Title: [105110] branches/safari-534.54-branch/LayoutTests
- Revision
- 105110
- Author
- lforsch...@apple.com
- Date
- 2012-01-16 17:10:50 -0800 (Mon, 16 Jan 2012)
Log Message
Merged r100471.
Modified Paths
Added Paths
Diff
Modified: branches/safari-534.54-branch/LayoutTests/ChangeLog (105109 => 105110)
--- branches/safari-534.54-branch/LayoutTests/ChangeLog 2012-01-17 01:06:51 UTC (rev 105109)
+++ branches/safari-534.54-branch/LayoutTests/ChangeLog 2012-01-17 01:10:50 UTC (rev 105110)
@@ -1,5 +1,19 @@
2011-1-16 Lucas Forschler <lforsch...@apple.com>
+ Merge 100471
+
+ 2011-11-16 Sergey Glazunov <serg.glazu...@gmail.com>
+
+ ScriptController::executeIfJavaScriptURL gets confused by synchronous frame loads
+ https://bugs.webkit.org/show_bug.cgi?id=69777
+
+ Reviewed by Adam Barth.
+
+ * http/tests/security/xss-DENIED-synchronous-frame-load-in-_javascript_-url-expected.txt: Added.
+ * http/tests/security/xss-DENIED-synchronous-frame-load-in-_javascript_-url.html: Added.
+
+2011-1-16 Lucas Forschler <lforsch...@apple.com>
+
Merge 104660
2012-01-10 Filip Pizlo <fpi...@apple.com>
Copied: branches/safari-534.54-branch/LayoutTests/http/tests/security/xss-DENIED-synchronous-frame-load-in-_javascript_-url-expected.txt (from rev 100471, trunk/LayoutTests/http/tests/security/xss-DENIED-synchronous-frame-load-in-_javascript_-url-expected.txt) (0 => 105110)
--- branches/safari-534.54-branch/LayoutTests/http/tests/security/xss-DENIED-synchronous-frame-load-in-_javascript_-url-expected.txt (rev 0)
+++ branches/safari-534.54-branch/LayoutTests/http/tests/security/xss-DENIED-synchronous-frame-load-in-_javascript_-url-expected.txt 2012-01-17 01:10:50 UTC (rev 105110)
@@ -0,0 +1,3 @@
+CONSOLE MESSAGE: line 1: Unsafe _javascript_ attempt to access frame with URL http://localhost:8080/security/resources/innocent-victim.html from frame with URL about:blank. Domains, protocols and ports must match.
+
+This test passes if there's no alert dialog.
Copied: branches/safari-534.54-branch/LayoutTests/http/tests/security/xss-DENIED-synchronous-frame-load-in-_javascript_-url.html (from rev 100471, trunk/LayoutTests/http/tests/security/xss-DENIED-synchronous-frame-load-in-_javascript_-url.html) (0 => 105110)
--- branches/safari-534.54-branch/LayoutTests/http/tests/security/xss-DENIED-synchronous-frame-load-in-_javascript_-url.html (rev 0)
+++ branches/safari-534.54-branch/LayoutTests/http/tests/security/xss-DENIED-synchronous-frame-load-in-_javascript_-url.html 2012-01-17 01:10:50 UTC (rev 105110)
@@ -0,0 +1,42 @@
+<html>
+<head>
+<script>
+if (window.layoutTestController) {
+ layoutTestController.dumpAsText();
+ layoutTestController.waitUntilDone();
+ layoutTestController.setCanOpenWindows();
+ layoutTestController.setCloseRemainingWindowsWhenComplete(true);
+}
+
+window._onload_ = function()
+{
+ victim = document.body.appendChild(document.createElement("iframe"));
+ wnd = victim.contentWindow.open();
+ victim.src = ""
+ victim._onload_ = function() {
+ victim._onload_ = null;
+
+ wnd.eval("(" + function() {
+ location = "_javascript_:(" + function() {
+ a = document.createElement("a");
+ a.href = ""
+ e = document.createEvent("MouseEvent");
+ e.initMouseEvent("click");
+ a.dispatchEvent(e);
+
+ return "<script>(" + function() {
+ opener.location = "_javascript_:alert(document.body.innerHTML)";
+
+ if (window.layoutTestController)
+ setTimeout("layoutTestController.notifyDone()", 0);
+ } + ")()<\/script>";
+ } + ")()";
+ } + ")()");
+ }
+}
+</script>
+</head>
+<body>
+This test passes if there's no alert dialog.
+</body>
+</html>
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes