[Webkit-unassigned] [Bug 69700] New: [Qt] http/tests/security/xss-DENIED-xsl-document-securityOrigin.xml fails

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sat Oct 8 05:56:25 PDT 2011


https://bugs.webkit.org/show_bug.cgi?id=69700

           Summary: [Qt]
                    http/tests/security/xss-DENIED-xsl-document-securityOr
                    igin.xml fails
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: All
        OS/Version: All
            Status: NEW
          Keywords: Qt, QtTriaged
          Severity: Critical
          Priority: P1
         Component: Tools / Tests
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: ossy at webkit.org
                CC: abarth at webkit.org, vestbo at webkit.org,
                    serg.glazunov at gmail.com


http/tests/security/xss-DENIED-xsl-document-securityOrigin.xml introduced in 
http://trac.webkit.org/changeset/96984 (https://bugs.webkit.org/show_bug.cgi?id=69661),
but fails on the Qt bot:

--- /ramdisk/qt-linux-release/build/layout-test-results/http/tests/security/xss-DENIED-xsl-document-securityOrigin-expected.txt 
+++ /ramdisk/qt-linux-release/build/layout-test-results/http/tests/security/xss-DENIED-xsl-document-securityOrigin-actual.txt 
@@ -1,3 +1,4 @@
-CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8080/security/resources/innocent-victim.html from frame with URL about:blank. Domains, protocols and ports must match.
-
-This test passes if it doesn't alert the contents of innocent-victim.html.  
+CONSOLE MESSAGE: line 2: <html xmlns='http://www.w3.org/1999/xhtml/'><body><p>Running an XSL-T 1.0 stylesheet with a 2.0 processor.</p></body></html>
+CONSOLE MESSAGE: line 2: <html xmlns='http://www.w3.org/1999/xhtml/'><body><p>Running an XSL-T 1.0 stylesheet with a 2.0 processor.</p></body></html>
+FAIL: Timed out waiting for notifyDone to be called
+This test passes if it doesn't alert the contents of innocent-victim.html. 

bug69661 is security bug, so I can't comment it, but I cc-ed the author 
(Sergey), the reviewer (Adam) and a member of security
group from Nokia (Tor Arne).

Could you check if it is a security problem on Qt or not?

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.



More information about the webkit-unassigned mailing list