<rdar://problem/29101072>

Created attachment 293834 [details] Patch and layout tests

Comment on attachment 293834 [details] Patch and layout tests View in context: https://bugs.webkit.org/attachment.cgi?id=293834&action=review r=me. > LayoutTests/http/tests/security/http-0.9/default-port-plugin-blocked-expected.txt:3 > +CONSOLE MESSAGE: Sandboxing 'http://127.0.0.1:8000/security/http-0.9/resources/nph-load-plugin-fail.pl' because it is using HTTP/0.9. It's interesting that we hit this three times. Is that expected? > LayoutTests/http/tests/security/http-0.9/default-port-script-blocked-expected.txt:3 > +CONSOLE MESSAGE: Sandboxing 'http://127.0.0.1:8000/security/http-0.9/resources/nph-alert-fail.pl' because it is using HTTP/0.9. Ditto.

(In reply to comment #3) > > LayoutTests/http/tests/security/http-0.9/default-port-plugin-blocked-expected.txt:3 > > +CONSOLE MESSAGE: Sandboxing 'http://127.0.0.1:8000/security/http-0.9/resources/nph-load-plugin-fail.pl' because it is using HTTP/0.9. > > It's interesting that we hit this three times. Is that expected? > This output reflects the current behavior. The expected behavior is that we emit exactly one console warning. For completeness, the following is a breakdown of the call chain that emits three sandbox messages when we receive an HTTP 0.9 response for a main resource load initiated by an HTTP request to port 80/443 ("a default port"). First SubresourceLoader::didReceiveResponse() is called, which emits one console message by [1]. SubresourceLoader::didReceiveResponse() calls DocumentLoader::responseReceived() at [2] and DocumentLoader::responseReceived() emits one console message by [3]. SubresourceLoader::didReceiveResponse() also calls its base class function, ResourceLoader::didReceiveResponse(), which emits one console message by [4]. Therefore three console messages are emitted. [1] <https://trac.webkit.org/browser/trunk/Source/WebCore/loader/SubresourceLoader.cpp?rev=208112#L267> [2] <https://trac.webkit.org/browser/trunk/Source/WebCore/loader/SubresourceLoader.cpp?rev=208112#L299> [3] <https://trac.webkit.org/browser/trunk/Source/WebCore/loader/DocumentLoader.cpp?rev=207769#L746> [4] <https://trac.webkit.org/browser/trunk/Source/WebCore/loader/ResourceLoader.cpp?rev=208112#L460> > > LayoutTests/http/tests/security/http-0.9/default-port-script-blocked-expected.txt:3 > > +CONSOLE MESSAGE: Sandboxing 'http://127.0.0.1:8000/security/http-0.9/resources/nph-alert-fail.pl' because it is using HTTP/0.9. > > Ditto. See my reply above.

Comment on attachment 293834 [details] Patch and layout tests Don't touch the URL parser for this

Created attachment 293954 [details] Patch and layout tests

Comment on attachment 293954 [details] Patch and layout tests Will update patch following <https://trac.webkit.org/changeset/208407>.

Created attachment 293981 [details] Patch and layout tests

Comment on attachment 293981 [details] Patch and layout tests View in context: https://bugs.webkit.org/attachment.cgi?id=293981&action=review > Source/WebCore/platform/URL.cpp:813 > + ASSERT(port > 0); This should be removed and you should use HashMap::find below

Committed r208475: <http://trac.webkit.org/changeset/208475>