Changeset 273901 in webkit


Ignore:
Timestamp:
Mar 4, 2021 10:26:22 AM (17 months ago)
Author:
keith_miller@apple.com
Message:

window proxy of detached iframe doesn't respect updates to global values
https://bugs.webkit.org/show_bug.cgi?id=206445

Reviewed by Chris Dumez.

Source/WebCore:

According to the html spec the frame should only be needing for
COOP access violation reporting, which we don't support. This
patch removes our old behavior of blocking stores to windows that
have been detached.

I also removed some stale caching code from
getOwnPropertySlotByIndex since it's only accessed once now.

  • bindings/js/JSDOMWindowCustom.cpp:

(WebCore::JSDOMWindow::getOwnPropertySlotByIndex):
(WebCore::JSDOMWindow::doPutPropertySecurityCheck):
(WebCore::JSDOMWindow::put):
(WebCore::JSDOMWindow::putByIndex):

LayoutTests:

  • fast/frames/iframe-detached-window-still-writable-eval-expected.txt: Added.
  • fast/frames/iframe-detached-window-still-writable-eval.html: Added.
  • fast/frames/iframe-detached-window-still-writable-expected.txt: Added.
  • fast/frames/iframe-detached-window-still-writable.html: Added.
  • http/tests/dom/cross-origin-detached-window-properties-expected.txt:
  • http/tests/dom/cross-origin-detached-window-properties.html:
Location:
trunk
Files:
4 added
5 edited

Legend:

Unmodified
Added
Removed
  • trunk/LayoutTests/ChangeLog

    r273899 r273901  
     12021-03-04  Keith Miller  <keith_miller@apple.com>
     2
     3        window proxy of detached iframe doesn't respect updates to global values
     4        https://bugs.webkit.org/show_bug.cgi?id=206445
     5
     6        Reviewed by Chris Dumez.
     7
     8        * fast/frames/iframe-detached-window-still-writable-eval-expected.txt: Added.
     9        * fast/frames/iframe-detached-window-still-writable-eval.html: Added.
     10        * fast/frames/iframe-detached-window-still-writable-expected.txt: Added.
     11        * fast/frames/iframe-detached-window-still-writable.html: Added.
     12        * http/tests/dom/cross-origin-detached-window-properties-expected.txt:
     13        * http/tests/dom/cross-origin-detached-window-properties.html:
     14
    1152021-03-04  Jon Lee  <jonlee@apple.com>
    216
  • trunk/LayoutTests/http/tests/dom/cross-origin-detached-window-properties-expected.txt

    r237209 r273901  
    3333PASS w.performance threw exception SecurityError: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a cross-origin frame. Protocols, domains, and ports must match..
    3434PASS w.foo threw exception SecurityError: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a cross-origin frame. Protocols, domains, and ports must match..
     35PASS w.foo = 1 threw exception SecurityError: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a cross-origin frame. Protocols, domains, and ports must match..
     36PASS w[0] = 1 threw exception SecurityError: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a cross-origin frame. Protocols, domains, and ports must match..
    3537PASS w.location.foo threw exception SecurityError: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a cross-origin frame. Protocols, domains, and ports must match..
    3638
     
    6466PASS w.performance threw exception SecurityError: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a cross-origin frame. Protocols, domains, and ports must match..
    6567PASS w.foo threw exception SecurityError: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a cross-origin frame. Protocols, domains, and ports must match..
     68PASS w.foo = 1 threw exception SecurityError: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a cross-origin frame. Protocols, domains, and ports must match..
     69PASS w[0] = 1 threw exception SecurityError: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a cross-origin frame. Protocols, domains, and ports must match..
    6670PASS w.location.foo threw exception SecurityError: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a cross-origin frame. Protocols, domains, and ports must match..
    6771PASS successfullyParsed is true
  • trunk/LayoutTests/http/tests/dom/cross-origin-detached-window-properties.html

    r237209 r273901  
    4949
    5050    shouldThrowErrorName("w.foo", "SecurityError");
     51    shouldThrowErrorName("w.foo = 1", "SecurityError");
     52    shouldThrowErrorName("w[0] = 1", "SecurityError");
    5153    shouldThrowErrorName("w.location.foo", "SecurityError");
    5254}
  • trunk/Source/WebCore/ChangeLog

    r273897 r273901  
     12021-03-04  Keith Miller  <keith_miller@apple.com>
     2
     3        window proxy of detached iframe doesn't respect updates to global values
     4        https://bugs.webkit.org/show_bug.cgi?id=206445
     5
     6        Reviewed by Chris Dumez.
     7
     8        According to the html spec the frame should only be needing for
     9        COOP access violation reporting, which we don't support. This
     10        patch removes our old behavior of blocking stores to windows that
     11        have been detached.
     12
     13        I also removed some stale caching code from
     14        getOwnPropertySlotByIndex since it's only accessed once now.
     15
     16        * bindings/js/JSDOMWindowCustom.cpp:
     17        (WebCore::JSDOMWindow::getOwnPropertySlotByIndex):
     18        (WebCore::JSDOMWindow::doPutPropertySecurityCheck):
     19        (WebCore::JSDOMWindow::put):
     20        (WebCore::JSDOMWindow::putByIndex):
     21
    1222021-03-04  Alex Christensen  <achristensen@webkit.org>
    223
  • trunk/Source/WebCore/bindings/js/JSDOMWindowCustom.cpp

    r273138 r273901  
    299299    slot.disableCaching();
    300300
    301     String errorMessage;
    302     Optional<bool> cachedIsCrossOriginAccess;
    303     auto isCrossOriginAccess = [&] {
    304         if (!cachedIsCrossOriginAccess)
    305             cachedIsCrossOriginAccess = !BindingSecurity::shouldAllowAccessToDOMWindow(*lexicalGlobalObject, window, errorMessage);
    306         return *cachedIsCrossOriginAccess;
    307     };
    308 
    309301    // (1) First, indexed properties.
    310302    // These are also allowed cross-origin, so come before the access check.
     
    315307
    316308    // Hand off all cross-domain/frameless access to jsDOMWindowGetOwnPropertySlotRestrictedAccess.
    317     if (isCrossOriginAccess())
     309    String errorMessage;
     310    if (!BindingSecurity::shouldAllowAccessToDOMWindow(*lexicalGlobalObject, window, errorMessage))
    318311        return jsDOMWindowGetOwnPropertySlotRestrictedAccess<DOMWindowType::Local>(thisObject, window, *lexicalGlobalObject, Identifier::from(vm, index), slot, errorMessage);
    319312
     
    328321
    329322    auto* thisObject = jsCast<JSDOMWindow*>(cell);
    330     if (!thisObject->wrapped().frame())
    331         return;
    332323
    333324    String errorMessage;
     
    347338
    348339    auto* thisObject = jsCast<JSDOMWindow*>(cell);
    349     if (!thisObject->wrapped().frame())
    350         return false;
    351340
    352341    String errorMessage;
     
    368357bool JSDOMWindow::putByIndex(JSCell* cell, JSGlobalObject* lexicalGlobalObject, unsigned index, JSValue value, bool shouldThrow)
    369358{
     359    VM& vm = lexicalGlobalObject->vm();
    370360    auto* thisObject = jsCast<JSDOMWindow*>(cell);
    371     if (!thisObject->wrapped().frame() || !BindingSecurity::shouldAllowAccessToDOMWindow(lexicalGlobalObject, thisObject->wrapped()))
     361    auto scope = DECLARE_THROW_SCOPE(vm);
     362
     363    String errorMessage;
     364    if (!BindingSecurity::shouldAllowAccessToDOMWindow(*lexicalGlobalObject, thisObject->wrapped(), errorMessage)) {
     365        throwSecurityError(*lexicalGlobalObject, scope, errorMessage);
    372366        return false;
     367    }
    373368   
    374369    return Base::putByIndex(thisObject, lexicalGlobalObject, index, value, shouldThrow);
Note: See TracChangeset for help on using the changeset viewer.