Title: [199347] releases/WebKitGTK/webkit-2.12
- Revision
- 199347
- Author
- carlo...@webkit.org
- Date
- 2016-04-12 06:25:54 -0700 (Tue, 12 Apr 2016)
Log Message
Merge r197858 - Local HTML should be blocked from localStorage access unless "Disable Local File Restrictions" is checked..
https://bugs.webkit.org/show_bug.cgi?id=155185
<rdar://problem/11101440>
Reviewed by Zalan Bujtas.
Source/WebCore:
Tested by storage/domstorage/localstorage/blocked-file-access.html.
* page/SecurityOrigin.cpp:
(WebCore::SecurityOrigin::canAccessStorage): If the origin is a local file, and we have not been granted
universal file access, prevent access to DOM localStorage.
LayoutTests:
* storage/domstorage/localstorage/blocked-file-access-expected.txt: Added.
* storage/domstorage/localstorage/blocked-file-access.html: Added.
* storage/domstorage/localstorage/resources/blocked-example.html: Added.
Modified Paths
Added Paths
Diff
Modified: releases/WebKitGTK/webkit-2.12/LayoutTests/ChangeLog (199346 => 199347)
--- releases/WebKitGTK/webkit-2.12/LayoutTests/ChangeLog 2016-04-12 13:25:27 UTC (rev 199346)
+++ releases/WebKitGTK/webkit-2.12/LayoutTests/ChangeLog 2016-04-12 13:25:54 UTC (rev 199347)
@@ -1,3 +1,15 @@
+2016-03-08 Brent Fulgham <bfulg...@apple.com>
+
+ Local HTML should be blocked from localStorage access unless "Disable Local File Restrictions" is checked..
+ https://bugs.webkit.org/show_bug.cgi?id=155185
+ <rdar://problem/11101440>
+
+ Reviewed by Zalan Bujtas.
+
+ * storage/domstorage/localstorage/blocked-file-access-expected.txt: Added.
+ * storage/domstorage/localstorage/blocked-file-access.html: Added.
+ * storage/domstorage/localstorage/resources/blocked-example.html: Added.
+
2016-03-09 Andreas Kling <akl...@apple.com>
ImageDocuments leak their world.
Added: releases/WebKitGTK/webkit-2.12/LayoutTests/storage/domstorage/localstorage/blocked-file-access-expected.txt (0 => 199347)
--- releases/WebKitGTK/webkit-2.12/LayoutTests/storage/domstorage/localstorage/blocked-file-access-expected.txt (rev 0)
+++ releases/WebKitGTK/webkit-2.12/LayoutTests/storage/domstorage/localstorage/blocked-file-access-expected.txt 2016-04-12 13:25:54 UTC (rev 199347)
@@ -0,0 +1,4 @@
+CONSOLE MESSAGE: line 11: PASS: window.localStorage is NOT accessible
+CONSOLE MESSAGE: line 12: Exception: SecurityError: DOM Exception 18
+
+Test that we cannot access localStorage from a file URL if unversal access is turned off.
Added: releases/WebKitGTK/webkit-2.12/LayoutTests/storage/domstorage/localstorage/blocked-file-access.html (0 => 199347)
--- releases/WebKitGTK/webkit-2.12/LayoutTests/storage/domstorage/localstorage/blocked-file-access.html (rev 0)
+++ releases/WebKitGTK/webkit-2.12/LayoutTests/storage/domstorage/localstorage/blocked-file-access.html 2016-04-12 13:25:54 UTC (rev 199347)
@@ -0,0 +1,16 @@
+<html>
+<head>
+<script>
+if (window.testRunner) {
+ testRunner.setAllowUniversalAccessFromFileURLs(false);
+ testRunner.dumpAsText();
+ testRunner.waitUntilDone();
+}
+</script>
+</head>
+<body>
+<iframe src=""
+<div id="results"></div>
+Test that we cannot access localStorage from a file URL if unversal access is turned off.
+</body>
+</html>
Added: releases/WebKitGTK/webkit-2.12/LayoutTests/storage/domstorage/localstorage/resources/blocked-example.html (0 => 199347)
--- releases/WebKitGTK/webkit-2.12/LayoutTests/storage/domstorage/localstorage/resources/blocked-example.html (rev 0)
+++ releases/WebKitGTK/webkit-2.12/LayoutTests/storage/domstorage/localstorage/resources/blocked-example.html 2016-04-12 13:25:54 UTC (rev 199347)
@@ -0,0 +1,22 @@
+<html>
+<head>
+<script>
+function runTest()
+{
+ try {
+ if (window.localStorage) {
+ console.log("FAIL: window.localStorage WAS accessible");
+ }
+ } catch(e) {
+ console.log("PASS: window.localStorage is NOT accessible");
+ console.log("Exception: " + e.message);
+ }
+ if (window.testRunner)
+ testRunner.notifyDone();
+}
+
+</script>
+</head>
+<body _onload_="runTest()">
+</body>
+</html>
Modified: releases/WebKitGTK/webkit-2.12/Source/WebCore/ChangeLog (199346 => 199347)
--- releases/WebKitGTK/webkit-2.12/Source/WebCore/ChangeLog 2016-04-12 13:25:27 UTC (rev 199346)
+++ releases/WebKitGTK/webkit-2.12/Source/WebCore/ChangeLog 2016-04-12 13:25:54 UTC (rev 199347)
@@ -1,3 +1,17 @@
+2016-03-08 Brent Fulgham <bfulg...@apple.com>
+
+ Local HTML should be blocked from localStorage access unless "Disable Local File Restrictions" is checked..
+ https://bugs.webkit.org/show_bug.cgi?id=155185
+ <rdar://problem/11101440>
+
+ Reviewed by Zalan Bujtas.
+
+ Tested by storage/domstorage/localstorage/blocked-file-access.html.
+
+ * page/SecurityOrigin.cpp:
+ (WebCore::SecurityOrigin::canAccessStorage): If the origin is a local file, and we have not been granted
+ universal file access, prevent access to DOM localStorage.
+
2016-03-22 Carlos Garcia Campos <cgar...@igalia.com>
[GTK] WebInspector broken after r197620
Modified: releases/WebKitGTK/webkit-2.12/Source/WebCore/page/SecurityOrigin.cpp (199346 => 199347)
--- releases/WebKitGTK/webkit-2.12/Source/WebCore/page/SecurityOrigin.cpp 2016-04-12 13:25:27 UTC (rev 199346)
+++ releases/WebKitGTK/webkit-2.12/Source/WebCore/page/SecurityOrigin.cpp 2016-04-12 13:25:54 UTC (rev 199347)
@@ -375,6 +375,9 @@
if (m_storageBlockingPolicy == BlockAllStorage)
return false;
+ if (isLocal() && !m_universalAccess)
+ return false;
+
// FIXME: This check should be replaced with an ASSERT once we can guarantee that topOrigin is not null.
if (!topOrigin)
return true;
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes