Changeset 205409 in webkit
- Timestamp:
- Sep 3, 2016 3:50:55 PM (8 years ago)
- Location:
- trunk
- Files:
-
- 6 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r205404 r205409 1 2016-09-03 Chris Dumez <cdumez@apple.com> 2 3 Align cross-Origin Object.getOwnPropertyNames() with the HTML specification 4 https://bugs.webkit.org/show_bug.cgi?id=161457 5 6 Reviewed by Darin Adler. 7 8 Add test coverage. 9 10 * http/tests/security/cross-frame-access-enumeration-expected.txt: 11 * http/tests/security/cross-frame-access-enumeration.html: 12 1 13 2016-09-03 Chris Dumez <cdumez@apple.com> 2 14 -
trunk/LayoutTests/http/tests/security/cross-frame-access-enumeration-expected.txt
r196237 r205409 1 CONSOLE MESSAGE: line 29: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match. 2 CONSOLE MESSAGE: line 29: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match. 3 CONSOLE MESSAGE: line 48: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match. 4 CONSOLE MESSAGE: line 55: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match. 5 CONSOLE MESSAGE: line 29: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match. 6 CONSOLE MESSAGE: line 75: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match. 7 CONSOLE MESSAGE: line 82: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match. 8 This tests that variable names can't be enumerated cross domain (see http://bugs.webkit.org/show_bug.cgi?id=16387) 1 CONSOLE MESSAGE: line 28: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match. 2 CONSOLE MESSAGE: line 28: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match. 3 Tests enumeration of Window / Location properties cross origin. 4 5 On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". 9 6 10 7 … … 15 12 PASS: Cross frame access by getting the keys of the Location object was denied. 16 13 PASS: Cross frame access by getting the property names of the Location object was denied. 14 PASS: areArraysEqual(Object.getOwnPropertyNames(b_win).sort(), whitelistedWindowProperties.sort()) should be 'true' and is. 15 PASS: areArraysEqual(Object.getOwnPropertyNames(b_win.location).sort(), whitelistedLocationProperties.sort()) should be 'true' and is. 16 PASS: successfullyParsed should be 'true' and is. 17 17 18 TEST COMPLETE 19 -
trunk/LayoutTests/http/tests/security/cross-frame-access-enumeration.html
r196237 r205409 1 1 <html> 2 2 <head> 3 <script src='/resources/js-test-pre.js'></script> 3 4 <script src="resources/cross-frame-access.js"></script> 4 5 <script> 6 description("Tests enumeration of Window / Location properties cross origin."); 7 jsTestIsAsync = true; 8 5 9 window.onload = function() 6 10 { 7 if (window.testRunner) {8 testRunner.dumpAsText();9 testRunner.waitUntilDone();10 }11 12 11 if (window.testRunner) { 13 12 setTimeout(pollForTest, 1); … … 28 27 } 29 28 runTest(); 30 testRunner.notifyDone();29 finishJSTest(); 31 30 } 32 31 … … 34 33 { 35 34 // Test enumerating the Window object 36 varb_win = document.getElementsByTagName("iframe")[0].contentWindow;35 b_win = document.getElementsByTagName("iframe")[0].contentWindow; 37 36 try { 38 37 for (var k in b_win) { … … 86 85 } 87 86 log("PASS: Cross frame access by getting the property names of the Location object was denied."); 87 88 whitelistedWindowProperties = ['location', 'postMessage', 'window', 'frames', 'self', 'top', 'parent', 'opener', 'closed', 'close', 'blur', 'focus', 'length']; 89 whitelistedLocationProperties = ['href', 'replace']; 90 shouldBeTrue("areArraysEqual(Object.getOwnPropertyNames(b_win).sort(), whitelistedWindowProperties.sort())"); 91 shouldBeTrue("areArraysEqual(Object.getOwnPropertyNames(b_win.location).sort(), whitelistedLocationProperties.sort())"); 88 92 } 89 93 </script> 90 94 </head> 91 95 <body> 92 <p>This tests that variable names can't be enumerated cross domain (see http://bugs.webkit.org/show_bug.cgi?id=16387)</p>93 96 <iframe src="http://localhost:8000/security/resources/cross-frame-iframe-for-enumeration-test.html"></iframe> 94 < pre id="console"></pre>97 <script src='/resources/js-test-post.js'></script> 95 98 </body> 96 99 </html> -
trunk/Source/WebCore/ChangeLog
r205408 r205409 1 2016-09-03 Chris Dumez <cdumez@apple.com> 2 3 Align cross-Origin Object.getOwnPropertyNames() with the HTML specification 4 https://bugs.webkit.org/show_bug.cgi?id=161457 5 6 Reviewed by Darin Adler. 7 8 Align cross-Origin Object.getOwnPropertyNames() with the HTML specification: 9 - https://html.spec.whatwg.org/#windowproxy-ownpropertykeys 10 - https://html.spec.whatwg.org/#location-ownpropertykeys 11 - https://html.spec.whatwg.org/#crossoriginproperties-(-o-) 12 13 We should list cross origin properties. 14 15 Firefox complies with the specification. However, WebKit was returning an 16 empty array and logs a security error message. 17 18 No new tests, updated existing test. 19 20 * bindings/js/JSDOMWindowCustom.cpp: 21 (WebCore::addCrossOriginPropertyNames): 22 (WebCore::JSDOMWindow::getOwnPropertyNames): 23 * bindings/js/JSLocationCustom.cpp: 24 (WebCore::addCrossOriginPropertyNames): 25 (WebCore::JSLocation::getOwnPropertyNames): 26 1 27 2016-09-03 Frédéric Wang <fwang@igalia.com> 2 28 -
trunk/Source/WebCore/bindings/js/JSDOMWindowCustom.cpp
r205404 r205409 320 320 } 321 321 322 static void addCrossOriginWindowPropertyNames(ExecState& state, PropertyNameArray& propertyNames) 323 { 324 // https://html.spec.whatwg.org/#crossoriginproperties-(-o-) 325 static const Identifier* properties[] = { 326 &state.propertyNames().blur, &state.propertyNames().close, &state.propertyNames().closed, 327 &state.propertyNames().focus, &state.propertyNames().frames, &state.propertyNames().length, 328 &state.propertyNames().location, &state.propertyNames().opener, &state.propertyNames().parent, 329 &state.propertyNames().postMessage, &state.propertyNames().self, &state.propertyNames().top, 330 &state.propertyNames().window 331 }; 332 for (auto* property : properties) 333 propertyNames.add(*property); 334 } 335 322 336 void JSDOMWindow::getOwnPropertyNames(JSObject* object, ExecState* exec, PropertyNameArray& propertyNames, EnumerationMode mode) 323 337 { 324 338 JSDOMWindow* thisObject = jsCast<JSDOMWindow*>(object); 325 // Only allow the window to enumerated by frames in the same origin.326 if (!BindingSecurity::shouldAllowAccessToDOMWindow(exec, thisObject->wrapped()))339 if (!BindingSecurity::shouldAllowAccessToDOMWindow(exec, thisObject->wrapped(), DoNotReportSecurityError)) { 340 addCrossOriginWindowPropertyNames(*exec, propertyNames); 327 341 return; 342 } 328 343 Base::getOwnPropertyNames(thisObject, exec, propertyNames, mode); 329 344 } -
trunk/Source/WebCore/bindings/js/JSLocationCustom.cpp
r205372 r205409 109 109 } 110 110 111 static void addCrossOriginLocationPropertyNames(ExecState& state, PropertyNameArray& propertyNames) 112 { 113 // https://html.spec.whatwg.org/#crossoriginproperties-(-o-) 114 static const Identifier* properties[] = { &state.propertyNames().href, &state.propertyNames().replace }; 115 for (auto* property : properties) 116 propertyNames.add(*property); 117 } 118 111 119 void JSLocation::getOwnPropertyNames(JSObject* object, ExecState* exec, PropertyNameArray& propertyNames, EnumerationMode mode) 112 120 { 113 121 JSLocation* thisObject = jsCast<JSLocation*>(object); 114 // Only allow the location object to enumerated by frames in the same origin.115 if (!shouldAllowAccessToFrame(exec, thisObject->wrapped().frame()))122 if (!BindingSecurity::shouldAllowAccessToFrame(exec, thisObject->wrapped().frame(), DoNotReportSecurityError)) { 123 addCrossOriginLocationPropertyNames(*exec, propertyNames); 116 124 return; 125 } 117 126 Base::getOwnPropertyNames(thisObject, exec, propertyNames, mode); 118 127 }
Note: See TracChangeset
for help on using the changeset viewer.