Changeset 205358 in webkit


Ignore:
Timestamp:
Sep 2, 2016 12:00:22 PM (8 years ago)
Author:
Chris Dumez
Message:

Object.defineProperty() should throw cross-origin
https://bugs.webkit.org/show_bug.cgi?id=161460

Reviewed by Geoffrey Garen.

Source/WebCore:

Object.defineProperty() should throw cross-origin to match Firefox and
Chrome.

The specification is in the process of being updated to match the
behavior of browsers.

Test: http/tests/security/window-defineProperty-crossOrigin.html

  • bindings/js/JSDOMWindowCustom.cpp:

(WebCore::JSDOMWindow::defineOwnProperty):

  • bindings/js/JSLocationCustom.cpp:

(WebCore::JSLocation::defineOwnProperty):

LayoutTests:

Add test coverage.

  • http/tests/security/cross-frame-access-object-prototype-expected.txt:
  • http/tests/security/location-cross-origin-expected.txt:
  • http/tests/security/location-cross-origin.html:
  • http/tests/security/window-defineProperty-crossOrigin-expected.txt: Added.
  • http/tests/security/window-defineProperty-crossOrigin.html: Added.
  • http/tests/security/xss-DENIED-defineProperty-expected.txt:
Location:
trunk
Files:
2 added
8 edited

Legend:

Unmodified
Added
Removed
  • trunk/LayoutTests/ChangeLog

    r205354 r205358  
     12016-09-02  Chris Dumez  <cdumez@apple.com>
     2
     3        Object.defineProperty() should throw cross-origin
     4        https://bugs.webkit.org/show_bug.cgi?id=161460
     5
     6        Reviewed by Geoffrey Garen.
     7
     8        Add test coverage.
     9
     10        * http/tests/security/cross-frame-access-object-prototype-expected.txt:
     11        * http/tests/security/location-cross-origin-expected.txt:
     12        * http/tests/security/location-cross-origin.html:
     13        * http/tests/security/window-defineProperty-crossOrigin-expected.txt: Added.
     14        * http/tests/security/window-defineProperty-crossOrigin.html: Added.
     15        * http/tests/security/xss-DENIED-defineProperty-expected.txt:
     16
    1172016-09-02  Chris Dumez  <cdumez@apple.com>
    218
  • trunk/LayoutTests/http/tests/security/cross-frame-access-object-prototype-expected.txt

    r205136 r205358  
    1 CONSOLE MESSAGE: line 39: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
    2 CONSOLE MESSAGE: line 40: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
    31
     2SecurityError (DOM Exception 18): Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
     3SecurityError (DOM Exception 18): Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
    44
    55----- test getting values cross-frame using Object.prototype -----
  • trunk/LayoutTests/http/tests/security/location-cross-origin-expected.txt

    r205171 r205358  
    4848PASS Object.getOwnPropertyDescriptor(window.location, 'search').set.call(frames[0].location, 1) threw exception SecurityError (DOM Exception 18): Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match..
    4949PASS Object.getOwnPropertyDescriptor(window.location, 'hash').set.call(frames[0].location, 1) threw exception SecurityError (DOM Exception 18): Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match..
     50PASS Object.defineProperty(frames[0].location, 'foo', { value: 1 }) threw exception SecurityError (DOM Exception 18): Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match..
    5051PASS frames[0].location.href = 'about:blank' did not throw exception.
    5152PASS frames[0].location.href is "about:blank"
  • trunk/LayoutTests/http/tests/security/location-cross-origin.html

    r205171 r205358  
    5757    shouldThrowErrorName("Object.getOwnPropertyDescriptor(window.location, 'hash').set.call(frames[0].location, 1)", "SecurityError");
    5858
     59    shouldThrowErrorName("Object.defineProperty(frames[0].location, 'foo', { value: 1 })", "SecurityError");
     60
    5961    // Setting 'href' cross origin should be allowed.
    6062    shouldNotThrow("frames[0].location.href = 'about:blank'");
  • trunk/LayoutTests/http/tests/security/xss-DENIED-defineProperty-expected.txt

    r205136 r205358  
    1 CONSOLE MESSAGE: line 20: Blocked a frame with origin "http://localhost:8000" from accessing a frame with origin "http://127.0.0.1:8000". Protocols, domains, and ports must match.
    2 CONSOLE MESSAGE: line 20: Blocked a frame with origin "http://localhost:8000" from accessing a frame with origin "http://127.0.0.1:8000". Protocols, domains, and ports must match.
    3 CONSOLE MESSAGE: line 20: Blocked a frame with origin "http://localhost:8000" from accessing a frame with origin "http://127.0.0.1:8000". Protocols, domains, and ports must match.
    4 CONSOLE MESSAGE: line 20: Blocked a frame with origin "http://localhost:8000" from accessing a frame with origin "http://127.0.0.1:8000". Protocols, domains, and ports must match.
    5 CONSOLE MESSAGE: line 20: Blocked a frame with origin "http://localhost:8000" from accessing a frame with origin "http://127.0.0.1:8000". Protocols, domains, and ports must match.
    6 CONSOLE MESSAGE: line 20: Blocked a frame with origin "http://localhost:8000" from accessing a frame with origin "http://127.0.0.1:8000". Protocols, domains, and ports must match.
    7 CONSOLE MESSAGE: line 22: Blocked a frame with origin "http://localhost:8000" from accessing a frame with origin "http://127.0.0.1:8000". Protocols, domains, and ports must match.
    8 CONSOLE MESSAGE: line 22: Blocked a frame with origin "http://localhost:8000" from accessing a frame with origin "http://127.0.0.1:8000". Protocols, domains, and ports must match.
    9 CONSOLE MESSAGE: line 22: Blocked a frame with origin "http://localhost:8000" from accessing a frame with origin "http://127.0.0.1:8000". Protocols, domains, and ports must match.
    10 CONSOLE MESSAGE: line 22: Blocked a frame with origin "http://localhost:8000" from accessing a frame with origin "http://127.0.0.1:8000". Protocols, domains, and ports must match.
    11 CONSOLE MESSAGE: line 22: Blocked a frame with origin "http://localhost:8000" from accessing a frame with origin "http://127.0.0.1:8000". Protocols, domains, and ports must match.
    12 CONSOLE MESSAGE: line 22: Blocked a frame with origin "http://localhost:8000" from accessing a frame with origin "http://127.0.0.1:8000". Protocols, domains, and ports must match.
    13 CONSOLE MESSAGE: line 24: Blocked a frame with origin "http://localhost:8000" from accessing a frame with origin "http://127.0.0.1:8000". Protocols, domains, and ports must match.
    14 CONSOLE MESSAGE: line 24: Blocked a frame with origin "http://localhost:8000" from accessing a frame with origin "http://127.0.0.1:8000". Protocols, domains, and ports must match.
    15 CONSOLE MESSAGE: line 24: Blocked a frame with origin "http://localhost:8000" from accessing a frame with origin "http://127.0.0.1:8000". Protocols, domains, and ports must match.
    16 CONSOLE MESSAGE: line 24: Blocked a frame with origin "http://localhost:8000" from accessing a frame with origin "http://127.0.0.1:8000". Protocols, domains, and ports must match.
    17 CONSOLE MESSAGE: line 24: Blocked a frame with origin "http://localhost:8000" from accessing a frame with origin "http://127.0.0.1:8000". Protocols, domains, and ports must match.
    18 CONSOLE MESSAGE: line 24: Blocked a frame with origin "http://localhost:8000" from accessing a frame with origin "http://127.0.0.1:8000". Protocols, domains, and ports must match.
    191
    202PASS: cross-site assignment of Object constructor not allowed
     
    7759SecurityError (DOM Exception 18): Blocked a frame with origin "http://localhost:8000" from accessing a frame with origin "http://127.0.0.1:8000". Protocols, domains, and ports must match.
    7860SecurityError (DOM Exception 18): Blocked a frame with origin "http://localhost:8000" from accessing a frame with origin "http://127.0.0.1:8000". Protocols, domains, and ports must match.
     61SecurityError (DOM Exception 18): Blocked a frame with origin "http://localhost:8000" from accessing a frame with origin "http://127.0.0.1:8000". Protocols, domains, and ports must match.
     62SecurityError (DOM Exception 18): Blocked a frame with origin "http://localhost:8000" from accessing a frame with origin "http://127.0.0.1:8000". Protocols, domains, and ports must match.
     63SecurityError (DOM Exception 18): Blocked a frame with origin "http://localhost:8000" from accessing a frame with origin "http://127.0.0.1:8000". Protocols, domains, and ports must match.
     64SecurityError (DOM Exception 18): Blocked a frame with origin "http://localhost:8000" from accessing a frame with origin "http://127.0.0.1:8000". Protocols, domains, and ports must match.
     65SecurityError (DOM Exception 18): Blocked a frame with origin "http://localhost:8000" from accessing a frame with origin "http://127.0.0.1:8000". Protocols, domains, and ports must match.
     66SecurityError (DOM Exception 18): Blocked a frame with origin "http://localhost:8000" from accessing a frame with origin "http://127.0.0.1:8000". Protocols, domains, and ports must match.
     67SecurityError (DOM Exception 18): Blocked a frame with origin "http://localhost:8000" from accessing a frame with origin "http://127.0.0.1:8000". Protocols, domains, and ports must match.
     68SecurityError (DOM Exception 18): Blocked a frame with origin "http://localhost:8000" from accessing a frame with origin "http://127.0.0.1:8000". Protocols, domains, and ports must match.
     69SecurityError (DOM Exception 18): Blocked a frame with origin "http://localhost:8000" from accessing a frame with origin "http://127.0.0.1:8000". Protocols, domains, and ports must match.
     70SecurityError (DOM Exception 18): Blocked a frame with origin "http://localhost:8000" from accessing a frame with origin "http://127.0.0.1:8000". Protocols, domains, and ports must match.
     71SecurityError (DOM Exception 18): Blocked a frame with origin "http://localhost:8000" from accessing a frame with origin "http://127.0.0.1:8000". Protocols, domains, and ports must match.
     72SecurityError (DOM Exception 18): Blocked a frame with origin "http://localhost:8000" from accessing a frame with origin "http://127.0.0.1:8000". Protocols, domains, and ports must match.
     73SecurityError (DOM Exception 18): Blocked a frame with origin "http://localhost:8000" from accessing a frame with origin "http://127.0.0.1:8000". Protocols, domains, and ports must match.
     74SecurityError (DOM Exception 18): Blocked a frame with origin "http://localhost:8000" from accessing a frame with origin "http://127.0.0.1:8000". Protocols, domains, and ports must match.
     75SecurityError (DOM Exception 18): Blocked a frame with origin "http://localhost:8000" from accessing a frame with origin "http://127.0.0.1:8000". Protocols, domains, and ports must match.
     76SecurityError (DOM Exception 18): Blocked a frame with origin "http://localhost:8000" from accessing a frame with origin "http://127.0.0.1:8000". Protocols, domains, and ports must match.
     77SecurityError (DOM Exception 18): Blocked a frame with origin "http://localhost:8000" from accessing a frame with origin "http://127.0.0.1:8000". Protocols, domains, and ports must match.
     78SecurityError (DOM Exception 18): Blocked a frame with origin "http://localhost:8000" from accessing a frame with origin "http://127.0.0.1:8000". Protocols, domains, and ports must match.
    7979
  • trunk/Source/WebCore/ChangeLog

    r205357 r205358  
     12016-09-02  Chris Dumez  <cdumez@apple.com>
     2
     3        Object.defineProperty() should throw cross-origin
     4        https://bugs.webkit.org/show_bug.cgi?id=161460
     5
     6        Reviewed by Geoffrey Garen.
     7
     8        Object.defineProperty() should throw cross-origin to match Firefox and
     9        Chrome.
     10
     11        The specification is in the process of being updated to match the
     12        behavior of browsers.
     13
     14        Test: http/tests/security/window-defineProperty-crossOrigin.html
     15
     16        * bindings/js/JSDOMWindowCustom.cpp:
     17        (WebCore::JSDOMWindow::defineOwnProperty):
     18        * bindings/js/JSLocationCustom.cpp:
     19        (WebCore::JSLocation::defineOwnProperty):
     20
    1212016-09-02  Brady Eidson  <beidson@apple.com>
    222
  • trunk/Source/WebCore/bindings/js/JSDOMWindowCustom.cpp

    r205354 r205358  
    333333    JSDOMWindow* thisObject = jsCast<JSDOMWindow*>(object);
    334334    // Only allow defining properties in this way by frames in the same origin, as it allows setters to be introduced.
    335     if (!BindingSecurity::shouldAllowAccessToDOMWindow(exec, thisObject->wrapped()))
     335    if (!BindingSecurity::shouldAllowAccessToDOMWindow(exec, thisObject->wrapped(), ThrowSecurityError))
    336336        return false;
    337337
  • trunk/Source/WebCore/bindings/js/JSLocationCustom.cpp

    r205354 r205358  
    120120bool JSLocation::defineOwnProperty(JSObject* object, ExecState* exec, PropertyName propertyName, const PropertyDescriptor& descriptor, bool throwException)
    121121{
     122    JSLocation* thisObject = jsCast<JSLocation*>(object);
     123    if (!BindingSecurity::shouldAllowAccessToFrame(exec, thisObject->wrapped().frame(), ThrowSecurityError))
     124        return false;
     125
    122126    if (descriptor.isAccessorDescriptor() && (propertyName == exec->propertyNames().toString || propertyName == exec->propertyNames().valueOf))
    123127        return false;
Note: See TracChangeset for help on using the changeset viewer.