LayoutTests/ChangeLog - WebKit - Git at Google

 2007-12-01  Mark Rowe  <mrowe@apple.com>

         Merge r28056 to Safari-3-branch.

     2007-11-26  Sam Weinig  <sam@webkit.org>

         Reviewed by Darin.

         Tests for <rdar://problem/5592988>

         - Update and add tests for new tighter restrictions on what frames in other domains
           can be navigated.

         * http/tests/security/cross-frame-access-location-expected.txt:
         * http/tests/security/frameNavigation: Added.
         * http/tests/security/frameNavigation/resources: Added.
         * http/tests/security/frameNavigation/resources/iframe-that-performs-parent-navigation.html: Added.
         * http/tests/security/frameNavigation/resources/iframe-with-inner-frame-on-foreign-domain.html: Added.
         * http/tests/security/frameNavigation/resources/navigation-changed-iframe.html: Added.
         * http/tests/security/frameNavigation/xss-ALLOWED-parent-navigation-change-expected.txt: Added.
         * http/tests/security/frameNavigation/xss-ALLOWED-parent-navigation-change.html: Added.
         * http/tests/security/frameNavigation/xss-ALLOWED-targeted-subframe-navigation-change-expected.txt: Added.
         * http/tests/security/frameNavigation/xss-ALLOWED-targeted-subframe-navigation-change.html: Added.

 2007-12-01  Mark Rowe  <mrowe@apple.com>

         Merge r26780 from trunk to Safari-3-branch.

     2007-10-19  Sam Weinig  <sam@webkit.org>

         Reviewed by Darin.

         Update results after changing the warning message in isSafeScript to print the frame URL
         rather than the security domain URL.  This now also prints the warning when using data:
         URLs because we no longer return early.

         * http/tests/security/dataURL/xss-DENIED-from-data-url-sub-frame-2-level-expected.txt:
         * http/tests/security/dataURL/xss-DENIED-from-data-url-sub-frame-expected.txt:
         * http/tests/security/dataURL/xss-DENIED-from-data-url-sub-frame-to-data-url-sub-frame-expected.txt:
         * http/tests/security/dataURL/xss-DENIED-from-javascript-url-window-open-expected.txt:
         * http/tests/security/dataURL/xss-DENIED-to-data-url-from-data-url-expected.txt:
         * http/tests/security/dataURL/xss-DENIED-to-data-url-sub-frame-2-level-expected.txt:
         * http/tests/security/dataURL/xss-DENIED-to-data-url-sub-frame-expected.txt:
         * http/tests/security/dataURL/xss-DENIED-to-data-url-sub-frame-uppercase-expected.txt:
         * http/tests/security/dataURL/xss-DENIED-to-data-url-window-open-expected.txt:
         * http/tests/security/javascriptURL/xss-DENIED-from-javascipt-url-in-foreign-domain-subframe-expected.txt:
         * http/tests/security/javascriptURL/xss-DENIED-from-javascipt-url-in-foreign-domain-window-open-expected.txt:
         * http/tests/security/javascriptURL/xss-DENIED-to-javascipt-url-in-foreign-domain-subframe-expected.txt:
         * http/tests/security/javascriptURL/xss-DENIED-to-javascipt-url-in-foreign-domain-window-open-expected.txt:

 == Rolled over to ChangeLog-2007-10-14 ==
	2007-12-01 Mark Rowe <mrowe@apple.com>

	Merge r28056 to Safari-3-branch.

	2007-11-26 Sam Weinig <sam@webkit.org>

	Reviewed by Darin.

	Tests for <rdar://problem/5592988>

	- Update and add tests for new tighter restrictions on what frames in other domains
	can be navigated.

	* http/tests/security/cross-frame-access-location-expected.txt:
	* http/tests/security/frameNavigation: Added.
	* http/tests/security/frameNavigation/resources: Added.
	* http/tests/security/frameNavigation/resources/iframe-that-performs-parent-navigation.html: Added.
	* http/tests/security/frameNavigation/resources/iframe-with-inner-frame-on-foreign-domain.html: Added.
	* http/tests/security/frameNavigation/resources/navigation-changed-iframe.html: Added.
	* http/tests/security/frameNavigation/xss-ALLOWED-parent-navigation-change-expected.txt: Added.
	* http/tests/security/frameNavigation/xss-ALLOWED-parent-navigation-change.html: Added.
	* http/tests/security/frameNavigation/xss-ALLOWED-targeted-subframe-navigation-change-expected.txt: Added.
	* http/tests/security/frameNavigation/xss-ALLOWED-targeted-subframe-navigation-change.html: Added.

	2007-12-01 Mark Rowe <mrowe@apple.com>

	Merge r26780 from trunk to Safari-3-branch.

	2007-10-19 Sam Weinig <sam@webkit.org>

	Reviewed by Darin.

	Update results after changing the warning message in isSafeScript to print the frame URL
	rather than the security domain URL. This now also prints the warning when using data:
	URLs because we no longer return early.

	* http/tests/security/dataURL/xss-DENIED-from-data-url-sub-frame-2-level-expected.txt:
	* http/tests/security/dataURL/xss-DENIED-from-data-url-sub-frame-expected.txt:
	* http/tests/security/dataURL/xss-DENIED-from-data-url-sub-frame-to-data-url-sub-frame-expected.txt:
	* http/tests/security/dataURL/xss-DENIED-from-javascript-url-window-open-expected.txt:
	* http/tests/security/dataURL/xss-DENIED-to-data-url-from-data-url-expected.txt:
	* http/tests/security/dataURL/xss-DENIED-to-data-url-sub-frame-2-level-expected.txt:
	* http/tests/security/dataURL/xss-DENIED-to-data-url-sub-frame-expected.txt:
	* http/tests/security/dataURL/xss-DENIED-to-data-url-sub-frame-uppercase-expected.txt:
	* http/tests/security/dataURL/xss-DENIED-to-data-url-window-open-expected.txt:
	* http/tests/security/javascriptURL/xss-DENIED-from-javascipt-url-in-foreign-domain-subframe-expected.txt:
	* http/tests/security/javascriptURL/xss-DENIED-from-javascipt-url-in-foreign-domain-window-open-expected.txt:
	* http/tests/security/javascriptURL/xss-DENIED-to-javascipt-url-in-foreign-domain-subframe-expected.txt:
	* http/tests/security/javascriptURL/xss-DENIED-to-javascipt-url-in-foreign-domain-window-open-expected.txt:

	== Rolled over to ChangeLog-2007-10-14 ==