Changeset 218835 in webkit
- Timestamp:
- Jun 27, 2017 8:59:48 AM (7 years ago)
- Location:
- trunk
- Files:
-
- 14 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r218833 r218835 1 2017-06-27 Frederic Wang <fwang@igalia.com> 2 3 Some tests to verify forbidden frame navigation time out 4 https://bugs.webkit.org/show_bug.cgi?id=173657 5 6 Reviewed by Chris Dumez. 7 8 * fast/frames/sandboxed-iframe-navigation-top-denied-expected.txt: Add the security error. 9 * http/tests/security/frameNavigation/inactive-function-in-popup-navigate-child.html: Adjust 10 the test to catch and dump the exception and complete immediately. 11 * http/tests/security/frameNavigation/inactive-function-in-popup-navigate-child-expected.txt: 12 Add the dumped security error exception. 13 1 14 2017-06-27 Youenn Fablet <youenn@apple.com> 2 15 -
trunk/LayoutTests/fast/frames/sandboxed-iframe-navigation-top-denied-expected.txt
r138517 r218835 1 1 CONSOLE MESSAGE: Unsafe JavaScript attempt to initiate navigation for frame with URL 'navigate-top-to-fail.html'. The frame attempting navigation of the top-level window is sandboxed, but the 'allow-top-navigation' flag is not set. 2 2 3 CONSOLE MESSAGE: SecurityError (DOM Exception 18): The operation is insecure. 3 4 This test verifies that a sandboxed IFrame cannot navigate the top-level frame without allow-top-navigation. This test passes if the navigation does not occur. 4 5 -
trunk/LayoutTests/http/tests/security/frameNavigation/inactive-function-in-popup-navigate-child-expected.txt
r112184 r218835 3 3 iframe-with-inner-frame-on-foreign-domain-LOADED 4 4 Attempting navigation... 5 SecurityError (DOM Exception 18): The operation is insecure. -
trunk/LayoutTests/http/tests/security/frameNavigation/inactive-function-in-popup-navigate-child.html
r120174 r218835 31 31 if (e.data = "iframe-with-inner-frame-on-foreign-domain-LOADED") { 32 32 log("Attempting navigation..."); 33 window.savedFunction(); 34 setTimeout(function() { 35 // Unfortunately, there's no way to receive positive confirmation 36 // that the navigation failed, so we just complete the test 37 // asynchronously. 33 try { 34 window.savedFunction(); 38 35 if (window.testRunner) 39 36 testRunner.notifyDone(); 40 }, 0); 37 } catch(e) { 38 log(e); 39 testRunner.notifyDone(); 40 } 41 41 return; 42 42 } -
trunk/LayoutTests/imported/w3c/ChangeLog
r218773 r218835 1 2017-06-27 Frederic Wang <fwang@igalia.com> 2 3 Some tests to verify forbidden frame navigation time out 4 https://bugs.webkit.org/show_bug.cgi?id=173657 5 6 Reviewed by Chris Dumez. 7 8 * web-platform-tests/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_allow_top_navigation-2-expected.txt: Update the text expectation to PASS. 9 * web-platform-tests/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_allow_top_navigation_by_user_activation_without_user_gesture-expected.txt: Ditto. 10 * web-platform-tests/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_navigate_ancestor-1-expected.txt: Ditto. 11 * web-platform-tests/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_popups_escaping-3-expected.txt: Add the security error until bug 173162 is fixed. 12 * web-platform-tests/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_popups_nonescaping-3-expected.txt: Ditto. 13 1 14 2017-06-23 Youenn Fablet <youenn@apple.com> 2 15 -
trunk/LayoutTests/imported/w3c/web-platform-tests/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_allow_top_navigation-2-expected.txt
r218639 r218835 3 3 4 4 5 Harness Error (TIMEOUT), message = null 5 PASS Frames without `allow-top-navigation` should not be able to navigate the top frame. 6 6 7 TIMEOUT Frames without `allow-top-navigation` should not be able to navigate the top frame. Test timed out8 -
trunk/LayoutTests/imported/w3c/web-platform-tests/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_allow_top_navigation_by_user_activation_without_user_gesture-expected.txt
r213882 r218835 6 6 7 7 8 FAIL The sandboxed iframe should post a message saying the test was in the state of 'PASS'. assert_equals: The message should say 'PASS' instead of 'FAIL' expected "PASS" but got "FAIL" 8 PASS The sandboxed iframe should post a message saying the test was in the state of 'PASS'. 9 9 -
trunk/LayoutTests/imported/w3c/web-platform-tests/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_navigate_ancestor-1-expected.txt
r218639 r218835 3 3 4 4 5 Harness Error (TIMEOUT), message = null 5 PASS Check that sandboxed iframe can not navigate their ancestors 6 6 7 NOTRUN Check that sandboxed iframe can not navigate their ancestors8 -
trunk/LayoutTests/imported/w3c/web-platform-tests/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_popups_escaping-3-expected.txt
r218000 r218835 1 1 CONSOLE MESSAGE: line 15: Unsafe JavaScript attempt to initiate navigation for frame with URL 'about:blank' from frame with URL 'http://localhost:8800/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_popups_helper-3.html'. The frame attempting navigation is sandboxed, and is therefore disallowed from navigating its ancestors. 2 2 3 CONSOLE MESSAGE: line 15: SecurityError (DOM Exception 18): The operation is insecure. 3 4 4 5 -
trunk/LayoutTests/imported/w3c/web-platform-tests/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_popups_nonescaping-3-expected.txt
r206999 r218835 1 1 CONSOLE MESSAGE: line 15: Unsafe JavaScript attempt to initiate navigation for frame with URL 'about:blank' from frame with URL 'http://localhost:8800/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_popups_helper-3.html'. The frame attempting navigation is sandboxed, and is therefore disallowed from navigating its ancestors. 2 2 3 CONSOLE MESSAGE: line 15: SecurityError (DOM Exception 18): The operation is insecure. 3 4 4 5 -
trunk/Source/WebCore/ChangeLog
r218832 r218835 1 2017-06-27 Frederic Wang <fwang@igalia.com> 2 3 Some tests to verify forbidden frame navigation time out 4 https://bugs.webkit.org/show_bug.cgi?id=173657 5 6 Reviewed by Chris Dumez. 7 8 Currently some tests try and perform a forbidden frame navigation and verify the 9 corresponding console error. However, WebKit does not raise any exception for such error so 10 the tests have to wait until the timeout limit to complete, which makes execution slow. 11 This patch modifies the setters of window.location for which such error may happen in order 12 to raise an exception so the tests behave as expected. 13 14 No new tests, already covered by existing tests. 15 16 * page/Location.cpp: Adjust Location::setLocation to return a security exception and pass it 17 to the callers. 18 (WebCore::Location::setHref): Adjust function to possibly return an exception. 19 (WebCore::Location::setProtocol): Ditto. 20 (WebCore::Location::setHost): Ditto. 21 (WebCore::Location::setHostname): Ditto. 22 (WebCore::Location::setPort): Ditto. 23 (WebCore::Location::setPathname): Ditto. 24 (WebCore::Location::setSearch): Ditto. 25 (WebCore::Location::setHash): Ditto. 26 (WebCore::Location::assign): Ditto. 27 (WebCore::Location::setLocation): FrameLoader::findFrameForNavigation is really only used 28 to verify whether navigating m_frame is permitted so it is more simple and clearer to do it 29 directly. When navigation is not permitted, this function now raises a security exception. 30 * page/Location.h: Modify some setters to return an ExceptionOr<void>. 31 * page/Location.idl: Allow some setters to raise an exception. 32 1 33 2017-06-26 Fujii Hironori <Hironori.Fujii@sony.com> 2 34 -
trunk/Source/WebCore/page/Location.cpp
r210859 r218835 151 151 } 152 152 153 voidLocation::setHref(DOMWindow& activeWindow, DOMWindow& firstWindow, const String& url)154 { 155 if (!m_frame) 156 return ;157 setLocation(activeWindow, firstWindow, url);153 ExceptionOr<void> Location::setHref(DOMWindow& activeWindow, DOMWindow& firstWindow, const String& url) 154 { 155 if (!m_frame) 156 return { }; 157 return setLocation(activeWindow, firstWindow, url); 158 158 } 159 159 … … 165 165 if (!url.setProtocol(protocol)) 166 166 return Exception { SYNTAX_ERR }; 167 setLocation(activeWindow, firstWindow, url.string()); 168 return { }; 169 } 170 171 void Location::setHost(DOMWindow& activeWindow, DOMWindow& firstWindow, const String& host) 172 { 173 if (!m_frame) 174 return; 167 return setLocation(activeWindow, firstWindow, url.string()); 168 } 169 170 ExceptionOr<void> Location::setHost(DOMWindow& activeWindow, DOMWindow& firstWindow, const String& host) 171 { 172 if (!m_frame) 173 return { }; 175 174 URL url = m_frame->document()->url(); 176 175 url.setHostAndPort(host); 177 setLocation(activeWindow, firstWindow, url.string());178 } 179 180 voidLocation::setHostname(DOMWindow& activeWindow, DOMWindow& firstWindow, const String& hostname)181 { 182 if (!m_frame) 183 return ;176 return setLocation(activeWindow, firstWindow, url.string()); 177 } 178 179 ExceptionOr<void> Location::setHostname(DOMWindow& activeWindow, DOMWindow& firstWindow, const String& hostname) 180 { 181 if (!m_frame) 182 return { }; 184 183 URL url = m_frame->document()->url(); 185 184 url.setHost(hostname); 186 setLocation(activeWindow, firstWindow, url.string());187 } 188 189 voidLocation::setPort(DOMWindow& activeWindow, DOMWindow& firstWindow, const String& portString)190 { 191 if (!m_frame) 192 return ;185 return setLocation(activeWindow, firstWindow, url.string()); 186 } 187 188 ExceptionOr<void> Location::setPort(DOMWindow& activeWindow, DOMWindow& firstWindow, const String& portString) 189 { 190 if (!m_frame) 191 return { }; 193 192 URL url = m_frame->document()->url(); 194 193 int port = portString.toInt(); … … 197 196 else 198 197 url.setPort(port); 199 setLocation(activeWindow, firstWindow, url.string());200 } 201 202 voidLocation::setPathname(DOMWindow& activeWindow, DOMWindow& firstWindow, const String& pathname)203 { 204 if (!m_frame) 205 return ;198 return setLocation(activeWindow, firstWindow, url.string()); 199 } 200 201 ExceptionOr<void> Location::setPathname(DOMWindow& activeWindow, DOMWindow& firstWindow, const String& pathname) 202 { 203 if (!m_frame) 204 return { }; 206 205 URL url = m_frame->document()->url(); 207 206 url.setPath(pathname); 208 setLocation(activeWindow, firstWindow, url.string());209 } 210 211 voidLocation::setSearch(DOMWindow& activeWindow, DOMWindow& firstWindow, const String& search)212 { 213 if (!m_frame) 214 return ;207 return setLocation(activeWindow, firstWindow, url.string()); 208 } 209 210 ExceptionOr<void> Location::setSearch(DOMWindow& activeWindow, DOMWindow& firstWindow, const String& search) 211 { 212 if (!m_frame) 213 return { }; 215 214 URL url = m_frame->document()->url(); 216 215 url.setQuery(search); 217 setLocation(activeWindow, firstWindow, url.string());218 } 219 220 voidLocation::setHash(DOMWindow& activeWindow, DOMWindow& firstWindow, const String& hash)221 { 222 if (!m_frame) 223 return ;216 return setLocation(activeWindow, firstWindow, url.string()); 217 } 218 219 ExceptionOr<void> Location::setHash(DOMWindow& activeWindow, DOMWindow& firstWindow, const String& hash) 220 { 221 if (!m_frame) 222 return { }; 224 223 ASSERT(m_frame->document()); 225 224 auto url = m_frame->document()->url(); … … 233 232 // cases where fragment identifiers are ignored or invalid. 234 233 if (equalIgnoringNullity(oldFragmentIdentifier, url.fragmentIdentifier())) 235 return ;236 setLocation(activeWindow, firstWindow, url.string());237 } 238 239 voidLocation::assign(DOMWindow& activeWindow, DOMWindow& firstWindow, const String& url)240 { 241 if (!m_frame) 242 return ;243 setLocation(activeWindow, firstWindow, url);234 return { }; 235 return setLocation(activeWindow, firstWindow, url.string()); 236 } 237 238 ExceptionOr<void> Location::assign(DOMWindow& activeWindow, DOMWindow& firstWindow, const String& url) 239 { 240 if (!m_frame) 241 return { }; 242 return setLocation(activeWindow, firstWindow, url); 244 243 } 245 244 … … 281 280 } 282 281 283 voidLocation::setLocation(DOMWindow& activeWindow, DOMWindow& firstWindow, const String& url)282 ExceptionOr<void> Location::setLocation(DOMWindow& activeWindow, DOMWindow& firstWindow, const String& url) 284 283 { 285 284 ASSERT(m_frame); 286 auto* targetFrame = m_frame->loader().findFrameForNavigation({ }, activeWindow.document());287 if (!targetFrame)288 return;289 ASSERT( targetFrame->document());290 ASSERT(targetFrame->document()->domWindow());291 targetFrame->document()->domWindow()->setLocation(activeWindow, firstWindow, url);285 if (!activeWindow.document()->canNavigate(m_frame)) 286 return Exception { SECURITY_ERR }; 287 ASSERT(m_frame->document()); 288 ASSERT(m_frame->document()->domWindow()); 289 m_frame->document()->domWindow()->setLocation(activeWindow, firstWindow, url); 290 return { }; 292 291 } 293 292 -
trunk/Source/WebCore/page/Location.h
r209841 r218835 44 44 static Ref<Location> create(Frame* frame) { return adoptRef(*new Location(frame)); } 45 45 46 voidsetHref(DOMWindow& activeWindow, DOMWindow& firstWindow, const String&);46 ExceptionOr<void> setHref(DOMWindow& activeWindow, DOMWindow& firstWindow, const String&); 47 47 String href() const; 48 48 49 voidassign(DOMWindow& activeWindow, DOMWindow& firstWindow, const String&);49 ExceptionOr<void> assign(DOMWindow& activeWindow, DOMWindow& firstWindow, const String&); 50 50 void replace(DOMWindow& activeWindow, DOMWindow& firstWindow, const String&); 51 51 void reload(DOMWindow& activeWindow); … … 53 53 ExceptionOr<void> setProtocol(DOMWindow& activeWindow, DOMWindow& firstWindow, const String&); 54 54 String protocol() const; 55 voidsetHost(DOMWindow& activeWindow, DOMWindow& firstWindow, const String&);55 ExceptionOr<void> setHost(DOMWindow& activeWindow, DOMWindow& firstWindow, const String&); 56 56 String host() const; 57 voidsetHostname(DOMWindow& activeWindow, DOMWindow& firstWindow, const String&);57 ExceptionOr<void> setHostname(DOMWindow& activeWindow, DOMWindow& firstWindow, const String&); 58 58 String hostname() const; 59 voidsetPort(DOMWindow& activeWindow, DOMWindow& firstWindow, const String&);59 ExceptionOr<void> setPort(DOMWindow& activeWindow, DOMWindow& firstWindow, const String&); 60 60 String port() const; 61 voidsetPathname(DOMWindow& activeWindow, DOMWindow& firstWindow, const String&);61 ExceptionOr<void> setPathname(DOMWindow& activeWindow, DOMWindow& firstWindow, const String&); 62 62 String pathname() const; 63 voidsetSearch(DOMWindow& activeWindow, DOMWindow& firstWindow, const String&);63 ExceptionOr<void> setSearch(DOMWindow& activeWindow, DOMWindow& firstWindow, const String&); 64 64 String search() const; 65 voidsetHash(DOMWindow& activeWindow, DOMWindow& firstWindow, const String&);65 ExceptionOr<void> setHash(DOMWindow& activeWindow, DOMWindow& firstWindow, const String&); 66 66 String hash() const; 67 67 String origin() const; … … 74 74 explicit Location(Frame*); 75 75 76 voidsetLocation(DOMWindow& activeWindow, DOMWindow& firstWindow, const String&);76 ExceptionOr<void> setLocation(DOMWindow& activeWindow, DOMWindow& firstWindow, const String&); 77 77 78 78 const URL& url() const; -
trunk/Source/WebCore/page/Location.idl
r217773 r218835 43 43 Unforgeable, 44 44 ] interface Location { 45 [SetterCallWith=ActiveWindow&FirstWindow, DoNotCheckSecurityOnSetter] stringifier attribute USVString href;45 [SetterCallWith=ActiveWindow&FirstWindow, SetterMayThrowException, DoNotCheckSecurityOnSetter] stringifier attribute USVString href; 46 46 47 [CallWith=ActiveWindow&FirstWindow, ForwardDeclareInHeader] void assign(USVString url);47 [CallWith=ActiveWindow&FirstWindow, MayThrowException, ForwardDeclareInHeader] void assign(USVString url); 48 48 [DoNotCheckSecurity, CallWith=ActiveWindow&FirstWindow, ForwardDeclareInHeader] void replace(USVString url); 49 49 [CallWith=ActiveWindow, ForwardDeclareInHeader] void reload(); … … 51 51 // URI decomposition attributes 52 52 [SetterCallWith=ActiveWindow&FirstWindow, SetterMayThrowException] attribute USVString protocol; 53 [SetterCallWith=ActiveWindow&FirstWindow ] attribute USVString host;54 [SetterCallWith=ActiveWindow&FirstWindow ] attribute USVString hostname;55 [SetterCallWith=ActiveWindow&FirstWindow ] attribute USVString port;56 [SetterCallWith=ActiveWindow&FirstWindow ] attribute USVString pathname;57 [SetterCallWith=ActiveWindow&FirstWindow ] attribute USVString search;58 [SetterCallWith=ActiveWindow&FirstWindow ] attribute USVString hash;53 [SetterCallWith=ActiveWindow&FirstWindow, SetterMayThrowException] attribute USVString host; 54 [SetterCallWith=ActiveWindow&FirstWindow, SetterMayThrowException] attribute USVString hostname; 55 [SetterCallWith=ActiveWindow&FirstWindow, SetterMayThrowException] attribute USVString port; 56 [SetterCallWith=ActiveWindow&FirstWindow, SetterMayThrowException] attribute USVString pathname; 57 [SetterCallWith=ActiveWindow&FirstWindow, SetterMayThrowException] attribute USVString search; 58 [SetterCallWith=ActiveWindow&FirstWindow, SetterMayThrowException] attribute USVString hash; 59 59 60 60 readonly attribute USVString origin;
Note: See TracChangeset
for help on using the changeset viewer.