[webkit-changes] cvs commit: WebKit/WebView.subproj
WebBaseResourceHandleDelegate.h WebMainResourceClient.m
Adele
adele at opensource.apple.com
Mon Jun 27 17:20:35 PDT 2005
adele 05/06/27 17:20:35
Modified: . Tag: Safari-2-0-branch ChangeLog
WebView.subproj Tag: Safari-2-0-branch
WebBaseResourceHandleDelegate.h
WebMainResourceClient.m
Log:
Merged fix for <rdar://problem/4155738> from TOT to Safari-2-0-branch
2005-05-17 Chris Blumenberg <cblu at apple.com>
Fixed: <rdar://problem/4120255> web archives on remote servers can be viewed directly (with major security issues); should download instead
Reviewed by mjs.
* WebView.subproj/WebBaseResourceHandleDelegate.h:
* WebView.subproj/WebMainResourceClient.m:
(-[WebMainResourceClient continueAfterContentPolicy:response:]): if the WebKit client has chosen to "use" a remote web archive, stop the load with an error
Revision Changes Path
No revision
No revision
1.3118.4.13 +14 -0 WebKit/ChangeLog
Index: ChangeLog
===================================================================
RCS file: /cvs/root/WebKit/ChangeLog,v
retrieving revision 1.3118.4.12
retrieving revision 1.3118.4.13
diff -u -r1.3118.4.12 -r1.3118.4.13
--- ChangeLog 27 Jun 2005 23:54:07 -0000 1.3118.4.12
+++ ChangeLog 28 Jun 2005 00:20:30 -0000 1.3118.4.13
@@ -1,4 +1,18 @@
2005-06-27 Adele Peterson <adele at apple.com>
+
+ Merged fix for <rdar://problem/4155738> from TOT to Safari-2-0-branch
+
+ 2005-05-17 Chris Blumenberg <cblu at apple.com>
+
+ Fixed: <rdar://problem/4120255> web archives on remote servers can be viewed directly (with major security issues); should download instead
+
+ Reviewed by mjs.
+
+ * WebView.subproj/WebBaseResourceHandleDelegate.h:
+ * WebView.subproj/WebMainResourceClient.m:
+ (-[WebMainResourceClient continueAfterContentPolicy:response:]): if the WebKit client has chosen to "use" a remote web archive, stop the load with an error
+
+2005-06-27 Adele Peterson <adele at apple.com>
Merged fix for <rdar://problem/4155736> from TOT to Safari-2-0-branch
No revision
No revision
1.38.10.1 +1 -1 WebKit/WebView.subproj/WebBaseResourceHandleDelegate.h
Index: WebBaseResourceHandleDelegate.h
===================================================================
RCS file: /cvs/root/WebKit/WebView.subproj/WebBaseResourceHandleDelegate.h,v
retrieving revision 1.38
retrieving revision 1.38.10.1
diff -u -r1.38 -r1.38.10.1
--- WebBaseResourceHandleDelegate.h 7 Dec 2004 20:05:21 -0000 1.38
+++ WebBaseResourceHandleDelegate.h 28 Jun 2005 00:20:34 -0000 1.38.10.1
@@ -24,6 +24,7 @@
WebDataSource *dataSource;
NSURLConnection *connection;
NSURLRequest *request;
+ BOOL reachedTerminalState;
@private
WebView *webView;
NSURLResponse *response;
@@ -33,7 +34,6 @@
NSURLAuthenticationChallenge *currentConnectionChallenge;
NSURLAuthenticationChallenge *currentWebChallenge;
BOOL cancelledFlag;
- BOOL reachedTerminalState;
BOOL defersCallbacks;
BOOL waitingToDeliverResource;
BOOL deliveredResource;
1.260.8.1 +15 -4 WebKit/WebView.subproj/WebMainResourceClient.m
Index: WebMainResourceClient.m
===================================================================
RCS file: /cvs/root/WebKit/WebView.subproj/WebMainResourceClient.m,v
retrieving revision 1.260
retrieving revision 1.260.8.1
diff -u -r1.260 -r1.260.8.1
--- WebMainResourceClient.m 6 Mar 2005 03:36:59 -0000 1.260
+++ WebMainResourceClient.m 28 Jun 2005 00:20:34 -0000 1.260.8.1
@@ -16,6 +16,7 @@
#import <Foundation/NSURLResponse.h>
#import <Foundation/NSURLResponsePrivate.h>
+#import <WebKit/WebDataProtocol.h>
#import <WebKit/WebDataSourcePrivate.h>
#import <WebKit/WebDefaultPolicyDelegate.h>
#import <WebKit/WebDocument.h>
@@ -200,15 +201,25 @@
-(void)continueAfterContentPolicy:(WebPolicyAction)contentPolicy response:(NSURLResponse *)r
{
+ NSURL *URL = [request URL];
+ NSString *MIMEType = [r MIMEType];
+
switch (contentPolicy) {
case WebPolicyUse:
- if (![WebView canShowMIMEType:[r MIMEType]]) {
- [[dataSource webFrame] _handleUnimplementablePolicyWithErrorCode:WebKitErrorCannotShowMIMEType forURL:[[dataSource request] URL]];
- [self stopLoadingForPolicyChange];
+ {
+ // Prevent remote web archives from loading because they can claim to be from any domain and thus avoid cross-domain security checks (4120255).
+ BOOL isRemote = ![URL isFileURL] && ![WebDataProtocol _webIsDataProtocolURL:URL];
+ BOOL isRemoteWebArchive = isRemote && [MIMEType _web_isCaseInsensitiveEqualToString:@"application/x-webarchive"];
+ if (![WebView canShowMIMEType:MIMEType] || isRemoteWebArchive) {
+ [[dataSource webFrame] _handleUnimplementablePolicyWithErrorCode:WebKitErrorCannotShowMIMEType forURL:URL];
+ // Check reachedTerminalState since the load may have already been cancelled inside of _handleUnimplementablePolicyWithErrorCode::.
+ if (!reachedTerminalState) {
+ [self stopLoadingForPolicyChange];
+ }
return;
}
break;
-
+ }
case WebPolicyDownload:
[proxy setDelegate:nil];
[WebDownload _downloadWithLoadingConnection:connection
More information about the webkit-changes
mailing list