Changeset 205200 in webkit
- Timestamp:
- Aug 30, 2016 3:24:39 PM (8 years ago)
- Location:
- trunk
- Files:
-
- 7 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r205196 r205200 1 2016-08-30 Chris Dumez <cdumez@apple.com> 2 3 [[Delete]] should throw for cross-origin Window / Location objects 4 https://bugs.webkit.org/show_bug.cgi?id=161397 5 6 Reviewed by Ryosuke Niwa. 7 8 Update / rebaseline existing test to reflect behavior change. 9 10 * http/tests/security/cross-frame-access-delete-expected.txt: 11 * http/tests/security/cross-frame-access-delete.html: 12 * http/tests/security/resources/cross-frame-iframe-for-delete-test.html: 13 1 14 2016-08-30 Ryan Haddad <ryanhaddad@apple.com> 2 15 -
trunk/LayoutTests/http/tests/security/cross-frame-access-delete-expected.txt
r196227 r205200 1 CONSOLE MESSAGE: line 1: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match. 2 CONSOLE MESSAGE: line 1: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match. 3 CONSOLE MESSAGE: line 1: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match. 4 CONSOLE MESSAGE: line 1: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match. 1 Tests [[Delete]] for cross origin Window / Location. 5 2 6 PASS: eval('delete targetWindow.existingProperty') should be 'false' and is. 7 PASS: eval('delete targetWindow[1]') should be 'false' and is. 8 PASS: eval('delete targetWindow.location.existingProperty') should be 'false' and is. 9 PASS: eval('delete targetWindow.location[1]') should be 'false' and is. 3 On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". 4 5 6 PASS delete targetWindow.existingProperty threw exception SecurityError (DOM Exception 18): Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.. 7 PASS delete targetWindow.name threw exception SecurityError (DOM Exception 18): Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.. 8 PASS delete targetWindow[1] threw exception SecurityError (DOM Exception 18): Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.. 9 PASS delete targetWindow.location.existingProperty threw exception SecurityError (DOM Exception 18): Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.. 10 PASS delete targetWindow.location.host threw exception SecurityError (DOM Exception 18): Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.. 11 PASS delete targetWindow.location[1] threw exception SecurityError (DOM Exception 18): Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.. 12 PASS: successfullyParsed should be 'true' and is. 13 14 TEST COMPLETE 15 10 16 11 17 -
trunk/LayoutTests/http/tests/security/cross-frame-access-delete.html
r196227 r205200 1 1 <html> 2 2 <head> 3 <script src="/js-test-resources/js-test-pre.js"></script> 3 4 <script src="resources/cross-frame-access.js"></script> 4 5 <script> 5 if (window.testRunner) { 6 testRunner.dumpAsText(); 6 description("Tests [[Delete]] for cross origin Window / Location."); 7 jsTestIsAsync = true; 8 9 if (window.testRunner) 7 10 testRunner.dumpChildFramesAsText(); 8 testRunner.waitUntilDone();9 }10 11 11 12 receiver = function(e) … … 13 14 if (e.data == "setValuesComplete") 14 15 deleteTest(); 16 if (e.data == "checkValuesComplete") 17 finishJSTest(); 15 18 } 16 19 addEventListener('message', receiver, false); … … 20 23 targetWindow = frames[0]; 21 24 22 shouldBe("eval('delete targetWindow.existingProperty')", "false"); 23 shouldBe("eval('delete targetWindow[1]')", "false"); 24 shouldBe("eval('delete targetWindow.location.existingProperty')", "false"); 25 shouldBe("eval('delete targetWindow.location[1]')", "false"); 25 shouldThrowErrorName("delete targetWindow.existingProperty", "SecurityError"); 26 shouldThrowErrorName("delete targetWindow.name", "SecurityError"); 27 shouldThrowErrorName("delete targetWindow[1]", "SecurityError"); 28 shouldThrowErrorName("delete targetWindow.location.existingProperty", "SecurityError"); 29 shouldThrowErrorName("delete targetWindow.location.host", "SecurityError"); 30 shouldThrowErrorName("delete targetWindow.location[1]", "SecurityError"); 26 31 27 32 targetWindow.postMessage("deletingValuesComplete", "*"); … … 32 37 <iframe src="http://localhost:8000/security/resources/cross-frame-iframe-for-delete-test.html"></iframe> 33 38 <pre id="console"></pre> 39 <script src="/js-test-resources/js-test-post.js"></script> 34 40 </body> 35 41 </html> -
trunk/LayoutTests/http/tests/security/resources/cross-frame-iframe-for-delete-test.html
r120174 r205200 33 33 shouldBe("window.location[1]", "'test value'"); 34 34 35 if (window.testRunner) 36 testRunner.notifyDone(); 35 window.parent.postMessage("checkValuesComplete", "*"); 37 36 } 38 37 </script> -
trunk/Source/WebCore/ChangeLog
r205199 r205200 1 2016-08-30 Chris Dumez <cdumez@apple.com> 2 3 [[Delete]] should throw for cross-origin Window / Location objects 4 https://bugs.webkit.org/show_bug.cgi?id=161397 5 6 Reviewed by Ryosuke Niwa. 7 8 [[Delete]] should throw for cross-origin Window / Location objects: 9 - https://github.com/whatwg/html/pull/1728 10 11 Firefox and Chrome already throw. Previously, WebKit was merely 12 ignoring the call and logging an error message. 13 14 No new tests, updated existing test. 15 16 * bindings/js/JSDOMWindowCustom.cpp: 17 (WebCore::JSDOMWindow::deleteProperty): 18 (WebCore::JSDOMWindow::deletePropertyByIndex): 19 * bindings/js/JSLocationCustom.cpp: 20 (WebCore::JSLocation::deleteProperty): 21 (WebCore::JSLocation::deletePropertyByIndex): 22 1 23 2016-08-30 Brady Eidson <beidson@apple.com> 2 24 -
trunk/Source/WebCore/bindings/js/JSDOMWindowCustom.cpp
r205198 r205200 270 270 JSDOMWindow* thisObject = jsCast<JSDOMWindow*>(cell); 271 271 // Only allow deleting properties by frames in the same origin. 272 if (!BindingSecurity::shouldAllowAccessToDOMWindow(exec, thisObject->wrapped() ))272 if (!BindingSecurity::shouldAllowAccessToDOMWindow(exec, thisObject->wrapped(), ThrowSecurityError)) 273 273 return false; 274 274 return Base::deleteProperty(thisObject, exec, propertyName); … … 279 279 JSDOMWindow* thisObject = jsCast<JSDOMWindow*>(cell); 280 280 // Only allow deleting properties by frames in the same origin. 281 if (!BindingSecurity::shouldAllowAccessToDOMWindow(exec, thisObject->wrapped() ))281 if (!BindingSecurity::shouldAllowAccessToDOMWindow(exec, thisObject->wrapped(), ThrowSecurityError)) 282 282 return false; 283 283 return Base::deletePropertyByIndex(thisObject, exec, propertyName); -
trunk/Source/WebCore/bindings/js/JSLocationCustom.cpp
r205198 r205200 95 95 JSLocation* thisObject = jsCast<JSLocation*>(cell); 96 96 // Only allow deleting by frames in the same origin. 97 if (! shouldAllowAccessToFrame(exec, thisObject->wrapped().frame()))97 if (!BindingSecurity::shouldAllowAccessToFrame(exec, thisObject->wrapped().frame(), ThrowSecurityError)) 98 98 return false; 99 99 return Base::deleteProperty(thisObject, exec, propertyName); … … 104 104 JSLocation* thisObject = jsCast<JSLocation*>(cell); 105 105 // Only allow deleting by frames in the same origin. 106 if (! shouldAllowAccessToFrame(exec, thisObject->wrapped().frame()))106 if (!BindingSecurity::shouldAllowAccessToFrame(exec, thisObject->wrapped().frame(), ThrowSecurityError)) 107 107 return false; 108 108 return Base::deletePropertyByIndex(thisObject, exec, propertyName);
Note: See TracChangeset
for help on using the changeset viewer.