Changeset 133006 in webkit
- Timestamp:
- Oct 31, 2012 2:59:45 AM (11 years ago)
- Location:
- trunk
- Files:
-
- 2 added
- 19 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r133005 r133006 1 2012-10-31 Mike West <mkwst@chromium.org> 2 3 Script run from an isolated world should bypass a page's CSP. 4 https://bugs.webkit.org/show_bug.cgi?id=97398 5 6 Reviewed by Adam Barth. 7 8 * http/tests/security/isolatedWorld/bypass-main-world-csp-expected.txt: Added. 9 * http/tests/security/isolatedWorld/bypass-main-world-csp.html: Added. 10 * platform/efl/TestExpectations: 11 * platform/mac/TestExpectations: 12 * platform/qt/TestExpectations: 13 * platform/win/TestExpectations: 14 Skip the new tests on ports that don't support the new functionality 15 1 16 2012-10-31 Pavel Podivilov <podivilov@google.com> 2 17 -
trunk/LayoutTests/platform/efl/TestExpectations
r133000 r133006 1022 1022 webkit.org/b/61540 inspector/extensions/extensions-audits-content-script.html [ Failure ] 1023 1023 webkit.org/b/61540 inspector/extensions/extensions-eval-content-script.html [ Failure ] 1024 1025 # JSC also doesn't support setIsolatedWorldContentSecurityPolicy 1026 webkit.org/b/100815 http/tests/security/isolatedWorld/bypass-main-world-csp.html [ Failure ] 1024 1027 1025 1028 #__worldID is undefined in isolated world -
trunk/LayoutTests/platform/mac/TestExpectations
r132843 r133006 428 428 # JSC does not support setIsolatedWorldSecurityOrigin (http://webkit.org/b/61540) 429 429 http/tests/security/isolatedWorld/cross-origin-xhr.html 430 431 # JSC also doesn't support setIsolatedWorldContentSecurityPolicy (webkit.org/b/100815) 432 http/tests/security/isolatedWorld/bypass-main-world-csp.html 430 433 431 434 # https://bugs.webkit.org/show_bug.cgi?id=63282 layerTreeAsText doesn't work for iframes -
trunk/LayoutTests/platform/qt/TestExpectations
r132929 r133006 341 341 http/tests/security/isolatedWorld/cross-origin-xhr.html 342 342 343 # JSC also doesn't support setIsolatedWorldContentSecurityPolicy (webkit.org/b/100815) 344 http/tests/security/isolatedWorld/bypass-main-world-csp.html 345 343 346 # This test is for clients that choose to make the missing plugin indicator a button 344 347 plugins/clicking-missing-plugin-fires-delegate.html -
trunk/LayoutTests/platform/win/TestExpectations
r132964 r133006 1482 1482 # JSC does not support setIsolatedWorldSecurityOrigin (http://webkit.org/b/61540) 1483 1483 http/tests/security/isolatedWorld/cross-origin-xhr.html 1484 1485 # JSC also doesn't support setIsolatedWorldContentSecurityPolicy (webkit.org/b/100815) 1486 http/tests/security/isolatedWorld/bypass-main-world-csp.html 1484 1487 1485 1488 # ENABLE(WEBGL) is disabled -
trunk/Source/WebCore/ChangeLog
r132999 r133006 1 2012-10-31 Mike West <mkwst@chromium.org> 2 3 Script run from an isolated world should bypass a page's CSP. 4 https://bugs.webkit.org/show_bug.cgi?id=97398 5 6 Reviewed by Adam Barth. 7 8 A page's Content Security Policy currently applies to all resources 9 loaded, regardless of their source. That generally makes sense, but 10 proves problematic when considering script run from an isolated 11 world (Chrome extensions, for instance). These scripts should be allowed 12 to inject resources into a page's DOM without eiher being restricted by 13 the page's active CSP, or generating violation reports that spam the 14 page owner. 15 16 Ideally, the isolated world could define its own Content Security Policy 17 which should be applied to resources it loads. For the moment, this 18 patch accepts a String that we can parse later on, but only uses it in 19 a binary way. If a non-empty policy String is provided, we bypass the 20 main world's CSP checks. If an empty String is provided, the main 21 world's CSP checks remain active. 22 23 Test: http/tests/security/isolatedWorld/bypass-main-world-csp.html 24 25 (WebCore::isolatedWorldContentSecurityPolicies): 26 (WebCore::DOMWrapperWorld::isolatedWorldHasContentSecurityPolicy): 27 (WebCore::DOMWrapperWorld::setIsolatedWorldContentSecurityPolicy): 28 (WebCore::DOMWrapperWorld::clearIsolatedWorldContentSecurityPolicy): 29 * bindings/v8/DOMWrapperWorld.h: 30 (DOMWrapperWorld): 31 Mechanisms for setting and clearing Content Security Policies from 32 isolated worlds; implemented in the same HashMappy way as 33 SecurityOrigin. 34 * bindings/v8/ScriptController.cpp: 35 (WebCore::ScriptController::shouldBypassMainWorldContentSecurityPolicy): 36 (WebCore): 37 * bindings/v8/ScriptController.h: 38 (ScriptController): 39 Adding a method to ScriptController to query the state of the 40 current world's Content Security Policy. We'll drop this once we can 41 apply a policy more directly, but for the moment it's necessary for 42 the next bit. 43 * loader/cache/CachedResourceLoader.cpp: 44 (WebCore::CachedResourceLoader::canRequest): 45 Check the new ScriptController method, and only perform CSP checks 46 when loading resources if we're executing code from the main world, 47 or an isolated world with no Content Security Policy set. 48 1 49 2012-10-31 Tim Horton <timothy_horton@apple.com> 2 50 -
trunk/Source/WebCore/bindings/js/ScriptController.h
r130612 r133006 161 161 #endif 162 162 163 // FIXME: Stub for parity with V8 implementation. http://webkit.org/b/100815 164 bool shouldBypassMainWorldContentSecurityPolicy() { return false; } 165 163 166 private: 164 167 JSDOMWindowShell* initScript(DOMWrapperWorld* world); -
trunk/Source/WebCore/bindings/v8/DOMWrapperWorld.cpp
r131629 r133006 144 144 } 145 145 146 typedef HashMap<int, bool> IsolatedWorldContentSecurityPolicyMap; 147 static IsolatedWorldContentSecurityPolicyMap& isolatedWorldContentSecurityPolicies() 148 { 149 ASSERT(isMainThread()); 150 DEFINE_STATIC_LOCAL(IsolatedWorldContentSecurityPolicyMap, map, ()); 151 return map; 152 } 153 154 bool DOMWrapperWorld::isolatedWorldHasContentSecurityPolicy() 155 { 156 ASSERT(this->isIsolatedWorld()); 157 IsolatedWorldContentSecurityPolicyMap& policies = isolatedWorldContentSecurityPolicies(); 158 IsolatedWorldContentSecurityPolicyMap::iterator it = policies.find(worldId()); 159 return it == policies.end() ? false : it->value; 160 } 161 162 void DOMWrapperWorld::setIsolatedWorldContentSecurityPolicy(int worldID, const String& policy) 163 { 164 ASSERT(DOMWrapperWorld::isIsolatedWorldId(worldID)); 165 if (!policy.isEmpty()) 166 isolatedWorldContentSecurityPolicies().set(worldID, true); 167 else 168 isolatedWorldContentSecurityPolicies().remove(worldID); 169 } 170 171 void DOMWrapperWorld::clearIsolatedWorldContentSecurityPolicy(int worldID) 172 { 173 ASSERT(DOMWrapperWorld::isIsolatedWorldId(worldID)); 174 isolatedWorldContentSecurityPolicies().remove(worldID); 175 } 176 146 177 } // namespace WebCore -
trunk/Source/WebCore/bindings/v8/DOMWrapperWorld.h
r132458 r133006 38 38 #include <wtf/RefCounted.h> 39 39 #include <wtf/RefPtr.h> 40 #include <wtf/text/WTFString.h> 40 41 41 42 namespace WebCore { … … 58 59 static void clearIsolatedWorldSecurityOrigin(int worldID); 59 60 SecurityOrigin* isolatedWorldSecurityOrigin(); 61 62 // Associated an isolated world with a Content Security Policy. Resources 63 // embedded into the main world's DOM from script executed in an isolated 64 // world should be restricted based on the isolated world's DOM, not the 65 // main world's. 66 // 67 // FIXME: Right now, resource injection simply bypasses the main world's 68 // DOM. More work is necessary to allow the isolated world's policy to be 69 // applied correctly. 70 static void setIsolatedWorldContentSecurityPolicy(int worldID, const String& policy); 71 static void clearIsolatedWorldContentSecurityPolicy(int worldID); 72 bool isolatedWorldHasContentSecurityPolicy(); 73 60 74 // FIXME: this is a workaround for a problem in WebViewImpl. 61 75 // Do not use this anywhere else!! -
trunk/Source/WebCore/bindings/v8/ScriptController.cpp
r132517 r133006 397 397 } 398 398 399 bool ScriptController::shouldBypassMainWorldContentSecurityPolicy() 400 { 401 if (V8DOMWindowShell* isolatedWorldShell = V8DOMWindowShell::getEntered()) 402 return isolatedWorldShell->world()->isolatedWorldHasContentSecurityPolicy(); 403 return false; 404 } 405 399 406 TextPosition ScriptController::eventHandlerPosition() const 400 407 { -
trunk/Source/WebCore/bindings/v8/ScriptController.h
r132505 r133006 108 108 void evaluateInIsolatedWorld(int worldID, const Vector<ScriptSourceCode>& sources, int extensionGroup, Vector<ScriptValue>* results); 109 109 110 // Returns true if the current world is isolated, and has its own Content 111 // Security Policy. In this case, the policy of the main world should be 112 // ignored when evaluating resources injected into the DOM. 113 bool shouldBypassMainWorldContentSecurityPolicy(); 114 110 115 // FIXME: Remove references to this call in chromium and delete it. 111 116 inline static void setIsolatedWorldSecurityOrigin(int worldID, PassRefPtr<SecurityOrigin> origin) -
trunk/Source/WebCore/loader/cache/CachedResourceLoader.cpp
r132869 r133006 302 302 if (document() && !document()->securityOrigin()->canDisplay(url)) { 303 303 if (!forPreload) 304 FrameLoader::reportLocalLoadFailed( document()->frame(), url.string());304 FrameLoader::reportLocalLoadFailed(frame(), url.string()); 305 305 LOG(ResourceLoading, "CachedResourceLoader::requestResource URL was not allowed by SecurityOrigin::canDisplay"); 306 306 return 0; … … 311 311 return false; 312 312 #endif 313 314 bool shouldBypassMainWorldContentSecurityPolicy = (frame() && frame()->script()->shouldBypassMainWorldContentSecurityPolicy()); 313 315 314 316 // Some types of resources can be loaded only from the same origin. Other … … 353 355 #endif 354 356 case CachedResource::Script: 355 if (! m_document->contentSecurityPolicy()->allowScriptFromSource(url))357 if (!shouldBypassMainWorldContentSecurityPolicy && !m_document->contentSecurityPolicy()->allowScriptFromSource(url)) 356 358 return false; 357 359 … … 369 371 #endif 370 372 case CachedResource::CSSStyleSheet: 371 if (! m_document->contentSecurityPolicy()->allowStyleFromSource(url))373 if (!shouldBypassMainWorldContentSecurityPolicy && !m_document->contentSecurityPolicy()->allowStyleFromSource(url)) 372 374 return false; 373 375 break; … … 376 378 #endif 377 379 case CachedResource::ImageResource: 378 if (! m_document->contentSecurityPolicy()->allowImageFromSource(url))380 if (!shouldBypassMainWorldContentSecurityPolicy && !m_document->contentSecurityPolicy()->allowImageFromSource(url)) 379 381 return false; 380 382 break; 381 383 case CachedResource::FontResource: { 382 if (! m_document->contentSecurityPolicy()->allowFontFromSource(url))384 if (!shouldBypassMainWorldContentSecurityPolicy && !m_document->contentSecurityPolicy()->allowFontFromSource(url)) 383 385 return false; 384 386 break; … … 395 397 // Cues aren't called out in the CPS spec yet, but they only work with a media element 396 398 // so use the media policy. 397 if (! m_document->contentSecurityPolicy()->allowMediaFromSource(url))399 if (!shouldBypassMainWorldContentSecurityPolicy && !m_document->contentSecurityPolicy()->allowMediaFromSource(url)) 398 400 return false; 399 401 break; -
trunk/Source/WebKit/chromium/ChangeLog
r132946 r133006 1 2012-10-31 Mike West <mkwst@chromium.org> 2 3 Script run from an isolated world should bypass a page's CSP. 4 https://bugs.webkit.org/show_bug.cgi?id=97398 5 6 Reviewed by Adam Barth. 7 8 * public/WebFrame.h: 9 (WebFrame): 10 * src/WebFrameImpl.cpp: 11 (WebKit::WebFrameImpl::setIsolatedWorldSecurityOrigin): 12 (WebKit): 13 (WebKit::WebFrameImpl::setIsolatedWorldContentSecurityPolicy): 14 * src/WebFrameImpl.h: 15 (WebFrameImpl): 16 Piping a Content Security Policy through WebFrame, in the same way 17 we're currently doing for SecurityOrigin. As a drive-by, this also 18 uses the static method on DOMWrapperWindow to set the security 19 origin, rather than routing through the frame's ScriptController. 20 1 21 2012-10-30 W. James MacLean <wjmaclean@chromium.org> 2 22 -
trunk/Source/WebKit/chromium/public/WebFrame.h
r131223 r133006 253 253 int worldID, const WebSecurityOrigin&) = 0; 254 254 255 // Associates a content security policy with an isolated world. This policy 256 // should be used when evaluating script in the isolated world, and should 257 // also replace a protected resource's CSP when evaluating resources 258 // injected into the DOM. 259 // 260 // FIXME: Setting this simply bypasses the protected resource's CSP. It 261 // doesn't yet restrict the isolated world to the provided policy. 262 virtual void setIsolatedWorldContentSecurityPolicy( 263 int worldID, const WebString&) = 0; 264 255 265 // Logs to the console associated with this frame. 256 266 virtual void addMessageToConsole(const WebConsoleMessage&) = 0; -
trunk/Source/WebKit/chromium/src/WebFrameImpl.cpp
r132746 r133006 83 83 #include "DOMWindow.h" 84 84 #include "DOMWindowIntents.h" 85 #include "DOMWrapperWorld.h" 85 86 #include "DeliveredIntent.h" 86 87 #include "DeliveredIntentClientImpl.h" … … 827 828 { 828 829 ASSERT(frame()); 829 frame()->script()->setIsolatedWorldSecurityOrigin(worldID, securityOrigin.get()); 830 DOMWrapperWorld::setIsolatedWorldSecurityOrigin(worldID, securityOrigin.get()); 831 } 832 833 void WebFrameImpl::setIsolatedWorldContentSecurityPolicy(int worldID, const WebString& policy) 834 { 835 ASSERT(frame()); 836 DOMWrapperWorld::setIsolatedWorldContentSecurityPolicy(worldID, policy); 830 837 } 831 838 -
trunk/Source/WebKit/chromium/src/WebFrameImpl.h
r129947 r133006 115 115 int extensionGroup); 116 116 virtual void setIsolatedWorldSecurityOrigin(int worldID, const WebSecurityOrigin&); 117 virtual void setIsolatedWorldContentSecurityPolicy(int worldID, const WebString&); 117 118 virtual void addMessageToConsole(const WebConsoleMessage&); 118 119 virtual void collectGarbage(); -
trunk/Tools/ChangeLog
r133000 r133006 1 2012-10-31 Mike West <mkwst@chromium.org> 2 3 Script run from an isolated world should bypass a page's CSP. 4 https://bugs.webkit.org/show_bug.cgi?id=97398 5 6 Reviewed by Adam Barth. 7 8 * DumpRenderTree/chromium/DRTTestRunner.cpp: 9 (DRTTestRunner::DRTTestRunner): 10 (DRTTestRunner::setIsolatedWorldContentSecurityPolicy): 11 * DumpRenderTree/chromium/DRTTestRunner.h: 12 (DRTTestRunner): 13 Adding a mechanism to set the Content Security Policy for an 14 isolated world to Chromium's testRunner. 15 1 16 2012-10-31 Michał Pakuła vel Rutka <m.pakula@samsung.com> 2 17 -
trunk/Tools/DumpRenderTree/chromium/DRTTestRunner.cpp
r132478 r133006 158 158 bindMethod("evaluateScriptInIsolatedWorldAndReturnValue", &DRTTestRunner::evaluateScriptInIsolatedWorldAndReturnValue); 159 159 bindMethod("setIsolatedWorldSecurityOrigin", &DRTTestRunner::setIsolatedWorldSecurityOrigin); 160 bindMethod("setIsolatedWorldContentSecurityPolicy", &DRTTestRunner::setIsolatedWorldContentSecurityPolicy); 160 161 bindMethod("execCommand", &DRTTestRunner::execCommand); 161 162 bindMethod("forceRedSelectionColors", &DRTTestRunner::forceRedSelectionColors); … … 1402 1403 origin = WebSecurityOrigin::createFromString(cppVariantToWebString(arguments[1])); 1403 1404 m_shell->webView()->focusedFrame()->setIsolatedWorldSecurityOrigin(arguments[0].toInt32(), origin); 1405 } 1406 1407 void DRTTestRunner::setIsolatedWorldContentSecurityPolicy(const CppArgumentList& arguments, CppVariant* result) 1408 { 1409 result->setNull(); 1410 1411 if (arguments.size() != 2 || !arguments[0].isNumber() || !arguments[1].isString()) 1412 return; 1413 1414 m_shell->webView()->focusedFrame()->setIsolatedWorldContentSecurityPolicy(arguments[0].toInt32(), cppVariantToWebString(arguments[1])); 1404 1415 } 1405 1416 -
trunk/Tools/DumpRenderTree/chromium/DRTTestRunner.h
r132781 r133006 298 298 void evaluateScriptInIsolatedWorld(const CppArgumentList&, CppVariant*); 299 299 void setIsolatedWorldSecurityOrigin(const CppArgumentList&, CppVariant*); 300 void setIsolatedWorldContentSecurityPolicy(const CppArgumentList&, CppVariant*); 300 301 301 302 // The fallback method is called when a nonexistent method is called on
Note: See TracChangeset
for help on using the changeset viewer.