Changeset 149326 in webkit
- Timestamp:
- Apr 29, 2013 3:44:35 PM (11 years ago)
- Location:
- trunk
- Files:
-
- 1 added
- 15 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r149322 r149326 1 2013-04-22 Jeffrey Pfau <jpfau@apple.com> 2 3 Change approach to third-party blocking for LocalStorage 4 https://bugs.webkit.org/show_bug.cgi?id=115004 5 6 Reviewed by Maciej Stachowiak. 7 8 * http/tests/security/cross-origin-local-storage-allowed-expected.txt: 9 * http/tests/security/cross-origin-local-storage-allowed.html: 10 * http/tests/security/cross-origin-local-storage-expected.txt: 11 * http/tests/security/cross-origin-local-storage-wk1.html: 12 * http/tests/security/cross-origin-local-storage-wk1-expected.txt: 13 * http/tests/security/cross-origin-local-storage.html: 14 * http/tests/security/resources/cross-origin-iframe-for-local-storage.html: 15 * http/tests/security/resources/load-local-storage.html: Added. 16 * platform/mac-wk2/http/tests/security/cross-origin-local-storage-wk1-expected.txt: 17 * platform/mac/http/tests/security/cross-origin-local-storage-wk1-expected.txt: 18 1 19 2013-04-29 Yi Shen <max.hong.shen@gmail.com> 2 20 -
trunk/LayoutTests/http/tests/security/cross-origin-local-storage-allowed-expected.txt
r125335 r149326 1 This iframe should not return any errors: 2 3 4 This iframe should not return any errors: 5 6 7 8 -------- 9 Frame: '<!--framePath //<!--frame0-->-->' 10 -------- 11 No exception 12 13 -------- 14 Frame: '<!--framePath //<!--frame1-->-->' 15 -------- 16 No exception 1 Got value: value -
trunk/LayoutTests/http/tests/security/cross-origin-local-storage-allowed.html
r125335 r149326 4 4 if (window.testRunner) { 5 5 testRunner.dumpAsText(); 6 testRunner.dumpChildFramesAsText(); 6 testRunner.waitUntilDone(); 7 internals.settings.setStorageBlockingPolicy('AllowAll'); 8 } 9 10 function continueTest() { 11 window.location.href = 'http://localhost:8000/security/resources/load-local-storage.html'; 7 12 } 8 13 </script> 9 14 </head> 10 15 <body> 11 <p>This iframe should not return any errors:</p> 12 <iframe src="http://localhost:8000/security/resources/cross-origin-iframe-for-local-storage.html"></iframe> 13 <p>This iframe should not return any errors:</p> 14 <iframe src="http://127.0.0.1:8000/security/resources/cross-origin-iframe-for-local-storage.html"></iframe> 16 <iframe src="http://localhost:8000/security/resources/cross-origin-iframe-for-local-storage.html" onload="continueTest()"></iframe> 15 17 </body> 16 18 </html> -
trunk/LayoutTests/http/tests/security/cross-origin-local-storage-expected.txt
r135162 r149326 1 This iframe should return a security error: 2 3 4 This iframe should not return any errors: 5 6 7 8 -------- 9 Frame: '<!--framePath //<!--frame0-->-->' 10 -------- 11 SecurityError 12 13 -------- 14 Frame: '<!--framePath //<!--frame1-->-->' 15 -------- 16 No exception 1 No value -
trunk/LayoutTests/http/tests/security/cross-origin-local-storage-wk1-expected.txt
r129567 r149326 1 This iframe should return a security error: 2 3 4 This iframe should not return any errors: 5 6 7 8 -------- 9 Frame: '<!--framePath //<!--frame0-->-->' 10 -------- 11 No exception 12 13 -------- 14 Frame: '<!--framePath //<!--frame1-->-->' 15 -------- 16 No exception 1 Got value: value -
trunk/LayoutTests/http/tests/security/cross-origin-local-storage-wk1.html
r129567 r149326 2 2 <head> 3 3 <script> 4 var frames = 2;5 4 if (window.testRunner) { 6 5 testRunner.dumpAsText(); 7 testRunner. dumpChildFramesAsText();6 testRunner.waitUntilDone(); 8 7 testRunner.overridePreference('WebKitStorageBlockingPolicy', 1); 9 8 } 10 9 11 function decrement() { 12 --frames; 13 if (!frames && window.testRunner) 14 testRunner.overridePreference('WebKitStorageBlockingPolicy', 0); 10 function continueTest() { 11 window.location.href = 'http://localhost:8000/security/resources/load-local-storage.html'; 15 12 } 16 13 </script> 17 14 </head> 18 15 <body> 19 <p>This iframe should return a security error:</p> 20 <iframe src="http://localhost:8000/security/resources/cross-origin-iframe-for-local-storage.html" onload="decrement()"></iframe> 21 <p>This iframe should not return any errors:</p> 22 <iframe src="http://127.0.0.1:8000/security/resources/cross-origin-iframe-for-local-storage.html" onload="decrement()"></iframe> 16 <iframe src="http://localhost:8000/security/resources/cross-origin-iframe-for-local-storage.html" onload="continueTest()"></iframe> 23 17 </body> 24 18 </html> -
trunk/LayoutTests/http/tests/security/cross-origin-local-storage.html
r127956 r149326 2 2 <head> 3 3 <script> 4 var frames = 2;5 4 if (window.testRunner) { 6 5 testRunner.dumpAsText(); 7 testRunner. dumpChildFramesAsText();6 testRunner.waitUntilDone(); 8 7 internals.settings.setStorageBlockingPolicy('BlockThirdParty'); 9 8 } 10 9 11 function decrement() { 12 --frames; 13 if (!frames && window.testRunner) 14 internals.settings.setStorageBlockingPolicy('AllowAll'); 10 function continueTest() { 11 window.location.href = 'http://localhost:8000/security/resources/load-local-storage.html'; 15 12 } 16 13 </script> 17 14 </head> 18 15 <body> 19 <p>This iframe should return a security error:</p> 20 <iframe src="http://localhost:8000/security/resources/cross-origin-iframe-for-local-storage.html" onload="decrement()"></iframe> 21 <p>This iframe should not return any errors:</p> 22 <iframe src="http://127.0.0.1:8000/security/resources/cross-origin-iframe-for-local-storage.html" onload="decrement()"></iframe> 16 <iframe src="http://localhost:8000/security/resources/cross-origin-iframe-for-local-storage.html" onload="continueTest()"></iframe> 23 17 </body> 24 18 </html> -
trunk/LayoutTests/http/tests/security/resources/cross-origin-iframe-for-local-storage.html
r125335 r149326 4 4 try { 5 5 var c = window.localStorage; 6 c['test'] = 'value'; 6 7 document.write('No exception'); 7 8 } catch (exception) { -
trunk/LayoutTests/platform/mac-wk2/http/tests/security/cross-origin-local-storage-wk1-expected.txt
r143779 r149326 1 This iframe should return a security error: 2 3 4 This iframe should not return any errors: 5 6 7 8 -------- 9 Frame: '<!--framePath //<!--frame0-->-->' 10 -------- 11 No exception 12 13 -------- 14 Frame: '<!--framePath //<!--frame1-->-->' 15 -------- 16 No exception 1 Got value: value -
trunk/LayoutTests/platform/mac/http/tests/security/cross-origin-local-storage-wk1-expected.txt
r135162 r149326 1 This iframe should return a security error: 2 3 4 This iframe should not return any errors: 5 6 7 8 -------- 9 Frame: '<!--framePath //<!--frame0-->-->' 10 -------- 11 SecurityError 12 13 -------- 14 Frame: '<!--framePath //<!--frame1-->-->' 15 -------- 16 No exception 1 No value -
trunk/Source/WebCore/ChangeLog
r149322 r149326 1 2013-04-22 Jeffrey Pfau <jpfau@apple.com> 2 3 Change approach to third-party blocking for LocalStorage 4 https://bugs.webkit.org/show_bug.cgi?id=115004 5 6 Reviewed by Maciej Stachowiak. 7 8 Instead of outright blocking LocalStorage that's used in a third-party 9 context, silently partition it based on the origin of the top context. 10 These partitions are then discarded when the page group is unloaded. 11 12 No new tests; modified existing tests to account for changes. 13 14 * page/DOMWindow.cpp: 15 (WebCore::DOMWindow::localStorage): 16 * page/PageGroup.cpp: 17 (WebCore::PageGroup::localStorage): 18 (WebCore): 19 (WebCore::PageGroup::transientLocalStorage): 20 * page/PageGroup.h: 21 (PageGroup): 22 * page/SecurityOrigin.cpp: 23 (WebCore::SecurityOrigin::canAccessStorage): 24 1 25 2013-04-29 Yi Shen <max.hong.shen@gmail.com> 2 26 -
trunk/Source/WebCore/page/DOMWindow.cpp
r148545 r149326 792 792 return 0; 793 793 794 if (!document->securityOrigin()->canAccessLocalStorage( document->topOrigin())) {794 if (!document->securityOrigin()->canAccessLocalStorage(0)) { 795 795 ec = SECURITY_ERR; 796 796 return 0; … … 812 812 return 0; 813 813 814 RefPtr<StorageArea> storageArea = page->group().localStorage()->storageArea(document->securityOrigin()); 814 RefPtr<StorageArea> storageArea; 815 if (!document->securityOrigin()->canAccessLocalStorage(document->topOrigin())) 816 storageArea = page->group().transientLocalStorage(document->topOrigin())->storageArea(document->securityOrigin()); 817 else 818 storageArea = page->group().localStorage()->storageArea(document->securityOrigin()); 819 815 820 if (!storageArea->canAccessStorage(m_frame)) { 816 821 ec = SECURITY_ERR; -
trunk/Source/WebCore/page/PageGroup.cpp
r148683 r149326 264 264 } 265 265 266 StorageNamespace* PageGroup::transientLocalStorage(const SecurityOrigin* topOrigin) 267 { 268 String topOriginString = topOrigin->toString(); 269 if (!m_transientLocalStorage.get(topOriginString)) 270 m_transientLocalStorage.set(topOriginString, StorageNamespace::sessionStorageNamespace(*this->pages().begin())); 271 272 return m_transientLocalStorage.get(topOriginString).get(); 273 } 274 266 275 void PageGroup::addUserScriptToWorld(DOMWrapperWorld* world, const String& source, const KURL& url, 267 276 const Vector<String>& whitelist, const Vector<String>& blacklist, -
trunk/Source/WebCore/page/PageGroup.h
r145826 r149326 88 88 bool hasLocalStorage() { return m_localStorage; } 89 89 90 StorageNamespace* transientLocalStorage(const SecurityOrigin* topOrigin); 91 90 92 void addUserScriptToWorld(DOMWrapperWorld*, const String& source, const KURL&, 91 93 const Vector<String>& whitelist, const Vector<String>& blacklist, … … 129 131 unsigned m_identifier; 130 132 RefPtr<StorageNamespace> m_localStorage; 133 HashMap<String, RefPtr<StorageNamespace> > m_transientLocalStorage; 131 134 132 135 OwnPtr<UserScriptMap> m_userScripts; -
trunk/Source/WebCore/page/SecurityOrigin.cpp
r147671 r149326 389 389 return false; 390 390 391 if (m_storageBlockingPolicy == BlockAllStorage) 392 return false; 393 391 394 // FIXME: This check should be replaced with an ASSERT once we can guarantee that topOrigin is not null. 392 395 if (!topOrigin) 393 396 return true; 394 397 395 if ( m_storageBlockingPolicy == BlockAllStorage ||topOrigin->m_storageBlockingPolicy == BlockAllStorage)398 if (topOrigin->m_storageBlockingPolicy == BlockAllStorage) 396 399 return false; 397 400
Note: See TracChangeset
for help on using the changeset viewer.