Anchor element 'ping' property should only apply to http/https destin…

…ations https://bugs.webkit.org/show_bug.cgi?id=156801 <rdar://problem/25834419> Reviewed by Chris Dumez. Take advantage of the hyperlink auditing language "UAs may either ignore the ping attribute altogether, or selectively ignore URLs in the list (e.g. ignoring any third-party URLs)" to restrict pings to http/https targets. For details, see <https://html.spec.whatwg.org/multipage/semantics.html#hyperlink-auditing>. Tested by http/tests/navigation/ping-attribute tests. * loader/PingLoader.cpp: (WebCore::PingLoader::sendPing): Ignore requests to ping anything outside the family of HTTP protocols (http/https). Canonical link: https://commits.webkit.org/175026@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199900 268f45cc-cd09-0410-ab3c-d52691b4dbfc
WebKit · Apr 22, 2016 · 71a8752 · 71a8752
1 parent 1832e50
commit 71a8752
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 0 deletions.
diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog
@@ -1,3 +1,22 @@
+2016-04-22  Brent Fulgham  <bfulgham@apple.com>
+
+        Anchor element 'ping' property should only apply to http/https destinations
+        https://bugs.webkit.org/show_bug.cgi?id=156801
+        <rdar://problem/25834419>
+
+        Reviewed by Chris Dumez.
+
+        Take advantage of the hyperlink auditing language "UAs may either ignore the
+        ping attribute altogether, or selectively ignore URLs in the list (e.g. ignoring
+        any third-party URLs)" to restrict pings to http/https targets. For details, see
+        <https://html.spec.whatwg.org/multipage/semantics.html#hyperlink-auditing>.
+
+        Tested by http/tests/navigation/ping-attribute tests.
+
+        * loader/PingLoader.cpp:
+        (WebCore::PingLoader::sendPing): Ignore requests to ping anything outside the
+        family of HTTP protocols (http/https).
+
 2016-04-22  Ryan Haddad  <ryanhaddad@apple.com>
 
         Fix builds that do not support AVKit

diff --git a/Source/WebCore/loader/PingLoader.cpp b/Source/WebCore/loader/PingLoader.cpp
@@ -92,6 +92,9 @@ void PingLoader::loadImage(Frame& frame, const URL& url)
 // http://www.whatwg.org/specs/web-apps/current-work/multipage/links.html#hyperlink-auditing
 void PingLoader::sendPing(Frame& frame, const URL& pingURL, const URL& destinationURL)
 {
+    if (!pingURL.protocolIsInHTTPFamily())
+        return;
+
     ResourceRequest request(pingURL);
 
 #if ENABLE(CONTENT_EXTENSIONS)