<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[208475] trunk</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/208475">208475</a></dd>
<dt>Author</dt> <dd>dbates@webkit.org</dd>
<dt>Date</dt> <dd>2016-11-09 13:17:45 -0800 (Wed, 09 Nov 2016)</dd>
</dl>
<h3>Log Message</h3>
<pre>Add test infrastructure and tests for existing HTTP 0.9 sandbox machinery
https://bugs.webkit.org/show_bug.cgi?id=164389
<rdar://problem/29101072>
Reviewed by Alex Christensen.
Source/WebCore:
Add test infrastructure to support registering an arbitrary port as the default port
for a protocol. The behavior of various machinery, including the HTTP 0.9 machinery,
can be effected by whether the resource request was made using the default port for
the protocol. We expose window.internals.registerDefaultPortForProtocol() to allow
a test to override the default port associated with a protocol so as to support
testing these code paths using the existing port 8000 server started by run-webkit-httpd.
Without window.internals.registerDefaultPortForProtocol() we would need to teach
run-webkit-httpd to run a web server on port 80, which requires superuser privileges
(since it is a privileged port number) and is more likely to interfere with an
existing web server setup.
Tests: http/tests/security/http-0.9/default-port-plugin-blocked.html
http/tests/security/http-0.9/default-port-script-blocked.html
http/tests/security/http-0.9/iframe-blocked.html
http/tests/security/http-0.9/image-blocked.html
http/tests/security/http-0.9/image-on-HTTP-0.9-default-port-page-allowed-ref-test.html
http/tests/security/http-0.9/image-on-HTTP-0.9-default-port-page-allowed.html
http/tests/security/http-0.9/image-on-HTTP-0.9-page-blocked.html
http/tests/security/http-0.9/worker-connect-src-blocked.html
http/tests/security/http-0.9/worker-importScripts-blocked.html
http/tests/security/http-0.9/xhr-asynchronous-blocked.html
* platform/URL.cpp:
(WebCore::defaultPortForProtocolMapForTesting): Added.
(WebCore::registerDefaultPortForProtocolForTesting): Adds the specified (protocol, port) to the
mapping used for testing.
(WebCore::clearDefaultPortForProtocolMapForTesting): Clears the protocol to default port testing map.
We call this function from Internals::resetToConsistentState() so that the mapping is cleared between
test runs.
(WebCore::defaultPortForProtocol): Modified to check the protocol to default port map for testing
before consulting URLParser::defaultPortForProtocol().
* platform/URL.h:
* testing/Internals.cpp:
(WebCore::Internals::resetToConsistentState): Clear the default port mapping used for testing.
(WebCore::Internals::registerDefaultPortForProtocol): Added.
* testing/Internals.h:
* testing/Internals.idl: Added declaration for registerDefaultPortForProtocol().
LayoutTests:
Add tests for the existing HTTP 0.9 sandbox machinery. Until we fix <https://bugs.webkit.org/show_bug.cgi?id=164387>,
these tests can only be run singly (i.e. pass --run-singly to run-webkit-tests). So, we skip
these tests to avoid test failures when run-webkit-tests runs in parallel mode (the default
mode and the mode used on the buildbots).
* TestExpectations:
* http/tests/security/http-0.9/default-port-plugin-blocked-expected.txt: Added.
* http/tests/security/http-0.9/default-port-plugin-blocked.html: Added.
* http/tests/security/http-0.9/default-port-script-blocked-expected.txt: Added.
* http/tests/security/http-0.9/default-port-script-blocked.html: Added.
* http/tests/security/http-0.9/iframe-blocked-expected.txt: Added.
* http/tests/security/http-0.9/iframe-blocked.html: Added.
* http/tests/security/http-0.9/image-blocked-expected.txt: Added.
* http/tests/security/http-0.9/image-blocked.html: Added.
* http/tests/security/http-0.9/image-on-HTTP-0.9-default-port-page-allowed-expected.txt: Added.
* http/tests/security/http-0.9/image-on-HTTP-0.9-default-port-page-allowed-ref-test-expected.html: Added.
* http/tests/security/http-0.9/image-on-HTTP-0.9-default-port-page-allowed-ref-test.html: Added.
* http/tests/security/http-0.9/image-on-HTTP-0.9-default-port-page-allowed.html: Added.
* http/tests/security/http-0.9/image-on-HTTP-0.9-page-blocked-expected.txt: Added.
* http/tests/security/http-0.9/image-on-HTTP-0.9-page-blocked.html: Added.
* http/tests/security/http-0.9/resources/blue-square.png: Added.
* http/tests/security/http-0.9/resources/nph-alert-fail.pl: Added.
* http/tests/security/http-0.9/resources/nph-fail.pl: Added.
* http/tests/security/http-0.9/resources/nph-image-on-HTTP-0.9-default-port-page-allowed.pl: Added.
* http/tests/security/http-0.9/resources/nph-image-on-HTTP-0.9-page-blocked.pl: Added.
* http/tests/security/http-0.9/resources/nph-image.pl: Added.
* http/tests/security/http-0.9/resources/nph-load-plugin-fail.pl: Added.
* http/tests/security/http-0.9/resources/nph-worker-fail.pl: Added.
* http/tests/security/http-0.9/worker-connect-src-blocked-expected.txt: Added.
* http/tests/security/http-0.9/worker-connect-src-blocked.html: Added.
* http/tests/security/http-0.9/worker-importScripts-blocked-expected.txt: Added.
* http/tests/security/http-0.9/worker-importScripts-blocked.html: Added.
* http/tests/security/http-0.9/xhr-asynchronous-blocked-expected.txt: Added.
* http/tests/security/http-0.9/xhr-asynchronous-blocked.html: Added.</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkLayoutTestsChangeLog">trunk/LayoutTests/ChangeLog</a></li>
<li><a href="#trunkLayoutTestsTestExpectations">trunk/LayoutTests/TestExpectations</a></li>
<li><a href="#trunkSourceWebCoreChangeLog">trunk/Source/WebCore/ChangeLog</a></li>
<li><a href="#trunkSourceWebCoreplatformURLcpp">trunk/Source/WebCore/platform/URL.cpp</a></li>
<li><a href="#trunkSourceWebCoreplatformURLh">trunk/Source/WebCore/platform/URL.h</a></li>
<li><a href="#trunkSourceWebCoretestingInternalscpp">trunk/Source/WebCore/testing/Internals.cpp</a></li>
<li><a href="#trunkSourceWebCoretestingInternalsh">trunk/Source/WebCore/testing/Internals.h</a></li>
<li><a href="#trunkSourceWebCoretestingInternalsidl">trunk/Source/WebCore/testing/Internals.idl</a></li>
</ul>
<h3>Added Paths</h3>
<ul>
<li>trunk/LayoutTests/http/tests/security/http-0.9/</li>
<li><a href="#trunkLayoutTestshttptestssecurityhttp09defaultportpluginblockedexpectedtxt">trunk/LayoutTests/http/tests/security/http-0.9/default-port-plugin-blocked-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityhttp09defaultportpluginblockedhtml">trunk/LayoutTests/http/tests/security/http-0.9/default-port-plugin-blocked.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityhttp09defaultportscriptblockedexpectedtxt">trunk/LayoutTests/http/tests/security/http-0.9/default-port-script-blocked-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityhttp09defaultportscriptblockedhtml">trunk/LayoutTests/http/tests/security/http-0.9/default-port-script-blocked.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityhttp09iframeblockedexpectedtxt">trunk/LayoutTests/http/tests/security/http-0.9/iframe-blocked-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityhttp09iframeblockedhtml">trunk/LayoutTests/http/tests/security/http-0.9/iframe-blocked.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityhttp09imageblockedexpectedtxt">trunk/LayoutTests/http/tests/security/http-0.9/image-blocked-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityhttp09imageblockedhtml">trunk/LayoutTests/http/tests/security/http-0.9/image-blocked.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityhttp09imageonHTTP09defaultportpageallowedexpectedtxt">trunk/LayoutTests/http/tests/security/http-0.9/image-on-HTTP-0.9-default-port-page-allowed-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityhttp09imageonHTTP09defaultportpageallowedreftestexpectedhtml">trunk/LayoutTests/http/tests/security/http-0.9/image-on-HTTP-0.9-default-port-page-allowed-ref-test-expected.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityhttp09imageonHTTP09defaultportpageallowedreftesthtml">trunk/LayoutTests/http/tests/security/http-0.9/image-on-HTTP-0.9-default-port-page-allowed-ref-test.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityhttp09imageonHTTP09defaultportpageallowedhtml">trunk/LayoutTests/http/tests/security/http-0.9/image-on-HTTP-0.9-default-port-page-allowed.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityhttp09imageonHTTP09pageblockedexpectedtxt">trunk/LayoutTests/http/tests/security/http-0.9/image-on-HTTP-0.9-page-blocked-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityhttp09imageonHTTP09pageblockedhtml">trunk/LayoutTests/http/tests/security/http-0.9/image-on-HTTP-0.9-page-blocked.html</a></li>
<li>trunk/LayoutTests/http/tests/security/http-0.9/resources/</li>
<li><a href="#trunkLayoutTestshttptestssecurityhttp09resourcesbluesquarepng">trunk/LayoutTests/http/tests/security/http-0.9/resources/blue-square.png</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityhttp09resourcesnphalertfailpl">trunk/LayoutTests/http/tests/security/http-0.9/resources/nph-alert-fail.pl</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityhttp09resourcesnphfailpl">trunk/LayoutTests/http/tests/security/http-0.9/resources/nph-fail.pl</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityhttp09resourcesnphimageonHTTP09defaultportpageallowedpl">trunk/LayoutTests/http/tests/security/http-0.9/resources/nph-image-on-HTTP-0.9-default-port-page-allowed.pl</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityhttp09resourcesnphimageonHTTP09pageblockedpl">trunk/LayoutTests/http/tests/security/http-0.9/resources/nph-image-on-HTTP-0.9-page-blocked.pl</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityhttp09resourcesnphimagepl">trunk/LayoutTests/http/tests/security/http-0.9/resources/nph-image.pl</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityhttp09resourcesnphloadpluginfailpl">trunk/LayoutTests/http/tests/security/http-0.9/resources/nph-load-plugin-fail.pl</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityhttp09resourcesnphworkerfailpl">trunk/LayoutTests/http/tests/security/http-0.9/resources/nph-worker-fail.pl</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityhttp09workerconnectsrcblockedexpectedtxt">trunk/LayoutTests/http/tests/security/http-0.9/worker-connect-src-blocked-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityhttp09workerconnectsrcblockedhtml">trunk/LayoutTests/http/tests/security/http-0.9/worker-connect-src-blocked.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityhttp09workerimportScriptsblockedexpectedtxt">trunk/LayoutTests/http/tests/security/http-0.9/worker-importScripts-blocked-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityhttp09workerimportScriptsblockedhtml">trunk/LayoutTests/http/tests/security/http-0.9/worker-importScripts-blocked.html</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityhttp09xhrasynchronousblockedexpectedtxt">trunk/LayoutTests/http/tests/security/http-0.9/xhr-asynchronous-blocked-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityhttp09xhrasynchronousblockedhtml">trunk/LayoutTests/http/tests/security/http-0.9/xhr-asynchronous-blocked.html</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkLayoutTestsChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/ChangeLog (208474 => 208475)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/ChangeLog 2016-11-09 21:16:44 UTC (rev 208474)
+++ trunk/LayoutTests/ChangeLog 2016-11-09 21:17:45 UTC (rev 208475)
</span><span class="lines">@@ -1,3 +1,46 @@
</span><ins>+2016-11-09 Daniel Bates <dabates@apple.com>
+
+ Add test infrastructure and tests for existing HTTP 0.9 sandbox machinery
+ https://bugs.webkit.org/show_bug.cgi?id=164389
+ <rdar://problem/29101072>
+
+ Reviewed by Alex Christensen.
+
+ Add tests for the existing HTTP 0.9 sandbox machinery. Until we fix <https://bugs.webkit.org/show_bug.cgi?id=164387>,
+ these tests can only be run singly (i.e. pass --run-singly to run-webkit-tests). So, we skip
+ these tests to avoid test failures when run-webkit-tests runs in parallel mode (the default
+ mode and the mode used on the buildbots).
+
+ * TestExpectations:
+ * http/tests/security/http-0.9/default-port-plugin-blocked-expected.txt: Added.
+ * http/tests/security/http-0.9/default-port-plugin-blocked.html: Added.
+ * http/tests/security/http-0.9/default-port-script-blocked-expected.txt: Added.
+ * http/tests/security/http-0.9/default-port-script-blocked.html: Added.
+ * http/tests/security/http-0.9/iframe-blocked-expected.txt: Added.
+ * http/tests/security/http-0.9/iframe-blocked.html: Added.
+ * http/tests/security/http-0.9/image-blocked-expected.txt: Added.
+ * http/tests/security/http-0.9/image-blocked.html: Added.
+ * http/tests/security/http-0.9/image-on-HTTP-0.9-default-port-page-allowed-expected.txt: Added.
+ * http/tests/security/http-0.9/image-on-HTTP-0.9-default-port-page-allowed-ref-test-expected.html: Added.
+ * http/tests/security/http-0.9/image-on-HTTP-0.9-default-port-page-allowed-ref-test.html: Added.
+ * http/tests/security/http-0.9/image-on-HTTP-0.9-default-port-page-allowed.html: Added.
+ * http/tests/security/http-0.9/image-on-HTTP-0.9-page-blocked-expected.txt: Added.
+ * http/tests/security/http-0.9/image-on-HTTP-0.9-page-blocked.html: Added.
+ * http/tests/security/http-0.9/resources/blue-square.png: Added.
+ * http/tests/security/http-0.9/resources/nph-alert-fail.pl: Added.
+ * http/tests/security/http-0.9/resources/nph-fail.pl: Added.
+ * http/tests/security/http-0.9/resources/nph-image-on-HTTP-0.9-default-port-page-allowed.pl: Added.
+ * http/tests/security/http-0.9/resources/nph-image-on-HTTP-0.9-page-blocked.pl: Added.
+ * http/tests/security/http-0.9/resources/nph-image.pl: Added.
+ * http/tests/security/http-0.9/resources/nph-load-plugin-fail.pl: Added.
+ * http/tests/security/http-0.9/resources/nph-worker-fail.pl: Added.
+ * http/tests/security/http-0.9/worker-connect-src-blocked-expected.txt: Added.
+ * http/tests/security/http-0.9/worker-connect-src-blocked.html: Added.
+ * http/tests/security/http-0.9/worker-importScripts-blocked-expected.txt: Added.
+ * http/tests/security/http-0.9/worker-importScripts-blocked.html: Added.
+ * http/tests/security/http-0.9/xhr-asynchronous-blocked-expected.txt: Added.
+ * http/tests/security/http-0.9/xhr-asynchronous-blocked.html: Added.
+
</ins><span class="cx"> 2016-11-09 Wenson Hsieh <wenson_hsieh@apple.com>
</span><span class="cx">
</span><span class="cx"> When editing IME, `compositionend` events should fire after input events
</span></span></pre></div>
<a id="trunkLayoutTestsTestExpectations"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/TestExpectations (208474 => 208475)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/TestExpectations 2016-11-09 21:16:44 UTC (rev 208474)
+++ trunk/LayoutTests/TestExpectations 2016-11-09 21:17:45 UTC (rev 208475)
</span><span class="lines">@@ -66,6 +66,9 @@
</span><span class="cx"> # Only iOS has selection UI drawn by UIKit
</span><span class="cx"> editing/selection/character-granularity-rect.html [ Skip ]
</span><span class="cx">
</span><ins>+# Until we fix webkit.org/b/164387 these tests will only pass when run singly (i.e. pass --run-singly to run-webkit-tests).
+webkit.org/b/164387 http/tests/security/http-0.9 [ Skip ]
+
</ins><span class="cx"> #//////////////////////////////////////////////////////////////////////////////////////////
</span><span class="cx"> # End platform-specific tests.
</span><span class="cx"> #//////////////////////////////////////////////////////////////////////////////////////////
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityhttp09defaultportpluginblockedexpectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/security/http-0.9/default-port-plugin-blocked-expected.txt (0 => 208475)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/http-0.9/default-port-plugin-blocked-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/security/http-0.9/default-port-plugin-blocked-expected.txt 2016-11-09 21:17:45 UTC (rev 208475)
</span><span class="lines">@@ -0,0 +1,11 @@
</span><ins>+CONSOLE MESSAGE: Sandboxing 'http://127.0.0.1:8000/security/http-0.9/resources/nph-load-plugin-fail.pl' because it is using HTTP/0.9.
+CONSOLE MESSAGE: Sandboxing 'http://127.0.0.1:8000/security/http-0.9/resources/nph-load-plugin-fail.pl' because it is using HTTP/0.9.
+CONSOLE MESSAGE: Sandboxing 'http://127.0.0.1:8000/security/http-0.9/resources/nph-load-plugin-fail.pl' because it is using HTTP/0.9.
+This tests that loading of a plugin is blocked in a HTTP 0.9 response served over port 80. This test PASSED if you see content in the iframe below. Otherwise, it FAILED.
+
+
+
+--------
+Frame: '<!--framePath //<!--frame0-->-->'
+--------
+Plugin did not load.
</ins></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityhttp09defaultportpluginblockedhtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/security/http-0.9/default-port-plugin-blocked.html (0 => 208475)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/http-0.9/default-port-plugin-blocked.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/http-0.9/default-port-plugin-blocked.html 2016-11-09 21:17:45 UTC (rev 208475)
</span><span class="lines">@@ -0,0 +1,17 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<head>
+<script>
+if (window.testRunner) {
+ testRunner.dumpAsText();
+ testRunner.dumpChildFramesAsText();
+ if (window.internals)
+ internals.registerDefaultPortForProtocol(8000, "http");
+}
+</script>
+</head>
+<body>
+<p id="description">This tests that loading of a plugin is blocked in a HTTP 0.9 response served over port 80. This test PASSED if you see content in the iframe below. Otherwise, it FAILED.</p>
+<iframe src="resources/nph-load-plugin-fail.pl"></iframe>
+</body>
+</html>
</ins></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityhttp09defaultportscriptblockedexpectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/security/http-0.9/default-port-script-blocked-expected.txt (0 => 208475)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/http-0.9/default-port-script-blocked-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/security/http-0.9/default-port-script-blocked-expected.txt 2016-11-09 21:17:45 UTC (rev 208475)
</span><span class="lines">@@ -0,0 +1,12 @@
</span><ins>+CONSOLE MESSAGE: Sandboxing 'http://127.0.0.1:8000/security/http-0.9/resources/nph-alert-fail.pl' because it is using HTTP/0.9.
+CONSOLE MESSAGE: Sandboxing 'http://127.0.0.1:8000/security/http-0.9/resources/nph-alert-fail.pl' because it is using HTTP/0.9.
+CONSOLE MESSAGE: Sandboxing 'http://127.0.0.1:8000/security/http-0.9/resources/nph-alert-fail.pl' because it is using HTTP/0.9.
+CONSOLE MESSAGE: Blocked script execution in 'http://127.0.0.1:8000/security/http-0.9/resources/nph-alert-fail.pl' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
+This tests that JavaScript is blocked in a HTTP 0.9 response served over port 80. This test PASSED if you see content in the iframe below and do not see a JavaScript alert. Otherwise, it FAILED. This page and its subresources must be served over port 80 to run this test by hand.
+
+
+
+--------
+Frame: '<!--framePath //<!--frame0-->-->'
+--------
+This content should be visible, but script should not execute.
</ins></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityhttp09defaultportscriptblockedhtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/security/http-0.9/default-port-script-blocked.html (0 => 208475)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/http-0.9/default-port-script-blocked.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/http-0.9/default-port-script-blocked.html 2016-11-09 21:17:45 UTC (rev 208475)
</span><span class="lines">@@ -0,0 +1,17 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<head>
+<script>
+if (window.testRunner) {
+ testRunner.dumpAsText();
+ testRunner.dumpChildFramesAsText();
+ if (window.internals)
+ internals.registerDefaultPortForProtocol(8000, "http");
+}
+</script>
+</head>
+<body>
+<p id="description">This tests that JavaScript is blocked in a HTTP 0.9 response served over port 80. This test PASSED if you see content in the iframe below and do not see a JavaScript alert. Otherwise, it FAILED. This page and its subresources must be served over port 80 to run this test by hand.</p>
+<iframe src="resources/nph-alert-fail.pl"></iframe>
+</body>
+</html>
</ins></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityhttp09iframeblockedexpectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/security/http-0.9/iframe-blocked-expected.txt (0 => 208475)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/http-0.9/iframe-blocked-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/security/http-0.9/iframe-blocked-expected.txt 2016-11-09 21:17:45 UTC (rev 208475)
</span><span class="lines">@@ -0,0 +1,8 @@
</span><ins>+CONSOLE MESSAGE: Sandboxing 'http://127.0.0.1:8000/security/http-0.9/resources/nph-fail.pl' because it is using HTTP/0.9.
+CONSOLE MESSAGE: Stopped document load from 'http://127.0.0.1:8000/security/http-0.9/resources/nph-fail.pl' because it is using HTTP/0.9 on a non-default port.
+
+
+--------
+Frame: '<!--framePath //<!--frame0-->-->'
+--------
+
</ins></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityhttp09iframeblockedhtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/security/http-0.9/iframe-blocked.html (0 => 208475)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/http-0.9/iframe-blocked.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/http-0.9/iframe-blocked.html 2016-11-09 21:17:45 UTC (rev 208475)
</span><span class="lines">@@ -0,0 +1,14 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<head>
+<script>
+if (window.testRunner) {
+ testRunner.dumpAsText();
+ testRunner.dumpChildFramesAsText();
+}
+</script>
+</head>
+<body>
+<iframe src="resources/nph-fail.pl"></iframe>
+</body>
+</html>
</ins></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityhttp09imageblockedexpectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/security/http-0.9/image-blocked-expected.txt (0 => 208475)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/http-0.9/image-blocked-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/security/http-0.9/image-blocked-expected.txt 2016-11-09 21:17:45 UTC (rev 208475)
</span><span class="lines">@@ -0,0 +1,4 @@
</span><ins>+CONSOLE MESSAGE: Sandboxing 'http://127.0.0.1:8000/security/http-0.9/resources/nph-image.pl' because it is using HTTP/0.9.
+CONSOLE MESSAGE: Cancelled resource load from 'http://127.0.0.1:8000/security/http-0.9/resources/nph-image.pl' because it is using HTTP/0.9 and the document was loaded with a different HTTP version.
+ALERT: PASS
+
</ins></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityhttp09imageblockedhtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/security/http-0.9/image-blocked.html (0 => 208475)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/http-0.9/image-blocked.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/http-0.9/image-blocked.html 2016-11-09 21:17:45 UTC (rev 208475)
</span><span class="lines">@@ -0,0 +1,12 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<head>
+<script>
+if (window.testRunner)
+ testRunner.dumpAsText();
+</script>
+</head>
+<body>
+<img src="resources/nph-image.pl" onload="alert('FAIL')" onerror="alert('PASS')">
+</body>
+</html>
</ins></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityhttp09imageonHTTP09defaultportpageallowedexpectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/security/http-0.9/image-on-HTTP-0.9-default-port-page-allowed-expected.txt (0 => 208475)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/http-0.9/image-on-HTTP-0.9-default-port-page-allowed-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/security/http-0.9/image-on-HTTP-0.9-default-port-page-allowed-expected.txt 2016-11-09 21:17:45 UTC (rev 208475)
</span><span class="lines">@@ -0,0 +1,11 @@
</span><ins>+CONSOLE MESSAGE: Sandboxing 'http://127.0.0.1:8000/security/http-0.9/resources/nph-image-on-HTTP-0.9-default-port-page-allowed.pl' because it is using HTTP/0.9.
+CONSOLE MESSAGE: Sandboxing 'http://127.0.0.1:8000/security/http-0.9/resources/nph-image-on-HTTP-0.9-default-port-page-allowed.pl' because it is using HTTP/0.9.
+CONSOLE MESSAGE: Sandboxing 'http://127.0.0.1:8000/security/http-0.9/resources/nph-image-on-HTTP-0.9-default-port-page-allowed.pl' because it is using HTTP/0.9.
+CONSOLE MESSAGE: Sandboxing 'http://127.0.0.1:8000/security/http-0.9/resources/nph-image.pl' because it is using HTTP/0.9.
+CONSOLE MESSAGE: Sandboxing 'http://127.0.0.1:8000/security/http-0.9/resources/nph-image.pl' because it is using HTTP/0.9.
+
+
+--------
+Frame: '<!--framePath //<!--frame0-->-->'
+--------
+
</ins></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityhttp09imageonHTTP09defaultportpageallowedreftestexpectedhtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/security/http-0.9/image-on-HTTP-0.9-default-port-page-allowed-ref-test-expected.html (0 => 208475)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/http-0.9/image-on-HTTP-0.9-default-port-page-allowed-ref-test-expected.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/http-0.9/image-on-HTTP-0.9-default-port-page-allowed-ref-test-expected.html 2016-11-09 21:17:45 UTC (rev 208475)
</span><span class="lines">@@ -0,0 +1,6 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<body>
+<iframe srcdoc='<img src="resources/blue-square.png">'></iframe>
+</body>
+</html>
</ins></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityhttp09imageonHTTP09defaultportpageallowedreftesthtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/security/http-0.9/image-on-HTTP-0.9-default-port-page-allowed-ref-test.html (0 => 208475)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/http-0.9/image-on-HTTP-0.9-default-port-page-allowed-ref-test.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/http-0.9/image-on-HTTP-0.9-default-port-page-allowed-ref-test.html 2016-11-09 21:17:45 UTC (rev 208475)
</span><span class="lines">@@ -0,0 +1,12 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<head>
+<script>
+if (window.internals)
+ internals.registerDefaultPortForProtocol(8000, "http");
+</script>
+</head>
+<body>
+<iframe src="resources/nph-image-on-HTTP-0.9-default-port-page-allowed.pl"></iframe>
+</body>
+</html>
</ins></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityhttp09imageonHTTP09defaultportpageallowedhtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/security/http-0.9/image-on-HTTP-0.9-default-port-page-allowed.html (0 => 208475)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/http-0.9/image-on-HTTP-0.9-default-port-page-allowed.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/http-0.9/image-on-HTTP-0.9-default-port-page-allowed.html 2016-11-09 21:17:45 UTC (rev 208475)
</span><span class="lines">@@ -0,0 +1,16 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<head>
+<script>
+if (window.testRunner) {
+ testRunner.dumpAsText();
+ testRunner.dumpChildFramesAsText();
+ if (window.internals)
+ internals.registerDefaultPortForProtocol(8000, "http");
+}
+</script>
+</head>
+<body>
+<iframe src="resources/nph-image-on-HTTP-0.9-default-port-page-allowed.pl"></iframe>
+</body>
+</html>
</ins></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityhttp09imageonHTTP09pageblockedexpectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/security/http-0.9/image-on-HTTP-0.9-page-blocked-expected.txt (0 => 208475)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/http-0.9/image-on-HTTP-0.9-page-blocked-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/security/http-0.9/image-on-HTTP-0.9-page-blocked-expected.txt 2016-11-09 21:17:45 UTC (rev 208475)
</span><span class="lines">@@ -0,0 +1,11 @@
</span><ins>+CONSOLE MESSAGE: Sandboxing 'http://127.0.0.1:8000/security/http-0.9/resources/nph-image-on-HTTP-0.9-page-blocked.pl' because it is using HTTP/0.9.
+CONSOLE MESSAGE: Sandboxing 'http://127.0.0.1:8000/security/http-0.9/resources/nph-image-on-HTTP-0.9-page-blocked.pl' because it is using HTTP/0.9.
+CONSOLE MESSAGE: Sandboxing 'http://127.0.0.1:8000/security/http-0.9/resources/nph-image-on-HTTP-0.9-page-blocked.pl' because it is using HTTP/0.9.
+CONSOLE MESSAGE: Sandboxing 'http://127.0.0.1:8080/security/http-0.9/resources/nph-image.pl' because it is using HTTP/0.9.
+CONSOLE MESSAGE: Cancelled resource load from 'http://127.0.0.1:8080/security/http-0.9/resources/nph-image.pl' because it is using HTTP/0.9 on a non-default port.
+
+
+--------
+Frame: '<!--framePath //<!--frame0-->-->'
+--------
+
</ins></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityhttp09imageonHTTP09pageblockedhtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/security/http-0.9/image-on-HTTP-0.9-page-blocked.html (0 => 208475)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/http-0.9/image-on-HTTP-0.9-page-blocked.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/http-0.9/image-on-HTTP-0.9-page-blocked.html 2016-11-09 21:17:45 UTC (rev 208475)
</span><span class="lines">@@ -0,0 +1,16 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<head>
+<script>
+if (window.testRunner) {
+ testRunner.dumpAsText();
+ testRunner.dumpChildFramesAsText();
+ if (window.internals)
+ internals.registerDefaultPortForProtocol(8000, "http");
+}
+</script>
+</head>
+<body>
+<iframe src="resources/nph-image-on-HTTP-0.9-page-blocked.pl"></iframe>
+</body>
+</html>
</ins></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityhttp09resourcesbluesquarepng"></a>
<div class="binary"><h4>Added: trunk/LayoutTests/http/tests/security/http-0.9/resources/blue-square.png</h4>
<pre class="diff"><span>
<span class="cx">(Binary files differ)
</span></span></pre></div>
<span class="cx">Index: trunk/LayoutTests/http/tests/security/http-0.9/resources/blue-square.png
</span><span class="cx">===================================================================
</span><del>--- trunk/LayoutTests/http/tests/security/http-0.9/resources/blue-square.png 2016-11-09 21:16:44 UTC (rev 208474)
</del><ins>+++ trunk/LayoutTests/http/tests/security/http-0.9/resources/blue-square.png 2016-11-09 21:17:45 UTC (rev 208475)
</ins><span class="cx">Property changes on: trunk/LayoutTests/http/tests/security/http-0.9/resources/blue-square.png
</span><span class="cx">___________________________________________________________________
</span><a id="svnmimetype"></a>
<div class="addfile"><h4>Added: svn:mime-type</h4></div>
<ins>+image/png
</ins><span class="cx">\ No newline at end of property
</span><a id="trunkLayoutTestshttptestssecurityhttp09resourcesnphalertfailpl"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/security/http-0.9/resources/nph-alert-fail.pl (0 => 208475)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/http-0.9/resources/nph-alert-fail.pl (rev 0)
+++ trunk/LayoutTests/http/tests/security/http-0.9/resources/nph-alert-fail.pl 2016-11-09 21:17:45 UTC (rev 208475)
</span><span class="lines">@@ -0,0 +1,12 @@
</span><ins>+#!/usr/bin/perl
+# This script relies on its nph- filename to invoke the CGI non-parsed-header facility.
+
+print <<'EOF';
+<!DOCTYPE html>
+<html>
+<body>
+<p>This content should be visible, but script should not execute.</p>
+<script>alert("FAIL")</script>
+</body>
+</html>
+EOF
</ins><span class="cx">Property changes on: trunk/LayoutTests/http/tests/security/http-0.9/resources/nph-alert-fail.pl
</span><span class="cx">___________________________________________________________________
</span></span></pre></div>
<a id="svnexecutable"></a>
<div class="addfile"><h4>Added: svn:executable</h4></div>
<ins>+*
</ins><span class="cx">\ No newline at end of property
</span><a id="trunkLayoutTestshttptestssecurityhttp09resourcesnphfailpl"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/security/http-0.9/resources/nph-fail.pl (0 => 208475)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/http-0.9/resources/nph-fail.pl (rev 0)
+++ trunk/LayoutTests/http/tests/security/http-0.9/resources/nph-fail.pl 2016-11-09 21:17:45 UTC (rev 208475)
</span><span class="lines">@@ -0,0 +1,5 @@
</span><ins>+#!/usr/bin/perl
+# This script relies on its nph- filename to invoke the CGI non-parsed-header facility.
+
+# We emit two newline characters to signal the end of a text/plain response without HTTP headers.
+print "FAIL\n\n";
</ins><span class="cx">Property changes on: trunk/LayoutTests/http/tests/security/http-0.9/resources/nph-fail.pl
</span><span class="cx">___________________________________________________________________
</span></span></pre></div>
<a id="svnexecutable"></a>
<div class="addfile"><h4>Added: svn:executable</h4></div>
<ins>+*
</ins><span class="cx">\ No newline at end of property
</span><a id="trunkLayoutTestshttptestssecurityhttp09resourcesnphimageonHTTP09defaultportpageallowedpl"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/security/http-0.9/resources/nph-image-on-HTTP-0.9-default-port-page-allowed.pl (0 => 208475)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/http-0.9/resources/nph-image-on-HTTP-0.9-default-port-page-allowed.pl (rev 0)
+++ trunk/LayoutTests/http/tests/security/http-0.9/resources/nph-image-on-HTTP-0.9-default-port-page-allowed.pl 2016-11-09 21:17:45 UTC (rev 208475)
</span><span class="lines">@@ -0,0 +1,11 @@
</span><ins>+#!/usr/bin/perl
+# This script relies on its nph- filename to invoke the CGI non-parsed-header facility.
+
+print <<'EOF';
+<!DOCTYPE html>
+<html>
+<body>
+<img src="http://127.0.0.1:8000/security/http-0.9/resources/nph-image.pl">
+</body>
+</html>
+EOF
</ins><span class="cx">Property changes on: trunk/LayoutTests/http/tests/security/http-0.9/resources/nph-image-on-HTTP-0.9-default-port-page-allowed.pl
</span><span class="cx">___________________________________________________________________
</span></span></pre></div>
<a id="svnexecutable"></a>
<div class="addfile"><h4>Added: svn:executable</h4></div>
<ins>+*
</ins><span class="cx">\ No newline at end of property
</span><a id="trunkLayoutTestshttptestssecurityhttp09resourcesnphimageonHTTP09pageblockedpl"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/security/http-0.9/resources/nph-image-on-HTTP-0.9-page-blocked.pl (0 => 208475)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/http-0.9/resources/nph-image-on-HTTP-0.9-page-blocked.pl (rev 0)
+++ trunk/LayoutTests/http/tests/security/http-0.9/resources/nph-image-on-HTTP-0.9-page-blocked.pl 2016-11-09 21:17:45 UTC (rev 208475)
</span><span class="lines">@@ -0,0 +1,11 @@
</span><ins>+#!/usr/bin/perl
+# This script relies on its nph- filename to invoke the CGI non-parsed-header facility.
+
+print <<'EOF';
+<!DOCTYPE html>
+<html>
+<body>
+<img src="http://127.0.0.1:8080/security/http-0.9/resources/nph-image.pl">
+</body>
+</html>
+EOF
</ins><span class="cx">Property changes on: trunk/LayoutTests/http/tests/security/http-0.9/resources/nph-image-on-HTTP-0.9-page-blocked.pl
</span><span class="cx">___________________________________________________________________
</span></span></pre></div>
<a id="svnexecutable"></a>
<div class="addfile"><h4>Added: svn:executable</h4></div>
<ins>+*
</ins><span class="cx">\ No newline at end of property
</span><a id="trunkLayoutTestshttptestssecurityhttp09resourcesnphimagepl"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/security/http-0.9/resources/nph-image.pl (0 => 208475)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/http-0.9/resources/nph-image.pl (rev 0)
+++ trunk/LayoutTests/http/tests/security/http-0.9/resources/nph-image.pl 2016-11-09 21:17:45 UTC (rev 208475)
</span><span class="lines">@@ -0,0 +1,17 @@
</span><ins>+#!/usr/bin/perl
+# This script relies on its nph- filename to invoke the CGI non-parsed-header facility.
+
+use strict;
+use warnings;
+
+use MIME::Base64;
+
+my $blueSquare = <<'EOF';
+iVBORw0KGgoAAAANSUhEUgAAAGQAAABkAQMAAABKLAcXAAAAFmlUWHRYTUw6Y29tLmFkb2JlLnht
+cAAAAAAAaEZ+GgAAAAZQTFRFAAD/AAAAe2K/PgAAABl0RVh0U29mdHdhcmUAR3JhcGhpY0NvbnZl
+cnRlcjVdSO4AAAA1SURBVHicYmCgK2Ckr3VogJ8GKgcTIDd0h6ZvRzIY2Hw0sACf35nI1Ecd20kA
+AAAAAP//AwDMaQA2EUO6XAAAAABJRU5ErkJggg==
+EOF
+$blueSquare =~ s/\n//g;
+
+print decode_base64($blueSquare);
</ins><span class="cx">Property changes on: trunk/LayoutTests/http/tests/security/http-0.9/resources/nph-image.pl
</span><span class="cx">___________________________________________________________________
</span></span></pre></div>
<a id="svnexecutable"></a>
<div class="addfile"><h4>Added: svn:executable</h4></div>
<ins>+*
</ins><span class="cx">\ No newline at end of property
</span><a id="trunkLayoutTestshttptestssecurityhttp09resourcesnphloadpluginfailpl"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/security/http-0.9/resources/nph-load-plugin-fail.pl (0 => 208475)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/http-0.9/resources/nph-load-plugin-fail.pl (rev 0)
+++ trunk/LayoutTests/http/tests/security/http-0.9/resources/nph-load-plugin-fail.pl 2016-11-09 21:17:45 UTC (rev 208475)
</span><span class="lines">@@ -0,0 +1,11 @@
</span><ins>+#!/usr/bin/perl
+# This script relies on its nph- filename to invoke the CGI non-parsed-header facility.
+
+print <<'EOF';
+<!DOCTYPE html>
+<html>
+<body>
+<embed type="application/x-webkit-test-netscape">Plugin did not load.</embed>
+</body>
+</html>
+EOF
</ins><span class="cx">Property changes on: trunk/LayoutTests/http/tests/security/http-0.9/resources/nph-load-plugin-fail.pl
</span><span class="cx">___________________________________________________________________
</span></span></pre></div>
<a id="svnexecutable"></a>
<div class="addfile"><h4>Added: svn:executable</h4></div>
<ins>+*
</ins><span class="cx">\ No newline at end of property
</span><a id="trunkLayoutTestshttptestssecurityhttp09resourcesnphworkerfailpl"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/security/http-0.9/resources/nph-worker-fail.pl (0 => 208475)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/http-0.9/resources/nph-worker-fail.pl (rev 0)
+++ trunk/LayoutTests/http/tests/security/http-0.9/resources/nph-worker-fail.pl 2016-11-09 21:17:45 UTC (rev 208475)
</span><span class="lines">@@ -0,0 +1,5 @@
</span><ins>+#!/usr/bin/perl
+# This script relies on its nph- filename to invoke the CGI non-parsed-header facility.
+
+# We emit two newline characters to signal the end of the response without HTTP headers.
+print "postMessage('FAIL');\n\n";
</ins><span class="cx">Property changes on: trunk/LayoutTests/http/tests/security/http-0.9/resources/nph-worker-fail.pl
</span><span class="cx">___________________________________________________________________
</span></span></pre></div>
<a id="svnexecutable"></a>
<div class="addfile"><h4>Added: svn:executable</h4></div>
<ins>+*
</ins><span class="cx">\ No newline at end of property
</span><a id="trunkLayoutTestshttptestssecurityhttp09workerconnectsrcblockedexpectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/security/http-0.9/worker-connect-src-blocked-expected.txt (0 => 208475)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/http-0.9/worker-connect-src-blocked-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/security/http-0.9/worker-connect-src-blocked-expected.txt 2016-11-09 21:17:45 UTC (rev 208475)
</span><span class="lines">@@ -0,0 +1,4 @@
</span><ins>+CONSOLE MESSAGE: Sandboxing 'http://127.0.0.1:8000/security/http-0.9/resources/nph-worker-fail.pl' because it is using HTTP/0.9.
+CONSOLE MESSAGE: Cancelled resource load from 'http://127.0.0.1:8000/security/http-0.9/resources/nph-worker-fail.pl' because it is using HTTP/0.9 and the document was loaded with a different HTTP version.
+ALERT: PASS
+
</ins></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityhttp09workerconnectsrcblockedhtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/security/http-0.9/worker-connect-src-blocked.html (0 => 208475)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/http-0.9/worker-connect-src-blocked.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/http-0.9/worker-connect-src-blocked.html 2016-11-09 21:17:45 UTC (rev 208475)
</span><span class="lines">@@ -0,0 +1,25 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<head>
+<script>
+if (window.testRunner) {
+ testRunner.dumpAsText();
+ testRunner.waitUntilDone();
+}
+</script>
+</head>
+<body>
+<script>
+var worker = new Worker("resources/nph-worker-fail.pl");
+worker.onmessage = () => { alertAndDone("FAIL"); }
+worker.onerror = () => { alertAndDone("PASS"); }
+
+function alertAndDone(message)
+{
+ alert(message);
+ if (window.testRunner)
+ testRunner.notifyDone();
+}
+</script>
+</body>
+</html>
</ins></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityhttp09workerimportScriptsblockedexpectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/security/http-0.9/worker-importScripts-blocked-expected.txt (0 => 208475)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/http-0.9/worker-importScripts-blocked-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/security/http-0.9/worker-importScripts-blocked-expected.txt 2016-11-09 21:17:45 UTC (rev 208475)
</span><span class="lines">@@ -0,0 +1,4 @@
</span><ins>+CONSOLE MESSAGE: Sandboxing 'http://127.0.0.1:8000/security/http-0.9/resources/nph-worker-fail.pl' because it is using HTTP/0.9.
+CONSOLE MESSAGE: Cancelled resource load from 'http://127.0.0.1:8000/security/http-0.9/resources/nph-worker-fail.pl' because it is using HTTP/0.9 and the document was loaded with a different HTTP version.
+ALERT: PASS
+
</ins></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityhttp09workerimportScriptsblockedhtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/security/http-0.9/worker-importScripts-blocked.html (0 => 208475)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/http-0.9/worker-importScripts-blocked.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/http-0.9/worker-importScripts-blocked.html 2016-11-09 21:17:45 UTC (rev 208475)
</span><span class="lines">@@ -0,0 +1,32 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<head>
+<script>
+if (window.testRunner) {
+ testRunner.dumpAsText();
+ testRunner.waitUntilDone();
+}
+</script>
+</head>
+<body>
+<script>
+var script = [
+ 'try {',
+ ' importScripts("http://127.0.0.1:8000/security/http-0.9/resources/nph-worker-fail.pl");',
+ '} catch (e) {',
+ ' postMessage("PASS");',
+ '}',
+].join("\n");
+
+var worker = new Worker(window.URL.createObjectURL(new Blob([script])));
+worker.onmessage = (messageEvent) => { alertAndDone(messageEvent.data); }
+
+function alertAndDone(message)
+{
+ alert(message);
+ if (window.testRunner)
+ testRunner.notifyDone();
+}
+</script>
+</body>
+</html>
</ins></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityhttp09xhrasynchronousblockedexpectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/security/http-0.9/xhr-asynchronous-blocked-expected.txt (0 => 208475)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/http-0.9/xhr-asynchronous-blocked-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/security/http-0.9/xhr-asynchronous-blocked-expected.txt 2016-11-09 21:17:45 UTC (rev 208475)
</span><span class="lines">@@ -0,0 +1,4 @@
</span><ins>+CONSOLE MESSAGE: Sandboxing 'http://127.0.0.1:8000/security/http-0.9/resources/nph-fail.pl' because it is using HTTP/0.9.
+CONSOLE MESSAGE: Cancelled resource load from 'http://127.0.0.1:8000/security/http-0.9/resources/nph-fail.pl' because it is using HTTP/0.9 and the document was loaded with a different HTTP version.
+ALERT: PASS
+
</ins></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityhttp09xhrasynchronousblockedhtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/security/http-0.9/xhr-asynchronous-blocked.html (0 => 208475)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/http-0.9/xhr-asynchronous-blocked.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/http-0.9/xhr-asynchronous-blocked.html 2016-11-09 21:17:45 UTC (rev 208475)
</span><span class="lines">@@ -0,0 +1,31 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<head>
+<script>
+if (window.testRunner) {
+ testRunner.dumpAsText();
+ testRunner.waitUntilDone();
+}
+</script>
+</head>
+<body>
+<script>
+const isAsynchronous = true;
+var xhr = new XMLHttpRequest;
+xhr.open("GET", "resources/nph-fail.pl", isAsynchronous);
+xhr.onload = () => { alertAndDone("FAIL"); }
+xhr.onerror = () => {
+ // FIXME: Assert that a specific error occurred.
+ alertAndDone("PASS");
+}
+xhr.send();
+
+function alertAndDone(message)
+{
+ alert(message);
+ if (window.testRunner)
+ testRunner.notifyDone();
+}
+</script>
+</body>
+</html>
</ins></span></pre></div>
<a id="trunkSourceWebCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/ChangeLog (208474 => 208475)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/ChangeLog 2016-11-09 21:16:44 UTC (rev 208474)
+++ trunk/Source/WebCore/ChangeLog 2016-11-09 21:17:45 UTC (rev 208475)
</span><span class="lines">@@ -1,3 +1,49 @@
</span><ins>+2016-11-09 Daniel Bates <dabates@apple.com>
+
+ Add test infrastructure and tests for existing HTTP 0.9 sandbox machinery
+ https://bugs.webkit.org/show_bug.cgi?id=164389
+ <rdar://problem/29101072>
+
+ Reviewed by Alex Christensen.
+
+ Add test infrastructure to support registering an arbitrary port as the default port
+ for a protocol. The behavior of various machinery, including the HTTP 0.9 machinery,
+ can be effected by whether the resource request was made using the default port for
+ the protocol. We expose window.internals.registerDefaultPortForProtocol() to allow
+ a test to override the default port associated with a protocol so as to support
+ testing these code paths using the existing port 8000 server started by run-webkit-httpd.
+ Without window.internals.registerDefaultPortForProtocol() we would need to teach
+ run-webkit-httpd to run a web server on port 80, which requires superuser privileges
+ (since it is a privileged port number) and is more likely to interfere with an
+ existing web server setup.
+
+ Tests: http/tests/security/http-0.9/default-port-plugin-blocked.html
+ http/tests/security/http-0.9/default-port-script-blocked.html
+ http/tests/security/http-0.9/iframe-blocked.html
+ http/tests/security/http-0.9/image-blocked.html
+ http/tests/security/http-0.9/image-on-HTTP-0.9-default-port-page-allowed-ref-test.html
+ http/tests/security/http-0.9/image-on-HTTP-0.9-default-port-page-allowed.html
+ http/tests/security/http-0.9/image-on-HTTP-0.9-page-blocked.html
+ http/tests/security/http-0.9/worker-connect-src-blocked.html
+ http/tests/security/http-0.9/worker-importScripts-blocked.html
+ http/tests/security/http-0.9/xhr-asynchronous-blocked.html
+
+ * platform/URL.cpp:
+ (WebCore::defaultPortForProtocolMapForTesting): Added.
+ (WebCore::registerDefaultPortForProtocolForTesting): Adds the specified (protocol, port) to the
+ mapping used for testing.
+ (WebCore::clearDefaultPortForProtocolMapForTesting): Clears the protocol to default port testing map.
+ We call this function from Internals::resetToConsistentState() so that the mapping is cleared between
+ test runs.
+ (WebCore::defaultPortForProtocol): Modified to check the protocol to default port map for testing
+ before consulting URLParser::defaultPortForProtocol().
+ * platform/URL.h:
+ * testing/Internals.cpp:
+ (WebCore::Internals::resetToConsistentState): Clear the default port mapping used for testing.
+ (WebCore::Internals::registerDefaultPortForProtocol): Added.
+ * testing/Internals.h:
+ * testing/Internals.idl: Added declaration for registerDefaultPortForProtocol().
+
</ins><span class="cx"> 2016-11-09 Sam Weinig <sam@webkit.org>
</span><span class="cx">
</span><span class="cx"> [WebIDL] Add proper parsing for Promises
</span></span></pre></div>
<a id="trunkSourceWebCoreplatformURLcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/platform/URL.cpp (208474 => 208475)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/platform/URL.cpp 2016-11-09 21:16:44 UTC (rev 208474)
+++ trunk/Source/WebCore/platform/URL.cpp 2016-11-09 21:17:45 UTC (rev 208475)
</span><span class="lines">@@ -800,8 +800,29 @@
</span><span class="cx">
</span><span class="cx"> #endif
</span><span class="cx">
</span><ins>+using DefaultPortForProtocolMapForTesting = HashMap<String, uint16_t>;
+static DefaultPortForProtocolMapForTesting& defaultPortForProtocolMapForTesting()
+{
+ static NeverDestroyed<DefaultPortForProtocolMapForTesting> defaultPortForProtocolMap;
+ return defaultPortForProtocolMap;
+}
+
+void registerDefaultPortForProtocolForTesting(uint16_t port, const String& protocol)
+{
+ defaultPortForProtocolMapForTesting().add(protocol, port);
+}
+
+void clearDefaultPortForProtocolMapForTesting()
+{
+ defaultPortForProtocolMapForTesting().clear();
+}
+
</ins><span class="cx"> Optional<uint16_t> defaultPortForProtocol(StringView protocol)
</span><span class="cx"> {
</span><ins>+ const auto& defaultPortForProtocolMap = defaultPortForProtocolMapForTesting();
+ auto iterator = defaultPortForProtocolMap.find(protocol.toStringWithoutCopying());
+ if (iterator != defaultPortForProtocolMap.end())
+ return iterator->value;
</ins><span class="cx"> return URLParser::defaultPortForProtocol(protocol);
</span><span class="cx"> }
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceWebCoreplatformURLh"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/platform/URL.h (208474 => 208475)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/platform/URL.h 2016-11-09 21:16:44 UTC (rev 208474)
+++ trunk/Source/WebCore/platform/URL.h 2016-11-09 21:17:45 UTC (rev 208475)
</span><span class="lines">@@ -315,6 +315,9 @@
</span><span class="cx"> WEBCORE_EXPORT bool isDefaultPortForProtocol(uint16_t port, StringView protocol);
</span><span class="cx"> WEBCORE_EXPORT bool portAllowed(const URL&); // Blacklist ports that should never be used for Web resources.
</span><span class="cx">
</span><ins>+WEBCORE_EXPORT void registerDefaultPortForProtocolForTesting(uint16_t port, const String& protocol);
+WEBCORE_EXPORT void clearDefaultPortForProtocolMapForTesting();
+
</ins><span class="cx"> bool isValidProtocol(const String&);
</span><span class="cx">
</span><span class="cx"> String mimeTypeFromDataURL(const String& url);
</span></span></pre></div>
<a id="trunkSourceWebCoretestingInternalscpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/testing/Internals.cpp (208474 => 208475)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/testing/Internals.cpp 2016-11-09 21:16:44 UTC (rev 208474)
+++ trunk/Source/WebCore/testing/Internals.cpp 2016-11-09 21:17:45 UTC (rev 208475)
</span><span class="lines">@@ -375,6 +375,7 @@
</span><span class="cx"> #endif
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ WebCore::clearDefaultPortForProtocolMapForTesting();
</ins><span class="cx"> WebCore::overrideUserPreferredLanguages(Vector<String>());
</span><span class="cx"> WebCore::Settings::setUsesOverlayScrollbars(false);
</span><span class="cx"> WebCore::Settings::setUsesMockScrollAnimator(false);
</span><span class="lines">@@ -2170,6 +2171,11 @@
</span><span class="cx"> SchemeRegistry::removeURLSchemeRegisteredAsBypassingContentSecurityPolicy(scheme);
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+void Internals::registerDefaultPortForProtocol(unsigned short port, const String& protocol)
+{
+ registerDefaultPortForProtocolForTesting(port, protocol);
+}
+
</ins><span class="cx"> Ref<MallocStatistics> Internals::mallocStatistics() const
</span><span class="cx"> {
</span><span class="cx"> return MallocStatistics::create();
</span></span></pre></div>
<a id="trunkSourceWebCoretestingInternalsh"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/testing/Internals.h (208474 => 208475)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/testing/Internals.h 2016-11-09 21:16:44 UTC (rev 208474)
+++ trunk/Source/WebCore/testing/Internals.h 2016-11-09 21:17:45 UTC (rev 208475)
</span><span class="lines">@@ -314,6 +314,8 @@
</span><span class="cx"> void registerURLSchemeAsBypassingContentSecurityPolicy(const String& scheme);
</span><span class="cx"> void removeURLSchemeRegisteredAsBypassingContentSecurityPolicy(const String& scheme);
</span><span class="cx">
</span><ins>+ void registerDefaultPortForProtocol(unsigned short port, const String& protocol);
+
</ins><span class="cx"> Ref<MallocStatistics> mallocStatistics() const;
</span><span class="cx"> Ref<TypeConversions> typeConversions() const;
</span><span class="cx"> Ref<MemoryInfo> memoryInfo() const;
</span></span></pre></div>
<a id="trunkSourceWebCoretestingInternalsidl"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/testing/Internals.idl (208474 => 208475)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/testing/Internals.idl 2016-11-09 21:16:44 UTC (rev 208474)
+++ trunk/Source/WebCore/testing/Internals.idl 2016-11-09 21:17:45 UTC (rev 208475)
</span><span class="lines">@@ -304,6 +304,8 @@
</span><span class="cx"> void registerURLSchemeAsBypassingContentSecurityPolicy(DOMString scheme);
</span><span class="cx"> void removeURLSchemeRegisteredAsBypassingContentSecurityPolicy(DOMString scheme);
</span><span class="cx">
</span><ins>+ void registerDefaultPortForProtocol(unsigned short port, DOMString scheme);
+
</ins><span class="cx"> MallocStatistics mallocStatistics();
</span><span class="cx"> TypeConversions typeConversions();
</span><span class="cx"> MemoryInfo memoryInfo();
</span></span></pre>
</div>
</div>
</body>
</html>