diff options
author | Said Abou-Hallawa <sabouhallawa@apple.com> | 2015-04-27 10:34:56 +0200 |
---|---|---|
committer | Allan Sandfeld Jensen <allan.jensen@theqtcompany.com> | 2015-04-27 08:44:48 +0000 |
commit | 8ce4aba7d1742f07c01f2786e75ff7a5c8386aa6 (patch) | |
tree | 9acedcce67c5890d47264e139536ee4dbc73c1a9 | |
parent | fc4d06c43fb783c5b79444f2474d5fb6359042e7 (diff) |
SVG loaded through html <img> can't request to load any external resources.
https://bugs.webkit.org/show_bug.cgi?id=137762.
Patch by Said Abou-Hallawa <sabouhallawa@apple.com> on 2014-10-22
Reviewed by Daniel Bates.
Source/WebCore:
SVG images have unique security rules that prevent them from loading any external
resources. This patch enforces these rules in CachedResourceLoader::canRequest for
all non-data-uri resources.
The fix and the tests are ported but modified a little from the chromium fix:
http://src.chromium.org/viewvc/blink?view=rev&rev=176084
Test: http/tests/security/svg-image-with-cached-remote-image.html
http/tests/security/svg-image-with-css-cross-domain.html
For the SVG image, prevent loading any external sub-resource except for data urls.
* loader/cache/CachedResourceLoader.cpp:
(WebCore::CachedResourceLoader::canRequest):
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@175074 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Change-Id: Iec5014e81e25c37cc6754d7cc73645b17994974f
Reviewed-by: Michael BrĂ¼ning <michael.bruning@theqtcompany.com>
-rw-r--r-- | Source/WebCore/loader/cache/CachedResourceLoader.cpp | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/Source/WebCore/loader/cache/CachedResourceLoader.cpp b/Source/WebCore/loader/cache/CachedResourceLoader.cpp index 80e2f8de2..0735fc8ff 100644 --- a/Source/WebCore/loader/cache/CachedResourceLoader.cpp +++ b/Source/WebCore/loader/cache/CachedResourceLoader.cpp @@ -35,6 +35,8 @@ #include "CachedResourceRequest.h" #include "CachedScript.h" #include "CachedXSLStyleSheet.h" +#include "Chrome.h" +#include "ChromeClient.h" #include "Console.h" #include "ContentSecurityPolicy.h" #include "DOMWindow.h" @@ -48,6 +50,7 @@ #include "LoaderStrategy.h" #include "Logging.h" #include "MemoryCache.h" +#include "Page.h" #include "PingLoader.h" #include "PlatformStrategies.h" #include "ResourceLoadScheduler.h" @@ -409,6 +412,12 @@ bool CachedResourceLoader::canRequest(CachedResource::Type type, const KURL& url #endif } + // SVG Images have unique security rules that prevent all subresource requests except for data urls. + if (type != CachedResource::MainResource && frame() && frame()->page()) { + if (frame()->page()->chrome().client()->isSVGImageChromeClient() && !url.protocolIsData()) + return false; + } + // Last of all, check for insecure content. We do this last so that when // folks block insecure content with a CSP policy, they don't get a warning. // They'll still get a warning in the console about CSP blocking the load. |