LayoutTests/ChangeLog

112012-06-12 Christophe Dumez <christophe.dumez@intel.com>
22
 3 [soup] Prevent setting or editing httpOnly cookies from JavaScript
 4 https://bugs.webkit.org/show_bug.cgi?id=88760
 5
 6 Reviewed by NOBODY (OOPS!).
 7
 8 Unskip http/tests/cookies/js-get-and-set-http-only-cookie.html for
 9 both GTK and EFL ports now that that we don't allow overwriting
 10 httpOnly cookies from JavaScript anymore.
 11
 12 * platform/efl/TestExpectations:
 13 * platform/gtk/TestExpectations:
 14
 152012-06-12 Christophe Dumez <christophe.dumez@intel.com>
 16
317 [EFL] enable LEGACY_WEBKIT_BLOB_BUILDER flag
418 https://bugs.webkit.org/show_bug.cgi?id=88715
519

LayoutTests/platform/efl/TestExpectations

@@BUGWK86637 : editing/spelling/spellcheck-queue.html = TEXT
693693BUGWK86637 : editing/spelling/spellcheck-sequencenum.html = TEXT
694694BUGWK86637 : editing/spelling/spelling-marker-description.html = TEXT
695695
696 // New test added in r119947 which fails on almost all ports
697 BUGWK87208 : http/tests/cookies/js-get-and-set-http-only-cookie.html = TEXT
698 
699696// It is unclear whether a new baseline is needed or it is a JSC failure
700697BUGWK77413 : fast/parser/nested-fragment-parser-crash.html = TEXT
701698

LayoutTests/platform/gtk/TestExpectations

@@BUGWK85689 SKIP : fast/animation/request-animation-frame-disabled.html = TEXT
12481248// New test introduced in r119911 failing on GTK and EFL ports
12491249BUGWK88727 : http/tests/xmlhttprequest/origin-exact-matching.html = TEXT
12501250
1251 // New test introduced in r119947 failing on GTK port
1252 BUGWK88760 : http/tests/cookies/js-get-and-set-http-only-cookie.html = TEXT
1253 
12541251// Started failing after it was added in r116473
12551252BUGWK85969 : http/tests/loading/post-in-iframe-with-back-navigation.html = FAIL
12561253

Source/WebCore/ChangeLog

 12012-06-12 Christophe Dumez <christophe.dumez@intel.com>
 2
 3 [soup] Prevent setting or editing httpOnly cookies from JavaScript
 4 https://bugs.webkit.org/show_bug.cgi?id=88760
 5
 6 Reviewed by NOBODY (OOPS!).
 7
 8 Prevent setting or overwriting httpOnly cookies from JavaScript.
 9 Fix setCookies() so that it parses all the cookies and not just
 10 the first one.
 11
 12 Test: http/tests/cookies/js-get-and-set-http-only-cookie.html
 13
 14 * platform/network/soup/CookieJarSoup.cpp:
 15 (WebCore::findCookieInList):
 16 (WebCore):
 17 (WebCore::setCookies):
 18
1192012-06-12 Pavel Feldman <pfeldman@chromium.org>
220
321 Web Inspector: allow clearing revision history.

Source/WebCore/platform/network/soup/CookieJarSoup.cpp

@@void setSoupCookieJar(SoupCookieJar* jar)
7272 defaultCookieJar() = jar;
7373}
7474
 75static inline SoupCookie* findCookieInList(const GSList* cookies, const gchar* name, const gchar* path)
 76{
 77 for (const GSList* iter = cookies; iter; iter = g_slist_next(iter)) {
 78 SoupCookie* cookie = static_cast<SoupCookie*>(iter->data);
 79 if (!strcmp(soup_cookie_get_name(cookie), name)
 80 && !g_strcmp0(soup_cookie_get_path(cookie), path))
 81 return cookie;
 82 }
 83 return 0;
 84}
 85
7586void setCookies(Document* document, const KURL& url, const String& value)
7687{
7788 SoupCookieJar* jar = cookieJarForDocument(document);

@@void setCookies(Document* document, const KURL& url, const String& value)
8091
8192 GOwnPtr<SoupURI> origin(soup_uri_new(url.string().utf8().data()));
8293 GOwnPtr<SoupURI> firstParty(soup_uri_new(document->firstPartyForCookies().string().utf8().data()));
83  soup_cookie_jar_set_cookie_with_first_party(jar, origin.get(), firstParty.get(), value.utf8().data());
 94
 95 // Get existing cookies for this origin.
 96 GSList* existingCookies = soup_cookie_jar_get_cookie_list(jar, origin.get(), TRUE);
 97
 98 Vector<String> cookies;
 99 value.split('\n', cookies);
 100 const size_t cookiesCount = cookies.size();
 101 for (size_t i = 0; i < cookiesCount; ++i) {
 102 GOwnPtr<SoupCookie> cookie(soup_cookie_parse(cookies[i].utf8().data(), origin.get()));
 103 if (!cookie)
 104 continue;
 105
 106 // Make sure the cookie is not httpOnly since such cookies should not be set from JavaScript.
 107 if (soup_cookie_get_http_only(cookie.get()))
 108 continue;
 109
 110 // Make sure we do not overwrite httpOnly cookies from JavaScript.
 111 SoupCookie* existingCookie = findCookieInList(existingCookies, soup_cookie_get_name(cookie.get()), soup_cookie_get_path(cookie.get()));
 112 if (existingCookie && soup_cookie_get_http_only(existingCookie))
 113 continue;
 114
 115 soup_cookie_jar_add_cookie_with_first_party(jar, firstParty.get(), cookie.release());
 116 }
 117
 118 soup_cookies_free(existingCookies);
84119}
85120
86121static String cookiesForDocument(const Document* document, const KURL& url, bool forHTTPHeader)

Tools/ChangeLog

112012-06-12 Christophe Dumez <christophe.dumez@intel.com>
22
 3 [soup] Prevent setting or editing httpOnly cookies from JavaScript
 4 https://bugs.webkit.org/show_bug.cgi?id=88760
 5
 6 Reviewed by NOBODY (OOPS!).
 7
 8 Update libsoup to v2.39.2, glib to v2.33.2 and glib-networking
 9 to v2.33.2 for both GTK and EFL ports.
 10
 11 * efl/jhbuild.modules:
 12 * gtk/jhbuild.modules:
 13
 142012-06-12 Christophe Dumez <christophe.dumez@intel.com>
 15
316 [EFL] enable LEGACY_WEBKIT_BLOB_BUILDER flag
417 https://bugs.webkit.org/show_bug.cgi?id=88715
518

Tools/efl/jhbuild.modules

110110 <dependencies>
111111 <dep package="libffi"/>
112112 </dependencies>
113  <branch module="/pub/GNOME/sources/glib/2.32/glib-2.32.2.tar.xz" version="2.32.2"
 113 <branch module="/pub/GNOME/sources/glib/2.33/glib-2.33.2.tar.xz" version="2.33.2"
114114 repo="ftp.gnome.org"
115  hash="sha256:b1764abf00bac96e0e93e29fb9715ce75f3583579acac40648e18771d43d6136"
116  md5sum="5bfdb6197afb90e4dbc7b1bb98f0eae0"/>
 115 hash="sha256:b7163e9f159775d13ecfb433d67c3f0883e0e518e85b2e970d4ad9773d7cd0b4"
 116 md5sum="06ef0099fed22afcf34ade39ddff9a5b"/>
117117 </autotools>
118118
119119 <autotools id="glib-networking">
120120 <dependencies>
121121 <dep package="gnutls"/>
122122 </dependencies>
123  <branch module="/pub/GNOME/sources/glib-networking/2.31/glib-networking-2.31.2.tar.xz" version="2.31.2"
 123 <branch module="/pub/GNOME/sources/glib-networking/2.33/glib-networking-2.33.2.tar.xz" version="2.33.2"
124124 repo="ftp.gnome.org"
125  hash="sha256:03e3a2881d2626d1206e72972531661037fe0d32e745bf9b2f63c0d6f5e32a9c"
126  md5sum="b649b457bd9fd5e0e9b9c4dcb1a74a37"/>
 125 hash="e298cff3935eb752be290bbf734e457f1870bdb5370ee292606e6040a82074e7"
 126 md5sum="5abb364f2a0babe2ec1e3a6d59f69043"/>
127127 </autotools>
128128
129129 <autotools id="gnutls"

143143 <dependencies>
144144 <dep package="glib-networking"/>
145145 </dependencies>
146  <branch module="libsoup" version="2.38.1"
 146 <branch module="libsoup" version="2.39.2"
147147 repo="git.gnome.org"
148  tag="LIBSOUP_2_38_1"/>
 148 tag="LIBSOUP_2_39_2"/>
149149 </autotools>
150150
151151 <autotools id="fontconfig" autogen-sh="configure">

Tools/gtk/jhbuild.modules

131131 <dependencies>
132132 <dep package="libffi"/>
133133 </dependencies>
134  <branch module="/pub/GNOME/sources/glib/2.32/glib-2.32.0.tar.xz" version="2.32.0"
 134 <branch module="/pub/GNOME/sources/glib/2.33/glib-2.33.2.tar.xz" version="2.33.2"
135135 repo="ftp.gnome.org"
136  hash="sha256:cde9d9f25ed648069c547e323897ad9379974e1f936b4477fa51bcf1bb261ae4"
137  md5sum="c5fa76fbf9184d20dfb04af66b598190"/>
 136 hash="sha256:b7163e9f159775d13ecfb433d67c3f0883e0e518e85b2e970d4ad9773d7cd0b4"
 137 md5sum="06ef0099fed22afcf34ade39ddff9a5b"/>
138138 </autotools>
139139
140140 <autotools id="glib-networking">

142142 <dep package="glib"/>
143143 <dep package="gnutls"/>
144144 </dependencies>
145  <branch module="/pub/GNOME/sources/glib-networking/2.31/glib-networking-2.31.2.tar.xz" version="2.31.2"
 145 <branch module="/pub/GNOME/sources/glib-networking/2.33/glib-networking-2.33.2.tar.xz" version="2.33.2"
146146 repo="ftp.gnome.org"
147  hash="sha256:03e3a2881d2626d1206e72972531661037fe0d32e745bf9b2f63c0d6f5e32a9c"
148  md5sum="b649b457bd9fd5e0e9b9c4dcb1a74a37"/>
 147 hash="sha256:e298cff3935eb752be290bbf734e457f1870bdb5370ee292606e6040a82074e7"
 148 md5sum="5abb364f2a0babe2ec1e3a6d59f69043"/>
149149 </autotools>
150150
151151 <autotools id="gnutls"

161161 <dependencies>
162162 <dep package="glib-networking"/>
163163 </dependencies>
164  <branch module="libsoup" version="2.38.1"
 164 <branch module="libsoup" version="2.39.2"
165165 repo="git.gnome.org"
166  tag="LIBSOUP_2_38_1"/>
 166 tag="LIBSOUP_2_39_2"/>
167167 </autotools>
168168
169169 <autotools id="fontconfig" autogen-sh="configure">