commit a796cc07a7b1f88e97944a116a2e553864998d6b
author abarth@webkit.org <abarth@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc> Sat Nov 01 09:31:42 2008 +0000
committer abarth@webkit.org <abarth@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc> Sat Nov 01 09:31:42 2008 +0000
tree 4f5f72e946ee3d3f2da026c2bddc09f207a217ec
parent ec7365b9e268f47881413e1a26206f6144533b9f

WebCore:

2008-11-01  Adam Barth  <abarth@webkit.org>

        Reviewed by Sam Weinig.

        Be sure to check the final URLs of requested resources to make sure we
        don't get fooled by HTTP redirects.

        https://bugs.webkit.org/show_bug.cgi?id=21963

        Tests: http/tests/security/xss-DENIED-xsl-document-redirect.xml
               http/tests/security/xss-DENIED-xsl-external-entity-redirect.xml

        * dom/XMLTokenizerLibxml2.cpp:
        (WebCore::openFunc):
        * loader/DocLoader.cpp:
        (WebCore::DocLoader::canRequest):
        (WebCore::DocLoader::requestResource):
        * loader/DocLoader.h:
        * xml/XSLTProcessor.cpp:
        (WebCore::docLoaderFunc):

LayoutTests:

2008-11-01  Adam Barth  <abarth@webkit.org>

        Reviewed by Sam Weinig.

        Test that we properly block non-same-origin redirects for these
        esoteric loads.

        https://bugs.webkit.org/show_bug.cgi?id=21963

        * http/tests/security/resources/xsl-using-document-redirect.xsl: Added.
        * http/tests/security/resources/xsl-using-external-entity-redirect.xsl: Added.
        * http/tests/security/xss-DENIED-xsl-document-redirect-expected.txt: Copied from LayoutTests/http/tests/security/xss-DENIED-xsl-document-expected.txt.
        * http/tests/security/xss-DENIED-xsl-document-redirect.xml: Added.
        * http/tests/security/xss-DENIED-xsl-external-entity-redirect-expected.txt: Copied from LayoutTests/http/tests/security/xss-DENIED-xsl-external-entity-expected.txt.
        * http/tests/security/xss-DENIED-xsl-external-entity-redirect.xml: Added.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@38065 268f45cc-cd09-0410-ab3c-d52691b4dbfc

WebCore/ChangeLog

diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index 514ae13..47c62a6 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,24 @@
+2008-11-01  Adam Barth  <abarth@webkit.org>
+
+        Reviewed by Sam Weinig.
+
+        Be sure to check the final URLs of requested resources to make sure we
+        don't get fooled by HTTP redirects.
+
+        https://bugs.webkit.org/show_bug.cgi?id=21963
+
+        Tests: http/tests/security/xss-DENIED-xsl-document-redirect.xml
+               http/tests/security/xss-DENIED-xsl-external-entity-redirect.xml
+
+        * dom/XMLTokenizerLibxml2.cpp:
+        (WebCore::openFunc):
+        * loader/DocLoader.cpp:
+        (WebCore::DocLoader::canRequest):
+        (WebCore::DocLoader::requestResource):
+        * loader/DocLoader.h:
+        * xml/XSLTProcessor.cpp:
+        (WebCore::docLoaderFunc):
+
 2008-11-01  Alexey Proskuryakov  <ap@webkit.org>
 
         Reviewed by Darin Adler.
@@ -406,7 +427,6 @@
         doesn't really fix a bug, since we can't really get into a situation where we move to a different 
         topBlockquote, but it simplifies the code.
 
->>>>>>> .r38031
 2008-10-30  Dirk Schulze  <vbs85@gmx.de>
 
         Reviewed by Alp Toker.