https://bugs.webkit.org/show_bug.cgi?id=39017
Reviewed by Sam Weinig.
Test: fast/dom/window/open-invalid-url.html
* page/DOMWindow.cpp: (WebCore::DOMWindow::createWindow): Bail out early for invalid URLs.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@105548
268f45cc-cd09-0410-ab3c-
d52691b4dbfc
+2012-01-20 Alexey Proskuryakov <ap@apple.com>
+
+ WebCore should not send invalid URLs to client createWindow methods.
+ https://bugs.webkit.org/show_bug.cgi?id=39017
+
+ Reviewed by Sam Weinig.
+
+ * fast/dom/window/open-invalid-url-expected.txt: Added.
+ * fast/dom/window/open-invalid-url.html: Added.
+
2012-01-20 Julien Chaffraix <jchaffraix@webkit.org>
Crash in RenderTable::borderBefore
--- /dev/null
+CONSOLE MESSAGE: Unable to open a window with invalid URL '/'.
+
+ALERT: PASS
+
--- /dev/null
+<html>
+<head>
+</head>
+<body>
+<script>
+if (window.layoutTestController) {
+ layoutTestController.dumpAsText();
+ layoutTestController.waitUntilDone();
+ layoutTestController.setCanOpenWindows();
+}
+
+var a = window.open("about:blank","moonshine")
+function mountainGoat() {
+ a.window.eval('setTimeout("alert(window.open(\'/\') ? \'FAIL\' : \'PASS\'); if (window.layoutTestController) layoutTestController.notifyDone()", 0)')
+}
+setTimeout("mountainGoat()", 0)
+</script>
+</body>
+</html>
+2012-01-20 Alexey Proskuryakov <ap@apple.com>
+
+ WebCore should not send invalid URLs to client createWindow methods.
+ https://bugs.webkit.org/show_bug.cgi?id=39017
+
+ Reviewed by Sam Weinig.
+
+ Test: fast/dom/window/open-invalid-url.html
+
+ * page/DOMWindow.cpp: (WebCore::DOMWindow::createWindow): Bail out early for invalid URLs.
+
2012-01-20 Caio Marcelo de Oliveira Filho <caio.oliveira@openbossa.org>
Remove unused variable in RenderReplaced after r105513
String referrer = firstFrame->loader()->outgoingReferrer();
KURL completedURL = urlString.isEmpty() ? KURL(ParsedURLString, emptyString()) : firstFrame->document()->completeURL(urlString);
+ if (!completedURL.isValid()) {
+ // Don't expose client code to invalid URLs.
+ activeWindow->printErrorMessage("Unable to open a window with invalid URL '" + completedURL.string() + "'.\n");
+ return 0;
+ }
+
ResourceRequest request(completedURL, referrer);
FrameLoader::addHTTPOriginIfNeeded(request, firstFrame->loader()->outgoingOrigin());
FrameLoadRequest frameRequest(activeWindow->securityOrigin(), request, frameName);