Bug 32309

Summary: noAccess url schemes block access to inline stylesheets
Product: WebKit Reporter: Jochen Eisinger <eisinger>
Component: WebCore JavaScriptAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: abarth, ap, commit-queue
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: PC   
OS: OS X 10.5   
Attachments:
Description Flags
test case
none
Patch none

Jochen Eisinger
Reported 2009-12-09 00:47:10 PST
url schemes that are listed as noAccess block access from javascripts to inline stylesheets. The description of the noAccess feature suggests that javascripts in such a document should be allowed to access itself. This is also an issue in Chrome, see http://code.google.com/p/chromium/issues/detail?id=29422
Attachments
test case (311 bytes, text/html)
2009-12-09 00:49 PST, Jochen Eisinger 		no flags
Details
Patch (4.06 KB, patch)
2010-03-29 18:09 PDT, Adam Barth 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Jochen Eisinger
Comment 1 2009-12-09 00:49:25 PST
Created attachment 44516 [details] test case The following html file is a small test case. The javascript announces the number of CSS rules found in the inline css stylesheet. When you encode this file as a data: link, the variable rules will be null and rules.length results into an error: data:text/html;base64,PGh0bWw+CiAgPHN0eWxlPgogICAgYm9keSB7CiAgICAgIGJhY2tncm91bmQ6IGdyZWVuOwogICAgfQogIDwvc3R5bGU+CiAgPGJvZHk+CiAgICA8c2NyaXB0PgogICAgICB2YXIgc3R5bGVzaGVldHMgPSBkb2N1bWVudC5zdHlsZVNoZWV0czsKICAgICAgdmFyIHN0eWxlc2hlZXQgPSBzdHlsZXNoZWV0c1tzdHlsZXNoZWV0cy5sZW5ndGgtMV07CiAgICAgIHZhciBydWxlcyA9IHN0eWxlc2hlZXQuY3NzUnVsZXM7CiAgICAgIGFsZXJ0KHJ1bGVzLmxlbmd0aCArICcgcnVsZXMgZm91bmQnKTsKICAgIDwvc2NyaXB0PgogIDwvYm9keT4KPC9odG1sPgo=
Adam Barth
Comment 2 2009-12-09 01:54:05 PST
This is likely a regression from my patch in this area. I'll look at this unless someone beats me to it.
Adam Barth
Comment 3 2010-03-29 18:09:06 PDT
Created attachment 51990 [details] Patch
Darin Adler
Comment 4 2010-03-30 13:24:46 PDT
Comment on attachment 51990 [details] Patch The test covers the isEmpty case, but does not cover cases where baseURL != finalURL. Since you are making both changes, I think we need to test both.
Adam Barth
Comment 5 2010-03-30 13:38:30 PDT
> The test covers the isEmpty case, but does not cover cases where baseURL != > finalURL. Since you are making both changes, I think we need to test both. Looking at the implementation of baseURL(), I think the only case where they are different is when finalURL is empty: http://trac.webkit.org/browser/trunk/WebCore/css/StyleBase.cpp#L51
Adam Barth
Comment 6 2010-06-18 01:38:03 PDT
Comment on attachment 51990 [details] Patch Thanks.
WebKit Commit Bot
Comment 7 2010-06-18 03:28:56 PDT
Comment on attachment 51990 [details] Patch Clearing flags on attachment: 51990 Committed r61391: <http://trac.webkit.org/changeset/61391>
WebKit Commit Bot
Comment 8 2010-06-18 03:29:01 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.