Skip to content
Permalink
Browse files
LayoutTest http/tests/security/xssAuditor/embed-tag-in-path-untermina…
…ted.html crashing

https://bugs.webkit.org/show_bug.cgi?id=153250
<rdar://problem/12172843>
And
<rdar://problem/24248040>

Reviewed by Alexey Proskuryakov.

Source/WebCore:

Remove an incorrect assertion that the absolute URL associated with a protection space cannot
contain consecutive forward slash (/) characters. A URL can contain consecutive forward slashes.
This also makes the invariants for CredentialStorage::findDefaultProtectionSpaceForURL() symmetric
with the invariants for WebCore::protectionSpaceMapKeyFromURL().

Tests: http/tests/loading/basic-auth-load-URL-with-consecutive-slashes.html
       http/tests/xmlhttprequest/basic-auth-load-URL-with-consecutive-slashes.html

* platform/network/CredentialStorage.cpp:
(WebCore::CredentialStorage::findDefaultProtectionSpaceForURL):

LayoutTests:

The test case http/tests/xmlhttprequest/basic-auth-load-URL-with-consecutive-slashes.html was derived
from a test case written by Yongjun Zhang in <https://bugs.webkit.org/attachment.cgi?id=65189> (bug #44461).

* http/tests/loading/basic-auth-load-URL-with-consecutive-slashes-expected.txt: Added.
* http/tests/loading/basic-auth-load-URL-with-consecutive-slashes.html: Added.
* http/tests/xmlhttprequest/basic-auth-load-URL-with-consecutive-slashes-expected.txt: Added.
* http/tests/xmlhttprequest/basic-auth-load-URL-with-consecutive-slashes.html: Added.
* platform/wk2/http/tests/loading/basic-auth-load-URL-with-consecutive-slashes-expected.txt: Added.

Canonical link: https://commits.webkit.org/171453@main
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195493 268f45cc-cd09-0410-ab3c-d52691b4dbfc
  • Loading branch information
dydz committed Jan 23, 2016
1 parent 37c8ef0 commit 526b5ce3d745f325fd31dd369769f6244bff88a9
Show file tree
Hide file tree
Showing 8 changed files with 145 additions and 1 deletion.
@@ -1,3 +1,22 @@
2016-01-22 Daniel Bates <dabates@apple.com>

LayoutTest http/tests/security/xssAuditor/embed-tag-in-path-unterminated.html crashing
https://bugs.webkit.org/show_bug.cgi?id=153250
<rdar://problem/12172843>
And
<rdar://problem/24248040>

Reviewed by Alexey Proskuryakov.

The test case http/tests/xmlhttprequest/basic-auth-load-URL-with-consecutive-slashes.html was derived
from a test case written by Yongjun Zhang in <https://bugs.webkit.org/attachment.cgi?id=65189> (bug #44461).

* http/tests/loading/basic-auth-load-URL-with-consecutive-slashes-expected.txt: Added.
* http/tests/loading/basic-auth-load-URL-with-consecutive-slashes.html: Added.
* http/tests/xmlhttprequest/basic-auth-load-URL-with-consecutive-slashes-expected.txt: Added.
* http/tests/xmlhttprequest/basic-auth-load-URL-with-consecutive-slashes.html: Added.
* platform/wk2/http/tests/loading/basic-auth-load-URL-with-consecutive-slashes-expected.txt: Added.

2016-01-22 Ryan Haddad <ryanhaddad@apple.com>

Rebaselining http/tests/security/originHeader/origin-header-for-https.html after r195477
@@ -0,0 +1,19 @@
main frame - didStartProvisionalLoadForFrame
main frame - didCommitLoadForFrame
frame "frame" - didStartProvisionalLoadForFrame
main frame - didFinishDocumentLoadForFrame
http://127.0.0.1:8000/loading/resources/basic-auth-testing.php?username=webkit&password=rocks - didReceiveAuthenticationChallenge - Responding with webkit:rocks
frame "frame" - didCommitLoadForFrame
frame "frame" - didFinishDocumentLoadForFrame
frame "frame" - willPerformClientRedirectToURL: http://127.0.0.1:8000/a//b/non-existent-file.html
frame "frame" - didHandleOnloadEventsForFrame
main frame - didHandleOnloadEventsForFrame
frame "frame" - didFinishLoadForFrame
main frame - didFinishLoadForFrame
frame "frame" - didStartProvisionalLoadForFrame
frame "frame" - didCancelClientRedirectForFrame
frame "frame" - didCommitLoadForFrame
frame "frame" - didReceiveTitle: 404 Not Found
frame "frame" - didFinishDocumentLoadForFrame
frame "frame" - didFailLoadWithError
PASS did not cause assertion failure.
@@ -0,0 +1,31 @@
<!DOCTYPE html>
<html>
<head>
<script>
if (window.testRunner) {
testRunner.dumpAsText();
testRunner.setHandlesAuthenticationChallenges(true);
testRunner.setAuthenticationUsername("webkit");
testRunner.setAuthenticationPassword("rocks");
testRunner.waitUntilDone();
}

function done()
{
document.body.removeChild(document.getElementById("frame"));
if (window.testRunner)
testRunner.notifyDone();
}

function notifyFrameDidLoad(frame)
{
frame.onload = done;
frame.src = "http://127.0.0.1:8000/a//b/non-existent-file.html";
}
</script>
</head>
<body>
<iframe id="frame" src="resources/basic-auth-testing.php?username=webkit&password=rocks" onload="notifyFrameDidLoad(this)"></iframe>
<p>PASS did not cause assertion failure.</p>
</body>
</html>
@@ -0,0 +1 @@
PASS did not cause assertion failure.
@@ -0,0 +1,35 @@
<!DOCTYPE html>
<html>
<body>
<script>
if (window.testRunner)
testRunner.dumpAsText()

function sendWithCredentials()
{
var xhr = new XMLHttpRequest;
xhr.open("GET", "resources/remember-bad-password/count-failures.php", false, "foo", "bar");
xhr.send("");
}

function sendWithoutCredentials()
{
var xhr = new XMLHttpRequest;
xhr.open("GET", "resources/remember-bad-password//count-failures.php", false);
xhr.send("");
}

function reset()
{
var xhr = new XMLHttpRequest;
xhr.open("GET", "resources/remember-bad-password/count-failures.php?command=reset", false);
xhr.send("");
}

sendWithCredentials();
sendWithoutCredentials();
reset();
</script>
<p>PASS did not cause assertion failure.</p>
</body>
</html>
@@ -0,0 +1,19 @@
main frame - didStartProvisionalLoadForFrame
main frame - didCommitLoadForFrame
frame "frame" - didStartProvisionalLoadForFrame
main frame - didFinishDocumentLoadForFrame
127.0.0.1:8000 - didReceiveAuthenticationChallenge - Responding with webkit:rocks
frame "frame" - didCommitLoadForFrame
frame "frame" - didFinishDocumentLoadForFrame
frame "frame" - willPerformClientRedirectToURL: http://127.0.0.1:8000/a//b/non-existent-file.html
frame "frame" - didHandleOnloadEventsForFrame
main frame - didHandleOnloadEventsForFrame
frame "frame" - didFinishLoadForFrame
main frame - didFinishLoadForFrame
frame "frame" - didStartProvisionalLoadForFrame
frame "frame" - didCancelClientRedirectForFrame
frame "frame" - didCommitLoadForFrame
frame "frame" - didReceiveTitle: 404 Not Found
frame "frame" - didFinishDocumentLoadForFrame
frame "frame" - didFailLoadWithError
PASS did not cause assertion failure.
@@ -1,3 +1,24 @@
2016-01-22 Daniel Bates <dabates@apple.com>

LayoutTest http/tests/security/xssAuditor/embed-tag-in-path-unterminated.html crashing
https://bugs.webkit.org/show_bug.cgi?id=153250
<rdar://problem/12172843>
And
<rdar://problem/24248040>

Reviewed by Alexey Proskuryakov.

Remove an incorrect assertion that the absolute URL associated with a protection space cannot
contain consecutive forward slash (/) characters. A URL can contain consecutive forward slashes.
This also makes the invariants for CredentialStorage::findDefaultProtectionSpaceForURL() symmetric
with the invariants for WebCore::protectionSpaceMapKeyFromURL().

Tests: http/tests/loading/basic-auth-load-URL-with-consecutive-slashes.html
http/tests/xmlhttprequest/basic-auth-load-URL-with-consecutive-slashes.html

* platform/network/CredentialStorage.cpp:
(WebCore::CredentialStorage::findDefaultProtectionSpaceForURL):

2016-01-22 Chris Dumez <cdumez@apple.com>

DOMImplementation.createHTMLDocument("") should append an empty Text Node to the title Element
@@ -123,7 +123,6 @@ HashMap<String, ProtectionSpace>::iterator CredentialStorage::findDefaultProtect
ASSERT(index != notFound);
directoryURL = directoryURL.substring(0, (index == directoryURLPathStart) ? index + 1 : index);
ASSERT(directoryURL.length() > directoryURLPathStart);
ASSERT(directoryURL.length() == directoryURLPathStart + 1 || directoryURL[directoryURL.length() - 1] != '/');
}
}

0 comments on commit 526b5ce

Please sign in to comment.