Changeset 106736 in webkit


Ignore:
Timestamp:
Feb 4, 2012 2:09:16 AM (12 years ago)
Author:
abarth@webkit.org
Message:

http/tests/security/xss-eval fails due to difference in JSC and V8 eval
https://bugs.webkit.org/show_bug.cgi?id=77806

Reviewed by Eric Seidel.

Both the JSC and V8 behaviors are reasonable in this case. This patch
modifies the test to show that either behavior isn't a security
vulnerability.

  • http/tests/security/xss-eval.html:
  • platform/chromium/http/tests/security/xss-eval-expected.txt:
  • platform/chromium/test_expectations.txt:
Location:
trunk/LayoutTests
Files:
4 edited

Legend:

Unmodified
Added
Removed
  • trunk/LayoutTests/ChangeLog

    r106733 r106736  
     12012-02-04  Adam Barth  <abarth@webkit.org>
     2
     3        http/tests/security/xss-eval fails due to difference in JSC and V8 eval
     4        https://bugs.webkit.org/show_bug.cgi?id=77806
     5
     6        Reviewed by Eric Seidel.
     7
     8        Both the JSC and V8 behaviors are reasonable in this case.  This patch
     9        modifies the test to show that either behavior isn't a security
     10        vulnerability.
     11
     12        * http/tests/security/xss-eval.html:
     13        * platform/chromium/http/tests/security/xss-eval-expected.txt:
     14        * platform/chromium/test_expectations.txt:
     15
    1162012-02-04  David Grogan  <dgrogan@chromium.org>
    217
  • trunk/LayoutTests/http/tests/security/xss-eval.html

    r33006 r106736  
    2626}
    2727
     28document.testExpando = "It's me!";
     29
    2830addEventListener("message", function()
    2931{
    30     shouldBe("eval.call(frames[0], 'document')", (function() { try { return eval.call(frames[0], 'document'); } catch(e) { return e.name; } })(), "EvalError");
     32    (function() {
     33        try {
     34            var doc = eval.call(frames[0], 'document');
     35            // V8 execute the eval our scope, which is safe.
     36            shouldBe("documentFromEval", doc.testExpando, "It's me!")
     37        } catch(e) {
     38            // JSC throws an exception, which is also safe.
     39            shouldBe("eval.call(frames[0], 'document')", e.name, "EvalError");
     40        }
     41    })();
    3142
    3243    shouldBe("childEval.call(frames[0], 'document')", (function() { try { return childEval.call(frames[0], 'document'); } catch(e) { return e.name; } })(), "EvalError");
    3344
    3445    shouldBe("childEvalCaller('document')", (function() { try { return childEvalCaller('document'); } catch(e) { return e.name; } })(), "TypeError");
    35    
     46
    3647    shouldBe("childLocalEvalCaller('document')", (function() { try { return childLocalEvalCaller('document'); } catch(e) { return e.name; } })(), "EvalError");
    37    
     48
    3849    if (window.layoutTestController)
    3950        layoutTestController.notifyDone();
  • trunk/LayoutTests/platform/chromium/http/tests/security/xss-eval-expected.txt

    r104912 r106736  
    55If the test passes, you'll see a pass message below.
    66
    7 PASS: eval.call(frames[0], 'document') should be EvalError and is.
     7PASS: documentFromEval should be It's me! and is.
    88PASS: childEval.call(frames[0], 'document') should be EvalError and is.
    99PASS: childEvalCaller('document') should be TypeError and is.
  • trunk/LayoutTests/platform/chromium/test_expectations.txt

    r106733 r106736  
    797797BUGWK71451 LINUX : http/tests/security/contentSecurityPolicy/object-src-none-allowed.html = TEXT PASS
    798798BUGWK59552 SNOWLEOPARD DEBUG : http/tests/security/cross-frame-access-custom.html = PASS CRASH
    799 BUGRICOW : http/tests/security/xss-eval.html = TEXT
    800799BUGWK72272 WIN : security/crypto-random-values-types.html = TEXT PASS
    801800BUGCR24182 WIN RELEASE : http/tests/security/cross-origin-css.html = PASS TIMEOUT
Note: See TracChangeset for help on using the changeset viewer.