Changeset 220427 in webkit


Ignore:
Timestamp:
Aug 8, 2017 4:27:08 PM (7 years ago)
Author:
Brent Fulgham
Message:

Sandbox flags do not support document.domain control
https://bugs.webkit.org/show_bug.cgi?id=175281
<rdar://problem/33778936>

Reviewed by Chris Dumez.

Source/WebCore:

Update the 'setDomain' logic to honor the sandbox properties as defined in the current
HTML5 specification. This brings us in line with how Chrome and other browsers have
worked for some time.

Test: fast/frames/sandboxed-iframe-domain.html

  • dom/Document.cpp:

(WebCore::Document::setDomain): Add check for sandbox flag (with appropriate error message)

  • dom/SecurityContext.h:

LayoutTests:

  • fast/frames/resources/sandboxed-iframe-set-domain.html: Added.
  • fast/frames/sandboxed-iframe-domain.html: Added.
  • fast/frames/sandboxed-iframe-domain-expected.txt: Added.
Location:
trunk
Files:
3 added
4 edited

Legend:

Unmodified
Added
Removed
  • trunk/LayoutTests/ChangeLog

    r220426 r220427  
     12017-08-08  Brent Fulgham  <bfulgham@apple.com>
     2
     3        Sandbox flags do not support document.domain control
     4        https://bugs.webkit.org/show_bug.cgi?id=175281
     5        <rdar://problem/33778936>
     6
     7        Reviewed by Chris Dumez.
     8
     9        * fast/frames/resources/sandboxed-iframe-set-domain.html: Added.
     10        * fast/frames/sandboxed-iframe-domain.html: Added.
     11        * fast/frames/sandboxed-iframe-domain-expected.txt: Added.
     12
    1132017-08-08  Matt Lewis  <jlewis3@apple.com>
    214
  • trunk/Source/WebCore/ChangeLog

    r220414 r220427  
     12017-08-08  Brent Fulgham  <bfulgham@apple.com>
     2
     3        Sandbox flags do not support document.domain control
     4        https://bugs.webkit.org/show_bug.cgi?id=175281
     5        <rdar://problem/33778936>
     6
     7        Reviewed by Chris Dumez.
     8
     9        Update the 'setDomain' logic to honor the sandbox properties as defined in the current
     10        HTML5 specification. This brings us in line with how Chrome and other browsers have
     11        worked for some time.
     12
     13        Test: fast/frames/sandboxed-iframe-domain.html
     14
     15        * dom/Document.cpp:
     16        (WebCore::Document::setDomain): Add check for sandbox flag (with appropriate error message)
     17        * dom/SecurityContext.h:
     18
    1192017-08-08  Jeremy Jones  <jeremyj@apple.com>
    220
  • trunk/Source/WebCore/dom/Document.cpp

    r220405 r220427  
    44884488        return Exception { SecurityError, "A browsing context is required to set a domain." };
    44894489
     4490    if (isSandboxed(SandboxDocumentDomain))
     4491        return Exception { SecurityError, "Assignment is forbidden for sandboxed iframes." };
     4492
    44904493    if (SchemeRegistry::isDomainRelaxationForbiddenForURLScheme(securityOrigin().protocol()))
    44914494        return Exception { SecurityError };
    4492 
    4493     // FIXME(175281): Check for 'document.domain' sandbox flag and return an exception if present.
    44944495
    44954496    // FIXME: We should add logging indicating why a domain was not allowed.
  • trunk/Source/WebCore/dom/SecurityContext.h

    r220163 r220427  
    5252    SandboxPropagatesToAuxiliaryBrowsingContexts = 1 << 9,
    5353    SandboxTopNavigationByUserActivation = 1 << 10,
     54    SandboxDocumentDomain       = 1 << 11,
    5455    SandboxAll                  = -1 // Mask with all bits set to 1.
    5556};
Note: See TracChangeset for help on using the changeset viewer.