Changeset 8693
- Timestamp:
- 01/23/08 00:51:25 (8 months ago)
- Files:
-
- spinoffs/prototype/trunk/CHANGELOG (modified) (1 diff)
- spinoffs/prototype/trunk/src/ajax.js (modified) (4 diffs)
- spinoffs/prototype/trunk/test/unit/ajax.html (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
spinoffs/prototype/trunk/CHANGELOG
r8692 r8693 1 1 *SVN* 2 3 * Prevent a potential security issue for cross-site ajax requests. [Alexey Feldgendler, sam, Tobie Langel] 2 4 3 5 * Test for attribute existence before applying more complex CSS3 selectors. Closes #10870. [arty, Tobie Langel] spinoffs/prototype/trunk/src/ajax.js
r8513 r8693 190 190 var contentType = response.getHeader('Content-type'); 191 191 if (this.options.evalJS == 'force' 192 || (this.options.evalJS && contentType192 || (this.options.evalJS && this.isSameOrigin() && contentType 193 193 && contentType.match(/^\s*(text|application)\/(x-)?(java|ecma)script(;.*)?\s*$/i))) 194 194 this.evalResponse(); … … 206 206 this.transport.onreadystatechange = Prototype.emptyFunction; 207 207 } 208 }, 209 210 isSameOrigin: function() { 211 var m = this.url.match(/^\s*https?:\/\/[^/]*/); 212 return !m || (m[0] == '#{protocol}//#{domain}#{port}'.interpolate({ 213 protocol: location.protocol, 214 domain: document.domain, 215 port: location.port ? ':' + location.port : '' 216 })); 208 217 }, 209 218 … … 283 292 json = decodeURIComponent(escape(json)); 284 293 try { 285 return json.evalJSON(this.request.options.sanitizeJSON); 294 return json.evalJSON(this.request.options.sanitizeJSON || 295 !this.request.isSameOrigin()); 286 296 } catch (e) { 287 297 this.request.dispatchException(e); … … 296 306 return null; 297 307 try { 298 return this.responseText.evalJSON(options.sanitizeJSON); 308 return this.responseText.evalJSON(options.sanitizeJSON || 309 !this.request.isSameOrigin()); 299 310 } catch (e) { 300 311 this.request.dispatchException(e); spinoffs/prototype/trunk/test/unit/ajax.html
r8572 r8693 411 411 info(message); 412 412 } 413 }}, 414 415 testIsSameOriginMethod: function() {with(this) { 416 var isSameOrigin = Ajax.Request.prototype.isSameOrigin; 417 assert(isSameOrigin.call({ url: '/foo/bar.html' }), '/foo/bar.html'); 418 assert(isSameOrigin.call({ url: window.location.toString() }), window.location); 419 assert(!isSameOrigin.call({ url: 'http://example.com' }), 'http://example.com'); 420 421 if (isRunningFromRake) { 422 Ajax.Request.prototype.isSameOrigin = function() { 423 return false 424 }; 425 426 $("content").update('same origin policy'); 427 new Ajax.Request("/response", extendDefault({ 428 parameters: Fixtures.js, 429 onComplete: function(transport) { 430 assertEqual("same origin policy", $("content").innerHTML); 431 } 432 })); 433 434 new Ajax.Request("/response", extendDefault({ 435 parameters: Fixtures.invalidJson, 436 onException: function(request, error) { 437 assert(error.message.include('Badly formed JSON string')); 438 } 439 })); 440 441 new Ajax.Request("/response", extendDefault({ 442 parameters: { 'X-JSON': '{});window.attacked = true;({}' }, 443 onException: function(request, error) { 444 assert(error.message.include('Badly formed JSON string')); 445 } 446 })); 447 448 Ajax.Request.prototype.isSameOrigin = isSameOrigin; 449 } else { 450 info(message); 451 } 413 452 }} 414 453 });
