'branches/KDE/4.3/kdelibs/khtml'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-commits
Subject:    branches/KDE/4.3/kdelibs/khtml
From:       Maks Orlovich <maksim () kde ! org>
Date:       2009-07-13 16:12:13
Message-ID: 1247501533.869807.20979.nullmailer () svn ! kde ! org
[Download RAW message or body]

SVN commit 995966 by orlovich:

Merged revision:r995020 | orlovich | 2009-07-11 14:06:23 -0400 (Sat, 11 Jul 2009) | 9 lines

Make sure we throw an exception and not fail silently when an XHR open 
fails XSS check. Fixes posting on identi.ca over https (now it 
properly falls back to form submission after the site's broken 
attempt to cross-protocol XHR fails)

This code really needs a spec-compliance audit...

BUG: 198580

 M  +2 -1      dom/dom_exception.h  
 M  +1 -0      ecma/kjs_binding.cpp  
 M  +5 -4      ecma/xmlhttprequest.cpp  
 M  +1 -1      ecma/xmlhttprequest.h  


--- branches/KDE/4.3/kdelibs/khtml/dom/dom_exception.h #995965:995966
@@ -85,7 +85,8 @@
         NAMESPACE_ERR = 14,
         INVALID_ACCESS_ERR = 15,
         VALIDATION_ERR = 16,
-        TYPE_MISMATCH_ERR = 17
+        TYPE_MISMATCH_ERR = 17,
+        SECURITY_ERR = 18
     };
     unsigned short code;
 };
--- branches/KDE/4.3/kdelibs/khtml/ecma/kjs_binding.cpp #995965:995966
@@ -296,6 +296,7 @@
     "INVALID_ACCESS_ERR",
     "VALIDATION_ERR",
     "TYPE_MISMATCH_ERR",
+    "SECURITY_ERR"
 };
 
 static const char* const rangeExceptionNames[] = {
--- branches/KDE/4.3/kdelibs/khtml/ecma/xmlhttprequest.cpp #995965:995966
@@ -379,7 +379,7 @@
   return false;
 }
 
-void XMLHttpRequest::open(const QString& _method, const KUrl& _url, bool _async)
+void XMLHttpRequest::open(const QString& _method, const KUrl& _url, bool _async, int& ec)
 {
   abort();
   aborted = false;
@@ -392,6 +392,7 @@
   responseXML = 0;
 
   if (!urlMatchesDocumentDomain(_url)) {
+    ec = DOMException::SECURITY_ERR;
     return;
   }
 
@@ -559,7 +560,7 @@
   // the webDAV headers such as PROPFIND etc...
   if (name == "get"  || name == "post") {
     KUrl reqURL (doc->URL(), value.trimmed());
-    open(name, reqURL, async);
+    open(name, reqURL, async, ec);
     return;
   }
 
@@ -840,8 +841,8 @@
 	url.setPass(args[4]->toString(exec).qstring());
       }
 
-      request->open(method, url, async);
-
+      request->open(method, url, async, ec);
+      setDOMException(exec, ec);
       return jsUndefined();
     }
   case XMLHttpRequest::Send:
--- branches/KDE/4.3/kdelibs/khtml/ecma/xmlhttprequest.h #995965:995966
@@ -113,7 +113,7 @@
 
     void processSyncLoadResults(const QByteArray &data, const KUrl &finalURL, const QString &headers);
 
-    void open(const QString& _method, const KUrl& _url, bool _async);
+    void open(const QString& _method, const KUrl& _url, bool _async, int& ec);
     void send(const QString& _body, int& ec);
     void abort();
     void setRequestHeader(const QString& name, const QString& value, int& ec);
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic