|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
bd7262be70c02564d655e4f2aaf79cd8302a937f )
Changes in WebKit since the last update:
++ b/JavaScriptCore/ChangeLog
2009-02-02 Darin Adler <darin@apple.com>
Reviewed by Dave Hyatt.
Bug 23676: Speed up uses of reserveCapacity on new vectors by adding a new reserveInitialCapacity
https://bugs.webkit.org/show_bug.cgi?id=23676
* API/JSObjectRef.cpp:
(JSObjectCopyPropertyNames): Use reserveInitialCapacity.
* parser/Lexer.cpp:
(JSC::Lexer::Lexer): Ditto.
(JSC::Lexer::clear): Ditto.
* wtf/Vector.h: Added reserveInitialCapacity, a more efficient version of
reserveCapacity for use when the vector is brand new (still size 0 with no
capacity other than the inline capacity).
2009-03-19 Geoffrey Garen <ggaren@apple.com>
Reviewed by Oliver Hunt.
Fixed <rdar://problem/6033712> -- a little bit of hardening in the Collector.
SunSpider reports no change. I also verified in the disassembly that
we end up with a single compare to constant.
* runtime/Collector.cpp:
(JSC::Heap::heapAllocate):
++ b/LayoutTests/ChangeLog
2009-05-21 Geoffrey Garen <ggaren@apple.com>
Reviewed by Sam Weinig.
Tests for <rdar://problem/6910832> | https://bugs.webkit.org/show_bug.cgi?id=25907
Incorrect URL returned to the DOM while the user drags a file
* http/tests/local/drag-over-remote-content-expected.txt: Added.
* http/tests/local/drag-over-remote-content.html: Added.
* http/tests/security/drag-over-remote-content-iframe-expected.txt: Added.
* http/tests/security/drag-over-remote-content-iframe.html: Added.
2009-04-14 Eric Carlson <eric.carlson@apple.com>
Reviewed by Alexey Proskuryakov.
Fix <rdar://problem/6755724> <audio> and <video> elements can reference local
file:/// URLs from remote in Safari
Test cases to ensure that local 'src', 'poster', and <source> are not loaded.
* http/tests/security/local-video-poster-from-remote-expected.txt: Added.
* http/tests/security/local-video-poster-from-remote.html: Added.
* http/tests/security/local-video-source-from-remote-expected.txt: Added.
* http/tests/security/local-video-source-from-remote.html: Added.
* http/tests/security/local-video-src-from-remote-expected.txt: Added.
* http/tests/security/local-video-src-from-remote.html: Added.
* http/tests/security/resources/load-media.cgi: Added.
* http/tests/security/resources/silence.mpg: Added.
2009-04-14 Sam Weinig <sam@webkit.org>
Reviewed by Darin Adler.
Part of <rdar://problem/6150868>
Test for incorrect handling of content that needs to go into the head element
once the head element has been removed.
* fast/parser/head-content-after-head-removal-expected.txt: Added.
* fast/parser/head-content-after-head-removal.html: Added.
2009-04-08 Sam Weinig <sam@webkit.org>
Reviewed by Geoffrey "Big Boy" Garen.
Tests for <rdar://problem/5745677> Possible to stop load during an unload event
* fast/events/resources/pass.html: Added.
* fast/events/resources/subframe-stop-load-in-unload-handler-using-document-write.html: Added.
* fast/events/resources/subframe-stop-load-in-unload-handler-using-window-stop.html: Added.
* fast/events/stop-load-in-unload-handler-using-document-write-expected.txt: Added.
* fast/events/stop-load-in-unload-handler-using-document-write.html: Added.
* fast/events/stop-load-in-unload-handler-using-window-stop-expected.txt: Added.
* fast/events/stop-load-in-unload-handler-using-window-stop.html: Added.
2009-04-08 Sam Weinig <sam@webkit.org>
Reviewed by Anders Carlsson.
Tests for <rdar://problem/6226200> Implement Microsoft's X-FRAME-OPTIONS anti-framing defense
* http/tests/security/XFrameOptions: Added.
* http/tests/security/XFrameOptions/resources: Added.
* http/tests/security/XFrameOptions/resources/x-frame-options-deny-meta-tag-subframe-in-body.html: Added.
* http/tests/security/XFrameOptions/resources/x-frame-options-deny-meta-tag-subframe-parent-same-origin-allow.html: Added.
* http/tests/security/XFrameOptions/resources/x-frame-options-deny-meta-tag-subframe-parent-same-origin-deny.html: Added.
* http/tests/security/XFrameOptions/resources/x-frame-options-deny-meta-tag-subframe.html: Added.
* http/tests/security/XFrameOptions/resources/x-frame-options-deny.cgi: Added.
* http/tests/security/XFrameOptions/resources/x-frame-options-parent-same-origin-allow.cgi: Added.
* http/tests/security/XFrameOptions/resources/x-frame-options-parent-same-origin-deny.cgi: Added.
* http/tests/security/XFrameOptions/x-frame-options-deny-expected.txt: Added.
* http/tests/security/XFrameOptions/x-frame-options-deny-meta-tag-expected.txt: Added.
* http/tests/security/XFrameOptions/x-frame-options-deny-meta-tag-in-body-expected.txt: Added.
* http/tests/security/XFrameOptions/x-frame-options-deny-meta-tag-in-body.html: Added.
* http/tests/security/XFrameOptions/x-frame-options-deny-meta-tag-parent-same-origin-allow-expected.txt: Added.
* http/tests/security/XFrameOptions/x-frame-options-deny-meta-tag-parent-same-origin-allow.html: Added.
* http/tests/security/XFrameOptions/x-frame-options-deny-meta-tag-parent-same-origin-deny-expected.txt: Added.
* http/tests/security/XFrameOptions/x-frame-options-deny-meta-tag-parent-same-origin-deny.html: Added.
* http/tests/security/XFrameOptions/x-frame-options-deny-meta-tag.html: Added.
* http/tests/security/XFrameOptions/x-frame-options-deny.html: Added.
* http/tests/security/XFrameOptions/x-frame-options-parent-same-origin-allow-expected.txt: Added.
* http/tests/security/XFrameOptions/x-frame-options-parent-same-origin-allow.html: Added.
* http/tests/security/XFrameOptions/x-frame-options-parent-same-origin-deny-expected.txt: Added.
* http/tests/security/XFrameOptions/x-frame-options-parent-same-origin-deny.html: Added.
2009-04-03 Sam Weinig <sam@webkit.org>
Reviewed by Darin Adler.
Update tests for <rdar://problem/6330929>
https://bugs.webkit.org/show_bug.cgi?id=21456
* dom/xhtml/level2/html/HTMLFormElement10-expected.txt:
* fast/dom/Window/dom-access-from-closure-iframe-expected.txt:
* fast/dom/Window/dom-access-from-closure-window-expected.txt:
* http/tests/security/cross-frame-access-document-direct-expected.txt: Added.
* http/tests/security/cross-frame-access-document-direct.html: Added.
* http/tests/security/resources/cross-frame-iframe-for-document-direct-test-victim.html: Added.
* http/tests/security/resources/cross-frame-iframe-for-document-direct-test.html: Added.
2009-04-03 Sam Weinig <sam@webkit.org>
Reviewed by Oliver Hunt.
Tests for <rdar://problem/6476356>
https://bugs.webkit.org/show_bug.cgi?id=23148
Test for using the correct global object for location and history object
prototype chain creation.
* http/tests/security/cross-frame-access-history-prototype-expected.txt: Added.
* http/tests/security/cross-frame-access-history-prototype.html: Added.
* http/tests/security/cross-frame-access-location-prototype-expected.txt: Added.
* http/tests/security/cross-frame-access-location-prototype.html: Added.
* http/tests/security/resources/cross-frame-history-prototype-iframe.html: Added.
* http/tests/security/resources/cross-frame-location-prototype-iframe.html: Added.
2009-03-29 Darin Adler <darin@apple.com>
Reviewed by Dan Bernstein.
<rdar://problem/6015407> attr parsing should allow only identifiers
* fast/css/attr-parsing-expected.txt: Added.
* fast/css/attr-parsing.html: Added.
2009-03-16 Sam Weinig <sam@webkit.org>
Reviewed by Anders Carlsson.
Test for <rdar://problem/6320555>
Add an upper limit for setting HTMLSelectElement.length.
* fast/forms/select-max-length-expected.txt: Added.
* fast/forms/select-max-length.html: Added.
2009-02-26 Alexey Proskuryakov <ap@webkit.org>
Reviewed by Darin Adler.
https://bugs.webkit.org/show_bug.cgi?id=23500
KURL::parse() incorrectly compares its result to original string
* fast/loader/url-parse-1-expected.txt: Updated results. Neither old nor new results match
Firefox precisely.
++ b/WebCore/ChangeLog
2009-05-21 Geoffrey Garen <ggaren@apple.com>
Reviewed by Sam Weinig.
Test for <rdar://problem/6910832> | https://bugs.webkit.org/show_bug.cgi?id=25907
Incorrect URL returned to the DOM while the user drags a file
* page/DragController.cpp:
(WebCore::DragController::dragExited):
(WebCore::DragController::tryDHTMLDrag): Don't base our decision on KURL,
since that only looks at the text of the document's URL. Do base our
decision on the securityOrigin(), which knows more about the document's
actual origin.
2009-04-14 Eric Carlson <eric.carlson@apple.com>
Reviewed by Alexey Proskuryakov.
Fix <rdar://problem/6755724> <audio> and <video> elements can reference local
file:/// URLs from remote in Safari
Tests: http/tests/security/local-video-poster-from-remote.html
http/tests/security/local-video-source-from-remote.html
http/tests/security/local-video-src-from-remote.html
* html/HTMLMediaElement.cpp:
(WebCore::HTMLMediaElement::loadResource): Don't pass url to media engine unless loader->canLoad()
says it is OK.
2009-04-14 Sam Weinig <sam@webkit.org>
Reviewed by Darin Adler.
Part of <rdar://problem/6150868>
Fix incorrect handling of content that needs to go into the head element
once the head element has been removed.
Test: fast/parser/head-content-after-head-removal.html
* html/HTMLParser.cpp:
(WebCore::HTMLParser::HTMLParser): Remove unneeded initializer of m_head.
(WebCore::HTMLParser::handleError): Update since m_head is now a RefPtr.
(WebCore::HTMLParser::createHead): Ditto.
* html/HTMLParser.h: Make m_head a RefPtr.
2009-04-08 Sam Weinig <sam@webkit.org>
Reviewed by Geoffrey "Big Boy" Garen.
Fix for <rdar://problem/5745677> Possible to stop load during an unload event
Also fixes https://bugs.webkit.org/show_bug.cgi?id=20605
Tests: fast/events/stop-load-in-unload-handler-using-document-write.html
fast/events/stop-load-in-unload-handler-using-window-stop.html
Don't allow calling methods that would stop the new load inside the unload
event.
* loader/FrameLoader.cpp:
(WebCore::FrameLoader::FrameLoader):
(WebCore::FrameLoader::stopLoading):
(WebCore::FrameLoader::stopAllLoaders):
* loader/FrameLoader.h:
2009-04-08 Sam Weinig <sam@webkit.org>
Reviewed by Anders Carlsson.
Fix for <rdar://problem/6226200> Implement Microsoft's X-FRAME-OPTIONS anti-framing defense
Tests: http/tests/security/XFrameOptions/x-frame-options-deny-meta-tag-in-body.html
http/tests/security/XFrameOptions/x-frame-options-deny-meta-tag-parent-same-origin-allow.html
http/tests/security/XFrameOptions/x-frame-options-deny-meta-tag-parent-same-origin-deny.html
http/tests/security/XFrameOptions/x-frame-options-deny-meta-tag.html
http/tests/security/XFrameOptions/x-frame-options-deny.html
http/tests/security/XFrameOptions/x-frame-options-parent-same-origin-allow.html
http/tests/security/XFrameOptions/x-frame-options-parent-same-origin-deny.html
* dom/Document.cpp:
(WebCore::Document::processHttpEquiv): Stop the current load and redirect to about:blank
if an X-FRAME-OPTIONS <meta> tag http-equiq dictates we should.
* loader/FrameLoader.cpp:
(WebCore::FrameLoader::shouldInterruptLoadForXFrameOptions): Add logic to parse
the X-FRAME-OPTIONS parameter.
* loader/FrameLoader.h:
* loader/MainResourceLoader.cpp:
(WebCore::MainResourceLoader::didReceiveResponse): Stop the current load if framed and
a X-FRAME-OPTIONS header and its parameter dictate that we should.
2009-04-05 Simon Hausmann <hausmann@webkit.org>
Fix the Qt build.
* bridge/qt/qt_runtime.h:
(JSC::Bindings::QtRuntimeMethod::createPrototype): Take the JSGlobalObject
as second argument.
2009-04-03 Sam Weinig <sam@webkit.org>
Reviewed by Darin Adler.
<rdar://problem/6330929>
https://bugs.webkit.org/show_bug.cgi?id=21456
Don't update the document pointer for all inactive windows on navigations.
This change causes us to differ slightly from Firefox when accessing the
document from within a closure tied to a navigated context, but as all
browsers differ on this edge case, I don't foresee compatibility issues.
Test: http/tests/security/cross-frame-access-document-direct.html
* bindings/js/JSDOMWindowBase.cpp:
(WebCore::JSDOMWindowBase::~JSDOMWindowBase):
* bindings/js/ScriptController.cpp:
(WebCore::ScriptController::clearWindowShell):
(WebCore::ScriptController::initScript):
(WebCore::ScriptController::updateDocument):
* bindings/js/ScriptController.h:
2009-04-03 Sam Weinig <sam@webkit.org>
Reviewed by Oliver Hunt.
Fix for <rdar://problem/6476356>
https://bugs.webkit.org/show_bug.cgi?id=23148
- Use the window object the Location and History objects are directly associated with
instead of the lexical global object to pick the object prototype to serve as the
base of the their respective prototype chains.
- Re-factor as necessary to allow passing the correct global object to the createPrototype
functions.
Tests: http/tests/security/cross-frame-access-history-prototype.html
http/tests/security/cross-frame-access-location-prototype.html
* bindings/js/JSAudioConstructor.cpp:
(WebCore::JSAudioConstructor::JSAudioConstructor):
* bindings/js/JSDOMBinding.cpp:
(WebCore::getCachedDOMStructure):
(WebCore::cacheDOMStructure):
* bindings/js/JSDOMBinding.h:
(WebCore::getDOMStructure):
(WebCore::getDOMPrototype):
* bindings/js/JSDOMWindowCustom.cpp:
(WebCore::JSDOMWindow::history):
(WebCore::JSDOMWindow::location):
* bindings/js/JSDocumentCustom.cpp:
(WebCore::JSDocument::location):
* bindings/js/JSImageConstructor.cpp:
(WebCore::JSImageConstructor::JSImageConstructor):
* bindings/js/JSMessageChannelConstructor.cpp:
(WebCore::JSMessageChannelConstructor::JSMessageChannelConstructor):
* bindings/js/JSNamedNodesCollection.h:
(WebCore::JSNamedNodesCollection::createPrototype):
* bindings/js/JSOptionConstructor.cpp:
(WebCore::JSOptionConstructor::JSOptionConstructor):
* bindings/js/JSRGBColor.h:
(WebCore::JSRGBColor::createPrototype):
* bindings/js/JSWebKitCSSMatrixConstructor.cpp:
(WebCore::JSWebKitCSSMatrixConstructor::JSWebKitCSSMatrixConstructor):
* bindings/js/JSWebKitPointConstructor.cpp:
(WebCore::JSWebKitPointConstructor::JSWebKitPointConstructor):
* bindings/js/JSWorkerConstructor.cpp:
(WebCore::JSWorkerConstructor::JSWorkerConstructor):
* bindings/js/JSXMLHttpRequestConstructor.cpp:
(WebCore::JSXMLHttpRequestConstructor::JSXMLHttpRequestConstructor):
* bindings/js/JSXSLTProcessorConstructor.cpp:
(WebCore::JSXSLTProcessorConstructor::JSXSLTProcessorConstructor):
* bindings/scripts/CodeGeneratorJS.pm:
* bridge/objc/objc_runtime.h:
(JSC::Bindings::ObjcFallbackObjectImp::createPrototype):
* bridge/runtime_array.h:
(JSC::RuntimeArray::createPrototype):
* bridge/runtime_method.h:
(JSC::RuntimeMethod::createPrototype):
* bridge/runtime_object.h:
(JSC::RuntimeObjectImp::createPrototype):
* page/DOMWindow.idl:
2009-03-29 Darin Adler <darin@apple.com>
Reviewed by Dan Bernstein.
<rdar://problem/6015407> attr parsing should allow only identifiers
Test: fast/css/attr-parsing.html
* css/CSSParser.cpp:
(WebCore::CSSParser::parseContent): Allow only CSS_IDENT, and filter out
identifiers that start with "-".
* css/CSSPrimitiveValue.cpp:
(WebCore::CSSPrimitiveValue::cssText): Added a case for CSS_ATTR so the test
case works. This has the pleasant side effect of fixing a bug too.
2009-03-16 Sam Weinig <sam@webkit.org>
Reviewed by Anders Carlsson.
Fix for <rdar://problem/6320555>
Add an upper limit for setting HTMLSelectElement.length.
Test: fast/forms/select-max-length.html
* html/HTMLSelectElement.cpp:
(WebCore::HTMLSelectElement::setOption):
(WebCore::HTMLSelectElement::setLength):
2009-03-10 Sam Weinig <sam@webkit.org>
Reviewed by Geoffrey Garen.
Fix for <rdar://problem/6166844>
https://bugs.webkit.org/show_bug.cgi?id=24495
Use same rule for loading java applets as we do for images.
* html/HTMLAppletElement.cpp:
(WebCore::HTMLAppletElement::createRenderer):
* loader/FrameLoader.cpp:
(WebCore::FrameLoader::loadItem):
2009-02-26 Alexey Proskuryakov <ap@webkit.org>
Reviewed by Darin Adler.
https://bugs.webkit.org/show_bug.cgi?id=23500
KURL::parse() incorrectly compares its result to original string
* platform/KURL.cpp: (WebCore::KURL::parse): Take string length into account.
|