Issue 2845006: Merge 57386 - 2010-04-09 Abhishek Arya <inferno@chromium.org>...

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Issue 2845006: Merge 57386 - 2010-04-09 Abhishek Arya <inferno@chromium.org>... (Closed)

Created:
10 years, 6 months ago by inferno

Modified:
9 years, 7 months ago

Reviewers:
inferno

CC:
chromium-reviews

Base URL:
svn://chrome-svn/chrome/branches/WebKit/375/

Visibility:
Public.

Description

Merge 57386 - 2010-04-09 Abhishek Arya <inferno@chromium.org>; Reviewed by Adam Barth. Prevent HTTP responses served with JSON content type from being rendered as HTML. Test: http/tests/security/xss-DENIED-mime-type-execute-as-html.html * dom/DOMImplementation.cpp: (WebCore::DOMImplementation::isTextMIMEType): Render application/json as text/plain. * platform/MIMETypeRegistry.cpp: (WebCore::initializeSupportedNonImageMimeTypes): Add a compile assert to prevent addition of new mime types in non-image types. 2010-04-09 Abhishek Arya <inferno@chromium.org>; Reviewed by Adam Barth. Test non-image and javascript mime types are not rendered as HTML. * http/tests/security/resources/send-mime-types.php: Added. * http/tests/security/xss-DENIED-mime-type-execute-as-html-expected.txt: Added. * http/tests/security/xss-DENIED-mime-type-execute-as-html.html: Added. BUG=38105 TEST=NONE TBR=abarth@webkit.org Committed: http://src.chromium.org/viewvc/chrome?view=rev&revision=49840

Patch Set 1 #

Created: 10 years, 6 months ago

Download [raw] [tar.bz2]

	Unified diffs	Side-by-side diffs	Stats (+47 lines, -3 lines)			Patch
A	LayoutTests/http/tests/security/resources/send-mime-types.php	View	1 chunk	+9 lines, -0 lines	0 comments	Download
A	LayoutTests/http/tests/security/xss-DENIED-mime-type-execute-as-html.html	View	1 chunk	+26 lines, -0 lines	0 comments	Download
A	LayoutTests/http/tests/security/xss-DENIED-mime-type-execute-as-html-expected.txt	View	1 chunk	+2 lines, -0 lines	0 comments	Download
M	WebCore/dom/DOMImplementation.cpp	View	1 chunk	+4 lines, -3 lines	0 comments	Download
M	WebCore/platform/MIMETypeRegistry.cpp	View	2 chunks	+6 lines, -0 lines	0 comments	Download

Messages

Total messages: 1 (0 generated)

Expand Messages | Collapse Messages