Changeset 218000 in webkit
- Timestamp:
- Jun 9, 2017 10:59:18 AM (7 years ago)
- Location:
- trunk
- Files:
-
- 8 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/imported/w3c/ChangeLog
r217973 r218000 1 2017-06-09 Frederic Wang <fwang@igalia.com> 2 3 Add flag allow-popups-to-escape-sandbox to iframe sandbox 4 https://bugs.webkit.org/show_bug.cgi?id=158875 5 6 Reviewed by Chris Dumez. 7 8 Update expected results for iframe popup escaping tests. 9 10 * web-platform-tests/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_popups_escaping-1-expected.txt: This test passes. 11 * web-platform-tests/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_popups_escaping-2-expected.txt: This test passes. 12 * web-platform-tests/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_popups_escaping-3-expected.txt: Remove error message from text expectation. 13 1 14 2017-06-09 Zan Dobersek <zdobersek@igalia.com> 2 15 -
trunk/LayoutTests/imported/w3c/web-platform-tests/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_popups_escaping-1-expected.txt
r206999 r218000 1 CONSOLE MESSAGE: line 7: Error while parsing the 'sandbox' attribute: 'allow-popups-to-escape-sandbox' is an invalid sandbox flag.2 1 3 2 4 FAILCheck that popups from a sandboxed iframe escape the sandbox if5 allow-popups-to-escape-sandbox is used assert_equals: Should have escaped the sandbox expected "http://localhost:8800" but got "null"3 PASS Check that popups from a sandboxed iframe escape the sandbox if 4 allow-popups-to-escape-sandbox is used 6 5 -
trunk/LayoutTests/imported/w3c/web-platform-tests/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_popups_escaping-2-expected.txt
r206999 r218000 1 CONSOLE MESSAGE: line 7: Error while parsing the 'sandbox' attribute: 'allow-popups-to-escape-sandbox' is an invalid sandbox flag.2 1 3 2 4 FAILCheck that popups from a sandboxed iframe escape the sandbox if5 allow-popups-to-escape-sandbox is used assert_equals: Should have escaped the sandbox expected "http://localhost:8800" but got "null"3 PASS Check that popups from a sandboxed iframe escape the sandbox if 4 allow-popups-to-escape-sandbox is used 6 5 -
trunk/LayoutTests/imported/w3c/web-platform-tests/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_popups_escaping-3-expected.txt
r206999 r218000 1 CONSOLE MESSAGE: line 7: Error while parsing the 'sandbox' attribute: 'allow-popups-to-escape-sandbox' is an invalid sandbox flag.2 1 CONSOLE MESSAGE: line 15: Unsafe JavaScript attempt to initiate navigation for frame with URL 'about:blank' from frame with URL 'http://localhost:8800/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_popups_helper-3.html'. The frame attempting navigation is sandboxed, and is therefore disallowed from navigating its ancestors. 3 2 -
trunk/Source/WebCore/ChangeLog
r217999 r218000 1 2017-06-09 Frederic Wang <fwang@igalia.com> 2 3 Add flag allow-popups-to-escape-sandbox to iframe sandbox 4 https://bugs.webkit.org/show_bug.cgi?id=158875 5 6 Reviewed by Chris Dumez. 7 8 This patch adds support for the iframe@allow-popups-to-escape-sandbox attribute. 9 This allows to pass more W3C Web Platform tests. 10 11 Tests: imported/w3c/web-platform-tests/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_popups_escaping-1.html 12 imported/w3c/web-platform-tests/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_popups_escaping-2.html 13 14 * dom/SecurityContext.cpp: Add allow-popups-to-escape-sandbox flag. 15 (WebCore::SecurityContext::isSupportedSandboxPolicy): 16 (WebCore::SecurityContext::parseSandboxPolicy): 17 * dom/SecurityContext.h: Ditto. 18 * loader/FrameLoader.cpp: 19 (WebCore::FrameLoader::continueLoadAfterNewWindowPolicy): Do not force sandbox flags when we have allow-popups-to-escape-sandbox. 20 (WebCore::createWindow): Ditto. 21 1 22 2017-06-09 Jer Noble <jer.noble@apple.com> 2 23 -
trunk/Source/WebCore/dom/SecurityContext.cpp
r214203 r218000 87 87 { 88 88 static const char* const supportedPolicies[] = { 89 "allow-forms", "allow-same-origin", "allow-scripts", "allow-top-navigation", "allow-pointer-lock", "allow-popups" 89 "allow-forms", "allow-same-origin", "allow-scripts", "allow-top-navigation", "allow-pointer-lock", "allow-popups", "allow-popups-to-escape-sandbox" 90 90 }; 91 91 … … 131 131 else if (equalLettersIgnoringASCIICase(sandboxToken, "allow-pointer-lock")) 132 132 flags &= ~SandboxPointerLock; 133 else if (equalLettersIgnoringASCIICase(sandboxToken, "allow-popups-to-escape-sandbox")) 134 flags &= ~SandboxPropagatesToAuxiliaryBrowsingContexts; 133 135 else { 134 136 if (numberOfTokenErrors) -
trunk/Source/WebCore/dom/SecurityContext.h
r214203 r218000 50 50 SandboxAutomaticFeatures = 1 << 7, 51 51 SandboxPointerLock = 1 << 8, 52 SandboxPropagatesToAuxiliaryBrowsingContexts = 1 << 9, 52 53 SandboxAll = -1 // Mask with all bits set to 1. 53 54 }; -
trunk/Source/WebCore/loader/FrameLoader.cpp
r217774 r218000 3161 3161 return; 3162 3162 3163 mainFrame->loader().forceSandboxFlags(frame->loader().effectiveSandboxFlags()); 3163 SandboxFlags sandboxFlags = frame->loader().effectiveSandboxFlags(); 3164 if (sandboxFlags & SandboxPropagatesToAuxiliaryBrowsingContexts) 3165 mainFrame->loader().forceSandboxFlags(sandboxFlags); 3164 3166 3165 3167 if (!equalIgnoringASCIICase(frameName, "_blank")) … … 3705 3707 RefPtr<Frame> frame = &page->mainFrame(); 3706 3708 3707 frame->loader().forceSandboxFlags(openerFrame.document()->sandboxFlags()); 3709 if (isDocumentSandboxed(openerFrame, SandboxPropagatesToAuxiliaryBrowsingContexts)) 3710 frame->loader().forceSandboxFlags(openerFrame.document()->sandboxFlags()); 3708 3711 3709 3712 if (!equalIgnoringASCIICase(request.frameName(), "_blank"))
Note: See TracChangeset
for help on using the changeset viewer.