Title: [188062] trunk/Source/WebCore
- Revision
- 188062
- Author
- eric.carl...@apple.com
- Date
- 2015-08-06 14:36:00 -0700 (Thu, 06 Aug 2015)
Log Message
Do not enforce "content-disposition: attachment" sandbox restrictions on a MediaDocument
https://bugs.webkit.org/show_bug.cgi?id=147734
rdar://problem/22028179
Reviewed by Andy Estes.
Test to follow, see https://bugs.webkit.org/show_bug.cgi?id=147735
* dom/Document.cpp:
(WebCore::Document::initSecurityContext): Use applyContentDispositionAttachmentSandbox
instead of setting sandbox flags directly.
(WebCore::Document::shouldEnforceContentDispositionAttachmentSandbox): Don't special
case MediaDocument.
(WebCore::Document::applyContentDispositionAttachmentSandbox): Apply sandbox flags
according to document type.
* dom/Document.h:
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (188061 => 188062)
--- trunk/Source/WebCore/ChangeLog 2015-08-06 21:23:55 UTC (rev 188061)
+++ trunk/Source/WebCore/ChangeLog 2015-08-06 21:36:00 UTC (rev 188062)
@@ -1,3 +1,22 @@
+2015-08-06 Eric Carlson <eric.carl...@apple.com>
+
+ Do not enforce "content-disposition: attachment" sandbox restrictions on a MediaDocument
+ https://bugs.webkit.org/show_bug.cgi?id=147734
+ rdar://problem/22028179
+
+ Reviewed by Andy Estes.
+
+ Test to follow, see https://bugs.webkit.org/show_bug.cgi?id=147735
+
+ * dom/Document.cpp:
+ (WebCore::Document::initSecurityContext): Use applyContentDispositionAttachmentSandbox
+ instead of setting sandbox flags directly.
+ (WebCore::Document::shouldEnforceContentDispositionAttachmentSandbox): Don't special
+ case MediaDocument.
+ (WebCore::Document::applyContentDispositionAttachmentSandbox): Apply sandbox flags
+ according to document type.
+ * dom/Document.h:
+
2015-08-06 Anders Carlsson <ander...@apple.com>
Get rid of DatabaseBackendBase
Modified: trunk/Source/WebCore/dom/Document.cpp (188061 => 188062)
--- trunk/Source/WebCore/dom/Document.cpp 2015-08-06 21:23:55 UTC (rev 188061)
+++ trunk/Source/WebCore/dom/Document.cpp 2015-08-06 21:36:00 UTC (rev 188062)
@@ -4936,7 +4936,7 @@
enforceSandboxFlags(m_frame->loader().effectiveSandboxFlags());
if (shouldEnforceContentDispositionAttachmentSandbox())
- enforceSandboxFlags(SandboxAll);
+ applyContentDispositionAttachmentSandbox();
setSecurityOriginPolicy(SecurityOriginPolicy::create(isSandboxed(SandboxOrigin) ? SecurityOrigin::createUnique() : SecurityOrigin::create(m_url)));
setContentSecurityPolicy(std::make_unique<ContentSecurityPolicy>(this));
@@ -6717,9 +6717,6 @@
if (m_isSynthesized)
return false;
- if (isMediaDocument())
- return false;
-
bool contentDispositionAttachmentSandboxEnabled = settings() && settings()->contentDispositionAttachmentSandboxEnabled();
bool responseIsAttachment = false;
if (DocumentLoader* documentLoader = m_frame ? m_frame->loader().activeDocumentLoader() : nullptr)
@@ -6728,4 +6725,14 @@
return contentDispositionAttachmentSandboxEnabled && responseIsAttachment;
}
+void Document::applyContentDispositionAttachmentSandbox()
+{
+ ASSERT(shouldEnforceContentDispositionAttachmentSandbox());
+
+ if (!isMediaDocument())
+ enforceSandboxFlags(SandboxAll);
+ else
+ enforceSandboxFlags(SandboxOrigin);
+}
+
} // namespace WebCore
Modified: trunk/Source/WebCore/dom/Document.h (188061 => 188062)
--- trunk/Source/WebCore/dom/Document.h 2015-08-06 21:23:55 UTC (rev 188061)
+++ trunk/Source/WebCore/dom/Document.h 2015-08-06 21:36:00 UTC (rev 188062)
@@ -1279,6 +1279,7 @@
ShouldOpenExternalURLsPolicy shouldOpenExternalURLsPolicyToPropagate() const;
bool shouldEnforceContentDispositionAttachmentSandbox() const;
+ void applyContentDispositionAttachmentSandbox();
protected:
enum ConstructionFlags { Synthesized = 1, NonRenderedPlaceholder = 1 << 1 };
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes