Changeset 284821 in webkit
- Timestamp:
- Oct 25, 2021 2:27:18 PM (9 months ago)
- Location:
- trunk
- Files:
-
- 11 edited
-
LayoutTests/fast/events/popup-allowed-from-gesture-initiated-form-submit.html (modified) (1 diff)
-
LayoutTests/fast/forms/submit-to-blank-multiple-times.html (modified) (1 diff)
-
LayoutTests/http/tests/cookies/same-site/popup-cross-site-post.html (modified) (1 diff)
-
LayoutTests/http/tests/cookies/same-site/popup-same-site-post.html (modified) (1 diff)
-
LayoutTests/imported/w3c/ChangeLog (modified) (1 diff)
-
LayoutTests/imported/w3c/web-platform-tests/content-security-policy/form-action/form-action-self-allowed-target-blank.html (modified) (1 diff)
-
LayoutTests/imported/w3c/web-platform-tests/content-security-policy/form-action/form-action-src-allowed-target-blank.sub.html (modified) (2 diffs)
-
LayoutTests/imported/w3c/web-platform-tests/content-security-policy/form-action/form-action-src-redirect-allowed-target-blank.sub.html (modified) (1 diff)
-
LayoutTests/imported/w3c/web-platform-tests/html/semantics/forms/form-submission-target/resources/reltester.js (modified) (2 diffs)
-
Source/WebCore/ChangeLog (modified) (1 diff)
-
Source/WebCore/html/HTMLFormElement.cpp (modified) (3 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/fast/events/popup-allowed-from-gesture-initiated-form-submit.html
r282103 r284821 1 1 <html> <!-- webkit-test-runner [ JavaScriptCanOpenWindowsAutomatically=false ] --> 2 2 <body> 3 <form action="resources/popup-allowed-from-gesture-initiated-form-submit-target.html" method="post" target="_blank" >3 <form action="resources/popup-allowed-from-gesture-initiated-form-submit-target.html" method="post" target="_blank" rel="opener"> 4 4 <input id="button" type="submit" value="Click Here" /> 5 5 </form> -
trunk/LayoutTests/fast/forms/submit-to-blank-multiple-times.html
r282103 r284821 8 8 This test will click the first submit button twice, then press the space bar on the second submit button twice. Both should popup two blank windows. 9 9 </p> 10 <form action="resources/submit-to-blank-multiple-times-form-action.html" target="_blank" >10 <form action="resources/submit-to-blank-multiple-times-form-action.html" target="_blank" rel="opener"> 11 11 <input name="nextOp" id="nextOp" type="hidden"> 12 12 <input name="submit" id="submit" type="submit"> 13 13 </form> 14 <form action="resources/submit-to-blank-multiple-times-form-action.html" target="_blank" >14 <form action="resources/submit-to-blank-multiple-times-form-action.html" target="_blank" rel="opener"> 15 15 <input name="nextOp" id="nextOpKey" type="hidden"> 16 16 <input name="submit" id="submitKey" type="submit"> -
trunk/LayoutTests/http/tests/cookies/same-site/popup-cross-site-post.html
r277534 r284821 28 28 f.action = "http://127.0.0.1:8000/cookies/resources/post-cookies-to-opener.py"; 29 29 f.method = "POST"; 30 f.target = "_blank" 30 f.target = "_blank"; 31 f.rel = "opener"; 31 32 window.onload = t.step_func(f.submit.bind(f)); 32 33 document.body.appendChild(f); -
trunk/LayoutTests/http/tests/cookies/same-site/popup-same-site-post.html
r275315 r284821 27 27 f.method = "POST"; 28 28 f.target = "_blank"; 29 f.rel = "opener"; 29 30 window.onload = t.step_func(f.submit.bind(f)); 30 31 document.body.appendChild(f); -
trunk/LayoutTests/imported/w3c/ChangeLog
r284818 r284821 1 2021-10-25 Chris Dumez <cdumez@apple.com> 2 3 Form navigations with target=_blank should not have an opener 4 https://bugs.webkit.org/show_bug.cgi?id=232243 5 6 Reviewed by Sam Weinig. 7 8 Merge https://github.com/web-platform-tests/wpt/pull/31368 from upstream WPT to fix outdated expectations in 9 WPT tests. 10 11 * web-platform-tests/content-security-policy/form-action/form-action-self-allowed-target-blank.html: 12 * web-platform-tests/content-security-policy/form-action/form-action-src-allowed-target-blank.sub.html: 13 * web-platform-tests/content-security-policy/form-action/form-action-src-redirect-allowed-target-blank.sub.html: 14 * web-platform-tests/html/semantics/forms/form-submission-target/resources/reltester.js: 15 (formUsesTargetBlank): 16 (relTester): 17 1 18 2021-10-25 Chris Dumez <cdumez@apple.com> 2 19 -
trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/form-action/form-action-self-allowed-target-blank.html
r246330 r284821 11 11 <form action='/content-security-policy/support/postmessage-pass-to-opener.html' 12 12 id='form_id' 13 target="_blank"> 13 target="_blank" 14 rel="opener"> 14 15 </form> 15 16 -
trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/form-action/form-action-src-allowed-target-blank.sub.html
r246330 r284821 26 26 </head> 27 27 <body onload="OnDocumentLoaded();"> 28 <form id="form" method="GET" target="_blank" >28 <form id="form" method="GET" target="_blank" rel="opener"> 29 29 <input type="hidden" name="message" value="DocumentNotBlocked"> 30 30 <input type="submit" id="submit"> … … 32 32 </body> 33 33 </html> 34 -
trunk/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/form-action/form-action-src-redirect-allowed-target-blank.sub.html
r246330 r284821 27 27 </head> 28 28 <body onload="OnDocumentLoaded();"> 29 <form id="form" method="POST" target="_blank" >29 <form id="form" method="POST" target="_blank" rel="opener"> 30 30 <input type="submit" id="submit"> 31 31 </form> 32 32 </body> 33 33 </html> 34 -
trunk/LayoutTests/imported/w3c/web-platform-tests/html/semantics/forms/form-submission-target/resources/reltester.js
r249886 r284821 1 function formUsesTargetBlank(submitter) { 2 if (submitter.formTarget && submitter.formTarget === "_blank") { 3 return true; 4 } 5 if (submitter.form && submitter.form.target === "_blank") { 6 return true; 7 } 8 if (submitter.target && submitter.target === "_blank") { 9 return true; 10 } 11 if (submitter.getRootNode().querySelector("base").target === "_blank") { 12 return true; 13 } 14 return false; 15 } 16 1 17 function relTester(submitter, channelInput, title) { 2 18 [ … … 52 68 assert_equals(e.data.referrer, "", "referrer"); 53 69 } 54 if (relTest.exposed === "all") { 70 // When rel is not explicitly given, account for target=_blank defaulting to noopener 71 if (relTest.exposed === "all" && !(relTest.rel === "" && formUsesTargetBlank(submitter))) { 55 72 assert_true(e.data.haveOpener, "opener"); 56 73 } else { -
trunk/Source/WebCore/ChangeLog
r284816 r284821 1 2021-10-25 Chris Dumez <cdumez@apple.com> 2 3 Form navigations with target=_blank should not have an opener 4 https://bugs.webkit.org/show_bug.cgi?id=232243 5 6 Reviewed by Sam Weinig. 7 8 Form navigations with target=_blank should not have an opener (unless rel="opener" is specified 9 on the <form>), similarly to link navigations. This is a bit better for security as Web developers 10 may not realize that popups opened via target=_blank get an opener link by default and do things 11 like post messages to their opener, or navigate it. Not having an opener relationship also enables 12 us to process-swap in more cases for better site isolation. 13 14 This behavior is behind the same experimental feature flag as the behavior for anchors with target=_blank 15 since WebKit is the only engine implementing this at the moment (despite this behavior having been 16 standardized). 17 18 No new tests, updated existing tests. 19 20 * html/HTMLFormElement.cpp: 21 (WebCore::parseFormRelAttributes): 22 (WebCore::HTMLFormElement::submit): 23 1 24 2021-10-25 Alex Christensen <achristensen@webkit.org> 2 25 -
trunk/Source/WebCore/html/HTMLFormElement.cpp
r284749 r284821 74 74 bool noopener { false }; 75 75 bool noreferrer { false }; 76 bool opener { false }; 76 77 }; 77 78 … … 84 85 else if (equalIgnoringASCIICase(token, "noreferrer")) 85 86 attributes.noreferrer = true; 87 else if (equalIgnoringASCIICase(token, "opener")) 88 attributes.opener = true; 86 89 } 87 90 return attributes; … … 426 429 427 430 auto relAttributes = parseFormRelAttributes(getAttribute(HTMLNames::relAttr)); 428 // FIXME: According to the specification, having `target=blank` without `rel="opener"` should suppress the opener. 429 // However, this is not currently implemented as it is causing some WPT tests to fail (https://github.com/whatwg/html/issues/7256). 430 if (relAttributes.noopener || relAttributes.noreferrer) 431 if (relAttributes.noopener || relAttributes.noreferrer || (!relAttributes.opener && document().settings().blankAnchorTargetImpliesNoOpenerEnabled() && equalIgnoringASCIICase(formSubmission->target(), "_blank"))) 431 432 formSubmission->setNewFrameOpenerPolicy(NewFrameOpenerPolicy::Suppress); 432 433 if (relAttributes.noreferrer)
Note: See TracChangeset
for help on using the changeset viewer.
