71704 2011-11-07 10:17:41 -0800 iframe sandbox treats vertical tab as a valid delimiter 2011-11-07 13:05:13 -0800 1 1 1 Unclassified WebKit New Bugs 528+ (Nightly build) Unspecified Unspecified RESOLVED FIXED P2 Normal --- 1 abarth abarth darin eric sam oldest_to_newest 497273 0 abarth 2011-11-07 10:17:41 -0800 iframe sandbox treats vertical tab as a valid delimiter 497275 1 113889 abarth 2011-11-07 10:19:11 -0800 Created attachment 113889 Patch 497276 2 113889 eric 2011-11-07 10:21:39 -0800 Comment on attachment 113889 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=113889&action=review > Source/WebCore/page/SecurityOrigin.cpp:555 > + while (start < length && isHTMLSpace(characters[start])) I think we should just reproduce this function locally. I don't think we gain anything by depending on html/ here unless the security origin spec explicitly tries to match html? 497280 3 abarth 2011-11-07 10:27:07 -0800 I'm not really sure where this function should live. It used to make sense in this file when the sandbox bits were stored on SecurityOrigin. When we create the SecurityContext class, it should probably live there. To answer your question more directly, the parsing of these policies is defined in HTML5, and the algorithm in the spec refers to the generic HTML space definition used throughout the spec, which is why I think it makes sense to call this function. 497284 4 eric 2011-11-07 10:32:45 -0800 (In reply to comment #3) > To answer your question more directly, the parsing of these policies is defined in HTML5, and the algorithm in the spec refers to the generic HTML space definition used throughout the spec, which is why I think it makes sense to call this function. Ok. It might make sense to document that that's why we have this seeming dependency inversion. :) But if you feel the spec is good enough documentation for that, that's OK too. 497288 5 113889 abarth 2011-11-07 10:40:33 -0800 Comment on attachment 113889 Patch I'll add a link to the spec when I move this to SecurityContext. 497404 6 113889 abarth 2011-11-07 13:05:10 -0800 Comment on attachment 113889 Patch Clearing flags on attachment: 113889 Committed r99466: <http://trac.webkit.org/changeset/99466> 497405 7 abarth 2011-11-07 13:05:13 -0800 All reviewed patches have been landed. Closing bug. 113889 2011-11-07 10:19:11 -0800 2011-11-07 13:05:10 -0800 Patch bug-71704-20111107101910.patch text/plain 4946 abarth SW5kZXg6IFNvdXJjZS9XZWJDb3JlL0NoYW5nZUxvZwo9PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvV2Vi Q29yZS9DaGFuZ2VMb2cJKHJldmlzaW9uIDk5NDM5KQorKysgU291cmNlL1dlYkNvcmUvQ2hhbmdl TG9nCSh3b3JraW5nIGNvcHkpCkBAIC0xLDMgKzEsMTkgQEAKKzIwMTEtMTEtMDcgIEFkYW0gQmFy dGggIDxhYmFydGhAd2Via2l0Lm9yZz4KKworICAgICAgICBpZnJhbWUgc2FuZGJveCB0cmVhdHMg dmVydGljYWwgdGFiIGFzIGEgdmFsaWQgZGVsaW1pdGVyCisgICAgICAgIGh0dHBzOi8vYnVncy53 ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD03MTcwNAorCisgICAgICAgIFJldmlld2VkIGJ5IE5P Qk9EWSAoT09QUyEpLgorCisgICAgICAgIFRoaXMgcGF0Y2ggYWRqdXN0cyBvdXIgcGFyc2VyIHNs aWdodGx5IHRvIG1hdGNoIHRoZSBIVE1MNSBzcGVjLiAgVGhlCisgICAgICAgIG9ubHkgZGlmZmVy ZW5jZSBpcyBpbiBob3cgd2UgaGFuZGxlIHZlcnRpY2FsIHRhYnMuICBQcmV2aW91c2x5LCB3ZQor ICAgICAgICB0cmVhdGVkIHRoZW0gYXMgYSBkZWxpbWl0ZXIsIGJ1dCB3ZSdyZSBub3Qgc3VwcG9z ZWQgdG8gZG8gdGhhdC4KKworICAgICAgICBUZXN0OiBmYXN0L2ZyYW1lcy9zYW5kYm94ZWQtaWZy YW1lLXBhcnNpbmctc3BhY2UtY2hhcmFjdGVycy5odG1sCisKKyAgICAgICAgKiBwYWdlL1NlY3Vy aXR5T3JpZ2luLmNwcDoKKyAgICAgICAgKFdlYkNvcmU6OlNlY3VyaXR5T3JpZ2luOjpwYXJzZVNh bmRib3hQb2xpY3kpOgorCiAyMDExLTExLTA3ICBKZXNzaWUgQmVybGluICA8amJlcmxpbkBhcHBs ZS5jb20+CiAKICAgICAgICAgTmVlZCBhIHdheSB0byBhbGxvdyBhIHNjaGVtZSBhY2Nlc3MgdG8g TG9jYWwgU3RvcmFnZSBhbmQgRGF0YWJhc2VzIHdoaWxlIFByaXZhdGUgQnJvd3NpbmcgaXMKSW5k ZXg6IFNvdXJjZS9XZWJDb3JlL3BhZ2UvU2VjdXJpdHlPcmlnaW4uY3BwCj09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0t IFNvdXJjZS9XZWJDb3JlL3BhZ2UvU2VjdXJpdHlPcmlnaW4uY3BwCShyZXZpc2lvbiA5OTQzMikK KysrIFNvdXJjZS9XZWJDb3JlL3BhZ2UvU2VjdXJpdHlPcmlnaW4uY3BwCSh3b3JraW5nIGNvcHkp CkBAIC0zMiw2ICszMiw3IEBACiAjaW5jbHVkZSAiQmxvYlVSTC5oIgogI2luY2x1ZGUgIkRvY3Vt ZW50LmgiCiAjaW5jbHVkZSAiRmlsZVN5c3RlbS5oIgorI2luY2x1ZGUgIkhUTUxQYXJzZXJJZGlv bXMuaCIKICNpbmNsdWRlICJLVVJMLmgiCiAjaW5jbHVkZSAiT3JpZ2luQWNjZXNzRW50cnkuaCIK ICNpbmNsdWRlICJTY2hlbWVSZWdpc3RyeS5oIgpAQCAtNTUxLDEyICs1NTIsMTIgQEAgU2FuZGJv eEZsYWdzIFNlY3VyaXR5T3JpZ2luOjpwYXJzZVNhbmRibwogICAgIHVuc2lnbmVkIGxlbmd0aCA9 IHBvbGljeS5sZW5ndGgoKTsKICAgICB1bnNpZ25lZCBzdGFydCA9IDA7CiAgICAgd2hpbGUgKHRy dWUpIHsKLSAgICAgICAgd2hpbGUgKHN0YXJ0IDwgbGVuZ3RoICYmIGlzQVNDSUlTcGFjZShjaGFy YWN0ZXJzW3N0YXJ0XSkpCisgICAgICAgIHdoaWxlIChzdGFydCA8IGxlbmd0aCAmJiBpc0hUTUxT cGFjZShjaGFyYWN0ZXJzW3N0YXJ0XSkpCiAgICAgICAgICAgICArK3N0YXJ0OwogICAgICAgICBp ZiAoc3RhcnQgPj0gbGVuZ3RoKQogICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgIHVuc2lnbmVk IGVuZCA9IHN0YXJ0ICsgMTsKLSAgICAgICAgd2hpbGUgKGVuZCA8IGxlbmd0aCAmJiAhaXNBU0NJ SVNwYWNlKGNoYXJhY3RlcnNbZW5kXSkpCisgICAgICAgIHdoaWxlIChlbmQgPCBsZW5ndGggJiYg IWlzSFRNTFNwYWNlKGNoYXJhY3RlcnNbZW5kXSkpCiAgICAgICAgICAgICArK2VuZDsKIAogICAg ICAgICAvLyBUdXJuIG9mZiB0aGUgY29ycmVzcG9uZGluZyBzYW5kYm94IGZsYWcgaWYgaXQncyBz ZXQgYXMgImFsbG93ZWQiLgpJbmRleDogTGF5b3V0VGVzdHMvQ2hhbmdlTG9nCj09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0K LS0tIExheW91dFRlc3RzL0NoYW5nZUxvZwkocmV2aXNpb24gOTk0MzkpCisrKyBMYXlvdXRUZXN0 cy9DaGFuZ2VMb2cJKHdvcmtpbmcgY29weSkKQEAgLTEsMyArMSwxNSBAQAorMjAxMS0xMS0wNyAg QWRhbSBCYXJ0aCAgPGFiYXJ0aEB3ZWJraXQub3JnPgorCisgICAgICAgIGlmcmFtZSBzYW5kYm94 IHRyZWF0cyB2ZXJ0aWNhbCB0YWIgYXMgYSB2YWxpZCBkZWxpbWl0ZXIKKyAgICAgICAgaHR0cHM6 Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTcxNzA0CisKKyAgICAgICAgUmV2aWV3 ZWQgYnkgTk9CT0RZIChPT1BTISkuCisKKyAgICAgICAgVGVzdCB3aGljaCBzcGFjZS1saWtlIGNo YXJhdGVycyBhcmUgdHJlYXRpbmcgYXMgZGVsaW1pdGVycy4KKworICAgICAgICAqIGZhc3QvZnJh bWVzL3NhbmRib3hlZC1pZnJhbWUtcGFyc2luZy1zcGFjZS1jaGFyYWN0ZXJzLWV4cGVjdGVkLnR4 dDogQWRkZWQuCisgICAgICAgICogZmFzdC9mcmFtZXMvc2FuZGJveGVkLWlmcmFtZS1wYXJzaW5n LXNwYWNlLWNoYXJhY3RlcnMuaHRtbDogQWRkZWQuCisKIDIwMTEtMTEtMDcgIERvbWluaWMgQ29v bmV5ICA8ZG9taW5pY2NAY2hyb21pdW0ub3JnPgogCiAgICAgICAgIFJlbW92ZSBpbml0Q2xvc2VF dmVudCBtZXRob2QKSW5kZXg6IExheW91dFRlc3RzL2Zhc3QvZnJhbWVzL3NhbmRib3hlZC1pZnJh bWUtcGFyc2luZy1zcGFjZS1jaGFyYWN0ZXJzLWV4cGVjdGVkLnR4dAo9PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBM YXlvdXRUZXN0cy9mYXN0L2ZyYW1lcy9zYW5kYm94ZWQtaWZyYW1lLXBhcnNpbmctc3BhY2UtY2hh cmFjdGVycy1leHBlY3RlZC50eHQJKHJldmlzaW9uIDApCisrKyBMYXlvdXRUZXN0cy9mYXN0L2Zy YW1lcy9zYW5kYm94ZWQtaWZyYW1lLXBhcnNpbmctc3BhY2UtY2hhcmFjdGVycy1leHBlY3RlZC50 eHQJKHJldmlzaW9uIDApCkBAIC0wLDAgKzEsNyBAQAorQUxFUlQ6IFBBU1M6IEZvcm0gZmVlZCBp cyBhIGRlbGltaXRlci4KK0FMRVJUOiBQQVNTOiBOZXdsaW5lIGlzIGEgZGVsaW1pdGVyLgorQUxF UlQ6IFBBU1M6IFJldHVybiBpcyBhIGRlbGltaXRlci4KK0FMRVJUOiBQQVNTOiBUYWIgaXMgYSBk ZWxpbWl0ZXIuCitBTEVSVDogUEFTUzogU3BhY2UgaXMgYSBkZWxpbWl0ZXIgY2hhcmFjdGVyLgor VGhpcyB0ZXN0cyB3aGV0aGVyIHdlIGNvcnJlY3QgcGFyc2UgdmFyaW91cyBzcGFjZSBjaGFyYWN0 ZXJzIGluIHRoZSBzYW5kYm94IGF0dHJpYnV0ZS4KKyAKSW5kZXg6IExheW91dFRlc3RzL2Zhc3Qv ZnJhbWVzL3NhbmRib3hlZC1pZnJhbWUtcGFyc2luZy1zcGFjZS1jaGFyYWN0ZXJzLmh0bWwKPT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PQotLS0gTGF5b3V0VGVzdHMvZmFzdC9mcmFtZXMvc2FuZGJveGVkLWlmcmFtZS1wYXJz aW5nLXNwYWNlLWNoYXJhY3RlcnMuaHRtbAkocmV2aXNpb24gMCkKKysrIExheW91dFRlc3RzL2Zh c3QvZnJhbWVzL3NhbmRib3hlZC1pZnJhbWUtcGFyc2luZy1zcGFjZS1jaGFyYWN0ZXJzLmh0bWwJ KHJldmlzaW9uIDApCkBAIC0wLDAgKzEsNDAgQEAKK1RoaXMgdGVzdHMgd2hldGhlciB3ZSBjb3Jy ZWN0IHBhcnNlIHZhcmlvdXMgc3BhY2UgY2hhcmFjdGVycyBpbiB0aGUgc2FuZGJveCBhdHRyaWJ1 dGUuPGJyPgorPHNjcmlwdD4KK3ZhciB0ZXN0Q2FzZXMgPSBbCisgICAgWycgJywgJ1BBU1M6IFNw YWNlIGlzIGEgZGVsaW1pdGVyIGNoYXJhY3Rlci4nXSwKKyAgICBbJ1x0JywgJ1BBU1M6IFRhYiBp cyBhIGRlbGltaXRlci4nXSwKKyAgICBbJ3gnLCAnRkFJTDogeCBpcyBub3QgYSBkZWxpbWl0ZXIu J10sCisgICAgWydccicsICdQQVNTOiBSZXR1cm4gaXMgYSBkZWxpbWl0ZXIuJ10sCisgICAgWydc bicsICdQQVNTOiBOZXdsaW5lIGlzIGEgZGVsaW1pdGVyLiddLAorICAgIFsnXHYnLCAnRkFJTDog VmVydGljYWwgdGFiIGlzIG5vdCBhIGRlbGltaXRlci4nXSwKKyAgICBbJ1xmJywgJ1BBU1M6IEZv cm0gZmVlZCBpcyBhIGRlbGltaXRlci4nXSwKK10KKworZnVuY3Rpb24gbmV4dCgpIHsKKyAgICBp ZiAodGVzdENhc2VzLmxlbmd0aCkgeworICAgICAgICB2YXIgdGVzdENhc2UgPSB0ZXN0Q2FzZXMu cG9wKCk7CisgICAgICAgIHRlc3RDaGFyYWN0ZXIuYXBwbHkobnVsbCwgdGVzdENhc2UpOworICAg ICAgICByZXR1cm47CisgICAgfQorCisgICAgaWYgKHdpbmRvdy5sYXlvdXRUZXN0Q29udHJvbGxl cikKKyAgICAgICAgbGF5b3V0VGVzdENvbnRyb2xsZXIubm90aWZ5RG9uZSgpOworfQorCitmdW5j dGlvbiB0ZXN0Q2hhcmFjdGVyKHBvc3NpYmxlRGVsaW1pdGVyLCBtZXNzYWdlKSB7CisgICAgdmFy IHBvbGljeSA9ICJhbGxvdy1zY3JpcHRzIiArIHBvc3NpYmxlRGVsaW1pdGVyICsgImFsbG93LWZv cm1zIjsKKyAgICB2YXIgaWZyYW1lID0gZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgnaWZyYW1lJyk7 CisgICAgaWZyYW1lLnNhbmRib3ggPSBwb2xpY3k7CisgICAgaWZyYW1lLnNyYyA9ICJkYXRhOnRl eHQvaHRtbCw8c2NyaXB0PmFsZXJ0KCciICsgbWVzc2FnZSArICInKTs8XC9zY3JpcHQ+IjsKKyAg ICBpZnJhbWUub25sb2FkID0gbmV4dDsKKyAgICBkb2N1bWVudC5ib2R5LmFwcGVuZENoaWxkKGlm cmFtZSk7Cit9CisKK2lmICh3aW5kb3cubGF5b3V0VGVzdENvbnRyb2xsZXIpIHsKKyAgICBsYXlv dXRUZXN0Q29udHJvbGxlci5kdW1wQXNUZXh0KCk7CisgICAgbGF5b3V0VGVzdENvbnRyb2xsZXIu d2FpdFVudGlsRG9uZSgpOworfQorCituZXh0KCk7CisKKzwvc2NyaXB0Pgo=