[webkit-changes] cvs commit: WebKit/WebView.subproj
WebBaseResourceHandleDelegate.h WebMainResourceClient.m
Adele
adele at opensource.apple.com
Thu Sep 1 16:58:48 PDT 2005
adele 05/09/01 16:58:48
Modified: . Tag: Safari-1-3-branch ChangeLog
WebView.subproj Tag: Safari-1-3-branch
WebBaseResourceHandleDelegate.h
WebMainResourceClient.m
Log:
Merged fix for <rdar://problem/4208261> from TOT to Safari-1-3-branch
2005-05-17 Chris Blumenberg <cblu at apple.com>
Fixed: <rdar://problem/4120255> web archives on remote servers can be viewed directly (with major security issues); should download instead
Reviewed by mjs.
* WebView.subproj/WebBaseResourceHandleDelegate.h:
* WebView.subproj/WebMainResourceClient.m:
(-[WebMainResourceClient continueAfterContentPolicy:response:]): if the WebKit client has chosen to "use" a remote web archive, stop the load with an error
Revision Changes Path
No revision
No revision
1.3120.2.14 +14 -0 WebKit/ChangeLog
Index: ChangeLog
===================================================================
RCS file: /cvs/root/WebKit/ChangeLog,v
retrieving revision 1.3120.2.13
retrieving revision 1.3120.2.14
diff -u -r1.3120.2.13 -r1.3120.2.14
--- ChangeLog 15 Jul 2005 17:23:51 -0000 1.3120.2.13
+++ ChangeLog 1 Sep 2005 23:58:42 -0000 1.3120.2.14
@@ -1,3 +1,17 @@
+2005-09-01 Adele Peterson <adele at apple.com>
+
+ Merged fix for <rdar://problem/4208261> from TOT to Safari-1-3-branch
+
+ 2005-05-17 Chris Blumenberg <cblu at apple.com>
+
+ Fixed: <rdar://problem/4120255> web archives on remote servers can be viewed directly (with major security issues); should download instead
+
+ Reviewed by mjs.
+
+ * WebView.subproj/WebBaseResourceHandleDelegate.h:
+ * WebView.subproj/WebMainResourceClient.m:
+ (-[WebMainResourceClient continueAfterContentPolicy:response:]): if the WebKit client has chosen to "use" a remote web archive, stop the load with an error
+
=== WebKit-312.5 ===
2005-07-14 Vicki Murley <vicki at apple.com>
No revision
No revision
1.38.8.2 +1 -1 WebKit/WebView.subproj/Attic/WebBaseResourceHandleDelegate.h
Index: WebBaseResourceHandleDelegate.h
===================================================================
RCS file: /cvs/root/WebKit/WebView.subproj/Attic/WebBaseResourceHandleDelegate.h,v
retrieving revision 1.38.8.1
retrieving revision 1.38.8.2
diff -u -r1.38.8.1 -r1.38.8.2
--- WebBaseResourceHandleDelegate.h 2 Jun 2005 15:44:43 -0000 1.38.8.1
+++ WebBaseResourceHandleDelegate.h 1 Sep 2005 23:58:47 -0000 1.38.8.2
@@ -24,6 +24,7 @@
WebDataSource *dataSource;
NSURLConnection *connection;
NSURLRequest *request;
+ BOOL reachedTerminalState;
@private
WebView *webView;
NSURLResponse *response;
@@ -33,7 +34,6 @@
NSURLAuthenticationChallenge *currentConnectionChallenge;
NSURLAuthenticationChallenge *currentWebChallenge;
BOOL cancelledFlag;
- BOOL reachedTerminalState;
BOOL defersCallbacks;
BOOL waitingToDeliverResource;
BOOL deliveredResource;
1.260.6.2 +15 -4 WebKit/WebView.subproj/Attic/WebMainResourceClient.m
Index: WebMainResourceClient.m
===================================================================
RCS file: /cvs/root/WebKit/WebView.subproj/Attic/WebMainResourceClient.m,v
retrieving revision 1.260.6.1
retrieving revision 1.260.6.2
diff -u -r1.260.6.1 -r1.260.6.2
--- WebMainResourceClient.m 2 Jun 2005 15:44:43 -0000 1.260.6.1
+++ WebMainResourceClient.m 1 Sep 2005 23:58:47 -0000 1.260.6.2
@@ -16,6 +16,7 @@
#import <Foundation/NSURLResponse.h>
#import <Foundation/NSURLResponsePrivate.h>
+#import <WebKit/WebDataProtocol.h>
#import <WebKit/WebDataSourcePrivate.h>
#import <WebKit/WebDefaultPolicyDelegate.h>
#import <WebKit/WebDocument.h>
@@ -200,15 +201,25 @@
-(void)continueAfterContentPolicy:(WebPolicyAction)contentPolicy response:(NSURLResponse *)r
{
+ NSURL *URL = [request URL];
+ NSString *MIMEType = [r MIMEType];
+
switch (contentPolicy) {
case WebPolicyUse:
- if (![WebView canShowMIMEType:[r MIMEType]]) {
- [[dataSource webFrame] _handleUnimplementablePolicyWithErrorCode:WebKitErrorCannotShowMIMEType forURL:[[dataSource request] URL]];
- [self stopLoadingForPolicyChange];
+ {
+ // Prevent remote web archives from loading because they can claim to be from any domain and thus avoid cross-domain security checks (4120255).
+ BOOL isRemote = ![URL isFileURL] && ![WebDataProtocol _webIsDataProtocolURL:URL];
+ BOOL isRemoteWebArchive = isRemote && [MIMEType _web_isCaseInsensitiveEqualToString:@"application/x-webarchive"];
+ if (![WebView canShowMIMEType:MIMEType] || isRemoteWebArchive) {
+ [[dataSource webFrame] _handleUnimplementablePolicyWithErrorCode:WebKitErrorCannotShowMIMEType forURL:URL];
+ // Check reachedTerminalState since the load may have already been cancelled inside of _handleUnimplementablePolicyWithErrorCode::.
+ if (!reachedTerminalState) {
+ [self stopLoadingForPolicyChange];
+ }
return;
}
break;
-
+ }
case WebPolicyDownload:
[proxy setDelegate:nil];
[WebDownload _downloadWithLoadingConnection:connection
More information about the webkit-changes
mailing list