.
(WebCore::HTMLImageLoader::updateFromElement):
(WebCore::HTMLImageLoader::dispatchLoadEvent):
* html/HTMLLinkElement.cpp: Handles null returns correctly now.
* html/HTMLTokenizer.cpp: Moved functionality into base class.
(WebCore::HTMLTokenizer::notifyFinished):
* ksvg2/misc/SVGImageLoader.cpp: Moved functionality into base class.
(WebCore::SVGImageLoader::dispatchLoadEvent):
* loader/Cache.cpp: Checks if the cached resource can be loaded.
(WebCore::Cache::requestResource):
* loader/CachedCSSStyleSheet.cpp: Moved functionality into base class.
(WebCore::CachedCSSStyleSheet::ref):
(WebCore::CachedCSSStyleSheet::error):
* loader/CachedImage.cpp: Moved functionality into base class.
(WebCore::CachedImage::CachedImage):
* loader/CachedImage.h: Moved functionality into base class.
(WebCore::CachedImage::canRender):
* loader/CachedResource.cpp: Cache if the CachedResource should be treated as local
(WebCore::CachedResource::CachedResource):
* loader/CachedResource.h: Moved functionality into base class.
(WebCore::CachedResource::errorOccurred):
(WebCore::CachedResource::shouldTreatAsLocal):
* loader/CachedScript.cpp: Moved functionality into base class.
(WebCore::CachedScript::CachedScript):
* loader/CachedScript.h: Moved functionality into base class.
(WebCore::CachedScript::schedule):
* loader/CachedXBLDocument.cpp: Moved functionality into base class.
(WebCore::CachedXBLDocument::error):
* loader/CachedXSLStyleSheet.cpp: Moved functionality into base class.
(WebCore::CachedXSLStyleSheet::error):
* loader/FrameLoader.cpp: See comments for each function below.
(WebCore::FrameLoader::loadSubframe): Use new canLoad.
(WebCore::FrameLoader::restrictAccessToLocal): return value of linked-on-or-after check.
(WebCore::FrameLoader::setRestrictAccessToLocal): set value for linked-on-or-after check.
(WebCore::localSchemes): Return set of schemes that are to be treated as local.
(WebCore::FrameLoader::loadPlugin): Use new canLoad.
(WebCore::FrameLoader::canLoad): Now multiple functions that each do the same work but some can take advantage of the cached values, if they were computed previously.
(WebCore::FrameLoader::shouldHideReferrer): Extracted out the logic to determine if the referrer should be hidden so it is only calculated when needed.
(WebCore::FrameLoader::loadResourceSynchronously): No longer calls canLoad to get hideReferrer info.
(WebCore::FrameLoader::registerSchemeAsLocal): Functionality to register a scheme to be treated as local.
(WebCore::FrameLoader::treatURLAsLocal): Given a URL this function determines if it should be treated as local.
* loader/FrameLoader.h: Declared functions for this security fix. See above.
* loader/MainResourceLoader.cpp: Optized order of bools to regain performance.
(WebCore::MainResourceLoader::continueAfterContentPolicy):
* loader/SubresourceLoader.cpp: Now restricts remote from loading local resources.
(WebCore::SubresourceLoader::create):
* page/EventHandler.cpp: Moved functionality into base class.
(WebCore::selectCursor):
* platform/KURL.cpp: KURLs need to check all the registered schemes now.
(WebCore::KURL::isLocalFile):
* rendering/HitTestResult.cpp: Moved functionality into base class.
(WebCore::HitTestResult::image):
* rendering/RenderImage.cpp: Moved functionality into base class.
(WebCore::RenderImage::setCachedImage):
(WebCore::RenderImage::imageChanged):
(WebCore::RenderImage::paint):
(WebCore::RenderImage::layout):
(WebCore::RenderImage::calcAspectRatioWidth):
(WebCore::RenderImage::calcAspectRatioHeight):
* rendering/RenderImage.h: Moved functionality into base class.
(WebCore::RenderImage::errorOccurred):
* rendering/RenderListItem.cpp: Moved functionality into base class.
(WebCore::RenderListItem::setStyle):
* rendering/RenderListMarker.cpp: Moved functionality into base class.
(WebCore::RenderListMarker::isImage):
* xml/xmlhttprequest.cpp: Check doc's cached value instead of determining independently.
(WebCore::XMLHttpRequest::urlMatchesDocumentDomain):
WebKit:
Reviewed by Geoff.
- rdar://problem/
4922454
- This fixes a security issue by making remote referrers not able to access local
resources, unless they register their schemes to be treated as local. The result is
that those schemes can access local resources and cannot be accessed by remote
referrers.
Because this behavior is new a link-on-or-after check is made to determine if the
app should use the older, less safe, behavior.
* Misc/WebKitVersionChecks.h: added linked-on-or-after check
* Misc/WebNSAttributedStringExtras.mm: Moved functionalit into the base class.
(fileWrapperForElement):
* Plugins/WebNetscapePluginStream.mm: uses new canLoad functions
* Plugins/WebPluginContainerCheck.mm: uses new canLoad functions
(-[WebPluginContainerCheck _isForbiddenFileLoad]):
* WebView/WebView.mm: make linked-on-or-after check and cache value, exposes SPI
for registering a scheme as local.
(-[WebView _commonInitializationWithFrameName:groupName:]):
(+[WebView registerSchemeAsLocal:]):
* WebView/WebViewPrivate.h: exposes SPI for registering a scheme as local.
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@19952
268f45cc-cd09-0410-ab3c-
d52691b4dbfc
+2007-03-02 Kevin McCullough <kmccullough@apple.com>
+
+ Reviewed by Geoff.
+
+ - rdar://problem/4922454
+ - This fixes a security issue by making remote referrers not able to access local
+ resources, unless they register their schemes to be treated as local. The result is
+ that those schemes can access local resources and cannot be accessed by remote
+ referrers.
+ Because this behavior is new a link-on-or-after check is made to determine if the
+ app should use the older, less safe, behavior.
+
+ * fast/loader/local-CSS-from-local-expected.txt: Added.
+ * fast/loader/local-CSS-from-local.html: Added.
+ * fast/loader/local-JavaScript-from-local-expected.txt: Added.
+ * fast/loader/local-JavaScript-from-local.html: Added.
+ * fast/loader/local-iFrame-source-from-local-expected.txt: Added.
+ * fast/loader/local-iFrame-source-from-local.html: Added.
+ * fast/loader/local-image-from-local-expected.txt: Added.
+ * fast/loader/local-image-from-local.html: Added.
+ * http/tests/security/local-CSS-from-remote-expected.txt: Added.
+ * http/tests/security/local-CSS-from-remote.html: Added.
+ * http/tests/security/local-JavaScript-from-remote-expected.txt: Added.
+ * http/tests/security/local-JavaScript-from-remote.html: Added.
+ * http/tests/security/local-iFrame-from-remote-expected.txt: Added.
+ * http/tests/security/local-iFrame-from-remote.html: Added.
+ * http/tests/security/local-image-from-remote-expected.txt: Added.
+ * http/tests/security/local-image-from-remote.html: Added.
+ * http/tests/security/resources/compass.jpg: Added.
+ * http/tests/security/resources/cssStyle.css: Added.
+ * http/tests/security/resources/localPage.html: Added.
+ * http/tests/security/resources/localScript.js: Added.
+
2007-03-02 Justin Garcia <justin.garcia@apple.com>
Reviewed by kevin
--- /dev/null
+This test is to see if a local file can include a local CSS style.
+If the background is yellow then the CSS was loaded.
+
+Test Passed.
+
--- /dev/null
+<html>
+<head>
+ <link rel="stylesheet" type="text/css" href="file:///tmp/LayoutTests/http/tests/security/resources/cssStyle.css" />
+ <script>
+ if (window.layoutTestController) {
+ layoutTestController.dumpAsText();
+ }
+
+ function backgroundCheck() {
+ var result = document.getElementById("result");
+ var myBody = document.getElementById("myBody");
+ var style = document.defaultView.getComputedStyle(myBody, null);
+ var bgColor = style.getPropertyValue("background-color");
+ if (bgColor[4] == 2) {
+ result.innerHTML = "Test Passed.";
+ } else {
+ result.innerHTML = "Test Failed: Local CSS not remotely loaded.";
+ }
+ }
+ </script>
+</head>
+<body id="myBody" onload="backgroundCheck()">
+ <div id="div0">
+ This test is to see if a local file can include a local CSS style.
+ <br/>
+ If the background is yellow then the CSS was loaded.
+ </div>
+ </br>
+ <div id="result">
+ Test not run correctly.
+ </div>
+</body>
+</html>
\ No newline at end of file
--- /dev/null
+This test is to see if a local file can run a local script.
+
+Test Passed.
+
--- /dev/null
+<html>
+<head>
+ <script>
+ var secretness = 0;
+ </script>
+ <script src="file:///tmp/LayoutTests/http/tests/security/resources/localScript.js"/>
+ <script>
+ function test() {
+ if (window.layoutTestController)
+ layoutTestController.dumpAsText();
+
+ var tag = document.getElementById("result");
+ if (secretness == 13)
+ tag.innerHTML = "Test Passed.";
+ else
+ tag.innerHTML = "Test Failed: Local script not run by local file.";
+ }
+ </script>
+</head>
+<body onload="test()">
+ <div id="div0">
+ This test is to see if a local file can run a local script.
+ </div>
+ </br>
+ <div id="result">
+ Test not run correctly.
+ </div>
+</body>
+</html>
--- /dev/null
+This test is to see if a local file can include a local page in an iFrame.
+
+Test Passed.
+
--- /dev/null
+<html>
+<head>
+ <script>
+ if (window.layoutTestController) {
+ layoutTestController.dumpAsText();
+ }
+
+ function iFrameTest() {
+ if (window.layoutTestController)
+ layoutTestController.dumpAsText();
+
+ var result = document.getElementById("result");
+
+ var myFrameDocument = document.getElementById("myFrame").contentDocument;
+ if (myFrameDocument) {
+ result.innerHTML = "Test Passed.";
+ } else {
+ result.innerHTML = "Test Failed: Local page not locally loaded into iFrame.";
+ }
+ }
+ </script>
+</head>
+<body>
+ <div id="div0">
+ This test is to see if a local file can include a local page in an iFrame.
+ </div>
+ </br>
+ <div id="result">
+ Test not run correctly.
+ </div>
+ <iFrame id="myFrame" onload="iFrameTest()" src="file:///tmp/LayoutTests/http/tests/security/resources/localPage.html" />
+</body>
+</html>
--- /dev/null
+This test is to see if a remote file can include a local image.
+
+Test Passed.
+
+
--- /dev/null
+<html>
+<head>
+ <script>
+ if (window.layoutTestController)
+ layoutTestController.dumpAsText();
+
+ function imgError() {
+ var result = document.getElementById("result");
+ result.innerHTML = "Test Failed: Image Load Error.";
+ }
+
+ function imgLoad() {
+ var result = document.getElementById("result");
+ result.innerHTML = "Test Passed.";
+ }
+ </script>
+</head>
+<body>
+ <div id="div0">
+ This test is to see if a remote file can include a local image.
+ </div>
+ </br>
+ <div id="result">
+ Test has not run.
+ </div>
+ </br>
+ <img id="myImg" src="file:///tmp/LayoutTests/http/tests/security/resources/compass.jpg" onError="imgError()" onLoad="imgLoad()"/>
+</body>
+</html>
--- /dev/null
+This test is to see if a remote file can include a local CSS style.
+If the background is yellow then the CSS was loaded.
+
+Test Passed.
+
--- /dev/null
+<html>
+<head>
+ <link rel="stylesheet" type="text/css" href="file:///tmp/LayoutTests/http/tests/security/resources/cssStyle.css" />
+ <script>
+ if (window.layoutTestController) {
+ layoutTestController.dumpAsText();
+ }
+
+ function backgroundCheck() {
+ var result = document.getElementById("result");
+ var myBody = document.getElementById("myBody");
+ var style = document.defaultView.getComputedStyle(myBody, null);
+ var bgColor = style.getPropertyValue("background-color");
+ if (bgColor[4] == 2) {
+ result.innerHTML = "Test Failed: Local CSS remotely loaded.";
+ } else {
+ result.innerHTML = "Test Passed.";
+ }
+ }
+ </script>
+</head>
+<body id="myBody" onload="backgroundCheck()">
+ <div id="other">
+ This test is to see if a remote file can include a local CSS style.
+ <br/>
+ If the background is yellow then the CSS was loaded.
+ </div>
+ </br>
+ <div id="result">
+ Test not run correctly.
+ </div>
+</body>
+</html>
--- /dev/null
+This test is to see if a remote file can run a local script.
+
+Test Passed.
+
--- /dev/null
+<html>
+<head>
+ <script>
+ var secretness = 0;
+ </script>
+ <script src="file:///tmp/LayoutTests/http/tests/security/resources/localScript.js"/>
+ <script>
+ function test() {
+ if (window.layoutTestController)
+ layoutTestController.dumpAsText();
+
+ var tag = document.getElementById("result");
+ if (secretness == 13)
+ tag.innerHTML = "Test Failed: Local script run remotely.";
+ else
+ tag.innerHTML = "Test Passed.";
+ }
+ </script>
+</head>
+<body onload="test()">
+ <div id="div0">
+ This test is to see if a remote file can run a local script.
+ </div>
+ </br>
+ <div id="result">
+ Test not run correctly.
+ </div>
+</body>
+</html>
--- /dev/null
+This test is to see if a remote file can include a local page in an iFrame.
+
+Test Passed.
+
--- /dev/null
+<html>
+<head>
+ <script>
+ if (window.layoutTestController) {
+ layoutTestController.dumpAsText();
+ }
+
+ function iFrameTest() {
+ var result = document.getElementById("result");
+
+ var myFrameDocument = document.getElementById("myFrame").contentDocument;
+ if (myFrameDocument) {
+ result.innerHTML = "Test Failed: Local page remotely loaded into iFrame.";
+ } else {
+ result.innerHTML = "Test Passed.";
+ }
+
+ }
+ </script>
+</head>
+<body onload="iFrameTest()">
+ <div id="div0">
+ This test is to see if a remote file can include a local page in an iFrame.
+ </div>
+ </br>
+ <div id="result">
+ Test not run correctly.
+ </div>
+ <iFrame id="myFrame" src="file:///tmp/LayoutTests/http/tests/security/resources/localPage.html" />
+</body>
+</html>
--- /dev/null
+This test is to see if a remote file can include a local image.
+
+Test Passed.
+
+
--- /dev/null
+<html>
+<head>
+ <script>
+ if (window.layoutTestController)
+ layoutTestController.dumpAsText();
+
+ function imageTest() {
+ var result = document.getElementById("result");
+
+ var myImg = document.getElementById("myImg");
+ if (myImg.height == 0 && myImg.width == 0) {
+ result.innerHTML = "Test Passed.";
+ } else {
+ result.innerHTML = "Test Failed: Local image loaded remotely.";
+ }
+
+ }
+ </script>
+</head>
+<body onLoad="imageTest()">
+ <div id="div0">
+ This test is to see if a remote file can include a local image.
+ </div>
+ </br>
+ <div id="result">
+ Test has not run.
+ </div>
+ </br>
+ <img id="myImg" src="file:///tmp/LayoutTests/http/tests/security/resources/compass.jpg" />
+</body>
+</html>
--- /dev/null
+body {
+ background-color: yellow;
+}
+
--- /dev/null
+<div id="innerDiv">
+ You can see the contents of this file.
+</div>
--- /dev/null
+var secretness = 13;
+2007-03-02 Kevin McCullough <kmccullough@apple.com>
+
+ Reviewed by Geoff.
+
+ - rdar://problem/4922454
+ - This fixes a security issue by making remote referrers not able to access local
+ resources, unless they register their schemes to be treated as local. The result is
+ that those schemes can access local resources and cannot be accessed by remote
+ referrers.
+ Because this behavior is new a link-on-or-after check is made to determine if the
+ app should use the older, less safe, behavior.
+
+ * WebCore.exp: added exported functions
+ * bindings/objc/DOM.mm: consolodated function to base class
+ (-[DOMElement image]):
+ (-[DOMElement _imageTIFFRepresentation]):
+ * dom/Document.cpp: Cache the document's ability to load local resources.
+ (WebCore::Document::Document):
+ (WebCore::Document::setURL):
+ (WebCore::Document::shouldBeAllowedToLoadLocalResources):
+ (WebCore::Document::stylesheetLoaded):
+ * dom/Document.h: Cache the docuent's ability to load local resources.
+ (WebCore::Document::getPendingSheet):
+ (WebCore::Document::isAllowedToLoadLocalResources):
+ * html/HTMLImageLoader.cpp: Moved functionality into base class.
+ (WebCore::HTMLImageLoader::updateFromElement):
+ (WebCore::HTMLImageLoader::dispatchLoadEvent):
+ * html/HTMLLinkElement.cpp: Handles null returns correctly now.
+ * html/HTMLTokenizer.cpp: Moved functionality into base class.
+ (WebCore::HTMLTokenizer::notifyFinished):
+ * ksvg2/misc/SVGImageLoader.cpp: Moved functionality into base class.
+ (WebCore::SVGImageLoader::dispatchLoadEvent):
+ * loader/Cache.cpp: Checks if the cached resource can be loaded.
+ (WebCore::Cache::requestResource):
+ * loader/CachedCSSStyleSheet.cpp: Moved functionality into base class.
+ (WebCore::CachedCSSStyleSheet::ref):
+ (WebCore::CachedCSSStyleSheet::error):
+ * loader/CachedImage.cpp: Moved functionality into base class.
+ (WebCore::CachedImage::CachedImage):
+ * loader/CachedImage.h: Moved functionality into base class.
+ (WebCore::CachedImage::canRender):
+ * loader/CachedResource.cpp: Cache if the CachedResource should be treated as local
+ (WebCore::CachedResource::CachedResource):
+ * loader/CachedResource.h: Moved functionality into base class.
+ (WebCore::CachedResource::errorOccurred):
+ (WebCore::CachedResource::shouldTreatAsLocal):
+ * loader/CachedScript.cpp: Moved functionality into base class.
+ (WebCore::CachedScript::CachedScript):
+ * loader/CachedScript.h: Moved functionality into base class.
+ (WebCore::CachedScript::schedule):
+ * loader/CachedXBLDocument.cpp: Moved functionality into base class.
+ (WebCore::CachedXBLDocument::error):
+ * loader/CachedXSLStyleSheet.cpp: Moved functionality into base class.
+ (WebCore::CachedXSLStyleSheet::error):
+ * loader/FrameLoader.cpp: See comments for each function below.
+ (WebCore::FrameLoader::loadSubframe): Use new canLoad.
+ (WebCore::FrameLoader::restrictAccessToLocal): return value of linked-on-or-after check.
+ (WebCore::FrameLoader::setRestrictAccessToLocal): set value for linked-on-or-after check.
+ (WebCore::localSchemes): Return set of schemes that are to be treated as local.
+ (WebCore::FrameLoader::loadPlugin): Use new canLoad.
+ (WebCore::FrameLoader::canLoad): Now multiple functions that each do the same work but some can take advantage of the cached values, if they were computed previously.
+ (WebCore::FrameLoader::shouldHideReferrer): Extracted out the logic to determine if the referrer should be hidden so it is only calculated when needed.
+ (WebCore::FrameLoader::loadResourceSynchronously): No longer calls canLoad to get hideReferrer info.
+ (WebCore::FrameLoader::registerSchemeAsLocal): Functionality to register a scheme to be treated as local.
+ (WebCore::FrameLoader::treatURLAsLocal): Given a URL this function determines if it should be treated as local.
+ * loader/FrameLoader.h: Declared functions for this security fix. See above.
+ * loader/MainResourceLoader.cpp: Optized order of bools to regain performance.
+ (WebCore::MainResourceLoader::continueAfterContentPolicy):
+ * loader/SubresourceLoader.cpp: Now restricts remote from loading local resources.
+ (WebCore::SubresourceLoader::create):
+ * page/EventHandler.cpp: Moved functionality into base class.
+ (WebCore::selectCursor):
+ * platform/KURL.cpp: KURLs need to check all the registered schemes now.
+ (WebCore::KURL::isLocalFile):
+ * rendering/HitTestResult.cpp: Moved functionality into base class.
+ (WebCore::HitTestResult::image):
+ * rendering/RenderImage.cpp: Moved functionality into base class.
+ (WebCore::RenderImage::setCachedImage):
+ (WebCore::RenderImage::imageChanged):
+ (WebCore::RenderImage::paint):
+ (WebCore::RenderImage::layout):
+ (WebCore::RenderImage::calcAspectRatioWidth):
+ (WebCore::RenderImage::calcAspectRatioHeight):
+ * rendering/RenderImage.h: Moved functionality into base class.
+ (WebCore::RenderImage::errorOccurred):
+ * rendering/RenderListItem.cpp: Moved functionality into base class.
+ (WebCore::RenderListItem::setStyle):
+ * rendering/RenderListMarker.cpp: Moved functionality into base class.
+ (WebCore::RenderListMarker::isImage):
+ * xml/xmlhttprequest.cpp: Check doc's cached value instead of determining independently.
+ (WebCore::XMLHttpRequest::urlMatchesDocumentDomain):
+
2007-03-02 Justin Garcia <justin.garcia@apple.com>
Reviewed by kevin
__ZN7WebCore11FrameLoader14stopAllLoadersEv
__ZN7WebCore11FrameLoader16detachFromParentEv
__ZN7WebCore11FrameLoader18currentHistoryItemEv
+__ZN7WebCore11FrameLoader18shouldHideReferrerERKNS_4KURLERKNS_6StringE
__ZN7WebCore11FrameLoader20continueLoadWithDataEPNS_12SharedBufferERKNS_6StringES5_RKNS_4KURLE
__ZN7WebCore11FrameLoader21addPlugInStreamLoaderEPNS_14ResourceLoaderE
+__ZN7WebCore11FrameLoader21registerSchemeAsLocalERKNS_6StringE
__ZN7WebCore11FrameLoader21setCurrentHistoryItemEN3WTF10PassRefPtrINS_11HistoryItemEEE
__ZN7WebCore11FrameLoader22setPreviousHistoryItemEN3WTF10PassRefPtrINS_11HistoryItemEEE
__ZN7WebCore11FrameLoader23reloadAllowingStaleDataERKNS_6StringE
__ZN7WebCore11FrameLoader23timeOfLastCompletedLoadEv
__ZN7WebCore11FrameLoader24removePlugInStreamLoaderEPNS_14ResourceLoaderE
+__ZN7WebCore11FrameLoader24setRestrictAccessToLocalEb
__ZN7WebCore11FrameLoader25provisionalDocumentLoaderEv
__ZN7WebCore11FrameLoader25setProvisionalHistoryItemEN3WTF10PassRefPtrINS_11HistoryItemEEE
__ZN7WebCore11FrameLoader26saveDocumentAndScrollStateEv
__ZN7WebCore11FrameLoader4loadERKNS_4KURLERKNS_6StringENS_13FrameLoadTypeES6_PNS_5EventEPNS_15HTMLFormElementERKN3WTF7HashMapIS4_S4_NSC_7StrHashIS4_EENSC_10HashTraitsIS4_EESH_EE
__ZN7WebCore11FrameLoader5clearEb
__ZN7WebCore11FrameLoader6reloadEv
-__ZN7WebCore11FrameLoader7canLoadERKNS_4KURLERKNS_6StringERb
+__ZN7WebCore11FrameLoader7canLoadERKNS_4KURLEPKNS_8DocumentE
__ZN7WebCore11HistoryItem12addChildItemEN3WTF10PassRefPtrIS0_EE
__ZN7WebCore11HistoryItem12setURLStringERKNS_6StringE
__ZN7WebCore11HistoryItem12setViewStateEP11objc_object
WebCore::RenderObject* renderer = [self _element]->renderer();
if (renderer && renderer->isImage()) {
WebCore::RenderImage* img = static_cast<WebCore::RenderImage*>(renderer);
- if (img->cachedImage() && !img->cachedImage()->isErrorImage())
+ if (img->cachedImage() && !img->cachedImage()->errorOccurred())
return img->cachedImage()->image()->getNSImage();
}
return nil;
WebCore::RenderObject* renderer = [self _element]->renderer();
if (renderer && renderer->isImage()) {
WebCore::RenderImage* img = static_cast<WebCore::RenderImage*>(renderer);
- if (img->cachedImage() && !img->cachedImage()->isErrorImage())
+ if (img->cachedImage() && !img->cachedImage()->errorOccurred())
return (NSData*)(img->cachedImage()->image()->getTIFFRepresentation());
}
return nil;
, m_accessKeyMapValid(false)
, m_createRenderers(true)
, m_inPageCache(false)
+ , m_isAllowedToLoadLocalResources(false)
{
m_document.resetSkippingRef(this);
setURL(parent->baseURL());
setBaseURL(parent->baseURL());
}
- else
- setURL(m_url);
if ((frame() && frame()->loader()->isLoadingMainResource()) || (tokenizer() && tokenizer()->executingScript()))
return;
void Document::setURL(const DeprecatedString& url)
{
+ if (url == m_url)
+ return;
+
m_url = url;
if (m_styleSelector)
m_styleSelector->setEncodedURL(m_url);
+
+ m_isAllowedToLoadLocalResources = shouldBeAllowedToLoadLocalResources();
+ }
+
+bool Document::shouldBeAllowedToLoadLocalResources() const
+{
+ if (FrameLoader::shouldTreatURLAsLocal(m_url))
+ return true;
+
+ Frame* frame = this->frame();
+ if (!frame)
+ return false;
+
+ DocumentLoader* documentLoader = frame->loader()->documentLoader();
+ if (!documentLoader)
+ return false;
+
+ return documentLoader->substituteData().isValid();
}
void Document::setBaseURL(const DeprecatedString& baseURL)
printf("Stylesheet loaded at time %d. %d stylesheets still remain.\n", elapsedTime(), m_pendingStylesheets);
#endif
- updateStyleSelector();
+ updateStyleSelector();
}
void Document::updateStyleSelector()
String iconURL();
void setIconURL(const String& iconURL, const String& type);
+
+ bool isAllowedToLoadLocalResources() const { return m_isAllowedToLoadLocalResources; }
+
protected:
CSSStyleSelector* m_styleSelector;
FrameView* m_view;
DeprecatedString m_url;
DeprecatedString m_baseURL;
String m_baseTarget;
-
+
RefPtr<DocumentType> m_docType;
RefPtr<DOMImplementation> m_implementation;
#endif
private:
+ bool shouldBeAllowedToLoadLocalResources() const;
+
void updateTitle();
void removeAllDisconnectedNodeEventListeners();
void imageLoadEventTimerFired(Timer<Document>*);
bool m_createRenderers;
bool m_inPageCache;
String m_iconURL;
+
+ bool m_isAllowedToLoadLocalResources;
};
} //namespace
{
if (!haveFiredLoadEvent() && image()) {
setHaveFiredLoadEvent(true);
- element()->dispatchHTMLEvent(image()->isErrorImage() ? errorEvent : loadEvent, false, false);
+ element()->dispatchHTMLEvent(image()->errorOccurred() ? errorEvent : loadEvent, false, false);
}
}
// stylesheet. Alternate stylesheets don't hold up render tree construction.
if (!isAlternate())
document()->addPendingSheet();
-
+
String chset = getAttribute(charsetAttr);
if (chset.isEmpty() && document()->frame())
chset = document()->frame()->loader()->encoding();
m_cachedSheet = document()->docLoader()->requestCSSStyleSheet(m_url, chset);
if (m_cachedSheet)
m_cachedSheet->ref(this);
+ else if (!isAlternate()) { // request may have been denied if stylesheet is local and document is remote.
+ m_loading = false;
+ document()->stylesheetLoaded();
+ }
}
} else if (m_sheet) {
// we no longer contain a stylesheet, e.g. perhaps rel or type was changed
{
if (!haveFiredLoadEvent() && image()) {
setHaveFiredLoadEvent(true);
- if (image()->isErrorImage()) {
+ if (image()->errorOccurred()) {
// FIXME: We're supposed to put the document in an "error state" per the spec.
} else
static_cast<SVGElement*>(element())->sendSVGLoadEventIfPossible(true);
#include "CachedXSLStyleSheet.h"
#include "DocLoader.h"
#include "Document.h"
+#include "FrameLoader.h"
#include "Image.h"
#include "ResourceHandle.h"
// Look up the resource in our map.
CachedResource* resource = m_resources.get(url.url());
- if (!resource) {
+ if (resource) {
+ if (FrameLoader::restrictAccessToLocal()
+ && !FrameLoader::canLoad(*resource, docLoader->doc()))
+ return 0;
+ } else {
+ if (FrameLoader::restrictAccessToLocal()
+ && !FrameLoader::canLoad(url, docLoader->doc()))
+ return 0;
+
// The resource does not exist. Create it.
resource = createResource(type, docLoader, url, expireDate, charset);
ASSERT(resource);
CachedResource::ref(c);
if (!m_loading)
- c->setCSSStyleSheet(m_url, m_decoder->encoding().name(), m_sheet);
+ c->setCSSStyleSheet(m_url, m_decoder->encoding().name(), errorOccurred() ? "" : m_sheet);
}
void CachedCSSStyleSheet::setEncoding(const String& chs)
void CachedCSSStyleSheet::error()
{
m_loading = false;
+ m_errorOccurred = true;
checkNotify();
}
, m_dataSize(0)
{
m_image = 0;
- m_errorOccurred = false;
m_status = Unknown;
if (!docLoader || docLoader->autoLoadImages()) {
m_loading = true;
, m_dataSize(0)
{
m_image = image;
- m_errorOccurred = false;
m_status = Cached;
m_loading = false;
}
Image* image() const;
- bool canRender() const { return !isErrorImage() && imageSize().width() > 0 && imageSize().height() > 0; }
+ bool canRender() const { return !errorOccurred() && imageSize().width() > 0 && imageSize().height() > 0; }
IntSize imageSize() const; // returns the size of the complete image
IntRect imageRect() const; // The size of the image.
virtual void data(Vector<char>&, bool allDataReceived);
virtual void error();
- bool isErrorImage() const { return m_errorOccurred; }
-
virtual bool schedule() const { return true; }
void checkNotify();
Image* m_image;
int m_dataSize;
-
- bool m_errorOccurred : 1;
friend class Cache;
};
#include "CachedResource.h"
#include "Cache.h"
+#include "FrameLoader.h"
#include "Request.h"
#include <KURL.h>
#include <wtf/Vector.h>
m_deleted = false;
m_lruIndex = 0;
#endif
+ m_errorOccurred = false;
+ m_shouldTreatAsLocal = FrameLoader::shouldTreatURLAsLocal(m_url);
}
CachedResource::~CachedResource()
String accept() const { return m_accept; }
void setAccept(const String& accept) { m_accept = accept; }
+ bool errorOccurred() const { return m_errorOccurred; }
+ bool treatAsLocal() const { return m_shouldTreatAsLocal; }
+
protected:
void setSize(unsigned size);
Type m_type;
Status m_status;
+ bool m_errorOccurred;
+
private:
unsigned m_size;
unsigned m_accessCount;
CachedResource* m_nextInLRUList;
CachedResource* m_prevInLRUList;
friend class Cache;
+
+ bool m_shouldTreatAsLocal;
};
}
// But some websites think their scripts are <some wrong mimetype here>
// and refuse to serve them if we only accept application/x-javascript.
setAccept("*/*");
- m_errorOccurred = false;
// load the file
cache()->loader()->load(dl, this, false);
m_loading = true;
virtual void error();
virtual bool schedule() const { return false; }
-
- bool errorOccurred() const { return m_errorOccurred; }
void checkNotify();
private:
String m_script;
TextEncoding m_encoding;
- bool m_errorOccurred;
};
}
void CachedXBLDocument::error()
{
m_loading = false;
+ m_errorOccurred = true;
checkNotify();
}
void CachedXSLStyleSheet::error()
{
m_loading = false;
+ m_errorOccurred = true;
checkNotify();
}
#include <kjs/JSLock.h>
#include <kjs/object.h>
-using namespace KJS;
+using KJS::UString;
+using KJS::JSLock;
+using KJS::JSValue;
namespace WebCore {
};
static double storedTimeOfLastCompletedLoad;
+static bool m_restrictAccessToLocal = false;
static bool getString(JSValue* result, String& string)
{
m_iconLoader->startLoading();
}
+bool FrameLoader::restrictAccessToLocal()
+{
+ return m_restrictAccessToLocal;
+}
+
+void FrameLoader::setRestrictAccessToLocal(bool access)
+{
+ m_restrictAccessToLocal = access;
+}
+
+static HashSet<String, CaseInsensitiveHash<String> >& localSchemes()
+{
+ static HashSet<String, CaseInsensitiveHash<String> > localSchemes;
+
+ if (localSchemes.isEmpty()) {
+ localSchemes.add("file");
+ localSchemes.add("applewebdata");
+ }
+
+ return localSchemes;
+}
+
void FrameLoader::commitIconURLToIconDatabase(const KURL& icon)
{
IconDatabase* iconDB = IconDatabase::sharedIconDatabase();
if (renderer->node() && renderer->node()->isElementNode())
pluginElement = static_cast<Element*>(renderer->node());
- bool hideReferrer;
- if (!canLoad(url, outgoingReferrer(), hideReferrer))
+ if (!canLoad(url, frame()->document()))
return false;
widget = m_client->createPlugin(pluginElement, url, paramNames, paramValues, mimeType,
bool FrameLoader::canLoad(const KURL& url, const String& referrer, bool& hideReferrer)
{
- bool referrerIsWebURL = referrer.startsWith("http:", false) || referrer.startsWith("https:", false);
- bool referrerIsLocalURL = referrer.startsWith("file:", false) || referrer.startsWith("applewebdata:");
- bool URLIsFileURL = url.protocol().startsWith("file", false);
+ hideReferrer = shouldHideReferrer(url, referrer);
+
+ if (!shouldTreatURLAsLocal(url.url()))
+ return true;
+
+ return shouldTreatURLAsLocal(referrer);
+}
+
+bool FrameLoader::canLoad(const KURL& url, const Document* doc)
+{
+ if (!shouldTreatURLAsLocal(url.url()))
+ return true;
+
+ return doc && doc->isAllowedToLoadLocalResources();
+}
+
+bool FrameLoader::canLoad(const CachedResource& resource, const Document* doc)
+{
+ if (!resource.treatAsLocal())
+ return true;
+
+ return doc && doc->isAllowedToLoadLocalResources();
+}
+
+bool FrameLoader::shouldHideReferrer(const KURL& url, const String& referrer)
+{
bool referrerIsSecureURL = referrer.startsWith("https:", false);
- bool URLIsSecureURL = url.protocol().startsWith("https", false);
-
- hideReferrer = !referrerIsWebURL || (referrerIsSecureURL && !URLIsSecureURL);
- return !URLIsFileURL || referrerIsLocalURL;
+ bool referrerIsWebURL = referrerIsSecureURL || referrer.startsWith("http:", false);
+
+ if (!referrerIsWebURL)
+ return true;
+
+ if (!referrerIsSecureURL)
+ return false;
+
+ bool URLIsSecureURL = url.url().startsWith("https:", false);
+
+ return !URLIsSecureURL;
}
const ResourceRequest& FrameLoader::initialRequest() const
// Since this is a subresource, we can load any URL (we ignore the return value).
// But we still want to know whether we should hide the referrer or not, so we call the canLoad method.
String referrer = m_outgoingReferrer;
- bool hideReferrer;
- canLoad(request.url(), referrer, hideReferrer);
- if (hideReferrer)
+ if (shouldHideReferrer(request.url(), referrer))
referrer = String();
ResourceRequest initialRequest = request;
addData(buffer->data(), buffer->size());
}
+void FrameLoader::registerSchemeAsLocal(const String& scheme)
+{
+ localSchemes().add(scheme);
+}
+
+bool FrameLoader::shouldTreatURLAsLocal(const String& url)
+{
+ // This avoids an allocation of another String and the HashSet containts()
+ // call for the file: and http: schemes.
+ if (url.length() >= 5) {
+ const UChar* s = url.characters();
+ if (s[0] == 'h' && s[1] == 't' && s[2] == 't' && s[3] == 'p' && s[4] == ':')
+ return false;
+ if (s[0] == 'f' && s[1] == 'i' && s[2] == 'l' && s[3] == 'e' && s[4] == ':')
+ return true;
+ }
+
+ int loc = url.find(':');
+ if (loc == -1)
+ return false;
+
+ String scheme = url.left(loc);
+ return localSchemes().contains(scheme);
+}
+
} // namespace WebCore
#ifndef FrameLoader_h
#define FrameLoader_h
+#include "CachedResource.h"
#include "CachePolicy.h"
#include "FormState.h"
#include "FrameLoaderTypes.h"
namespace WebCore {
class AuthenticationChallenge;
+ class Document;
class DocumentLoader;
class Element;
class Event;
void load(DocumentLoader*);
void load(DocumentLoader*, FrameLoadType, PassRefPtr<FormState>);
- bool canLoad(const KURL&, const String& referrer, bool& hideReferrer);
+ static bool canLoad(const KURL&, const String& referrer, bool& hideReferrer);
+ static bool canLoad(const KURL&, const Document*);
+ static bool canLoad(const CachedResource&, const Document*);
+
+ static bool shouldHideReferrer(const KURL& url, const String& referrer);
Frame* createWindow(const FrameLoadRequest&, const WindowFeatures&);
void updateGlobalHistoryForReload(const KURL&);
bool shouldGoToHistoryItem(HistoryItem*) const;
bool shouldTreatURLAsSameAsCurrent(const KURL&) const;
-
+
void commitProvisionalLoad(PassRefPtr<PageCache>);
void goToItem(HistoryItem*, FrameLoadType);
void setCurrentHistoryItem(PassRefPtr<HistoryItem>);
void setPreviousHistoryItem(PassRefPtr<HistoryItem>);
void setProvisionalHistoryItem(PassRefPtr<HistoryItem>);
-
+
void continueLoadWithData(SharedBuffer*, const String& mimeType, const String& textEncoding, const KURL&);
+
+ static void registerSchemeAsLocal(const String& scheme);
+ static bool restrictAccessToLocal();
+ static void setRestrictAccessToLocal(bool);
+ static bool shouldTreatURLAsLocal(const String& url);
+
private:
PassRefPtr<HistoryItem> createHistoryItem(bool useOriginal);
PassRefPtr<HistoryItem> createHistoryItemTree(Frame* targetFrame, bool clipAtTarget);
switch (contentPolicy) {
case PolicyUse: {
// Prevent remote web archives from loading because they can claim to be from any domain and thus avoid cross-domain security checks (4120255).
- bool isRemote = !url.isLocalFile();
- isRemote = isRemote && !m_substituteData.isValid();
- bool isRemoteWebArchive = isRemote && equalIgnoringCase("application/x-webarchive", mimeType);
+ bool isRemoteWebArchive = equalIgnoringCase("application/x-webarchive", mimeType) && !m_substituteData.isValid() && !url.isLocalFile();
if (!frameLoader()->canShowMIMEType(mimeType) || isRemoteWebArchive) {
frameLoader()->cannotShowMIMEType(r);
// Check reachedTerminalState since the load may have already been cancelled inside of _handleUnimplementablePolicyWithErrorCode::.
return 0;
ResourceRequest newRequest = request;
+
+ // If linked-on-or-after check canLoad
+ if (FrameLoader::restrictAccessToLocal()
+ && !FrameLoader::canLoad(request.url(), frame->document()))
+ return 0;
- // Since this is a subresource, we can load any URL (we ignore the return value).
- // But we still want to know whether we should hide the referrer or not, so we call the canLoadURL method.
- // FIXME: is that really the rule we want for subresources?
- bool hideReferrer;
- fl->canLoad(request.url(), fl->outgoingReferrer(), hideReferrer);
- if (hideReferrer)
+ if (FrameLoader::shouldHideReferrer(request.url(), fl->outgoingReferrer()))
newRequest.clearHTTPReferrer();
else if (!request.httpReferrer())
newRequest.setHTTPReferrer(fl->outgoingReferrer());
return 0;
RenderImage* image = static_cast<RenderImage*>(renderer);
- if (image->cachedImage() && !image->cachedImage()->isErrorImage())
+ if (image->cachedImage() && !image->cachedImage()->errorOccurred())
return image->cachedImage()->image();
return 0;
}
continue;
if (cimage->image()->isNull())
break;
- if (!cimage->isErrorImage()) {
+ if (!cimage->errorOccurred())
return Cursor(cimage->image(), hotSpot);
-}
}
}
bool KURL::isLocalFile() const
{
- // FIXME - include feed: here too?
+ // Including feed here might be a bad idea since drag and drop uses this check
+ // and including feed would allow feeds to potentially let someone's blog
+ // read the contents of the clipboard on a drag, even without a drop.
+ // Likewise with using the FrameLoader::shouldTreatURLAsLocal() function.
return protocol() == "file";
}
RenderObject* renderer = m_innerNonSharedNode->renderer();
if (renderer && renderer->isImage()) {
RenderImage* image = static_cast<WebCore::RenderImage*>(renderer);
- if (image->cachedImage() && !image->cachedImage()->isErrorImage())
+ if (image->cachedImage() && !image->cachedImage()->errorOccurred())
return image->cachedImage()->image();
}
m_cachedImage = newImage;
if (m_cachedImage) {
m_cachedImage->ref(this);
- if (m_cachedImage->isErrorImage())
+ if (m_cachedImage->errorOccurred())
imageChanged(m_cachedImage);
}
}
bool imageSizeChanged = false;
// Set image dimensions, taking into account the size of the alt text.
- if (newImage->isErrorImage())
+ if (newImage->errorOccurred())
imageSizeChanged = setImageSizeForAltText(newImage);
bool ensureLayout = false;
// Image dimensions have been changed, see what needs to be done
if (newImage->imageSize().width() != intrinsicWidth() || newImage->imageSize().height() != intrinsicHeight() || imageSizeChanged) {
- if (!newImage->isErrorImage()) {
+ if (!newImage->errorOccurred()) {
setIntrinsicWidth(newImage->imageSize().width());
setIntrinsicHeight(newImage->imageSize().height());
}
if (isPrinting && !view()->printImages())
return;
- if (!m_cachedImage || image()->isNull() || isErrorImage()) {
+ if (!m_cachedImage || image()->isNull() || errorOccurred()) {
if (paintInfo.phase == PaintPhaseSelection)
return;
if (cWidth > 2 && cHeight > 2) {
- if (!isErrorImage()) {
+ if (!errorOccurred()) {
context->setStrokeStyle(SolidStroke);
context->setStrokeColor(Color::lightGray);
context->setFillColor(Color::transparent);
int usableWidth = cWidth;
int usableHeight = cHeight;
- if (isErrorImage() && !image()->isNull() && (usableWidth >= image()->width()) && (usableHeight >= image()->height())) {
+ if (errorOccurred() && !image()->isNull() && (usableWidth >= image()->width()) && (usableHeight >= image()->height())) {
// Center the error image, accounting for border and padding.
int centerX = (usableWidth - image()->width()) / 2;
if (centerX < 0)
}
// minimum height
- m_height = m_cachedImage && m_cachedImage->isErrorImage() ? intrinsicHeight() : 0;
+ m_height = m_cachedImage && m_cachedImage->errorOccurred() ? intrinsicHeight() : 0;
calcWidth();
calcHeight();
{
if (!intrinsicHeight())
return 0;
- if (!m_cachedImage || m_cachedImage->isErrorImage())
+ if (!m_cachedImage || m_cachedImage->errorOccurred())
return intrinsicWidth(); // Don't bother scaling.
return RenderReplaced::calcReplacedHeight() * intrinsicWidth() / intrinsicHeight();
}
{
if (!intrinsicWidth())
return 0;
- if (!m_cachedImage || m_cachedImage->isErrorImage())
+ if (!m_cachedImage || m_cachedImage->errorOccurred())
return intrinsicHeight(); // Don't bother scaling.
return RenderReplaced::calcReplacedWidth() * intrinsicHeight() / intrinsicWidth();
}
bool isWidthSpecified() const;
bool isHeightSpecified() const;
- bool isErrorImage() const { return m_cachedImage && m_cachedImage->isErrorImage(); }
+ bool errorOccurred() const { return m_cachedImage && m_cachedImage->errorOccurred(); }
// The image we are rendering.
CachedImage* m_cachedImage;
RenderBlock::setStyle(newStyle);
if (style()->listStyleType() != LNONE ||
- (style()->listStyleImage() && !style()->listStyleImage()->isErrorImage())) {
+ (style()->listStyleImage() && !style()->listStyleImage()->errorOccurred())) {
RenderStyle* newStyle = new (renderArena()) RenderStyle;
newStyle->ref();
// The marker always inherits from the list item, regardless of where it might end
bool RenderListMarker::isImage() const
{
- return m_image && !m_image->isErrorImage();
+ return m_image && !m_image->errorOccurred();
}
void RenderListMarker::paint(PaintInfo& paintInfo, int tx, int ty)
bool XMLHttpRequest::urlMatchesDocumentDomain(const KURL& url) const
{
- KURL documentURL(m_doc->URL());
-
// a local file can load anything
- if (documentURL.protocol().lower() == "file" || documentURL.protocol().lower() == "applewebdata")
+ if (m_doc->isAllowedToLoadLocalResources())
return true;
// but a remote document can only load from the same port on the server
+ KURL documentURL = m_doc->URL();
if (documentURL.protocol().lower() == url.protocol().lower()
&& documentURL.host().lower() == url.host().lower()
&& documentURL.port() == url.port())
+2007-03-02 Kevin McCullough <kmccullough@apple.com>
+
+ Reviewed by Geoff.
+
+ - rdar://problem/4922454
+ - This fixes a security issue by making remote referrers not able to access local
+ resources, unless they register their schemes to be treated as local. The result is
+ that those schemes can access local resources and cannot be accessed by remote
+ referrers.
+ Because this behavior is new a link-on-or-after check is made to determine if the
+ app should use the older, less safe, behavior.
+
+ * Misc/WebKitVersionChecks.h: added linked-on-or-after check
+ * Misc/WebNSAttributedStringExtras.mm: Moved functionalit into the base class.
+ (fileWrapperForElement):
+ * Plugins/WebNetscapePluginStream.mm: uses new canLoad functions
+ * Plugins/WebPluginContainerCheck.mm: uses new canLoad functions
+ (-[WebPluginContainerCheck _isForbiddenFileLoad]):
+ * WebView/WebView.mm: make linked-on-or-after check and cache value, exposes SPI
+ for registering a scheme as local.
+ (-[WebView _commonInitializationWithFrameName:groupName:]):
+ (+[WebView registerSchemeAsLocal:]):
+ * WebView/WebViewPrivate.h: exposes SPI for registering a scheme as local.
+
2007-03-01 Justin Garcia <justin.garcia@apple.com>
Reviewed by harrison
// FIXME 4927747: We should make the framework version numbers match the info.plist version numbers
#define WEBKIT_FIRST_VERSION_WITH_3_0_CONTEXT_MENU_TAGS 0x00020000
#define WEBKIT_FIRST_VERSION_WITHOUT_ACROBAT_QUIRK 0x00020000
+#define WEBKIT_FIRST_VERSION_WITH_LOCAL_RESOURCE_SECURITY_RESTRICTION 0x00020000
#define WEBKIT_FIRST_VERSION_WITHOUT_APERTURE_QUIRK 0x00020000
#ifdef __cplusplus
}
if (!wrapper) {
RenderImage* renderer = static_cast<RenderImage*>(e->renderer());
- if (renderer->cachedImage() && !renderer->cachedImage()->isErrorImage()) {
+ if (renderer->cachedImage() && !renderer->cachedImage()->errorOccurred()) {
wrapper = [[NSFileWrapper alloc] initRegularFileWithContents:(NSData *)(renderer->cachedImage()->image()->getTIFFRepresentation())];
[wrapper setPreferredFilename:@"image.tiff"];
[wrapper autorelease];
{
WebBaseNetscapePluginView *view = (WebBaseNetscapePluginView *)thePlugin->ndata;
- bool hideReferrer;
- if (!core([view webFrame])->loader()->canLoad([theRequest URL], core([view webFrame])->loader()->outgoingReferrer(), hideReferrer))
+ if (!core([view webFrame])->loader()->canLoad([theRequest URL], core([view webFrame])->document()))
return nil;
if ([self initWithRequestURL:[theRequest URL]
isTerminated = YES;
request = [theRequest mutableCopy];
- if (hideReferrer)
+ if (core([view webFrame])->loader()->shouldHideReferrer([theRequest URL], core([view webFrame])->loader()->outgoingReferrer()))
[(NSMutableURLRequest *)request _web_setHTTPReferrer:nil];
_loader = NetscapePlugInStreamLoader::create(core([view webFrame]), self).releaseRef();
- (BOOL)_isForbiddenFileLoad
{
- bool ignore;
WebFrameBridge *bridge = [_controller bridge];
ASSERT(bridge);
- if (![bridge _frame]->loader()->canLoad([_request URL], [_controller URLPolicyCheckReferrer], ignore)) {
+ if (![bridge _frame]->loader()->canLoad([_request URL], [bridge _frame]->document())) {
[self _continueWithPolicy:PolicyIgnore];
return YES;
}
// Register to receive notifications whenever preference values change.
[[NSNotificationCenter defaultCenter] addObserver:self selector:@selector(_preferencesChangedNotification:)
name:WebPreferencesChangedNotification object:[self preferences]];
+
+ if (WebKitLinkedOnOrAfter(WEBKIT_FIRST_VERSION_WITH_LOCAL_RESOURCE_SECURITY_RESTRICTION))
+ FrameLoader::setRestrictAccessToLocal(true);
}
- (id)initWithFrame:(NSRect)f
_private->allowsUndo = flag;
}
++ (void)registerSchemeAsLocal:(NSString *)protocol
+{
+ FrameLoader::registerSchemeAsLocal(protocol);
+}
+
@end
@implementation WebView (WebViewPrintingPrivate)
- (BOOL)allowsUndo;
- (void)setAllowsUndo:(BOOL)flag;
++ (void)registerSchemeAsLocal:(NSString *)protocol;
+
@end
@interface WebView (WebPrivate)
git://git.webkit.org / WebKit-https.git / commitdiff
