Changeset 186983 in webkit
- Timestamp:
- Jul 17, 2015 9:44:13 PM (9 years ago)
- Location:
- branches/safari-600.1.4.17-branch
- Files:
-
- 17 added
- 12 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/safari-600.1.4.17-branch/LayoutTests/ChangeLog
r186793 r186983 1 2015-07-17 Andy Estes <aestes@apple.com> 2 3 Merge r186982. rdar://problem/21709404 4 5 2015-07-17 Andy Estes <aestes@apple.com> 6 7 [iOS] Further tighten the sandbox around pages fetched with Content-Disposition: attachment 8 https://bugs.webkit.org/show_bug.cgi?id=147044 9 rdar://problem/21567820 10 11 Reviewed by Brady Eidson. 12 13 * http/tests/contentdispositionattachmentsandbox/cross-origin-frames-disabled-expected.txt: Added. 14 * http/tests/contentdispositionattachmentsandbox/cross-origin-frames-disabled.html: Added. 15 * http/tests/contentdispositionattachmentsandbox/form-submission-disabled-expected.txt: Added. 16 * http/tests/contentdispositionattachmentsandbox/form-submission-disabled.html: Added. 17 * http/tests/contentdispositionattachmentsandbox/http-equiv-disabled-expected.txt: Added. 18 * http/tests/contentdispositionattachmentsandbox/http-equiv-disabled.html: Added. 19 * http/tests/contentdispositionattachmentsandbox/plugins-disabled-expected.html: Added. 20 * http/tests/contentdispositionattachmentsandbox/plugins-disabled.html: Added. 21 * http/tests/contentdispositionattachmentsandbox/resources/cross-origin-frames-frame.php: Added. 22 * http/tests/contentdispositionattachmentsandbox/resources/form-submission-frame.php: Added. 23 * http/tests/contentdispositionattachmentsandbox/resources/http-equiv-frame.php: Added. 24 * http/tests/contentdispositionattachmentsandbox/resources/plugins-frame.php: Added. 25 * http/tests/contentdispositionattachmentsandbox/resources/scripts-frame.php: Added. 26 * http/tests/contentdispositionattachmentsandbox/scripts-disabled-expected.txt: Added. 27 * http/tests/contentdispositionattachmentsandbox/scripts-disabled.html: Added. 28 1 29 2015-07-13 David Kilzer <ddkilzer@apple.com> 2 30 -
branches/safari-600.1.4.17-branch/Source/WebCore/ChangeLog
r186793 r186983 1 2015-07-17 Andy Estes <aestes@apple.com> 2 3 Merge r186982. rdar://problem/21709404 4 5 2015-07-17 Andy Estes <aestes@apple.com> 6 7 [iOS] Further tighten the sandbox around pages fetched with Content-Disposition: attachment 8 https://bugs.webkit.org/show_bug.cgi?id=147044 9 rdar://problem/21567820 10 11 Reviewed by Brady Eidson. 12 13 In addition to placing resources fetched with 'Content-Disposition: attachment' in a unique origin, 14 this change does the following: 15 16 - Switches the sandbox type from SandboxOrigin to SandboxAll, which enforces the same restrictions as <iframe sandbox>. 17 - Disables processing of <meta http-equiv> elements. 18 - Disables loading of cross-origin subframes. 19 20 Tests: http/tests/contentdispositionattachmentsandbox/cross-origin-frames-disabled.html 21 http/tests/contentdispositionattachmentsandbox/form-submission-disabled.html 22 http/tests/contentdispositionattachmentsandbox/http-equiv-disabled.html 23 http/tests/contentdispositionattachmentsandbox/plugins-disabled.html 24 http/tests/contentdispositionattachmentsandbox/scripts-disabled.html 25 26 * dom/Document.cpp: 27 (WebCore::Document::processHttpEquiv): Switched to calling Document::httpEquivPolicy(). Logged an error to the console for policies other than Enabled. 28 (WebCore::Document::initSecurityContext): Switched sandbox enforcement from SandboxOrigin to SandboxAll. 29 (WebCore::Document::httpEquivPolicy): Returned a HttpEquivPolicy based on shouldEnforceContentDispositionAttachmentSandbox() and Settings::httpEquivEnabled(). 30 (WebCore::Document::shouldEnforceContentDispositionAttachmentSandbox): Returned true if Settings::contentDispositionAttachmentSandboxEnabled() 31 and the document was fetched as an attachment. 32 * dom/Document.h: 33 * loader/cache/CachedResourceLoader.cpp: 34 (WebCore::CachedResourceLoader::canRequest): When requesting a subframe main resource when the parent frame enforces an attachment sandbox, 35 only continue if the parent frame's SecurityOrigin allows the request. 36 * page/Settings.in: Added contentDispositionAttachmentSandboxEnabled with an initial value of false. 37 1 38 2015-07-13 David Kilzer <ddkilzer@apple.com> 2 39 -
branches/safari-600.1.4.17-branch/Source/WebCore/dom/Document.cpp
r186539 r186983 2808 2808 ASSERT(!equiv.isNull() && !content.isNull()); 2809 2809 2810 if (page() && !page()->settings().httpEquivEnabled()) 2811 return; 2810 HttpEquivPolicy policy = httpEquivPolicy(); 2811 if (policy != HttpEquivPolicy::Enabled) { 2812 String reason; 2813 switch (policy) { 2814 case HttpEquivPolicy::Enabled: 2815 ASSERT_NOT_REACHED(); 2816 break; 2817 case HttpEquivPolicy::DisabledBySettings: 2818 reason = "by the embedder."; 2819 break; 2820 case HttpEquivPolicy::DisabledByContentDispositionAttachmentSandbox: 2821 reason = "for documents with Content-Disposition: attachment."; 2822 break; 2823 } 2824 String message = "http-equiv '" + equiv + "' is disabled " + reason; 2825 addConsoleMessage(MessageSource::Security, MessageLevel::Error, message); 2826 return; 2827 } 2812 2828 2813 2829 Frame* frame = this->frame(); … … 4673 4689 enforceSandboxFlags(m_frame->loader().effectiveSandboxFlags()); 4674 4690 4675 #if PLATFORM(IOS) 4676 // On iOS we display attachments inline regardless of whether the response includes 4677 // the HTTP header "Content-Disposition: attachment". So, we enforce a unique 4678 // security origin for such documents. As an optimization, we don't need to parse 4679 // the responde header (i.e. call ResourceResponse::isAttachment()) for a synthesized 4680 // document because such documents cannot be an attachment. 4681 if (!m_isSynthesized && m_frame->loader().activeDocumentLoader()->response().isAttachment()) 4682 enforceSandboxFlags(SandboxOrigin); 4683 #endif 4691 if (shouldEnforceContentDispositionAttachmentSandbox()) 4692 enforceSandboxFlags(SandboxAll); 4684 4693 4685 4694 setSecurityOrigin(isSandboxed(SandboxOrigin) ? SecurityOrigin::createUnique() : SecurityOrigin::create(m_url)); … … 5758 5767 ++m_wheelEventHandlerCount; 5759 5768 wheelEventHandlerCountChanged(this); 5769 } 5770 5771 HttpEquivPolicy Document::httpEquivPolicy() const 5772 { 5773 if (shouldEnforceContentDispositionAttachmentSandbox()) 5774 return HttpEquivPolicy::DisabledByContentDispositionAttachmentSandbox; 5775 if (page() && !page()->settings().httpEquivEnabled()) 5776 return HttpEquivPolicy::DisabledBySettings; 5777 return HttpEquivPolicy::Enabled; 5760 5778 } 5761 5779 … … 6211 6229 #endif 6212 6230 6231 bool Document::shouldEnforceContentDispositionAttachmentSandbox() const 6232 { 6233 if (m_isSynthesized) 6234 return false; 6235 6236 bool contentDispositionAttachmentSandboxEnabled = settings() && settings()->contentDispositionAttachmentSandboxEnabled(); 6237 bool responseIsAttachment = false; 6238 if (DocumentLoader* documentLoader = m_frame ? m_frame->loader().activeDocumentLoader() : nullptr) 6239 responseIsAttachment = documentLoader->response().isAttachment(); 6240 6241 return contentDispositionAttachmentSandboxEnabled && responseIsAttachment; 6242 } 6243 6213 6244 } // namespace WebCore -
branches/safari-600.1.4.17-branch/Source/WebCore/dom/Document.h
r171658 r186983 255 255 }; 256 256 257 enum class HttpEquivPolicy { 258 Enabled, 259 DisabledBySettings, 260 DisabledByContentDispositionAttachmentSandbox 261 }; 262 257 263 class Document : public ContainerNode, public TreeScope, public ScriptExecutionContext { 258 264 public: … … 1281 1287 bool hasStyleWithViewportUnits() const { return m_hasStyleWithViewportUnits; } 1282 1288 void updateViewportUnitsOnResize(); 1289 bool shouldEnforceContentDispositionAttachmentSandbox() const; 1283 1290 1284 1291 protected: … … 1356 1363 1357 1364 void addListenerType(ListenerType listenerType) { m_listenerTypes |= listenerType; } 1365 1366 HttpEquivPolicy httpEquivPolicy() const; 1358 1367 1359 1368 void didAssociateFormControlsTimerFired(Timer<Document>&); -
branches/safari-600.1.4.17-branch/Source/WebCore/loader/cache/CachedResourceLoader.cpp
r186521 r186983 312 312 switch (type) { 313 313 case CachedResource::MainResource: 314 if (HTMLFrameOwnerElement* ownerElement = frame() ? frame()->ownerElement() : nullptr) { 315 if (ownerElement->document().shouldEnforceContentDispositionAttachmentSandbox() && !ownerElement->document().securityOrigin()->canRequest(url)) { 316 printAccessDeniedMessage(url); 317 return false; 318 } 319 } 320 FALLTHROUGH; 314 321 case CachedResource::ImageResource: 315 322 case CachedResource::CSSStyleSheet: -
branches/safari-600.1.4.17-branch/Source/WebCore/page/Settings.in
r186539 r186983 232 232 233 233 httpEquivEnabled initial=true 234 235 # Some ports (e.g. iOS) might choose to display attachments inline, regardless of whether the response includes the 236 # HTTP header "Content-Disposition: attachment". This setting enables a sandbox around these attachments. The sandbox 237 # enforces all frame sandbox flags (see enum SandboxFlag in SecurityContext.h), and also disables <meta http-equiv> 238 # processing and subframe loading. 239 contentDispositionAttachmentSandboxEnabled initial=false -
branches/safari-600.1.4.17-branch/Source/WebKit/mac/ChangeLog
r186763 r186983 1 2015-07-17 Andy Estes <aestes@apple.com> 2 3 Merge r186982. rdar://problem/21709404 4 5 2015-07-17 Andy Estes <aestes@apple.com> 6 7 [iOS] Further tighten the sandbox around pages fetched with Content-Disposition: attachment 8 https://bugs.webkit.org/show_bug.cgi?id=147044 9 rdar://problem/21567820 10 11 Reviewed by Brady Eidson. 12 13 * WebView/WebView.mm: 14 (-[WebView _commonInitializationWithFrameName:groupName:]): Enabled Content-Disposition: attachment sandbox on iOS. 15 1 16 2015-07-13 David Kilzer <ddkilzer@apple.com> 2 17 -
branches/safari-600.1.4.17-branch/Source/WebKit/mac/WebView/WebView.mm
r186763 r186983 1048 1048 [self _scheduleGlibContextIterations]; 1049 1049 #endif 1050 1051 #if PLATFORM(IOS) 1052 _private->page->settings().setContentDispositionAttachmentSandboxEnabled(true); 1053 #endif 1050 1054 } 1051 1055 -
branches/safari-600.1.4.17-branch/Source/WebKit2/ChangeLog
r186838 r186983 1 2015-07-17 Andy Estes <aestes@apple.com> 2 3 Merge r186982. rdar://problem/21709404 4 5 2015-07-17 Andy Estes <aestes@apple.com> 6 7 [iOS] Further tighten the sandbox around pages fetched with Content-Disposition: attachment 8 https://bugs.webkit.org/show_bug.cgi?id=147044 9 rdar://problem/21567820 10 11 Reviewed by Brady Eidson. 12 13 * WebProcess/WebPage/WebPage.cpp: 14 (WebKit::WebPage::WebPage): Enabled Content-Disposition: attachment sandbox on iOS. 15 1 16 2015-07-15 David Kilzer <ddkilzer@apple.com> 2 17 -
branches/safari-600.1.4.17-branch/Source/WebKit2/WebProcess/WebPage/WebPage.cpp
r186785 r186983 481 481 for (auto& mimeType : parameters.mimeTypesWithCustomContentProviders) 482 482 m_mimeTypesWithCustomContentProviders.add(mimeType); 483 484 #if PLATFORM(IOS) 485 m_page->settings().setContentDispositionAttachmentSandboxEnabled(true); 486 #endif 483 487 } 484 488 -
branches/safari-600.1.4.17-branch/Tools/ChangeLog
r186763 r186983 1 2015-07-17 Andy Estes <aestes@apple.com> 2 3 Merge r186982. rdar://problem/21709404 4 5 2015-07-17 Andy Estes <aestes@apple.com> 6 7 [iOS] Further tighten the sandbox around pages fetched with Content-Disposition: attachment 8 https://bugs.webkit.org/show_bug.cgi?id=147044 9 rdar://problem/21567820 10 11 Reviewed by Brady Eidson. 12 13 * WebKitTestRunner/InjectedBundle/InjectedBundlePage.cpp: 14 (WTR::InjectedBundlePage::decidePolicyForResponse): Only log the message about attachments if the custom policy delegate is enabled. 15 This matches the behavior of DumpRenderTree. 16 1 17 2015-07-13 David Kilzer <ddkilzer@apple.com> 2 18 -
branches/safari-600.1.4.17-branch/Tools/WebKitTestRunner/InjectedBundle/InjectedBundlePage.cpp
r179399 r186983 1261 1261 WKBundlePagePolicyAction InjectedBundlePage::decidePolicyForResponse(WKBundlePageRef page, WKBundleFrameRef, WKURLResponseRef response, WKURLRequestRef, WKTypeRef*) 1262 1262 { 1263 if ( WKURLResponseIsAttachment(response)) {1263 if (InjectedBundle::singleton().testRunner()->isPolicyDelegateEnabled() && WKURLResponseIsAttachment(response)) { 1264 1264 StringBuilder stringBuilder; 1265 1265 WKRetainPtr<WKStringRef> filename = adoptWK(WKURLResponseCopySuggestedFilename(response));
Note: See TracChangeset
for help on using the changeset viewer.