Changeset 127513 in webkit


Ignore:
Timestamp:
Sep 4, 2012 3:20:43 PM (12 years ago)
Author:
jpfau@apple.com
Message:

Make plugins respect third-party storage blocking setting
https://bugs.webkit.org/show_bug.cgi?id=94888

Reviewed by Brady Eidson.

Source/WebCore:

Added functions for discerning if a plugin should be able to access its storage in its current origin.

Tests: http/tests/security/cross-origin-plugin-allowed.html

http/tests/security/cross-origin-plugin.html

  • WebCore.exp.in: Export FrameTree::top and SecurityOrigin::canAccessStorage
  • page/SecurityOrigin.h: Added canAccessPluginStorage

(WebCore::SecurityOrigin::canAccessPluginStorage):

Source/WebKit2:

Plugins that are in a third-party context should be put into private browsing mode so their storage is temporary.

  • WebProcess/Plugins/PluginView.cpp:

(WebKit::PluginView::isPrivateBrowsingEnabled): Put the plugin into private browsing mode if it is in a third-party context.
(WebKit::PluginView::privateBrowsingStateChanged): Make sure a plugin doesn't leave private browsing mode if it's in a third-party context.

LayoutTests:

Created tests for plugins in a third party and first party context when third-party blocking is on and off.

  • http/tests/security/cross-origin-plugin-allowed-expected.txt: Added.
  • http/tests/security/cross-origin-plugin-allowed.html: Added.
  • http/tests/security/cross-origin-plugin-expected.txt: Added.
  • http/tests/security/cross-origin-plugin-private-browsing-toggled-allowed-expected.txt: Added.
  • http/tests/security/cross-origin-plugin-private-browsing-toggled-allowed.html: Added.
  • http/tests/security/cross-origin-plugin-private-browsing-toggled-expected.txt: Added.
  • http/tests/security/cross-origin-plugin-private-browsing-toggled.html: Added.
  • http/tests/security/cross-origin-plugin.html: Added.
  • http/tests/security/resources/cross-origin-iframe-for-plugin.html: Added.
  • http/tests/security/resources/cross-origin-iframe-for-plugin-async.html: Added.
  • platform/mac-wk2/http/tests/security/cross-origin-plugin-expected.txt: Added.
  • platform/mac-wk2/http/tests/security/cross-origin-plugin-private-browsing-toggled-expected.txt: Added.
Location:
trunk
Files:
12 added
6 edited

Legend:

Unmodified
Added
Removed

  • trunk/LayoutTests/ChangeLog

    r127511 r127513  
     12012-09-04  Jeffrey Pfau  <jpfau@apple.com>
     2
     3        Make plugins respect third-party storage blocking setting
     4        https://bugs.webkit.org/show_bug.cgi?id=94888
     5
     6        Reviewed by Brady Eidson.
     7
     8        Created tests for plugins in a third party and first party context when third-party blocking is on and off.
     9
     10        * http/tests/security/cross-origin-plugin-allowed-expected.txt: Added.
     11        * http/tests/security/cross-origin-plugin-allowed.html: Added.
     12        * http/tests/security/cross-origin-plugin-expected.txt: Added.
     13        * http/tests/security/cross-origin-plugin-private-browsing-toggled-allowed-expected.txt: Added.
     14        * http/tests/security/cross-origin-plugin-private-browsing-toggled-allowed.html: Added.
     15        * http/tests/security/cross-origin-plugin-private-browsing-toggled-expected.txt: Added.
     16        * http/tests/security/cross-origin-plugin-private-browsing-toggled.html: Added.
     17        * http/tests/security/cross-origin-plugin.html: Added.
     18        * http/tests/security/resources/cross-origin-iframe-for-plugin.html: Added.
     19        * http/tests/security/resources/cross-origin-iframe-for-plugin-async.html: Added.
     20        * platform/mac-wk2/http/tests/security/cross-origin-plugin-expected.txt: Added.
     21        * platform/mac-wk2/http/tests/security/cross-origin-plugin-private-browsing-toggled-expected.txt: Added.
     22
    1232012-09-04  Roger Fong  <roger_fong@apple.com>
    224

  • trunk/Source/WebCore/ChangeLog

    r127509 r127513  
     12012-09-04  Jeffrey Pfau  <jpfau@apple.com>
     2
     3        Make plugins respect third-party storage blocking setting
     4        https://bugs.webkit.org/show_bug.cgi?id=94888
     5
     6        Reviewed by Brady Eidson.
     7
     8        Added functions for discerning if a plugin should be able to access its storage in its current origin.
     9
     10        Tests: http/tests/security/cross-origin-plugin-allowed.html
     11               http/tests/security/cross-origin-plugin.html
     12
     13        * WebCore.exp.in: Export FrameTree::top and SecurityOrigin::canAccessStorage
     14        * page/SecurityOrigin.h: Added canAccessPluginStorage
     15        (WebCore::SecurityOrigin::canAccessPluginStorage):
     16
    1172012-09-04  Robert Hogan  <robert@webkit.org>
    218

  • trunk/Source/WebCore/WebCore.exp.in

    r127457 r127513  
    11781178__ZNK7WebCore14SecurityOrigin5equalEPKS0_
    11791179__ZNK7WebCore14SecurityOrigin8toStringEv
     1180__ZNK7WebCore14SecurityOrigin16canAccessStorageEPKS0_
    11801181__ZNK7WebCore15AffineTransform10isIdentityEv
    11811182__ZNK7WebCore15AffineTransform12isInvertibleEv
     
    13741375__ZNK7WebCore9FloatRect10intersectsERKS0_
    13751376__ZNK7WebCore9FloatSize6isZeroEv
     1377__ZNK7WebCore9FrameTree3topEv
    13761378__ZNK7WebCore9FrameTree10childCountEv
    13771379__ZNK7WebCore9FrameTree12traverseNextEPKNS_5FrameE

  • trunk/Source/WebCore/page/SecurityOrigin.h

    r126912 r127513  
    140140    bool canAccessLocalStorage(const SecurityOrigin* topOrigin) const { return canAccessStorage(topOrigin); };
    141141    bool canAccessSharedWorkers(const SecurityOrigin* topOrigin) const { return canAccessStorage(topOrigin); }
     142    bool canAccessPluginStorage(const SecurityOrigin* topOrigin) const { return canAccessStorage(topOrigin); }
    142143    bool canAccessCookies() const { return !isUnique(); }
    143144    bool canAccessPasswordManager() const { return !isUnique(); }

  • trunk/Source/WebKit2/ChangeLog

    r127487 r127513  
     12012-09-04  Jeffrey Pfau  <jpfau@apple.com>
     2
     3        Make plugins respect third-party storage blocking setting
     4        https://bugs.webkit.org/show_bug.cgi?id=94888
     5
     6        Reviewed by Brady Eidson.
     7
     8        Plugins that are in a third-party context should be put into private browsing mode so their storage is temporary.
     9
     10        * WebProcess/Plugins/PluginView.cpp:
     11        (WebKit::PluginView::isPrivateBrowsingEnabled): Put the plugin into private browsing mode if it is in a third-party context.
     12        (WebKit::PluginView::privateBrowsingStateChanged): Make sure a plugin doesn't leave private browsing mode if it's in a third-party context.
     13
    1142012-09-04  Pekka Vuorela  <pvuorela@iki.fi>
    215

  • trunk/Source/WebKit2/WebProcess/Plugins/PluginView.cpp

    r127319 r127513  
    584584        return;
    585585
     586    if (!privateBrowsingEnabled && !frame()->document()->securityOrigin()->canAccessPluginStorage(frame()->tree()->top()->document()->securityOrigin()))
     587        return;
     588
    586589    m_plugin->privateBrowsingStateChanged(privateBrowsingEnabled);
    587590}
     
    12741277        return true;
    12751278
     1279    if (!frame()->document()->securityOrigin()->canAccessPluginStorage(frame()->tree()->top()->document()->securityOrigin()))
     1280        return true;
     1281
    12761282    Settings* settings = frame()->settings();
    12771283    if (!settings)
Note: See TracChangeset for help on using the changeset viewer.