Changeset 142734 in webkit
- Timestamp:
- Feb 13, 2013 3:19:08 AM (11 years ago)
- Location:
- trunk
- Files:
-
- 2 added
- 11 edited
- 1 copied
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r142733 r142734 1 2013-02-13 Mike West <mkwst@chromium.org> 2 3 location.href does not throw SECURITY_ERR when accessed across origins with JSC bindings 4 https://bugs.webkit.org/show_bug.cgi?id=43891 5 6 Reviewed by Adam Barth. 7 8 * http/tests/plugins/resources/cross-frame-object-access.html: 9 * http/tests/security/cross-frame-access-callback-explicit-domain-DENY-expected.txt: 10 * http/tests/security/cross-frame-access-location-get-expected.txt: 11 * http/tests/security/cross-frame-access-location-get.html: 12 * http/tests/security/resources/cross-frame-access.js: 13 (accessThrowsException): 14 * http/tests/security/resources/cross-frame-iframe-callback-explicit-domain-DENY.html: 15 * http/tests/security/resources/cross-frame-iframe-for-location-get-test.html: 16 Adjusting tests to check for exceptions, and adjusting expectations to match. 17 * platform/chromium/http/tests/security/cross-frame-access-callback-explicit-domain-DENY-expected.txt: Copied from LayoutTests/http/tests/security/cross-frame-access-callback-explicit-domain-DENY-expected.txt. 18 * platform/chromium/http/tests/security/cross-frame-access-location-get-expected.txt: Added. 19 * platform/chromium/http/tests/security/sandboxed-iframe-blocks-access-from-parent-expected.txt: Copied from LayoutTests/http/tests/security/sandboxed-iframe-blocks-access-from-parent-expected.txt. 20 V8 fails at the moment: http://wkbug.com/43892 21 1 22 2013-02-13 Vsevolod Vlasov <vsevik@chromium.org> 2 23 -
trunk/LayoutTests/http/tests/plugins/resources/cross-frame-object-access.html
r28715 r142734 15 15 } 16 16 17 if (l.href) { 18 debug('could access top.location.href'); 19 return false; 17 try { 18 if (l.href) { 19 debug('could access top.location.href'); 20 return false; 21 } 22 } catch (e) { 23 return true; 20 24 } 21 22 25 return true; 23 26 } -
trunk/LayoutTests/http/tests/security/cross-frame-access-callback-explicit-domain-DENY-expected.txt
r128208 r142734 1 CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/cross-frame-access-callback-explicit-domain-DENY.html from frame with URL http://127.0.0.1:8000/security/resources/cross-frame-iframe-callback-explicit-domain-DENY.html. The frame requesting access set 'document.domain' to '127.0.0.1', but the frame being accessed did not. Both must set 'document.domain' to the same value to allow access. 2 1 3 CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/cross-frame-access-callback-explicit-domain-DENY.html from frame with URL http://127.0.0.1:8000/security/resources/cross-frame-iframe-callback-explicit-domain-DENY.html. The frame requesting access set 'document.domain' to '127.0.0.1', but the frame being accessed did not. Both must set 'document.domain' to the same value to allow access. 2 4 … … 9 11 -------- 10 12 PASS: canGet('parentWindow.location.href') should be 'false' and is. 13 PASS: accessThrowsException('parentWindow.location.href') should be 'true' and is. 14 -
trunk/LayoutTests/http/tests/security/cross-frame-access-location-get-expected.txt
r104803 r142734 1 CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-location-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location-get.html. Domains, protocols and ports must match. 2 3 CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-location-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location-get.html. Domains, protocols and ports must match. 4 5 CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-location-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location-get.html. Domains, protocols and ports must match. 6 7 CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-location-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location-get.html. Domains, protocols and ports must match. 8 9 CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-location-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location-get.html. Domains, protocols and ports must match. 10 11 CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-location-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location-get.html. Domains, protocols and ports must match. 12 13 CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-location-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location-get.html. Domains, protocols and ports must match. 14 15 CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-location-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location-get.html. Domains, protocols and ports must match. 16 17 CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-location-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location-get.html. Domains, protocols and ports must match. 18 19 CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-location-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location-get.html. Domains, protocols and ports must match. 20 21 CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-location-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location-get.html. Domains, protocols and ports must match. 22 1 23 CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-location-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location-get.html. Domains, protocols and ports must match. 2 24 … … 31 53 Firefox allows access to 'location.toString' but throws an exception when you call it. 32 54 PASS: canGet('targetWindow.location.toString') should be 'false' and is. 55 PASS: accessThrowsException('targetWindow.location.toString') should be 'true' and is. 33 56 PASS: canGet('targetWindow.location.href') should be 'false' and is. 34 57 PASS: canGet('targetWindow.location.hash') should be 'false' and is. … … 39 62 PASS: canGet('targetWindow.location.protocol') should be 'false' and is. 40 63 PASS: canGet('targetWindow.location.search') should be 'false' and is. 64 PASS: canGet('targetWindow.location.existingCustomProperty') should be 'false' and is. 65 PASS: canGet('targetWindow.location[1]') should be 'false' and is. 66 PASS: accessThrowsException('targetWindow.location.href') should be 'true' and is. 67 PASS: accessThrowsException('targetWindow.location.hash') should be 'true' and is. 68 PASS: accessThrowsException('targetWindow.location.host') should be 'true' and is. 69 PASS: accessThrowsException('targetWindow.location.hostname') should be 'true' and is. 70 PASS: accessThrowsException('targetWindow.location.pathname') should be 'true' and is. 71 PASS: accessThrowsException('targetWindow.location.port') should be 'true' and is. 72 PASS: accessThrowsException('targetWindow.location.protocol') should be 'true' and is. 73 PASS: accessThrowsException('targetWindow.location.search') should be 'true' and is. 74 PASS: accessThrowsException('targetWindow.location.existingCustomProperty') should be 'true' and is. 75 PASS: accessThrowsException('targetWindow.location[1]') should be 'true' and is. 41 76 PASS: canGet('targetWindow.location.assign') should be 'true' and is. 42 77 PASS: canGet('targetWindow.location.reload') should be 'true' and is. 43 78 PASS: canGet('targetWindow.location.replace') should be 'true' and is. 44 PASS: canGet('targetWindow.location.existingCustomProperty') should be 'false' and is.45 79 -
trunk/LayoutTests/http/tests/security/cross-frame-access-location-get.html
r120174 r142734 42 42 log("Firefox allows access to 'location.toString' but throws an exception when you call it."); 43 43 shouldBeFalse("canGet('targetWindow.location.toString')"); 44 shouldBeTrue("accessThrowsException('targetWindow.location.toString')"); 44 45 45 46 shouldBeFalse("canGet('targetWindow.location.href')"); … … 51 52 shouldBeFalse("canGet('targetWindow.location.protocol')"); 52 53 shouldBeFalse("canGet('targetWindow.location.search')"); 54 shouldBeFalse("canGet('targetWindow.location.existingCustomProperty')"); 55 shouldBeFalse("canGet('targetWindow.location[1]')"); 56 57 shouldBeTrue("accessThrowsException('targetWindow.location.href')"); 58 shouldBeTrue("accessThrowsException('targetWindow.location.hash')"); 59 shouldBeTrue("accessThrowsException('targetWindow.location.host')"); 60 shouldBeTrue("accessThrowsException('targetWindow.location.hostname')"); 61 shouldBeTrue("accessThrowsException('targetWindow.location.pathname')"); 62 shouldBeTrue("accessThrowsException('targetWindow.location.port')"); 63 shouldBeTrue("accessThrowsException('targetWindow.location.protocol')"); 64 shouldBeTrue("accessThrowsException('targetWindow.location.search')"); 65 shouldBeTrue("accessThrowsException('targetWindow.location.existingCustomProperty')"); 66 shouldBeTrue("accessThrowsException('targetWindow.location[1]')"); 53 67 54 68 shouldBeTrue("canGet('targetWindow.location.assign')"); … … 56 70 shouldBeTrue("canGet('targetWindow.location.replace')"); 57 71 58 shouldBeFalse("canGet('targetWindow.location.existingCustomProperty')");59 72 } 60 73 </script> -
trunk/LayoutTests/http/tests/security/resources/cross-frame-access.js
r120174 r142734 56 56 } catch(e) { 57 57 return false; 58 } 59 } 60 61 function accessThrowsException(keyPath) { 62 try { 63 eval("window." + keyPath); 64 return false; 65 } catch (e) { 66 return true; 58 67 } 59 68 } -
trunk/LayoutTests/http/tests/security/resources/cross-frame-iframe-callback-explicit-domain-DENY.html
r120174 r142734 1 1 <script src="cross-frame-access.js"></script> 2 2 <body> 3 < div id=console></div>3 <pre id=console></pre> 4 4 <script> 5 5 var parentWindow = window.parent; … … 7 7 { 8 8 shouldBeFalse("canGet('parentWindow.location.href')"); 9 shouldBeTrue("accessThrowsException('parentWindow.location.href')"); 9 10 if (window.testRunner) 10 11 testRunner.notifyDone(); -
trunk/LayoutTests/http/tests/security/resources/cross-frame-iframe-for-location-get-test.html
r120174 r142734 2 2 <head> 3 3 <script> 4 window.location.existingCustomProperty = 1; 4 window.location.existingCustomProperty = 1; 5 window.location[1] = 1; 5 6 6 7 window.onload = function() -
trunk/LayoutTests/http/tests/security/sandboxed-iframe-blocks-access-from-parent-expected.txt
r128070 r142734 1 1 CONSOLE MESSAGE: Sandbox access violation: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/resources/blank.html from frame with URL http://127.0.0.1:8000/security/sandboxed-iframe-blocks-access-from-parent.html. The frame being accessed is sandboxed into a unique origin. 2 2 3 CONSOLE MESSAGE: line 12: SecurityError: DOM Exception 18: An attempt was made to break through the security policy of the user agent. 3 4 Sandboxing a frame puts it into a unique origin by default, which the containing document shouldn't have script access to. This test passes if a console warning is generated, noting the access violation. 4 5 -
trunk/Source/WebCore/ChangeLog
r142731 r142734 1 2013-02-13 Mike West <mkwst@chromium.org> 2 3 location.href does not throw SECURITY_ERR when accessed across origins with JSC bindings 4 https://bugs.webkit.org/show_bug.cgi?id=43891 5 6 Reviewed by Adam Barth. 7 8 Other browsers (IE, Firefox, and Opera) throw an exception when accessing 9 properties of a Location object across origins, as the spec suggests[1]. 10 WebKit is currently the outlier. 11 12 This has a few negative effects: developers are forced to hack around 13 access violations in two ways rather than having a single code path, and 14 (more annoyingly) developers are unable to avoid generating the error 15 message. See every ad on the internet for the effect on the console. :) 16 17 This patch adds a SECURITY_ERR exception to these access violations, 18 which is the first step towards getting rid of the console spam. Getting 19 rid of the message entirely will require a solution to 20 http://wkbug.com/98050. 21 22 A fairly inconclusive thread[2] on webkit-dev popped up in 2010 and 23 trailed off without reaching conclusion. A more recent thread reached 24 agreement that this patch seems like a reasonable thing to do[3]. 25 26 This is the JSC half of the patch. V8 is coming in http://wkbug.com/43892 27 28 [1]: http://www.whatwg.org/specs/web-apps/current-work/multipage/history.html#security-location 29 [2]: https://lists.webkit.org/pipermail/webkit-dev/2010-August/013880.html 30 [2]: https://lists.webkit.org/pipermail/webkit-dev/2012-February/023636.html 31 32 * bindings/js/JSLocationCustom.cpp: 33 (WebCore::JSLocation::getOwnPropertySlotDelegate): 34 1 35 2013-02-13 Andrew Wilson <atwilson@chromium.org> 2 36 -
trunk/Source/WebCore/bindings/js/JSLocationCustom.cpp
r128400 r142734 82 82 // such cases when normally the string form of Location would be the URL. 83 83 84 // FIXME: Move this message into the exception once http://wkbug.com/98050 is fixed. 84 85 printErrorMessageForFrame(frame, message); 86 setDOMException(exec, SECURITY_ERR); 85 87 slot.setUndefined(); 86 88 return true;
Note: See TracChangeset
for help on using the changeset viewer.