20642 2008-09-04 02:20:11 -0700 Adopt opener restriction for top-level frame navigation 2008-09-08 00:24:47 -0700 1 1 1 Unclassified WebKit Frames 528+ (Nightly build) All All RESOLVED FIXED http://blogs.msdn.com/ie/archive/2008/09/02/ie8-security-part-vi-beta-2-update.aspx P2 Normal --- 1 abarth webkit-unassigned abarth collinj sam oldest_to_newest 90138 0 abarth 2008-09-04 02:20:11 -0700 Both IE 8 beta 2 and Firefox 3 now support the "opener restriction" for navigation of top-level frames. We discussed this a number of months ago when we did the initial frame navigation work, but opted not to implement the restriction. Here is what it does: Suppose window X opens window Y via window.open(...). If window Z tries to navigate Y, the navigation will be blocked if Z is not the same origin as X (the opener of Y). I'm not convinced the opener restriction actually prevents any real attacks, but it's probably worth matching the behavior of other browsers. (Opera has a very complex policy for top-level windows, for example caring if a window is showing an HTTPS page or not). For some older context, see http://crypto.stanford.edu/websec/frames/navigation/ 90182 1 sam 2008-09-04 12:59:43 -0700 I think this would be okay. Does HTML5 define this behavior. If not, we should suggest Ian change it to match. 90211 2 abarth 2008-09-04 16:28:56 -0700 HTML 5 does spec the opener restriction, but the spec is subtly different from what Firefox implements. Firefox only computes one level of recursion of "can navigate the opener," whereas a literal reading of the spec seems to suggest unbounded recursion. 90387 3 23224 abarth 2008-09-06 20:41:26 -0700 Created attachment 23224 patch 90427 4 23224 sam 2008-09-07 12:54:54 -0700 Comment on attachment 23224 patch Looks good. I would give a bit more of an explanation of the opener restriction is in the changlog as well as why we are adopting it (to match other browsers). + // Allow frame-busting. This comment might be confusing to those not familiar with the term "frame-busting". 90470 5 abarth 2008-09-08 00:24:47 -0700 Fixed in r36262. 23224 2008-09-06 20:41:26 -0700 2008-09-07 12:54:54 -0700 patch opener-restriction.patch text/plain 12784 abarth RnJvbSBiMzYyYzM1NWIxYjM1OWQ2MDY0YTNkZWE0YmZmNTQzMDhhZjcwMTQzIE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBBZGFtIEJhcnRoIDxhYmFydGhAYXJjdGljYS5sb2NhbD4KRGF0 ZTogU2F0LCA2IFNlcCAyMDA4IDIwOjM5OjAxIC0wNzAwClN1YmplY3Q6IFtQQVRDSF0gV2ViQ29y ZToKCjIwMDgtMDktMDYgIEFkYW0gQmFydGggIDxhYmFydGhAd2Via2l0Lm9yZz4KCiAgICAgICAg UmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BTISkuCgogICAgICAgIEFkb3B0IG9wZW5lciByZXN0cmlj dGlvbiBvbiBmcmFtZSBuYXZpZ2F0aW9uLgogICAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5v cmcvc2hvd19idWcuY2dpP2lkPTIwNjQyCgogICAgICAgIFRlc3RzOiBodHRwL3Rlc3RzL3NlY3Vy aXR5L2ZyYW1lTmF2aWdhdGlvbi9ub3Qtb3BlbmVyLmh0bWwKICAgICAgICAgICAgICAgaHR0cC90 ZXN0cy9zZWN1cml0eS9mcmFtZU5hdmlnYXRpb24vb3BlbmVyLmh0bWwKCiAgICAgICAgKiBsb2Fk ZXIvRnJhbWVMb2FkZXIuY3BwOgogICAgICAgIChXZWJDb3JlOjpjYW5BY2Nlc3NBbmNlc3Rvcik6 CiAgICAgICAgKFdlYkNvcmU6OkZyYW1lTG9hZGVyOjpzaG91bGRBbGxvd05hdmlnYXRpb24pOgoK TGF5b3V0VGVzdHM6CgoyMDA4LTA5LTA2ICBBZGFtIEJhcnRoICA8YWJhcnRoQHdlYmtpdC5vcmc+ CgogICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgoKICAgICAgICBUZXN0cyB0aGF0 IG9wZW5lciByZXN0cmljdGlvbiBpcyB3b3JraW5nIHByb3Blcmx5LgogICAgICAgICAgaHR0cHM6 Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTIwNjQyCgogICAgICAgICogaHR0cC90 ZXN0cy9zZWN1cml0eS9mcmFtZU5hdmlnYXRpb24vbm90LW9wZW5lci1leHBlY3RlZC50eHQ6IEFk ZGVkLgogICAgICAgICogaHR0cC90ZXN0cy9zZWN1cml0eS9mcmFtZU5hdmlnYXRpb24vbm90LW9w ZW5lci5odG1sOiBBZGRlZC4KICAgICAgICAqIGh0dHAvdGVzdHMvc2VjdXJpdHkvZnJhbWVOYXZp Z2F0aW9uL29wZW5lci1leHBlY3RlZC50eHQ6IENvcGllZCBmcm9tIExheW91dFRlc3RzL2Zhc3Qv ZG9tL0RvY3VtZW50L2Vhcmx5LWRvY3VtZW50LWFjY2Vzcy1leHBlY3RlZC50eHQuCiAgICAgICAg KiBodHRwL3Rlc3RzL3NlY3VyaXR5L2ZyYW1lTmF2aWdhdGlvbi9vcGVuZXIuaHRtbDogQWRkZWQu CiAgICAgICAgKiBodHRwL3Rlc3RzL3NlY3VyaXR5L2ZyYW1lTmF2aWdhdGlvbi9yZXNvdXJjZXMv bm90LW9wZW5lci1oZWxwZXIuaHRtbDogQWRkZWQuCiAgICAgICAgKiBodHRwL3Rlc3RzL3NlY3Vy aXR5L2ZyYW1lTmF2aWdhdGlvbi9yZXNvdXJjZXMvcGFzcy5odG1sOiBBZGRlZC4KICAgICAgICAq IGh0dHAvdGVzdHMvc2VjdXJpdHkvZnJhbWVOYXZpZ2F0aW9uL3Jlc291cmNlcy9yZWFkeS5odG1s OiBBZGRlZC4KLS0tCiBMYXlvdXRUZXN0cy9DaGFuZ2VMb2cgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICB8ICAgMTUgKysrKysrCiAuLi4vZnJhbWVOYXZpZ2F0aW9uL25vdC1vcGVuZXItZXhw ZWN0ZWQudHh0ICAgICAgICB8ICAgIDMgKwogLi4uL3Rlc3RzL3NlY3VyaXR5L2ZyYW1lTmF2aWdh dGlvbi9ub3Qtb3BlbmVyLmh0bWwgfCAgIDQ1ICsrKysrKysrKysrKysrKysrKysKIC4uLi9zZWN1 cml0eS9mcmFtZU5hdmlnYXRpb24vb3BlbmVyLWV4cGVjdGVkLnR4dCAgIHwgICAgMSArCiAuLi4v dGVzdHMvc2VjdXJpdHkvZnJhbWVOYXZpZ2F0aW9uL29wZW5lci5odG1sICAgICB8ICAgMzggKysr KysrKysrKysrKysrKwogLi4uL3Jlc291cmNlcy9ub3Qtb3BlbmVyLWhlbHBlci5odG1sICAgICAg ICAgICAgICAgfCAgIDE1ICsrKysrKwogLi4uL3NlY3VyaXR5L2ZyYW1lTmF2aWdhdGlvbi9yZXNv dXJjZXMvcGFzcy5odG1sICAgfCAgICA0ICsrCiAuLi4vc2VjdXJpdHkvZnJhbWVOYXZpZ2F0aW9u L3Jlc291cmNlcy9yZWFkeS5odG1sICB8ICAgIDQgKysKIFdlYkNvcmUvQ2hhbmdlTG9nICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgIHwgICAxNCArKysrKysKIFdlYkNvcmUvbG9hZGVy L0ZyYW1lTG9hZGVyLmNwcCAgICAgICAgICAgICAgICAgICAgIHwgICA0NiArKysrKysrKysrKysr KystLS0tLQogMTAgZmlsZXMgY2hhbmdlZCwgMTc0IGluc2VydGlvbnMoKyksIDExIGRlbGV0aW9u cygtKQogY3JlYXRlIG1vZGUgMTAwNjQ0IExheW91dFRlc3RzL2h0dHAvdGVzdHMvc2VjdXJpdHkv ZnJhbWVOYXZpZ2F0aW9uL25vdC1vcGVuZXItZXhwZWN0ZWQudHh0CiBjcmVhdGUgbW9kZSAxMDA2 NDQgTGF5b3V0VGVzdHMvaHR0cC90ZXN0cy9zZWN1cml0eS9mcmFtZU5hdmlnYXRpb24vbm90LW9w ZW5lci5odG1sCiBjcmVhdGUgbW9kZSAxMDA2NDQgTGF5b3V0VGVzdHMvaHR0cC90ZXN0cy9zZWN1 cml0eS9mcmFtZU5hdmlnYXRpb24vb3BlbmVyLWV4cGVjdGVkLnR4dAogY3JlYXRlIG1vZGUgMTAw NjQ0IExheW91dFRlc3RzL2h0dHAvdGVzdHMvc2VjdXJpdHkvZnJhbWVOYXZpZ2F0aW9uL29wZW5l ci5odG1sCiBjcmVhdGUgbW9kZSAxMDA2NDQgTGF5b3V0VGVzdHMvaHR0cC90ZXN0cy9zZWN1cml0 eS9mcmFtZU5hdmlnYXRpb24vcmVzb3VyY2VzL25vdC1vcGVuZXItaGVscGVyLmh0bWwKIGNyZWF0 ZSBtb2RlIDEwMDY0NCBMYXlvdXRUZXN0cy9odHRwL3Rlc3RzL3NlY3VyaXR5L2ZyYW1lTmF2aWdh dGlvbi9yZXNvdXJjZXMvcGFzcy5odG1sCiBjcmVhdGUgbW9kZSAxMDA2NDQgTGF5b3V0VGVzdHMv aHR0cC90ZXN0cy9zZWN1cml0eS9mcmFtZU5hdmlnYXRpb24vcmVzb3VyY2VzL3JlYWR5Lmh0bWwK CmRpZmYgLS1naXQgYS9MYXlvdXRUZXN0cy9DaGFuZ2VMb2cgYi9MYXlvdXRUZXN0cy9DaGFuZ2VM b2cKaW5kZXggMWMzYjVjMy4uMGIxYThhMSAxMDA2NDQKLS0tIGEvTGF5b3V0VGVzdHMvQ2hhbmdl TG9nCisrKyBiL0xheW91dFRlc3RzL0NoYW5nZUxvZwpAQCAtMSwzICsxLDE4IEBACisyMDA4LTA5 LTA2ICBBZGFtIEJhcnRoICA8YWJhcnRoQHdlYmtpdC5vcmc+CisKKyAgICAgICAgUmV2aWV3ZWQg YnkgTk9CT0RZIChPT1BTISkuCisKKyAgICAgICAgVGVzdHMgdGhhdCBvcGVuZXIgcmVzdHJpY3Rp b24gaXMgd29ya2luZyBwcm9wZXJseS4KKyAgICAgICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9y Zy9zaG93X2J1Zy5jZ2k/aWQ9MjA2NDIKKworICAgICAgICAqIGh0dHAvdGVzdHMvc2VjdXJpdHkv ZnJhbWVOYXZpZ2F0aW9uL25vdC1vcGVuZXItZXhwZWN0ZWQudHh0OiBBZGRlZC4KKyAgICAgICAg KiBodHRwL3Rlc3RzL3NlY3VyaXR5L2ZyYW1lTmF2aWdhdGlvbi9ub3Qtb3BlbmVyLmh0bWw6IEFk ZGVkLgorICAgICAgICAqIGh0dHAvdGVzdHMvc2VjdXJpdHkvZnJhbWVOYXZpZ2F0aW9uL29wZW5l ci1leHBlY3RlZC50eHQ6IENvcGllZCBmcm9tIExheW91dFRlc3RzL2Zhc3QvZG9tL0RvY3VtZW50 L2Vhcmx5LWRvY3VtZW50LWFjY2Vzcy1leHBlY3RlZC50eHQuCisgICAgICAgICogaHR0cC90ZXN0 cy9zZWN1cml0eS9mcmFtZU5hdmlnYXRpb24vb3BlbmVyLmh0bWw6IEFkZGVkLgorICAgICAgICAq IGh0dHAvdGVzdHMvc2VjdXJpdHkvZnJhbWVOYXZpZ2F0aW9uL3Jlc291cmNlcy9ub3Qtb3BlbmVy LWhlbHBlci5odG1sOiBBZGRlZC4KKyAgICAgICAgKiBodHRwL3Rlc3RzL3NlY3VyaXR5L2ZyYW1l TmF2aWdhdGlvbi9yZXNvdXJjZXMvcGFzcy5odG1sOiBBZGRlZC4KKyAgICAgICAgKiBodHRwL3Rl c3RzL3NlY3VyaXR5L2ZyYW1lTmF2aWdhdGlvbi9yZXNvdXJjZXMvcmVhZHkuaHRtbDogQWRkZWQu CisKIDIwMDgtMDktMDQgIERhbiBCZXJuc3RlaW4gIDxtaXR6QGFwcGxlLmNvbT4KIAogICAgICAg ICBSZXZpZXdlZCBieSBCZXRoIERha2luLgpkaWZmIC0tZ2l0IGEvTGF5b3V0VGVzdHMvaHR0cC90 ZXN0cy9zZWN1cml0eS9mcmFtZU5hdmlnYXRpb24vbm90LW9wZW5lci1leHBlY3RlZC50eHQgYi9M YXlvdXRUZXN0cy9odHRwL3Rlc3RzL3NlY3VyaXR5L2ZyYW1lTmF2aWdhdGlvbi9ub3Qtb3BlbmVy LWV4cGVjdGVkLnR4dApuZXcgZmlsZSBtb2RlIDEwMDY0NAppbmRleCAwMDAwMDAwLi4wY2IxNTVh Ci0tLSAvZGV2L251bGwKKysrIGIvTGF5b3V0VGVzdHMvaHR0cC90ZXN0cy9zZWN1cml0eS9mcmFt ZU5hdmlnYXRpb24vbm90LW9wZW5lci1leHBlY3RlZC50eHQKQEAgLTAsMCArMSwzIEBACitDT05T T0xFIE1FU1NBR0U6IGxpbmUgMTogVW5zYWZlIEphdmFTY3JpcHQgYXR0ZW1wdCB0byBpbml0aWF0 ZSBhIG5hdmlnYXRpb24gY2hhbmdlIGZvciBmcmFtZSB3aXRoIFVSTCBodHRwOi8vMTI3LjAuMC4x OjgwMDAvc2VjdXJpdHkvZnJhbWVOYXZpZ2F0aW9uL3Jlc291cmNlcy9yZWFkeS5odG1sIGZyb20g ZnJhbWUgd2l0aCBVUkwgaHR0cDovL2xvY2FsaG9zdDo4MDAwL3NlY3VyaXR5L2ZyYW1lTmF2aWdh dGlvbi9yZXNvdXJjZXMvbm90LW9wZW5lci1oZWxwZXIuaHRtbC4KKworUEFTUwpkaWZmIC0tZ2l0 IGEvTGF5b3V0VGVzdHMvaHR0cC90ZXN0cy9zZWN1cml0eS9mcmFtZU5hdmlnYXRpb24vbm90LW9w ZW5lci5odG1sIGIvTGF5b3V0VGVzdHMvaHR0cC90ZXN0cy9zZWN1cml0eS9mcmFtZU5hdmlnYXRp b24vbm90LW9wZW5lci5odG1sCm5ldyBmaWxlIG1vZGUgMTAwNjQ0CmluZGV4IDAwMDAwMDAuLmU0 ZDNkZTIKLS0tIC9kZXYvbnVsbAorKysgYi9MYXlvdXRUZXN0cy9odHRwL3Rlc3RzL3NlY3VyaXR5 L2ZyYW1lTmF2aWdhdGlvbi9ub3Qtb3BlbmVyLmh0bWwKQEAgLTAsMCArMSw0NSBAQAorPGh0bWw+ Cis8aGVhZD4KKzxzY3JpcHQ+CitpZiAod2luZG93LmxheW91dFRlc3RDb250cm9sbGVyKSB7Cisg ICAgbGF5b3V0VGVzdENvbnRyb2xsZXIuZHVtcEFzVGV4dCgpOworICAgIGxheW91dFRlc3RDb250 cm9sbGVyLndhaXRVbnRpbERvbmUoKTsKKyAgICBsYXlvdXRUZXN0Q29udHJvbGxlci5zZXRDYW5P cGVuV2luZG93cygpOworfQorCitmdW5jdGlvbiBsb2cobXNnKSB7CisgICAgdmFyIGRpdiA9IGRv Y3VtZW50LmNyZWF0ZUVsZW1lbnQoImRpdiIpOworICAgIGRpdi5hcHBlbmRDaGlsZChkb2N1bWVu dC5jcmVhdGVUZXh0Tm9kZShtc2cpKTsKKyAgICBkb2N1bWVudC5nZXRFbGVtZW50QnlJZCgiY29u c29sZSIpLmFwcGVuZENoaWxkKGRpdik7Cit9CisKK3ZhciByZWFkeUNvdW50ID0gMDsKK3dpbmRv dy5hZGRFdmVudExpc3RlbmVyKCJtZXNzYWdlIiwgZnVuY3Rpb24oZSkgeworICAgIGlmIChlLmRh dGEgPT0gInJlYWR5IikgeworICAgICAgICArK3JlYWR5Q291bnQ7CisgICAgICAgIGlmIChyZWFk eUNvdW50ID09IDIpIHsKKyAgICAgICAgICAgIGhlbHBlci5wb3N0TWVzc2FnZSgic2V0IiwgIioi KTsKKyAgICAgICAgfQorICAgIH0gZWxzZSBpZiAoZS5kYXRhID09ICJwYXNzIikgeworICAgICAg ICB0YXJnZXQuZG9jdW1lbnQuYm9keS5pbm5lckhUTUwgPSAiU2hvdWxkIGhhdmUgbmF2aWdhdGVk IHRoaXMgd2luZG93LiAgSXQgc2hvdWxkIGJlIHN0aWxsIGJlIHNhbWUtb3JpZ2luLiI7CisgICAg ICAgIGxvZygiUEFTUyIpOworICAgICAgICB0YXJnZXQuY2xvc2UoKTsKKyAgICAgICAgaGVscGVy LnBvc3RNZXNzYWdlKCJjbGVhbnVwIiwgIioiKTsKKyAgICB9IGVsc2UgaWYgKGUuZGF0YSA9PSAi ZG9uZSIpIHsKKyAgICAgICAgaGVscGVyLmNsb3NlKCk7CisgICAgICAgIGlmICh3aW5kb3cubGF5 b3V0VGVzdENvbnRyb2xsZXIpCisgICAgICAgICAgICBsYXlvdXRUZXN0Q29udHJvbGxlci5ub3Rp ZnlEb25lKCk7CisgICAgfQorfSwgZmFsc2UpOworCit3aW5kb3cub25sb2FkID0gZnVuY3Rpb24o KSB7CisgICAgdGFyZ2V0ID0gd2luZG93Lm9wZW4oInJlc291cmNlcy9yZWFkeS5odG1sIiwgInRh cmdldFdpbmRvdyIpOworICAgIGhlbHBlciA9IHdpbmRvdy5vcGVuKCJodHRwOi8vbG9jYWxob3N0 OjgwMDAvc2VjdXJpdHkvZnJhbWVOYXZpZ2F0aW9uL3Jlc291cmNlcy9ub3Qtb3BlbmVyLWhlbHBl ci5odG1sIik7Cit9Cis8L3NjcmlwdD4KKzwvaGVhZD4KKzxib2R5PgorPGRpdiBpZD0iY29uc29s ZSI+PC9kaXY+Cis8L2JvZHk+Cis8L2h0bWw+CisKZGlmZiAtLWdpdCBhL0xheW91dFRlc3RzL2h0 dHAvdGVzdHMvc2VjdXJpdHkvZnJhbWVOYXZpZ2F0aW9uL29wZW5lci1leHBlY3RlZC50eHQgYi9M YXlvdXRUZXN0cy9odHRwL3Rlc3RzL3NlY3VyaXR5L2ZyYW1lTmF2aWdhdGlvbi9vcGVuZXItZXhw ZWN0ZWQudHh0Cm5ldyBmaWxlIG1vZGUgMTAwNjQ0CmluZGV4IDAwMDAwMDAuLjdlZjIyZTkKLS0t IC9kZXYvbnVsbAorKysgYi9MYXlvdXRUZXN0cy9odHRwL3Rlc3RzL3NlY3VyaXR5L2ZyYW1lTmF2 aWdhdGlvbi9vcGVuZXItZXhwZWN0ZWQudHh0CkBAIC0wLDAgKzEgQEAKK1BBU1MKZGlmZiAtLWdp dCBhL0xheW91dFRlc3RzL2h0dHAvdGVzdHMvc2VjdXJpdHkvZnJhbWVOYXZpZ2F0aW9uL29wZW5l ci5odG1sIGIvTGF5b3V0VGVzdHMvaHR0cC90ZXN0cy9zZWN1cml0eS9mcmFtZU5hdmlnYXRpb24v b3BlbmVyLmh0bWwKbmV3IGZpbGUgbW9kZSAxMDA2NDQKaW5kZXggMDAwMDAwMC4uZmI2YWJkYgot LS0gL2Rldi9udWxsCisrKyBiL0xheW91dFRlc3RzL2h0dHAvdGVzdHMvc2VjdXJpdHkvZnJhbWVO YXZpZ2F0aW9uL29wZW5lci5odG1sCkBAIC0wLDAgKzEsMzggQEAKKzxodG1sPgorPGhlYWQ+Cis8 c2NyaXB0PgoraWYgKHdpbmRvdy5sYXlvdXRUZXN0Q29udHJvbGxlcikgeworICAgIGxheW91dFRl c3RDb250cm9sbGVyLmR1bXBBc1RleHQoKTsKKyAgICBsYXlvdXRUZXN0Q29udHJvbGxlci53YWl0 VW50aWxEb25lKCk7CisgICAgbGF5b3V0VGVzdENvbnRyb2xsZXIuc2V0Q2FuT3BlbldpbmRvd3Mo KTsKK30KKworZnVuY3Rpb24gbG9nKG1zZykgeworICAgIHZhciBkaXYgPSBkb2N1bWVudC5jcmVh dGVFbGVtZW50KCJkaXYiKTsKKyAgICBkaXYuYXBwZW5kQ2hpbGQoZG9jdW1lbnQuY3JlYXRlVGV4 dE5vZGUobXNnKSk7CisgICAgZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoImNvbnNvbGUiKS5hcHBl bmRDaGlsZChkaXYpOworfQorCit3aW5kb3cuYWRkRXZlbnRMaXN0ZW5lcigibWVzc2FnZSIsIGZ1 bmN0aW9uKGUpIHsKKyAgICBpZiAoZS5kYXRhID09ICJyZWFkeSIpIHsKKyAgICAgICAgd2luLmxv Y2F0aW9uID0gInJlc291cmNlcy9wYXNzLmh0bWwiOworICAgIH0gZWxzZSBpZiAoZS5kYXRhID09 ICJwYXNzIikgeworICAgICAgICB3aW4uZG9jdW1lbnQuYm9keS5pbm5lckhUTUwgPSAiRnJhbWUg bmF2aWdhdGVkIGJhY2sgb24tZG9tYWluIjsKKyAgICAgICAgd2luLmNsb3NlKCk7CisgICAgICAg IGxvZygiUEFTUyIpOworICAgICAgICBpZiAod2luZG93LmxheW91dFRlc3RDb250cm9sbGVyKQor ICAgICAgICAgICAgbGF5b3V0VGVzdENvbnRyb2xsZXIubm90aWZ5RG9uZSgpOworICAgIH0KK30s IGZhbHNlKTsKKword2luZG93Lm9ubG9hZCA9IGZ1bmN0aW9uKCkgeworICAgIHdpbiA9IHdpbmRv dy5vcGVuKCJodHRwOi8vbG9jYWxob3N0OjgwMDAvc2VjdXJpdHkvZnJhbWVOYXZpZ2F0aW9uL3Jl c291cmNlcy9yZWFkeS5odG1sIiwgInRhcmdldEZyYW1lIik7Cit9CisKKzwvc2NyaXB0PgorPC9o ZWFkPgorPGJvZHk+Cis8ZGl2IGlkPSJjb25zb2xlIj48L2Rpdj4KKzwvYm9keT4KKzwvaHRtbD4K KwpkaWZmIC0tZ2l0IGEvTGF5b3V0VGVzdHMvaHR0cC90ZXN0cy9zZWN1cml0eS9mcmFtZU5hdmln YXRpb24vcmVzb3VyY2VzL25vdC1vcGVuZXItaGVscGVyLmh0bWwgYi9MYXlvdXRUZXN0cy9odHRw L3Rlc3RzL3NlY3VyaXR5L2ZyYW1lTmF2aWdhdGlvbi9yZXNvdXJjZXMvbm90LW9wZW5lci1oZWxw ZXIuaHRtbApuZXcgZmlsZSBtb2RlIDEwMDY0NAppbmRleCAwMDAwMDAwLi5iYTdiNzY2Ci0tLSAv ZGV2L251bGwKKysrIGIvTGF5b3V0VGVzdHMvaHR0cC90ZXN0cy9zZWN1cml0eS9mcmFtZU5hdmln YXRpb24vcmVzb3VyY2VzL25vdC1vcGVuZXItaGVscGVyLmh0bWwKQEAgLTAsMCArMSwxNSBAQAor PHNjcmlwdD4KK3dpbmRvdy5hZGRFdmVudExpc3RlbmVyKCJtZXNzYWdlIiwgZnVuY3Rpb24oZSkg eworICAgIGlmIChlLmRhdGEgPT0gInNldCIpIHsKKyAgICAgICAgd2luID0gd2luZG93Lm9wZW4o Imh0dHA6Ly8xMjcuMC4wLjE6ODAwMC9zZWN1cml0eS9mcmFtZU5hdmlnYXRpb24vcmVzb3VyY2Vz L3JlYWR5Lmh0bWwiLCAidGFyZ2V0V2luZG93Iik7CisgICAgfSBlbHNlIGlmIChlLmRhdGEgPT0g InJlYWR5IikgeworICAgICAgICBvcGVuZXIucG9zdE1lc3NhZ2UoInBhc3MiLCAiKiIpOworICAg IH0gZWxzZSBpZiAoZS5kYXRhID09ICJjbGVhbnVwIikgeworICAgICAgICB3aW4uY2xvc2UoKTsK KyAgICAgICAgb3BlbmVyLnBvc3RNZXNzYWdlKCJkb25lIiwgIioiKTsKKyAgICB9Cit9LCBmYWxz ZSk7CisKK29wZW5lci5wb3N0TWVzc2FnZSgicmVhZHkiLCAiKiIpOworPC9zY3JpcHQ+CitIZWxw ZXIgd2luZG93LgpkaWZmIC0tZ2l0IGEvTGF5b3V0VGVzdHMvaHR0cC90ZXN0cy9zZWN1cml0eS9m cmFtZU5hdmlnYXRpb24vcmVzb3VyY2VzL3Bhc3MuaHRtbCBiL0xheW91dFRlc3RzL2h0dHAvdGVz dHMvc2VjdXJpdHkvZnJhbWVOYXZpZ2F0aW9uL3Jlc291cmNlcy9wYXNzLmh0bWwKbmV3IGZpbGUg bW9kZSAxMDA2NDQKaW5kZXggMDAwMDAwMC4uODNkNGRiOAotLS0gL2Rldi9udWxsCisrKyBiL0xh eW91dFRlc3RzL2h0dHAvdGVzdHMvc2VjdXJpdHkvZnJhbWVOYXZpZ2F0aW9uL3Jlc291cmNlcy9w YXNzLmh0bWwKQEAgLTAsMCArMSw0IEBACis8c2NyaXB0Pgorb3BlbmVyLnBvc3RNZXNzYWdlKCJw YXNzIiwgIioiKTsKKzwvc2NyaXB0PgorU2VudCBtZXNzYWdlICJwYXNzIgpkaWZmIC0tZ2l0IGEv TGF5b3V0VGVzdHMvaHR0cC90ZXN0cy9zZWN1cml0eS9mcmFtZU5hdmlnYXRpb24vcmVzb3VyY2Vz L3JlYWR5Lmh0bWwgYi9MYXlvdXRUZXN0cy9odHRwL3Rlc3RzL3NlY3VyaXR5L2ZyYW1lTmF2aWdh dGlvbi9yZXNvdXJjZXMvcmVhZHkuaHRtbApuZXcgZmlsZSBtb2RlIDEwMDY0NAppbmRleCAwMDAw MDAwLi5jMTZkMTNjCi0tLSAvZGV2L251bGwKKysrIGIvTGF5b3V0VGVzdHMvaHR0cC90ZXN0cy9z ZWN1cml0eS9mcmFtZU5hdmlnYXRpb24vcmVzb3VyY2VzL3JlYWR5Lmh0bWwKQEAgLTAsMCArMSw0 IEBACis8c2NyaXB0Pgorb3BlbmVyLnBvc3RNZXNzYWdlKCJyZWFkeSIsICIqIik7Cis8L3Njcmlw dD4KK1NlbnQgbWVzc2FnZSAicmVhZHkiCmRpZmYgLS1naXQgYS9XZWJDb3JlL0NoYW5nZUxvZyBi L1dlYkNvcmUvQ2hhbmdlTG9nCmluZGV4IGQ2YTU4MjMuLjgyYTkwYTYgMTAwNjQ0Ci0tLSBhL1dl YkNvcmUvQ2hhbmdlTG9nCisrKyBiL1dlYkNvcmUvQ2hhbmdlTG9nCkBAIC0xLDMgKzEsMTcgQEAK KzIwMDgtMDktMDYgIEFkYW0gQmFydGggIDxhYmFydGhAd2Via2l0Lm9yZz4KKworICAgICAgICBS ZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICBBZG9wdCBvcGVuZXIgcmVzdHJp Y3Rpb24gb24gZnJhbWUgbmF2aWdhdGlvbi4KKyAgICAgICAgICBodHRwczovL2J1Z3Mud2Via2l0 Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9MjA2NDIKKworICAgICAgICBUZXN0czogaHR0cC90ZXN0cy9z ZWN1cml0eS9mcmFtZU5hdmlnYXRpb24vbm90LW9wZW5lci5odG1sCisgICAgICAgICAgICAgICBo dHRwL3Rlc3RzL3NlY3VyaXR5L2ZyYW1lTmF2aWdhdGlvbi9vcGVuZXIuaHRtbAorCisgICAgICAg ICogbG9hZGVyL0ZyYW1lTG9hZGVyLmNwcDoKKyAgICAgICAgKFdlYkNvcmU6OmNhbkFjY2Vzc0Fu Y2VzdG9yKToKKyAgICAgICAgKFdlYkNvcmU6OkZyYW1lTG9hZGVyOjpzaG91bGRBbGxvd05hdmln YXRpb24pOgorCiAyMDA4LTA5LTA2ICBBbnR0aSBLb2l2aXN0byAgPGFudHRpQGFwcGxlLmNvbT4K IAogICAgICAgICBSZXZlcnRpbmcgcjM1OTUzIHdoaWNoIHdhcyBjYXVzaW5nIHByb2JsZW1zIG9u IFdpbmRvd3Mgd2hpY2ggcmVsaWVzIG9uCmRpZmYgLS1naXQgYS9XZWJDb3JlL2xvYWRlci9GcmFt ZUxvYWRlci5jcHAgYi9XZWJDb3JlL2xvYWRlci9GcmFtZUxvYWRlci5jcHAKaW5kZXggNTBkMjE2 Mi4uYzNlZmZkYiAxMDA2NDQKLS0tIGEvV2ViQ29yZS9sb2FkZXIvRnJhbWVMb2FkZXIuY3BwCisr KyBiL1dlYkNvcmUvbG9hZGVyL0ZyYW1lTG9hZGVyLmNwcApAQCAtMjQ0NywzNCArMjQ0Nyw1OCBA QCB2b2lkIEZyYW1lTG9hZGVyOjpyZWxvYWQoKQogICAgIGxvYWRXaXRoRG9jdW1lbnRMb2FkZXIo bG9hZGVyLmdldCgpLCBGcmFtZUxvYWRUeXBlUmVsb2FkLCAwKTsKIH0KIAorc3RhdGljIGJvb2wg Y2FuQWNjZXNzQW5jZXN0b3IoY29uc3QgU2VjdXJpdHlPcmlnaW4qIGFjdGl2ZVNlY3VyaXR5T3Jp Z2luLCBGcmFtZSogdGFyZ2V0RnJhbWUpCit7CisgICAgLy8gdGFyZ2V0RnJhbWUgY2FuIGJlIE5V TEwgd2hlbiB3ZSdyZSB0cnlpbmcgdG8gbmF2aWdhdGUgYSB0b3AtbGV2ZWwgZnJhbWUKKyAgICAv LyB0aGF0IGhhcyBhIE5VTEwgb3BlbmVyLgorICAgIGlmICghdGFyZ2V0RnJhbWUpCisgICAgICAg IHJldHVybiBmYWxzZTsKKworICAgIGZvciAoRnJhbWUqIGFuY2VzdG9yRnJhbWUgPSB0YXJnZXRG cmFtZTsgYW5jZXN0b3JGcmFtZTsgYW5jZXN0b3JGcmFtZSA9IGFuY2VzdG9yRnJhbWUtPnRyZWUo KS0+cGFyZW50KCkpIHsKKyAgICAgICAgRG9jdW1lbnQqIGFuY2VzdG9yRG9jdW1lbnQgPSBhbmNl c3RvckZyYW1lLT5kb2N1bWVudCgpOworICAgICAgICBpZiAoIWFuY2VzdG9yRG9jdW1lbnQpCisg ICAgICAgICAgICByZXR1cm4gdHJ1ZTsKKworICAgICAgICBjb25zdCBTZWN1cml0eU9yaWdpbiog YW5jZXN0b3JTZWN1cml0eU9yaWdpbiA9IGFuY2VzdG9yRG9jdW1lbnQtPnNlY3VyaXR5T3JpZ2lu KCk7CisgICAgICAgIGlmIChhY3RpdmVTZWN1cml0eU9yaWdpbi0+Y2FuQWNjZXNzKGFuY2VzdG9y U2VjdXJpdHlPcmlnaW4pKQorICAgICAgICAgICAgcmV0dXJuIHRydWU7CisgICAgfQorCisgICAg cmV0dXJuIGZhbHNlOworfQorCiBib29sIEZyYW1lTG9hZGVyOjpzaG91bGRBbGxvd05hdmlnYXRp b24oRnJhbWUqIHRhcmdldEZyYW1lKSBjb25zdAogewogICAgIC8vIFRoZSBuYXZpZ2F0aW9uIGNo YW5nZSBpcyBzYWZlIGlmIHRoZSBhY3RpdmUgZnJhbWUgaXM6Ci0gICAgLy8gICAtIGluIHRoZSBz YW1lIHNlY3VyaXR5IG9yaWdpbiBhcyB0aGUgdGFyZ2V0IG9yIG9uZSBvZiB0aGUgdGFyZ2V0J3Mg YW5jZXN0b3JzCisgICAgLy8gICAtIGluIHRoZSBzYW1lIHNlY3VyaXR5IG9yaWdpbiBhcyB0aGUg dGFyZ2V0IG9yIG9uZSBvZiB0aGUgdGFyZ2V0J3MKKyAgICAvLyAgICAgYW5jZXN0b3JzLgorICAg IC8vCiAgICAgLy8gT3IgdGhlIHRhcmdldCBmcmFtZSBpczoKLSAgICAvLyAgIC0gYSB0b3AtbGV2 ZWwgZnJhbWUgaW4gdGhlIGZyYW1lIGhpZXJhcmNoeQorICAgIC8vICAgLSBhIHRvcC1sZXZlbCBm cmFtZSBpbiB0aGUgZnJhbWUgaGllcmFyY2h5IGFuZCB0aGUgYWN0aXZlIGZyYW1lIGNhbgorICAg IC8vICAgICBuYXZpZ2F0ZSB0aGUgdGFyZ2V0IGZyYW1lJ3Mgb3BlbmVyIHBlciBhYm92ZS4KIAog ICAgIGlmICghdGFyZ2V0RnJhbWUpCiAgICAgICAgIHJldHVybiB0cnVlOwogCisgICAgLy8gUGVy Zm9ybWFuY2Ugb3B0aW1pemF0aW9uLgogICAgIGlmIChtX2ZyYW1lID09IHRhcmdldEZyYW1lKQog ICAgICAgICByZXR1cm4gdHJ1ZTsKIAotICAgIGlmICghdGFyZ2V0RnJhbWUtPnRyZWUoKS0+cGFy ZW50KCkpCisgICAgLy8gQWxsb3cgZnJhbWUtYnVzdGluZy4KKyAgICBpZiAodGFyZ2V0RnJhbWUg PT0gbV9mcmFtZS0+dHJlZSgpLT50b3AoKSkKICAgICAgICAgcmV0dXJuIHRydWU7CiAKICAgICBE b2N1bWVudCogYWN0aXZlRG9jdW1lbnQgPSBtX2ZyYW1lLT5kb2N1bWVudCgpOwogICAgIEFTU0VS VChhY3RpdmVEb2N1bWVudCk7CiAgICAgY29uc3QgU2VjdXJpdHlPcmlnaW4qIGFjdGl2ZVNlY3Vy aXR5T3JpZ2luID0gYWN0aXZlRG9jdW1lbnQtPnNlY3VyaXR5T3JpZ2luKCk7Ci0gICAgZm9yIChG cmFtZSogYW5jZXN0b3JGcmFtZSA9IHRhcmdldEZyYW1lOyBhbmNlc3RvckZyYW1lOyBhbmNlc3Rv ckZyYW1lID0gYW5jZXN0b3JGcmFtZS0+dHJlZSgpLT5wYXJlbnQoKSkgewotICAgICAgICBEb2N1 bWVudCogYW5jZXN0b3JEb2N1bWVudCA9IGFuY2VzdG9yRnJhbWUtPmRvY3VtZW50KCk7Ci0gICAg ICAgIGlmICghYW5jZXN0b3JEb2N1bWVudCkKLSAgICAgICAgICAgIHJldHVybiB0cnVlOwogCi0g ICAgICAgIGNvbnN0IFNlY3VyaXR5T3JpZ2luKiBhbmNlc3RvclNlY3VyaXR5T3JpZ2luID0gYW5j ZXN0b3JEb2N1bWVudC0+c2VjdXJpdHlPcmlnaW4oKTsKLSAgICAgICAgaWYgKGFjdGl2ZVNlY3Vy aXR5T3JpZ2luLT5jYW5BY2Nlc3MoYW5jZXN0b3JTZWN1cml0eU9yaWdpbikpCi0gICAgICAgICAg ICByZXR1cm4gdHJ1ZTsKLSAgICB9CisgICAgLy8gRm9yIHRvcC1sZXZlbCB3aW5kb3dzLCBjaGVj ayB0aGUgb3BlbmVyLgorICAgIGlmICghdGFyZ2V0RnJhbWUtPnRyZWUoKS0+cGFyZW50KCkgJiYg Y2FuQWNjZXNzQW5jZXN0b3IoYWN0aXZlU2VjdXJpdHlPcmlnaW4sIHRhcmdldEZyYW1lLT5sb2Fk ZXIoKS0+b3BlbmVyKCkpKQorICAgICAgICByZXR1cm4gdHJ1ZTsKKworICAgIC8vIEluIGdlbmVy YWwsIGNoZWNrIHRoZSBmcmFtZSdzIGFuY2VzdG9ycy4KKyAgICBpZiAoY2FuQWNjZXNzQW5jZXN0 b3IoYWN0aXZlU2VjdXJpdHlPcmlnaW4sIHRhcmdldEZyYW1lKSkKKyAgICAgICAgcmV0dXJuIHRy dWU7CiAKICAgICBTZXR0aW5ncyogc2V0dGluZ3MgPSB0YXJnZXRGcmFtZS0+c2V0dGluZ3MoKTsK ICAgICBpZiAoc2V0dGluZ3MgJiYgIXNldHRpbmdzLT5wcml2YXRlQnJvd3NpbmdFbmFibGVkKCkp IHsKLS0gCjEuNS41LjMKCg==