[webkit-changes] [212068] branches/safari-603-branch

Thu, 09 Feb 2017 22:36:35 -0800

Title: [212068] branches/safari-603-branch

Diff

Modified: branches/safari-603-branch/LayoutTests/ChangeLog (212067 => 212068)


--- branches/safari-603-branch/LayoutTests/ChangeLog	2017-02-10 06:37:09 UTC (rev 212067)
+++ branches/safari-603-branch/LayoutTests/ChangeLog	2017-02-10 06:37:13 UTC (rev 212068)
@@ -1,5 +1,20 @@
 2017-02-09  Matthew Hanson  <matthew_han...@apple.com>
 
+        Merge r211926. rdar://problem/30275036
+
+    2017-02-08  Youenn Fablet  <youe...@gmail.com>
+
+            HTML Link elements should load data URLs as same origin
+            https://bugs.webkit.org/show_bug.cgi?id=168032
+            <rdar://problem/30275036>
+
+            Reviewed by Alex Christensen.
+
+            * fast/dom/data-url-css-link-element-cors-active-expected.txt: Added.
+            * fast/dom/data-url-css-link-element-cors-active.html: Added.
+
+2017-02-09  Matthew Hanson  <matthew_han...@apple.com>
+
         Merge r211913. rdar://problem/28062149
 
     2017-02-08  Sam Weinig  <s...@webkit.org>

Added: branches/safari-603-branch/LayoutTests/fast/dom/data-url-css-link-element-cors-active-expected.txt (0 => 212068)


--- branches/safari-603-branch/LayoutTests/fast/dom/data-url-css-link-element-cors-active-expected.txt	                        (rev 0)
+++ branches/safari-603-branch/LayoutTests/fast/dom/data-url-css-link-element-cors-active-expected.txt	2017-02-10 06:37:13 UTC (rev 212068)
@@ -0,0 +1,3 @@
+This test tries to load a CSS link data URL with CORS activated.
+
+PASS

Added: branches/safari-603-branch/LayoutTests/fast/dom/data-url-css-link-element-cors-active.html (0 => 212068)


--- branches/safari-603-branch/LayoutTests/fast/dom/data-url-css-link-element-cors-active.html	                        (rev 0)
+++ branches/safari-603-branch/LayoutTests/fast/dom/data-url-css-link-element-cors-active.html	2017-02-10 06:37:13 UTC (rev 212068)
@@ -0,0 +1,22 @@
+<!DOCTYPE html>
+<html>
+<body>
+<script>
+function log(message)
+{
+    document.getElementById("log").innerHTML = message;
+    if (window.testRunner)
+        testRunner.notifyDone();
+}
+
+if (window.testRunner) {
+    testRunner.waitUntilDone();
+    testRunner.dumpAsText();
+}
+</script>
+<html>
+    <p>This test tries to load a CSS link data URL with CORS activated.</p>
+<link href="" crossOrigin="anonymous" rel="stylesheet" _onload_="log('PASS')" _onerror_="log('FAIL')">
+<p>
+<p id="log"></p>
+</html>

Modified: branches/safari-603-branch/Source/WebCore/ChangeLog (212067 => 212068)


--- branches/safari-603-branch/Source/WebCore/ChangeLog	2017-02-10 06:37:09 UTC (rev 212067)
+++ branches/safari-603-branch/Source/WebCore/ChangeLog	2017-02-10 06:37:13 UTC (rev 212068)
@@ -1,5 +1,25 @@
 2017-02-09  Matthew Hanson  <matthew_han...@apple.com>
 
+        Merge r211926. rdar://problem/30275036
+
+    2017-02-08  Youenn Fablet  <youe...@gmail.com>
+
+            HTML Link elements should load data URLs as same origin
+            https://bugs.webkit.org/show_bug.cgi?id=168032
+            <rdar://problem/30275036>
+
+            Reviewed by Alex Christensen.
+
+            Test: fast/dom/data-url-css-link-element-cors-active.html
+
+            Making CSS data URLs resources considered as same origin when loaded through link elements.
+            In the future, we should consider remove the data URL same origin flag and fully align with the fetch and HTML spec.
+
+            * html/HTMLLinkElement.cpp:
+            (WebCore::HTMLLinkElement::process):
+
+2017-02-09  Matthew Hanson  <matthew_han...@apple.com>
+
         Merge r211913. rdar://problem/28062149
 
     2017-02-08  Sam Weinig  <s...@webkit.org>

Modified: branches/safari-603-branch/Source/WebCore/html/HTMLLinkElement.cpp (212067 => 212068)


--- branches/safari-603-branch/Source/WebCore/html/HTMLLinkElement.cpp	2017-02-10 06:37:09 UTC (rev 212067)
+++ branches/safari-603-branch/Source/WebCore/html/HTMLLinkElement.cpp	2017-02-10 06:37:13 UTC (rev 212068)
@@ -267,14 +267,16 @@
         std::optional<ResourceLoadPriority> priority;
         if (!isActive)
             priority = ResourceLoadPriority::VeryLow;
-        CachedResourceRequest request(url, CachedResourceLoader::defaultCachedResourceOptions(), priority, WTFMove(charset));
+
+        ResourceLoaderOptions options = CachedResourceLoader::defaultCachedResourceOptions();
+        options.sameOriginDataURLFlag = SameOriginDataURLFlag::Set;
+        CachedResourceRequest request(url, options, priority, WTFMove(charset));
+
+        if (document().contentSecurityPolicy()->allowStyleWithNonce(attributeWithoutSynchronization(HTMLNames::nonceAttr)))
+            options.contentSecurityPolicyImposition = ContentSecurityPolicyImposition::SkipPolicyCheck;
+
         request.setInitiator(this);
 
-        if (document().contentSecurityPolicy()->allowStyleWithNonce(attributeWithoutSynchronization(HTMLNames::nonceAttr))) {
-            ResourceLoaderOptions options = CachedResourceLoader::defaultCachedResourceOptions();
-            options.contentSecurityPolicyImposition = ContentSecurityPolicyImposition::SkipPolicyCheck;
-            request.setOptions(options);
-        }
         request.setAsPotentiallyCrossOrigin(crossOrigin(), document());
 
         m_cachedSheet = document().cachedResourceLoader().requestCSSStyleSheet(WTFMove(request));

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to