diff options
| author | Simon Hausmann <simon.hausmann@nokia.com> | 2010-07-09 08:01:30 (GMT) |
|---|---|---|
| committer | Simon Hausmann <simon.hausmann@nokia.com> | 2010-07-09 08:01:30 (GMT) |
| commit | 5c50c6a782b127442c3fa748b3dd4d1007db69dc (patch) | |
| tree | e0f8c328a21d6197940f864104578de4ce2ceb10 /src/3rdparty/webkit/WebCore/platform | |
| parent | 75c5bc5f7efd5f7055b689a244147e69733280a4 (diff) | |
| download | Qt-5c50c6a782b127442c3fa748b3dd4d1007db69dc.zip Qt-5c50c6a782b127442c3fa748b3dd4d1007db69dc.tar.gz Qt-5c50c6a782b127442c3fa748b3dd4d1007db69dc.tar.bz2 | |
Updated WebKit to ad96ca2f9b57271da4ea7432022ac686ee0981c2
Integrated changes:
|| <https://webkit.org/b/37760> || FrameView's layout root can be detached by style recalc ||
|| <https://webkit.org/b/38922> || innerHTML decompilation issues in textarea ||
|| <https://webkit.org/b/36878> || REGRESSION: Trailing colon on hostnames (with no port specified) causes "Not allowed to use restricted network port" ||
|| <https://webkit.org/b/37781> || [XHR] Cross-Origin synchronous request with credential raises NETWORK_ERR ||
|| <https://webkit.org/b/36502> || Cross-origin bypass: iFrame.src can be set to a JavaScript URL via nodeValue or textContent ||
|| <https://webkit.org/b/28697> || WebKit crash on WebCore::Node::nodeIndex() ||
|| <https://webkit.org/b/37031> || Cross-origin bypass: Javascript URL can be set as iframe.src via multiple DOM aliases ||
|| <https://webkit.org/b/36522> || [Qt] Rename QWebSettings::XSSAuditorEnabled to XSSAuditingEnabled ||
|| <https://webkit.org/b/38583> || Use of stale pointers whilst normalizing DOM nodes with mutation event handlers that modify element attributes ||
|| <https://webkit.org/b/41412> || [Qt] Canvas arcTo() should draw straight line to p1 if p0, p1 and p2 are collinear ||
|| <https://webkit.org/b/39878> || [Qt]: REGRESSION(r58703): QWebSettings::JavascriptCanAccessClipboard has wrong case in "Javascript" part. ||
|| <https://webkit.org/b/26824> || focus() behavior permits keystrokes to be redirected across domains ||
|| <https://webkit.org/b/39508> || Crash in WebCore::toAlphabetic() while running MangleMe ||
|| <https://webkit.org/b/36571> || WebKit should treat port numbers outside of the valid range as being blacklisted ||
|| <https://webkit.org/b/38497> || Make sure that http URLs always have a host in SecurityOrigin ||
|| <https://webkit.org/b/38626> || ZDI-CAN-765: CSS Charset Text Transformation Vulnerability ||
|| <https://webkit.org/b/36838> || Cross-origin image theft via SVGs as a canvas pattern ||
|| <https://webkit.org/b/27751> || [sg:high] Copying text to the system clipboard can be done in any context ||
|| <https://webkit.org/b/36843> || REGRESSION (r47291): XHR allows arbitrary XSRF across domains ||
|| <https://webkit.org/b/37230> || REGRESSION (4.0.5): Safari asks for credentials all the time when authenticating to Windows IIS Server ||
|| <https://webkit.org/b/37618> || Memory Corruption with Drag-Drop item from a purged document. ||
|| <https://webkit.org/b/38260> || Frame.src allows javascript URLs with starting spaces ||
|| <https://webkit.org/b/38261> || Table layout crash bug ||
Diffstat (limited to 'src/3rdparty/webkit/WebCore/platform')
4 files changed, 46 insertions, 26 deletions
diff --git a/src/3rdparty/webkit/WebCore/platform/KURL.cpp b/src/3rdparty/webkit/WebCore/platform/KURL.cpp index 40adfbc..3c8d50f 100644 --- a/src/3rdparty/webkit/WebCore/platform/KURL.cpp +++ b/src/3rdparty/webkit/WebCore/platform/KURL.cpp @@ -215,6 +215,9 @@ static const unsigned char characterClassTable[256] = { /* 252 */ BadChar, /* 253 */ BadChar, /* 254 */ BadChar, /* 255 */ BadChar }; +static const unsigned maximumValidPortNumber = 0xFFFE; +static const unsigned invalidPortNumber = 0xFFFF; + static int copyPathRemovingDots(char* dst, const char* src, int srcStart, int srcEnd); static void encodeRelativeString(const String& rel, const TextEncoding&, CharBuffer& ouput); static String substituteBackslashes(const String&); @@ -573,12 +576,17 @@ String KURL::host() const unsigned short KURL::port() const { - if (m_hostEnd == m_portEnd) + // We return a port of 0 if there is no port specified. This can happen in two situations: + // 1) The URL contains no colon after the host name and before the path component of the URL. + // 2) The URL contains a colon but there's no port number before the path component of the URL begins. + if (m_hostEnd == m_portEnd || m_hostEnd == m_portEnd - 1) return 0; - int number = m_string.substring(m_hostEnd + 1, m_portEnd - m_hostEnd - 1).toInt(); - if (number < 0 || number > 0xFFFF) - return 0; + const UChar* stringData = m_string.characters(); + bool ok = false; + unsigned number = charactersToUIntStrict(stringData + m_hostEnd + 1, m_portEnd - m_hostEnd - 1, &ok); + if (!ok || number > maximumValidPortNumber) + return invalidPortNumber; return number; } @@ -1757,7 +1765,7 @@ bool portAllowed(const KURL& url) 6667, // Standard IRC [Apple addition] 6668, // Alternate IRC [Apple addition] 6669, // Alternate IRC [Apple addition] - + invalidPortNumber, // Used to block all invalid port numbers }; const unsigned short* const blockedPortListEnd = blockedPortList + sizeof(blockedPortList) / sizeof(blockedPortList[0]); diff --git a/src/3rdparty/webkit/WebCore/platform/KURLGoogle.cpp b/src/3rdparty/webkit/WebCore/platform/KURLGoogle.cpp index 8be7009..10b9bb8 100644 --- a/src/3rdparty/webkit/WebCore/platform/KURLGoogle.cpp +++ b/src/3rdparty/webkit/WebCore/platform/KURLGoogle.cpp @@ -57,6 +57,8 @@ using std::binary_search; namespace WebCore { +static const unsigned invalidPortNumber = 0xFFFF; + // Wraps WebCore's text encoding in a character set converter for the // canonicalizer. class KURLCharsetConverter : public url_canon::CharsetConverter { @@ -499,7 +501,7 @@ String KURL::host() const unsigned short KURL::port() const { if (!m_url.m_isValid || m_url.m_parsed.port.len <= 0) - return 0; + return invalidPortNumber; int port = url_parse::ParsePort(m_url.utf8String().data(), m_url.m_parsed.port); if (port == url_parse::PORT_UNSPECIFIED) return 0; @@ -853,6 +855,12 @@ bool portAllowed(const KURL& url) 3659, // apple-sasl / PasswordServer [Apple addition] 4045, // lockd 6000, // X11 + 6665, // Alternate IRC [Apple addition] + 6666, // Alternate IRC [Apple addition] + 6667, // Standard IRC [Apple addition] + 6668, // Alternate IRC [Apple addition] + 6669, // Alternate IRC [Apple addition] + invalidPortNumber, // Used to block all invalid port numbers }; const unsigned short* const blockedPortListEnd = blockedPortList + sizeof(blockedPortList) / sizeof(blockedPortList[0]); diff --git a/src/3rdparty/webkit/WebCore/platform/graphics/qt/PathQt.cpp b/src/3rdparty/webkit/WebCore/platform/graphics/qt/PathQt.cpp index a7351a0..c96fe25 100644 --- a/src/3rdparty/webkit/WebCore/platform/graphics/qt/PathQt.cpp +++ b/src/3rdparty/webkit/WebCore/platform/graphics/qt/PathQt.cpp @@ -69,23 +69,31 @@ Path& Path::operator=(const Path& other) return *this; } +static inline bool areCollinear(const QPointF& a, const QPointF& b, const QPointF& c) +{ + // Solved from comparing the slopes of a to b and b to c: (ay-by)/(ax-bx) == (cy-by)/(cx-bx) + return qFuzzyCompare((c.y() - b.y()) * (a.x() - b.x()), (a.y() - b.y()) * (c.x() - b.x())); +} + +static inline bool withinRange(qreal p, qreal a, qreal b) +{ + return (p >= a && p <= b) || (p >= b && p <= a); +} + // Check whether a point is on the border -bool isPointOnPathBorder(const QPolygonF& border, const QPointF& p) +static bool isPointOnPathBorder(const QPolygonF& border, const QPointF& p) { QPointF p1 = border.at(0); QPointF p2; for (int i = 1; i < border.size(); ++i) { p2 = border.at(i); - // (x1<=x<=x2||x1=>x>=x2) && (y1<=y<=y2||y1=>y>=y2) && (y2-y1)(x-x1) == (y-y1)(x2-x1) - // In which, (y2-y1)(x-x1) == (y-y1)(x2-x1) is from (y2-y1)/(x2-x1) == (y-y1)/(x-x1) - // it want to check the slope between p1 and p2 is same with slope between p and p1, - // if so then the three points lie on the same line. - // In which, (x1<=x<=x2||x1=>x>=x2) && (y1<=y<=y2||y1=>y>=y2) want to make sure p is - // between p1 and p2, not outside. - if (((p.x() <= p1.x() && p.x() >= p2.x()) || (p.x() >= p1.x() && p.x() <= p2.x())) - && ((p.y() <= p1.y() && p.y() >= p2.y()) || (p.y() >= p1.y() && p.y() <= p2.y())) - && (p2.y() - p1.y()) * (p.x() - p1.x()) == (p.y() - p1.y()) * (p2.x() - p1.x())) { + if (areCollinear(p, p1, p2) + // Once we know that the points are collinear we + // only need to check one of the coordinates + && (qAbs(p2.x() - p1.x()) > qAbs(p2.y() - p1.y()) ? + withinRange(p.x(), p1.x(), p2.x()) : + withinRange(p.y(), p1.y(), p2.y()))) { return true; } p1 = p2; @@ -199,19 +207,14 @@ void Path::addArcTo(const FloatPoint& p1, const FloatPoint& p2, float radius) float p1p2_length = sqrtf(p1p2.x() * p1p2.x() + p1p2.y() * p1p2.y()); double cos_phi = (p1p0.x() * p1p2.x() + p1p0.y() * p1p2.y()) / (p1p0_length * p1p2_length); - // all points on a line logic - if (cos_phi == -1) { + + // The points p0, p1, and p2 are on the same straight line (HTML5, 4.8.11.1.8) + // We could have used areCollinear() here, but since we're reusing + // the variables computed above later on we keep this logic. + if (qFuzzyCompare(qAbs(cos_phi), 1.0)) { m_path.lineTo(p1); return; } - if (cos_phi == 1) { - // add infinite far away point - unsigned int max_length = 65535; - double factor_max = max_length / p1p0_length; - FloatPoint ep((p0.x() + factor_max * p1p0.x()), (p0.y() + factor_max * p1p0.y())); - m_path.lineTo(ep); - return; - } float tangent = radius / tan(acos(cos_phi) / 2); float factor_p1p0 = tangent / p1p0_length; diff --git a/src/3rdparty/webkit/WebCore/platform/network/ProtectionSpace.h b/src/3rdparty/webkit/WebCore/platform/network/ProtectionSpace.h index 126b499..42cbc8a 100644 --- a/src/3rdparty/webkit/WebCore/platform/network/ProtectionSpace.h +++ b/src/3rdparty/webkit/WebCore/platform/network/ProtectionSpace.h @@ -47,6 +47,7 @@ enum ProtectionSpaceAuthenticationScheme { ProtectionSpaceAuthenticationSchemeHTMLForm = 4, ProtectionSpaceAuthenticationSchemeNTLM = 5, ProtectionSpaceAuthenticationSchemeNegotiate = 6, + ProtectionSpaceAuthenticationSchemeUnknown = 100, }; class ProtectionSpace { |