From: abarth@webkit.org Date: Sun, 22 Nov 2009 17:22:39 +0000 (+0000) Subject: 2009-11-22 Chris Evans X-Git-Url: https://git.webkit.org/?p=WebKit-https.git;a=commitdiff_plain;h=71c489ffc6a3c61e878021e989831b54cc188413 2009-11-22 Chris Evans Reviewed by Adam Barth. Disable access to file:/// directory listings https://bugs.webkit.org/show_bug.cgi?id=31329 Updates the test to make sure it is disabling universal access for file:/// URLs (if the API is supported). This is required to do effective intra-file:/// access tests. Note that Safari only passes by virtual of supporting no directory listings at all. * fast/xmlhttprequest/resources/xmlhttprequest-nonexistent-file-real.html: Added. * fast/xmlhttprequest/xmlhttprequest-nonexistent-file-expected.txt: * fast/xmlhttprequest/xmlhttprequest-nonexistent-file.html: Disable universal access for file:/// URLs (if API available). Run the real test in an iframe without universal access. 2009-11-22 Chris Evans Reviewed by Adam Barth. Disable access to file:/// directory listings https://bugs.webkit.org/show_bug.cgi?id=31329 Deny access to directory listings. This needs doing in WebKit for WebKit clients that do permit top-level navigation to file:///dir. This matches Firefox, plus the existing Safari implementation (which does not support any directory access at all). It will fix the LayoutTest named below for Chromium. Test: fast/xmlhttprequest/xmlhttprequest-nonexistent-file.html * page/SecurityOrigin.cpp: Deny access to directory listings. (WebCore::SecurityOrigin::SecurityOrigin): (WebCore::SecurityOrigin::canRequest): 2009-11-22 Chris Evans Reviewed by Adam Barth. Disable access to file:/// directory listings https://bugs.webkit.org/show_bug.cgi?id=31329 Implemented setAllowUniversalAccessFromFileURLs to support testing of file URL security. * DumpRenderTree/LayoutTestController.cpp: (setAllowUniversalAccessFromFileURLsCallback): (LayoutTestController::staticFunctions): * DumpRenderTree/LayoutTestController.h: * DumpRenderTree/gtk/LayoutTestControllerGtk.cpp: (LayoutTestController::setAllowUniversalAccessFromFileURLs): * DumpRenderTree/mac/LayoutTestControllerMac.mm: (LayoutTestController::setAllowUniversalAccessFromFileURLs): * DumpRenderTree/win/LayoutTestControllerWin.cpp: (LayoutTestController::setAllowUniversalAccessFromFileURLs): * DumpRenderTree/wx/LayoutTestControllerWx.cpp: (LayoutTestController::setAllowUniversalAccessFromFileURLs): git-svn-id: https://svn.webkit.org/repository/webkit/trunk@51295 268f45cc-cd09-0410-ab3c-d52691b4dbfc --- diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog index 010fa82fda00..f9be35326bbc 100644 --- a/LayoutTests/ChangeLog +++ b/LayoutTests/ChangeLog @@ -2,6 +2,9 @@ Reviewed by Adam Barth. + Disable access to file:/// directory listings + https://bugs.webkit.org/show_bug.cgi?id=31329 + Updates the test to make sure it is disabling universal access for file:/// URLs (if the API is supported). This is required to do effective intra-file:/// access tests. diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog index 1b4c652d930f..b742d938cc82 100644 --- a/WebCore/ChangeLog +++ b/WebCore/ChangeLog @@ -2,6 +2,9 @@ Reviewed by Adam Barth. + Disable access to file:/// directory listings + https://bugs.webkit.org/show_bug.cgi?id=31329 + Deny access to directory listings. This needs doing in WebKit for WebKit clients that do permit top-level navigation to file:///dir. This matches Firefox, plus the existing Safari implementation (which diff --git a/WebKitTools/ChangeLog b/WebKitTools/ChangeLog index 8ae92beeff6b..1524a3ea883f 100644 --- a/WebKitTools/ChangeLog +++ b/WebKitTools/ChangeLog @@ -2,6 +2,9 @@ Reviewed by Adam Barth. + Disable access to file:/// directory listings + https://bugs.webkit.org/show_bug.cgi?id=31329 + Implemented setAllowUniversalAccessFromFileURLs to support testing of file URL security.