Changeset 44906 in webkit for trunk

Timestamp:

Jun 20, 2009 7:05:30 PM (15 years ago)

Author:

weinig@apple.com

Message:

WebCore:

2009-06-20 Sam Weinig <​sam@webkit.org>

Reviewed by Adam Barth.

Fix for ​https://bugs.webkit.org/show_bug.cgi?id=26554
Shadowing of top and parent

• page/DOMWindow.idl:

LayoutTests:

2009-06-20 Sam Weinig <​sam@webkit.org>

Reviewed by Adam Barth.

Test for ​https://bugs.webkit.org/show_bug.cgi?id=26554

Test writing to parent and top.

• http/tests/security/cross-frame-access-put-expected.txt:
• http/tests/security/cross-frame-access-put.html:
• http/tests/security/resources/cross-frame-iframe-for-put-test.html:

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/http/tests/security/cross-frame-access-put-expected.txt (modified) (2 diffs)
• LayoutTests/http/tests/security/cross-frame-access-put.html (modified) (1 diff)
• LayoutTests/http/tests/security/resources/cross-frame-iframe-for-put-test.html (modified) (2 diffs)
• WebCore/ChangeLog (modified) (1 diff)
• WebCore/page/DOMWindow.idl (modified) (1 diff)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2009-06-20  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Adam Barth.
+
+        Test for https://bugs.webkit.org/show_bug.cgi?id=26554
+
+        Test writing to parent and top.
+
+        * http/tests/security/cross-frame-access-put-expected.txt:
+        * http/tests/security/cross-frame-access-put.html:
+        * http/tests/security/resources/cross-frame-iframe-for-put-test.html:
+
 2009-06-20  Mark Rowe  <mrowe@apple.com>
 

trunk/LayoutTests/http/tests/security/cross-frame-access-put-expected.txt

@@ -1 +1 @@
 CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/cross-frame-access-put.html from frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-put-test.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-put-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-put.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-put-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-put.html. Domains, protocols and ports must match.
 
 CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-put-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-put.html. Domains, protocols and ports must match.
@@ -527 +531 @@
 ALERT: PASS: window.toolbar should be '[object BarInfo]' and is.
 ALERT: PASS: window.window should be '[object DOMWindow]' and is.
+ALERT: PASS: window.parent should be parentOld and is.
+ALERT: PASS: window.top should be topOld and is.
 ALERT: PASS: window.addEventListener should be 'function addEventListener() {    [native code]}' and is.
 ALERT: PASS: window.alert should be 'function alert() {    [native code]}' and is.

trunk/LayoutTests/http/tests/security/cross-frame-access-put.html

@@ -193 +193 @@
     setForbiddenProperty(targetWindow, "toolbar");
     setForbiddenProperty(targetWindow, "window");
-
-    // FIXME: find a way to test these attributes
-    // setForbiddenProperty(targetWindow, "parent");
-    // setForbiddenProperty(targetWindow, "top");
+    setForbiddenProperty(targetWindow, "parent");
+    setForbiddenProperty(targetWindow, "top");
 
     // Functions

trunk/LayoutTests/http/tests/security/resources/cross-frame-iframe-for-put-test.html

@@ -210 +210 @@
         var toolbarOld = window.toolbar;
         var windowOld = window.window;
-
-        // FIXME: find a way to test these attributes
-        // var parentOld = window.parent;
-        // var topOld = window.top;
+        var parentOld = window.parent;
+        var topOld = window.top;
 
         // Functions
@@ -418 +416 @@
             shouldBe("window.window", "windowOld");
 
-            // FIXME: find a way to test these attributes
-            // shouldBe("window.parent", "parentOld");
-            // shouldBe("window.top", "topOld");
+            // Using shouldBe for parent and top causes extraneous warnings due to cross-orgin toString'ing.
+            if (window.parent === parentOld) {
+                alert("PASS: window.parent should be parentOld and is.");
+            } else {
+                alert("*** FAIL: window.parent should be parentOld but instead is " + window.parent + ". ***");
+            }
+
+            if (window.top === topOld) {
+                alert("PASS: window.top should be topOld and is.");
+            } else {
+                alert("*** FAIL: window.top should be topOld but instead is " + window.top + ". ***");
+            }
 
             // Functions

trunk/WebCore/ChangeLog

@@ +1 @@
+2009-06-20  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Adam Barth.
+
+        Fix for https://bugs.webkit.org/show_bug.cgi?id=26554
+        Shadowing of top and parent
+
+        * page/DOMWindow.idl:
+
 2009-06-20  Mark Rowe  <mrowe@apple.com>
 

trunk/WebCore/page/DOMWindow.idl

@@ -134 +134 @@
 
         attribute [Replaceable, DoNotCheckDomainSecurityOnGet, V8CustomSetter] DOMWindow opener;
-        attribute [Replaceable, DoNotCheckDomainSecurity] DOMWindow parent;
-        attribute [Replaceable, DoNotCheckDomainSecurity, V8DisallowShadowing, V8ReadOnly] DOMWindow top;
+        attribute [Replaceable, DoNotCheckDomainSecurityOnGet] DOMWindow parent;
+        attribute [Replaceable, DoNotCheckDomainSecurityOnGet, V8DisallowShadowing, V8ReadOnly] DOMWindow top;
 
         // DOM Level 2 AbstractView Interface