[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-core-devel
Subject: [PATCH] JavaScript XMLHttpRequest.open should throw exception
From: Kazuki Ohta <mover () hct ! zaq ! ne ! jp>
Date: 2005-11-28 3:59:07
Message-ID: 200511281259.07830.mover () hct ! zaq ! ne ! jp
[Download RAW message or body]
Hi, All.
I continue to write Ajax program on Konqueror and found
another imcompatible behavior. Regarding the security
issue, XMLHttpRequest.open cannot connect to the
different domain from the document domain.
When one tries to connect to the different domain, IE /
Gecko / Opera throws exception but KHTML does not.
Please have a look at the example code below.
var req = createXMLHttpRequest();
try {
req.open("GET", 'http://example.com/', true);
req.send(null);
}
catch(e) {
/* IE/Gecko/Opera reaches here */
if(typeof e == 'object') {
alert(e.message);
} else {
alert(e);
}
}
Attached patch changes to throw exception like
IE/Gecho/Opera. Please review the patch and can I apply
this patch?
thanks in advance:-)
-------------------------------------------------
Kazuki Ohta : mover@hct.zaq.ne.jp
-------------------------------------------------
["xmlhttprequest-open.diff" (text/x-diff)]
Index: xmlhttprequest.cpp
===================================================================
--- xmlhttprequest.cpp (revision 483573)
+++ xmlhttprequest.cpp (working copy)
@@ -301,11 +301,6 @@
return;
}
- if (!urlMatchesDocumentDomain(_url)) {
- return;
- }
-
-
method = _method.lower();
url = _url;
async = _async;
@@ -689,6 +684,11 @@
if (!part)
return Undefined();
KURL url = KURL(part->document().completeURL(args[1].toString(exec).qstring()).string());
+ if (!urlMatchesDocumentDomain(url)) {
+ Object err = Error::create(exec, GeneralError, "URL doesn't match document domain");
+ exec->setException(err);
+ return err;
+ }
bool async = true;
if (args.size() >= 3) {
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic