Summary: | [Qt] Support custom open() verbs/methods in XMLHttpRequest | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | WebKit | Reporter: | Andreas Kling <kling> | ||||||
Component: | Page Loading | Assignee: | QtWebKit Unassigned <webkit-qt-unassigned> | ||||||
Status: | RESOLVED FIXED | ||||||||
Severity: | Normal | CC: | dinu.jacob, webkit-ews | ||||||
Priority: | P2 | Keywords: | Qt, QtTriaged | ||||||
Version: | 528+ (Nightly build) | ||||||||
Hardware: | All | ||||||||
OS: | All | ||||||||
Attachments: |
|
Description
Andreas Kling
2010-06-11 08:06:06 PDT
It should be noted that current QtWebKit hangs completely when attempting to use an unknown verb with XHR. Created attachment 58475 [details]
Proposed patch
Comment on attachment 58475 [details]
Proposed patch
Are there any security implications of this?
(In reply to comment #3) > (From update of attachment 58475 [details]) > Are there any security implications of this? The verb is sanitized in XMLHttpRequest::open() (WebCore/xml/XMLHttpRequest.cpp) AFAICT the Mac port does the same thing as this patch (passes the method argument verbatim.) Comment on attachment 58475 [details]
Proposed patch
This needs a layout test. It should be possible to test this with an http test.
(In reply to comment #5) > (From update of attachment 58475 [details]) > This needs a layout test. It should be possible to test this with an http test. Layout test with custom verb already exists under xmlhttprequest. For example: methods.html uses the verbs "WKFOOBAR", "HEAD", "SEARCH" etc (In reply to comment #6) > (In reply to comment #5) > > (From update of attachment 58475 [details] [details]) > > This needs a layout test. It should be possible to test this with an http test. > > Layout test with custom verb already exists under xmlhttprequest. For example: methods.html uses the verbs "WKFOOBAR", "HEAD", "SEARCH" etc Test File: LayoutTests/http/tests/xmlhttprequest/methods.html Comment on attachment 58475 [details]
Proposed patch
Resetting r? since this is covered by existing (skipped) tests. They will be unskipped once the Qt buildbot is updated to Qt 4.7.
Comment on attachment 58475 [details]
Proposed patch
the ChangeLog doesn't explain why this is a good thing.
Created attachment 70978 [details]
Proposed patch v2
Updated patch with more elaborate ChangeLog.
Thanks for the review Kenneth :) There's a missing 4.7 guard in httpMethod(), I'll land with that tomorrow, gotta run. Attachment 70978 [details] did not build on qt: Build output: http://queues.webkit.org/results/4456062 Committed r69946: <http://trac.webkit.org/changeset/69946> |