[Webkit-unassigned] [Bug 16855] New: Multiple correctness issues with javascript URLs

[bugzilla-daemon at webkit.org]

http://bugs.webkit.org/show_bug.cgi?id=16855

           Summary: Multiple correctness issues with javascript URLs
           Product: WebKit
           Version: 525+ (Nightly build)
          Platform: All
               URL: http://crypto.stanford.edu/~abarth/research/webkit/jstes
                    ts/
        OS/Version: All
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Frames
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: hk9565 at gmail.com
                CC: mitz at webkit.org, webkit at collinjackson.com


WebKit's implementation of javascript URLs has a number of bugs:

1) Targeted hyperlinks and forms to javascript URLs do not run in the targeted
window.  (Instead, the run in the window with the hyperlink or form.)  Note, be
careful to check that the active frame is allowed to script the target frame
before executing these javascript URLs.

2) javascript URL only replace the current document if they return a primitive
string.  They should replace the document if they return a non-undefined value.

3) As of r29432, some methods of invoking javascript URLs do not replaced the
document when they return a value.

4) One implementation of FrameLoader::urlSelected executes javascript: URLs,
but the other does not.  I don't know how to poke this, but it seems like a
bug.

I'll attach LayoutTests shortly (They are also hosted at
<http://crypto.stanford.edu/~abarth/research/webkit/jstests/>).  Compare their
behavior in WebKit to their behavior in Firefox and IE7.


-- 
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.