JavaScript generated documents don't inherit the cookie URL
https://bugs.webkit.org/show_bug.cgi?id=69003
Patch by Sergey Glazunov <serg.glazunov@gmail.com> on 2011-09-28
Reviewed by Adam Barth.
Source/WebCore:
Test: http/tests/security/cookies/cookie-theft-with-javascript-doc.html
* dom/Document.h:
(WebCore::Document::setCookieURL):
* loader/DocumentWriter.cpp:
(WebCore::DocumentWriter::replaceDocument):
(WebCore::DocumentWriter::begin):
* loader/DocumentWriter.h:
LayoutTests:
* http/tests/security/cookies/cookie-theft-with-javascript-doc-expected.txt: Added.
* http/tests/security/cookies/cookie-theft-with-javascript-doc.html: Added.
* http/tests/security/cookies/resources/innocent-victim-with-cookies.html: Added.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96260
268f45cc-cd09-0410-ab3c-
d52691b4dbfc