Changeset 111098 in webkit

Timestamp:

Mar 16, 2012 5:31:22 PM (12 years ago)

Author:

tsepez@chromium.org

Message:

Make V8 window.open.call(), window.open.showModalDialog() results more closely match JSC.
​https://bugs.webkit.org/show_bug.cgi?id=81260
​https://bugs.webkit.org/show_bug.cgi?id=39897

Reviewed by Adam Barth.

Source/WebCore:

Tested via http/tests/security/cross-frame-access-call.htm

• bindings/v8/custom/V8DOMWindowCustom.cpp:

(WebCore::V8DOMWindow::showModalDialogCallback):
(WebCore::V8DOMWindow::openCallback):

LayoutTests:

• http/tests/security/cross-frame-access-call-expected.txt:
• http/tests/security/cross-frame-access-call.html:
• http/tests/security/cross-frame-access-get-expected.txt:
• http/tests/security/cross-frame-access-get.html:
• platform/chromium/http/tests/security/aboutBlank/xss-DENIED-set-opener-expected.txt:
• platform/chromium/http/tests/security/cross-frame-access-call-expected.txt:

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/http/tests/security/cross-frame-access-call-expected.txt (modified) (2 diffs)
• LayoutTests/http/tests/security/cross-frame-access-call.html (modified) (1 diff)
• LayoutTests/http/tests/security/cross-frame-access-get-expected.txt (modified) (2 diffs)
• LayoutTests/http/tests/security/cross-frame-access-get.html (modified) (1 diff)
• LayoutTests/platform/chromium/http/tests/security/aboutBlank/xss-DENIED-set-opener-expected.txt (modified) (1 diff)
• LayoutTests/platform/chromium/http/tests/security/cross-frame-access-call-expected.txt (modified) (3 diffs)
• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp (modified) (3 diffs)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2012-03-16  Tom Sepez  <tsepez@chromium.org>
+
+        Make V8 window.open.call(), window.open.showModalDialog() results more closely match JSC. 
+        https://bugs.webkit.org/show_bug.cgi?id=81260
+        https://bugs.webkit.org/show_bug.cgi?id=39897
+
+        Reviewed by Adam Barth.
+
+        * http/tests/security/cross-frame-access-call-expected.txt:
+        * http/tests/security/cross-frame-access-call.html:
+        * http/tests/security/cross-frame-access-get-expected.txt:
+        * http/tests/security/cross-frame-access-get.html:
+        * platform/chromium/http/tests/security/aboutBlank/xss-DENIED-set-opener-expected.txt:
+        * platform/chromium/http/tests/security/cross-frame-access-call-expected.txt:
+
 2012-03-16  Tony Chang  <tony@chromium.org>
 

trunk/LayoutTests/http/tests/security/cross-frame-access-call-expected.txt

@@ +1 @@
+CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-call.html. Domains, protocols and ports must match.
+
 CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-call.html. Domains, protocols and ports must match.
 
@@ -83 +85 @@
 PASS: window.resizeBy.call(targetWindow, 0, 0); should be 'undefined' and is.
 PASS: window.resizeTo.call(targetWindow, 0, 0); should be 'undefined' and is.
+PASS: window.showModalDialog.call(targetWindow); should be 'undefined' and is.
+PASS: window.eval.call(targetWindow, '1+2'); should be 'EvalError: The "this" value passed to eval must be the global object from which eval originated' and is.
 PASS: window.location.toString.call(targetWindow.location) should be 'undefined' and is.
 

trunk/LayoutTests/http/tests/security/cross-frame-access-call.html

@@ -55 +55 @@
     shouldBe("window.resizeBy.call(targetWindow, 0, 0);", "undefined");
     shouldBe("window.resizeTo.call(targetWindow, 0, 0);", "undefined");
+    shouldBe("window.showModalDialog.call(targetWindow);", "undefined");
 
-    // FIXME:  showModalDialog now works on DRT and thus breaks this test.  Will uncomment after adding a separate test for Mac for showModalDialog - Bug #39897
-    // Throws a TypeError and logs to the error console
-    // shouldBe("window.showModalDialog.call(targetWindow);", '"TypeError: Result of expression \'window.showModalDialog\' [undefined] is not an object."');
+    // Throws an EvalError and logs to the error console
+    shouldBe("window.eval.call(targetWindow, '1+2');", '"EvalError: The \\"this\\" value passed to eval must be the global object from which eval originated"');
 
     // - Tests for the Location object -

trunk/LayoutTests/http/tests/security/cross-frame-access-get-expected.txt

@@ +1 @@
+CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-get.html. Domains, protocols and ports must match.
+
 CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-get.html. Domains, protocols and ports must match.
 
@@ -537 +539 @@
 PASS: canGet('targetWindow.setInterval') should be 'false' and is.
 PASS: canGet('targetWindow.setTimeout') should be 'false' and is.
+PASS: canGet('targetWindow.showModalDialog') should be 'false' and is.
 PASS: canGet('targetWindow.stop') should be 'false' and is.
 

trunk/LayoutTests/http/tests/security/cross-frame-access-get.html

@@ -134 +134 @@
             "setInterval", 
             "setTimeout", 
-            // FIXME: This function is now implemented on mac and hence the expected output changes.  Uncomment after adding a
-            // mac specific test for showModalDialog.  Bug# 39897
-            // "showModalDialog",
+            "showModalDialog",
             "stop"
         ];

trunk/LayoutTests/platform/chromium/http/tests/security/aboutBlank/xss-DENIED-set-opener-expected.txt

@@ +1 @@
+CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/innocent-victim.html from frame with URL http://127.0.0.1:8000/security/aboutBlank/xss-DENIED-set-opener.html. Domains, protocols and ports must match.
+
 CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/innocent-victim.html from frame with URL http://127.0.0.1:8000/security/aboutBlank/xss-DENIED-set-opener.html. Domains, protocols and ports must match.
 

trunk/LayoutTests/platform/chromium/http/tests/security/cross-frame-access-call-expected.txt

@@ -21 +21 @@
 CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-call.html. Domains, protocols and ports must match.
 
-CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL about:blank from frame with URL http://127.0.0.1:8000/security/cross-frame-access-call.html. Domains, protocols and ports must match.
+CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-call.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-call.html. Domains, protocols and ports must match.
 
 CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-call.html. Domains, protocols and ports must match.
@@ -68 +70 @@
 PASS: window.atob.call(targetWindow, 'string') should be 'undefined' and is.
 PASS: window.btoa.call(targetWindow, 'string') should be 'undefined' and is.
-*** FAIL: window.open.call(targetWindow, '') should be 'undefined' but instead is [object Window]. ***
+PASS: window.open.call(targetWindow, '') should be 'undefined' and is.
 PASS: window.addEventListener.call(targetWindow, 'load', null, false); should be 'undefined' and is.
 PASS: window.removeEventListener.call(targetWindow, 'load', null, false); should be 'undefined' and is.
@@ -83 +85 @@
 PASS: window.resizeBy.call(targetWindow, 0, 0); should be 'undefined' and is.
 PASS: window.resizeTo.call(targetWindow, 0, 0); should be 'undefined' and is.
+PASS: window.showModalDialog.call(targetWindow); should be 'undefined' and is.
+*** FAIL: window.eval.call(targetWindow, '1+2'); should be 'EvalError: The "this" value passed to eval must be the global object from which eval originated' but instead is 3. ***
 PASS: window.location.toString.call(targetWindow.location) should be 'undefined' and is.
 

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2012-03-16  Tom Sepez  <tsepez@chromium.org>
+
+        Make V8 window.open.call(), window.open.showModalDialog() results more closely match JSC. 
+        https://bugs.webkit.org/show_bug.cgi?id=81260
+        https://bugs.webkit.org/show_bug.cgi?id=39897
+
+        Reviewed by Adam Barth.
+
+        Tested via http/tests/security/cross-frame-access-call.htm
+
+        * bindings/v8/custom/V8DOMWindowCustom.cpp:
+        (WebCore::V8DOMWindow::showModalDialogCallback):
+        (WebCore::V8DOMWindow::openCallback):
+
 2012-03-16  Matt Lilek  <mrl@apple.com>
 

trunk/Source/WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp

@@ -427 +427 @@
     INC_STATS("DOM.DOMWindow.showModalDialog()");
     DOMWindow* impl = V8DOMWindow::toNative(args.Holder());
-
     V8BindingState* state = V8BindingState::Only();
+    if (!V8BindingSecurity::canAccessFrame(state, impl->frame(), true))
+        return v8::Undefined();
+
+    // FIXME: Handle exceptions properly.
+    String urlString = toWebCoreStringWithNullOrUndefinedCheck(args[0]);
+    DialogHandler handler(args[1]);
+    String dialogFeaturesString = toWebCoreStringWithNullOrUndefinedCheck(args[2]);
 
     DOMWindow* activeWindow = state->activeWindow();
     DOMWindow* firstWindow = state->firstWindow();
-
-    // FIXME: Handle exceptions properly.
-    String urlString = toWebCoreStringWithNullOrUndefinedCheck(args[0]);
-    String dialogFeaturesString = toWebCoreStringWithNullOrUndefinedCheck(args[2]);
-
-    DialogHandler handler(args[1]);
-
     impl->showModalDialog(urlString, dialogFeaturesString, activeWindow, firstWindow, setUpDialog, &handler);
 
@@ -448 +447 @@
     INC_STATS("DOM.DOMWindow.open()");
     DOMWindow* impl = V8DOMWindow::toNative(args.Holder());
-
     V8BindingState* state = V8BindingState::Only();
-
-    DOMWindow* activeWindow = state->activeWindow();
-    DOMWindow* firstWindow = state->firstWindow();
+    if (!V8BindingSecurity::canAccessFrame(state, impl->frame(), true))
+        return v8::Undefined();
 
     // FIXME: Handle exceptions properly.
@@ -459 +456 @@
     String windowFeaturesString = toWebCoreStringWithNullOrUndefinedCheck(args[2]);
 
+    DOMWindow* activeWindow = state->activeWindow();
+    DOMWindow* firstWindow = state->firstWindow();
     RefPtr<DOMWindow> openedWindow = impl->open(urlString, frameName, windowFeaturesString, activeWindow, firstWindow);
     if (!openedWindow)
         return v8::Undefined();
+
     return toV8(openedWindow.release());
 }