Changeset 219797 in webkit
- Timestamp:
- Jul 24, 2017 1:33:11 AM (7 years ago)
- Location:
- trunk
- Files:
-
- 7 added
- 8 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r219766 r219797 1 2017-07-11 Frederic Wang <fwang@igalia.com> 2 3 Add attribute allow-top-navigation-by-user-activation to iframe sandbox 4 https://bugs.webkit.org/show_bug.cgi?id=171327 5 6 Reviewed by Chris Dumez. 7 8 This patch adds tests to verify that a sandboxed iframe with the flag 9 'allow-top-navigation-by-user-activation' or 'allow-top-navigation' can navigate the top 10 level page, if navigation is triggered by a user gesture. This is based on a test from the 11 Chromium repository. 12 It also verifies that navigation fails when 'allow-top-navigation-by-user-activation' is 13 absent, even when it is triggered by a user gesture. 14 15 * http/tests/security/frameNavigation/resources/iframe-that-performs-parent-navigation-with-user-activation.html: Added. This is similar to iframe-that-performs-parent-navigation.html but it 16 performs navigation of its parent using user activation. 17 * http/tests/security/frameNavigation/sandbox-ALLOWED-top-navigation-with-user-gesture-1.html: Added. 18 Test top navigation for a sandboxed frame with 'allow-top-navigation-by-user-activation' 19 * http/tests/security/frameNavigation/sandbox-ALLOWED-top-navigation-with-user-gesture-1-expected.txt: Added. 20 Add PASS expectation. 21 * http/tests/security/frameNavigation/sandbox-ALLOWED-top-navigation-with-user-gesture-2.html: Added. 22 Test top navigation for a sandboxed frame with 'allow-top-navigation'. 23 * http/tests/security/frameNavigation/sandbox-ALLOWED-top-navigation-with-user-gesture-2-expected.txt: Added. 24 Add PASS expectation. 25 * http/tests/security/frameNavigation/sandbox-DENIED-top-navigation-with-user-gesture.html: Added. 26 Test user-triggered navigation for a sandboxed frame without 'allow-top-navigation-by-user-activation'. 27 * http/tests/security/frameNavigation/sandbox-DENIED-top-navigation-with-user-gesture-expected.txt: Added. 28 Add reference with navigation failure. 29 1 30 2017-07-22 Chris Dumez <cdumez@apple.com> 2 31 -
trunk/LayoutTests/imported/w3c/ChangeLog
r219766 r219797 1 2017-07-11 Frederic Wang <fwang@igalia.com> 2 3 Add attribute allow-top-navigation-by-user-activation to iframe sandbox 4 https://bugs.webkit.org/show_bug.cgi?id=171327 5 6 Reviewed by Chris Dumez. 7 8 This commit updates the expectation for the test verifying that a sandboxed iframe without 9 the allow-top-navigation-by-user-activation flag set can not perform top navigation if it is 10 not triggered by a user gesture. The navigation is still prohibited but the parsing of the 11 allow-top-navigation-by-user-activation flag should not raised any error message. 12 A similar update is done for the test verifying that the combination of the flags 13 allow-top-navigation-by-user-activation and allow-top-navigation. 14 15 * web-platform-tests/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_allow_top_navigation_by_user_activation_without_user_gesture-expected.txt: Remove the error message. 16 * web-platform-tests/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_allow_top_navigation-3-expected.txt: Ditto. 17 1 18 2017-07-22 Chris Dumez <cdumez@apple.com> 2 19 -
trunk/LayoutTests/imported/w3c/web-platform-tests/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_allow_top_navigation-3-expected.txt
r219395 r219797 1 CONSOLE MESSAGE: line 15: Error while parsing the 'sandbox' attribute: 'allow-top-navigation-by-user-activation' is an invalid sandbox flag.2 CONSOLE MESSAGE: line 15: Error while parsing the 'sandbox' attribute: 'allow-top-navigation-by-user-activation' is an invalid sandbox flag.3 1 4 2 -
trunk/LayoutTests/imported/w3c/web-platform-tests/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_allow_top_navigation_by_user_activation_without_user_gesture-expected.txt
r218835 r219797 1 CONSOLE MESSAGE: line 17: Error while parsing the 'sandbox' attribute: 'allow-top-navigation-by-user-activation' is an invalid sandbox flag.2 1 CONSOLE MESSAGE: line 8: Unsafe JavaScript attempt to initiate navigation for frame with URL 'http://localhost:8800/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_allow_top_navigation_by_user_activation_without_user_gesture.html' from frame with URL 'http://localhost:8800/html/semantics/embedded-content/the-iframe-element/support/iframe-that-performs-top-navigation-without-user-gesture-failed.html'. The frame attempting navigation of the top-level window is sandboxed, but the 'allow-top-navigation' flag is not set. 3 2 -
trunk/Source/WebCore/ChangeLog
r219795 r219797 1 2017-07-11 Frederic Wang <fwang@igalia.com> 2 3 Add attribute allow-top-navigation-by-user-activation to iframe sandbox 4 https://bugs.webkit.org/show_bug.cgi?id=171327 5 6 Reviewed by Chris Dumez. 7 8 Tests: http/tests/security/frameNavigation/sandbox-ALLOWED-top-navigation-with-user-gesture-1.html 9 http/tests/security/frameNavigation/sandbox-ALLOWED-top-navigation-with-user-gesture-2.html 10 imported/w3c/web-platform-tests/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_allow_top_navigation_by_user_activation_without_user_gesture-expected.txt 11 imported/w3c/web-platform-tests/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_allow_top_navigation-3-expected.txt 12 13 * dom/Document.cpp: 14 (WebCore::Document::canNavigate): Case 2 of conformance verification is refined to match the 15 current specification: Top navigation is allowed when it is triggered by user activation and 16 when allow-top-navigation-by-user-activation is set. Because we have additional "security 17 origin" rules with respect to the specification we also add some early return to ensure that 18 navigation is really allowed for this new case. 19 * dom/SecurityContext.cpp: 20 (WebCore::SecurityContext::isSupportedSandboxPolicy): Add allow-top-navigation-by-user-activation flag. 21 (WebCore::SecurityContext::parseSandboxPolicy): Parse the new flag to allow top user 22 navigation by user activation. Also, make sure that allow-top-navigation allows such 23 navigation as defined by the specification. 24 * dom/SecurityContext.h: Declare new sandboxing flag. 25 1 26 2017-07-23 Wenson Hsieh <wenson_hsieh@apple.com> 2 27 -
trunk/Source/WebCore/dom/Document.cpp
r219756 r219797 187 187 #include "TransformSource.h" 188 188 #include "TreeWalker.h" 189 #include "UserGestureIndicator.h" 189 190 #include "ValidationMessageClient.h" 190 191 #include "VisibilityChangeClient.h" … … 3094 3095 return true; 3095 3096 3096 // Cases (i) and (ii) pass the tests from the specifications but might not pass the "security origin" tests. 3097 // Hence they are kept for backward compatibility. 3097 // Cases (i), (ii) and (iii) pass the tests from the specifications but might not pass the "security origin" tests. 3098 3098 3099 3099 // i. A frame can navigate its top ancestor when its 'allow-top-navigation' flag is set (sometimes known as 'frame-busting'). … … 3101 3101 return true; 3102 3102 3103 // ii. A sandboxed frame can always navigate its descendants. 3103 // ii. A frame can navigate its top ancestor when its 'allow-top-navigation-by-user-activation' flag is set and navigation is triggered by user activation. 3104 if (!isSandboxed(SandboxTopNavigationByUserActivation) && UserGestureIndicator::processingUserGesture() && targetFrame == &m_frame->tree().top()) 3105 return true; 3106 3107 // iii. A sandboxed frame can always navigate its descendants. 3104 3108 if (isSandboxed(SandboxNavigation) && targetFrame->tree().isDescendantOf(m_frame)) 3105 3109 return true; … … 3113 3117 } 3114 3118 3115 // 2. Otherwise, if B is a top-level browsing context, and is one of the ancestor browsing contexts of A, and A's active document's active sandboxing flag set has its sandboxed 3116 // top-level navigation browsing context flag set, then abort these steps negatively. 3117 if (m_frame != targetFrame && targetFrame == &m_frame->tree().top() && isSandboxed(SandboxTopNavigation)) { 3118 printNavigationErrorMessage(targetFrame, url(), ASCIILiteral("The frame attempting navigation of the top-level window is sandboxed, but the 'allow-top-navigation' flag is not set.")); 3119 return false; 3119 // 2. Otherwise, if B is a top-level browsing context, and is one of the ancestor browsing contexts of A, then: 3120 if (m_frame != targetFrame && targetFrame == &m_frame->tree().top()) { 3121 bool triggeredByUserActivation = UserGestureIndicator::processingUserGesture(); 3122 // 1. If this algorithm is triggered by user activation and A's active document's active sandboxing flag set has its sandboxed top-level navigation with user activation browsing context flag set, then abort these steps negatively. 3123 if (triggeredByUserActivation && isSandboxed(SandboxTopNavigationByUserActivation)) { 3124 printNavigationErrorMessage(targetFrame, url(), ASCIILiteral("The frame attempting navigation of the top-level window is sandboxed, but the 'allow-top-navigation-by-user-activation' flag is not set and navigation is not triggered by user activation.")); 3125 return false; 3126 } 3127 // 2. Otherwise, If this algorithm is not triggered by user activation and A's active document's active sandboxing flag set has its sandboxed top-level navigation without user activation browsing context flag set, then abort these steps negatively. 3128 if (!triggeredByUserActivation && isSandboxed(SandboxTopNavigation)) { 3129 printNavigationErrorMessage(targetFrame, url(), ASCIILiteral("The frame attempting navigation of the top-level window is sandboxed, but the 'allow-top-navigation' flag is not set.")); 3130 return false; 3131 } 3120 3132 } 3121 3133 -
trunk/Source/WebCore/dom/SecurityContext.cpp
r219595 r219797 86 86 { 87 87 static const char* const supportedPolicies[] = { 88 "allow-forms", "allow-same-origin", "allow-scripts", "allow-top-navigation", "allow-pointer-lock", "allow-popups", "allow-popups-to-escape-sandbox" 88 "allow-forms", "allow-same-origin", "allow-scripts", "allow-top-navigation", "allow-pointer-lock", "allow-popups", "allow-popups-to-escape-sandbox", "allow-top-navigation-by-user-activation" 89 89 }; 90 90 … … 124 124 flags &= ~SandboxScripts; 125 125 flags &= ~SandboxAutomaticFeatures; 126 } else if (equalLettersIgnoringASCIICase(sandboxToken, "allow-top-navigation")) 126 } else if (equalLettersIgnoringASCIICase(sandboxToken, "allow-top-navigation")) { 127 127 flags &= ~SandboxTopNavigation; 128 else if (equalLettersIgnoringASCIICase(sandboxToken, "allow-popups")) 128 flags &= ~SandboxTopNavigationByUserActivation; 129 } else if (equalLettersIgnoringASCIICase(sandboxToken, "allow-popups")) 129 130 flags &= ~SandboxPopups; 130 131 else if (equalLettersIgnoringASCIICase(sandboxToken, "allow-pointer-lock")) … … 132 133 else if (equalLettersIgnoringASCIICase(sandboxToken, "allow-popups-to-escape-sandbox")) 133 134 flags &= ~SandboxPropagatesToAuxiliaryBrowsingContexts; 135 else if (equalLettersIgnoringASCIICase(sandboxToken, "allow-top-navigation-by-user-activation")) 136 flags &= ~SandboxTopNavigationByUserActivation; 134 137 else { 135 138 if (numberOfTokenErrors) -
trunk/Source/WebCore/dom/SecurityContext.h
r218028 r219797 51 51 SandboxPointerLock = 1 << 8, 52 52 SandboxPropagatesToAuxiliaryBrowsingContexts = 1 << 9, 53 SandboxTopNavigationByUserActivation = 1 << 10, 53 54 SandboxAll = -1 // Mask with all bits set to 1. 54 55 };
Note: See TracChangeset
for help on using the changeset viewer.