2011-03-28 Maciej Stachowiak <mjs@apple.com>
authormjs@apple.com <mjs@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 28 Mar 2011 20:53:20 +0000 (20:53 +0000)
committermjs@apple.com <mjs@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 28 Mar 2011 20:53:20 +0000 (20:53 +0000)
commitf62ffcd23e3a17d8fba30264769ac5fafae3d031
tree5fa0acfc45cf64b066641aa8029f26722abae1e2
parent794770c72105fb5ae3f8181fe8e0a3fa93ee63ec
2011-03-28  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Darin Adler' .

        URLSs with non-empty username but empty hostname treat first path segment as hostname, potentially enabling XSS
        https://bugs.webkit.org/show_bug.cgi?id=57220

        Test: http/tests/uri/username-with-no-hostname.html

        * platform/KURL.cpp:
        (WebCore::hostPortIsEmptyButUserPassIsNot):
        (WebCore::KURL::parse):
2011-03-28  Maciej Stachowiak  <mjs@apple.com>

        Reviewed by Darin Adler' .

        URLSs with non-empty username but empty hostname are allowed to load
        https://bugs.webkit.org/show_bug.cgi?id=57220

        * http/tests/uri/username-with-no-hostname-expected.txt: Added.
        * http/tests/uri/username-with-no-hostname.html: Added.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@82152 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog
LayoutTests/http/tests/uri/username-with-no-hostname-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/uri/username-with-no-hostname.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/platform/KURL.cpp