[SCM] WebKit Debian packaging branch, debian/unstable, updated. debian/1.1.15-1-40151-g37bb677

mjs mjs at 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Sat Sep 26 08:15:13 UTC 2009 

The following commit has been merged in the debian/unstable branch:
commit dd831046c060f6c7cc21848cfcacb7b9615be78b
Author: mjs <mjs at 268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Mon Dec 1 22:52:24 2003 +0000

            Reviewed by Richard.
    
    	<rdar://problem/3487185>: implement security checks for XMLHttpRequest
    
            * khtml/ecma/xmlhttprequest.cpp:
            (KJS::XMLHttpRequest::open): Refuse to start if the URL is not one
    	this document is allowed to access.
            (KJS::XMLHttpRequest::slotRedirection): Stop the job if we redirect
    	to a URL the home document is not allowed to access.
            * kwq/KWQResourceLoader.mm:
            (-[KWQResourceLoader redirectedToURL:]): emit the right signal
            * kwq/WebCoreResourceLoader.h: Prototype new method
    
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@5641 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/WebCore/ChangeLog-2005-08-23 b/WebCore/ChangeLog-2005-08-23
index 4ede275..571baa9 100644
--- a/WebCore/ChangeLog-2005-08-23
+++ b/WebCore/ChangeLog-2005-08-23
@@ -1,3 +1,18 @@
+2003-11-21  Maciej Stachowiak  <mjs at apple.com>
+
+        Reviewed by Richard.
+
+	<rdar://problem/3487185>: implement security checks for XMLHttpRequest
+	
+        * khtml/ecma/xmlhttprequest.cpp:
+        (KJS::XMLHttpRequest::open): Refuse to start if the URL is not one
+	this document is allowed to access.
+        (KJS::XMLHttpRequest::slotRedirection): Stop the job if we redirect
+	to a URL the home document is not allowed to access.
+        * kwq/KWQResourceLoader.mm:
+        (-[KWQResourceLoader redirectedToURL:]): emit the right signal
+        * kwq/WebCoreResourceLoader.h: Prototype new method
+
 2003-12-01  Richard Williamson   <rjw at apple.com>
 
 Fixed parameter passing to applet.  Child elements are NOT valid in setStyle().  So we now either create the widget before needed with createWidgetIfNecessary.  This either happens when doing the first layout, or when JavaScript first references the applet element.
diff --git a/WebCore/khtml/ecma/xmlhttprequest.cpp b/WebCore/khtml/ecma/xmlhttprequest.cpp
index 89d1f57..07ed74e 100644
--- a/WebCore/khtml/ecma/xmlhttprequest.cpp
+++ b/WebCore/khtml/ecma/xmlhttprequest.cpp
@@ -194,8 +194,31 @@ void XMLHttpRequest::changeState(XMLHttpRequestState newState)
   }
 }
 
+bool XMLHttpRequest::urlMatchesDocumentDomain(const KURL& _url) const
+{
+  KURL documentURL(doc->URL());
+
+  // a local file can load anything
+  if (documentURL.protocol() != "file") {
+    return true;
+  }
+
+  // but a remote document can only load from the same port on the server
+  if (documentURL.protocol() == _url.protocol() &&
+      documentURL.host() == _url.host() &&
+      documentURL.port() == _url.port()) {
+    return true;
+  }
+
+  return false;
+}
+
 void XMLHttpRequest::open(const QString& _method, const KURL& _url, bool _async)
 {
+  if (!urlMatchesDocumentDomain(_url)) {
+    return;
+  }
+
   method = _method;
   url = _url;
   async = _async;
@@ -352,6 +375,10 @@ void XMLHttpRequest::slotFinished(KIO::Job *)
 
 void XMLHttpRequest::slotRedirection(KIO::Job*, const KURL& url)
 {
+  if (!urlMatchesDocumentDomain(url)) {
+    job->kill();
+    job = 0;
+  }
 }
 
 #if APPLE_CHANGES
diff --git a/WebCore/khtml/ecma/xmlhttprequest.h b/WebCore/khtml/ecma/xmlhttprequest.h
index 20798e9..9bc6cb7 100644
--- a/WebCore/khtml/ecma/xmlhttprequest.h
+++ b/WebCore/khtml/ecma/xmlhttprequest.h
@@ -68,6 +68,7 @@ namespace KJS {
 
     Value getStatusText() const;
     Value getStatus() const;
+    bool urlMatchesDocumentDomain(const KURL&) const;
 
     XMLHttpRequestQObject *qObject;
 
diff --git a/WebCore/kwq/KWQResourceLoader.mm b/WebCore/kwq/KWQResourceLoader.mm
index 16cff16..75f12a5 100644
--- a/WebCore/kwq/KWQResourceLoader.mm
+++ b/WebCore/kwq/KWQResourceLoader.mm
@@ -58,6 +58,13 @@ using KIO::TransferJob;
     _job->emitReceivedResponse(response);
 }
 
+- (void)redirectedToURL:(NSURL *)url
+{
+    ASSERT(url);
+    ASSERT(_job);
+    _job->emitRedirection( KURL(url) );
+}
+
 - (void)addData:(NSData *)data
 {
     ASSERT(data);
diff --git a/WebCore/kwq/WebCoreResourceLoader.h b/WebCore/kwq/WebCoreResourceLoader.h
index e1dac63..42f3ba3 100644
--- a/WebCore/kwq/WebCoreResourceLoader.h
+++ b/WebCore/kwq/WebCoreResourceLoader.h
@@ -28,6 +28,7 @@
 @protocol WebCoreResourceLoader <NSObject>
 
 - (void)receivedResponse:(NSURLResponse *)response;
+- (void)redirectedToURL:(NSURL *)url;
 
 - (void)addData:(NSData *)data;
 

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list