Changeset 221193 in webkit
- Timestamp:
- Aug 25, 2017 10:28:53 AM (7 years ago)
- Location:
- trunk
- Files:
-
- 8 added
- 26 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r221188 r221193 1 2017-07-25 Frederic Wang <fwang@igalia.com> 2 3 Add flag allow-modals to iframe sandbox 4 https://bugs.webkit.org/show_bug.cgi?id=171321 5 6 Reviewed by Brent Fulgham. 7 8 The allow-modals flag is added to tests trying to open modal dialogs in sandboxed frames, now 9 that the default behavior has changed. New tests are also added to verify that the dialogs 10 are allowed or blocked according to the value of the allow-modals flag. 11 12 * fast/events/popup-blocked-from-sandboxed-frame-via-window-open-named-sibling-frame.html: Add allow-modals. 13 * fast/events/popup-blocked-from-sandboxed-frame-via-window-open-named-sibling-frame2.html: Ditto. 14 * fast/forms/autofocus-in-sandbox-with-allow-scripts.html: Ditto. 15 * fast/frames/sandboxed-iframe-navigation-top-by-name-denied.html: Ditto. 16 * fast/frames/sandboxed-iframe-parsing-space-characters.html: Ditto. 17 * fast/frames/sandboxed-iframe-scripting-02.html: Ditto. 18 * http/tests/security/contentSecurityPolicy/resources/sandboxed-eval.php: Ditto. 19 * http/tests/security/contentSecurityPolicy/sandbox-allow-scripts-in-http-header-control.html: Ditto. 20 * http/tests/security/contentSecurityPolicy/sandbox-allow-scripts-in-http-header.html: Ditto. 21 * http/tests/security/contentSecurityPolicy/sandbox-allow-scripts-in-http-header2.php: Ditto. 22 * http/tests/security/drag-drop-same-unique-origin.html: Ditto. 23 * http/tests/security/no-indexeddb-from-sandbox.html: Ditto. 24 * http/tests/security/no-popup-from-sandbox-top.html: Ditto. 25 * http/tests/security/no-popup-from-sandbox.html: Ditto. 26 * http/tests/security/popup-allowed-by-sandbox-is-sandboxed-control.html: Ditto. 27 * http/tests/security/popup-allowed-by-sandbox-when-allowed.html: Ditto. 28 * http/tests/security/xss-DENIED-window-name-alert.html: Ditto. 29 * http/tests/security/sandboxed-iframe-ALLOWED-modals.html: Added. Verify that alert, 30 confirm, prompt and print dialogs are allowed when the allow-modals flag is set. 31 * http/tests/security/sandboxed-iframe-ALLOWED-modals-expected.txt: Added. 32 * http/tests/security/sandboxed-iframe-DENIED-modals.html: Added. Verify that alert, 33 confirm, prompt and print dialogs are denied when the allow-modals flag not set. The returned 34 values are also verified. 35 * http/tests/security/sandboxed-iframe-DENIED-modals-expected.txt: Added. 36 * http/tests/misc/iframe-beforeunload-dialog-allow-modals.html: Added. Verify that the 37 confirm dialog for beforeunload is displayed when allow-modals is set. 38 * http/tests/misc/iframe-beforeunload-dialog-allow-modals-expected.txt: Added. 39 * http/tests/misc/iframe-beforeunload-dialog-block-modals.html: Added. Verify that the 40 confirm dialog for beforeunload is not displayed when allow-modals is unset. 41 * http/tests/misc/iframe-beforeunload-dialog-block-modals-expected.txt: Added. 42 1 43 2017-08-25 Jonathan Bedard <jbedard@apple.com> 2 44 -
trunk/LayoutTests/fast/events/popup-blocked-from-sandboxed-frame-via-window-open-named-sibling-frame.html
r210112 r221193 13 13 <body> 14 14 <iframe name="A"></iframe> 15 <iframe id="B" sandbox="allow-scripts allow-same-origin allow-popups "></iframe>15 <iframe id="B" sandbox="allow-scripts allow-same-origin allow-popups allow-modals"></iframe> 16 16 <script> 17 17 document.getElementById("B").contentWindow.eval('alert(window.open("about:blank", "A") ? "FAIL" : "PASS");'); -
trunk/LayoutTests/fast/events/popup-blocked-from-sandboxed-frame-via-window-open-named-sibling-frame2.html
r210112 r221193 13 13 <body> 14 14 <iframe name="A"></iframe> 15 <iframe id="B" sandbox="allow-scripts allow-same-origin allow-popups "></iframe>15 <iframe id="B" sandbox="allow-scripts allow-same-origin allow-popups allow-modals"></iframe> 16 16 <script> 17 17 document.getElementById("B").contentWindow.eval('alert(window.open.call(window.top, "about:blank", "A") ? "FAIL" : "PASS");'); -
trunk/LayoutTests/fast/forms/autofocus-in-sandbox-with-allow-scripts.html
r176294 r221193 5 5 This test passes if the activeElement is the input element rather than the body 6 6 (which it would be if the sandbox didn't allow autofocus although allow-scripts flag is set). 7 <iframe sandbox="allow-scripts "7 <iframe sandbox="allow-scripts allow-modals" 8 8 src="data:text/html,<input autofocus onfocus><script>window.onload = function() { alert(document.activeElement.tagName) }</script>"></iframe> -
trunk/LayoutTests/fast/frames/sandboxed-iframe-navigation-top-by-name-denied.html
r121008 r221193 11 11 frame without allow-top-navigation. This test passes if the navigation does 12 12 not occur.</p> 13 <iframe sandbox="allow-scripts "13 <iframe sandbox="allow-scripts allow-modals" 14 14 src="resources/navigate-top-by-name-to-fail.html"> 15 15 </body> -
trunk/LayoutTests/fast/frames/sandboxed-iframe-parsing-space-characters.html
r121008 r221193 23 23 24 24 function testCharacter(possibleDelimiter, message) { 25 var policy = "allow- scripts" + possibleDelimiter + "allow-forms";25 var policy = "allow-modals allow-scripts" + possibleDelimiter + "allow-forms"; 26 26 var iframe = document.createElement('iframe'); 27 27 iframe.sandbox = policy; -
trunk/LayoutTests/fast/frames/sandboxed-iframe-scripting-02.html
r155268 r221193 24 24 </head> 25 25 <body> 26 <iframe sandbox="allow-same-origin allow-scripts "26 <iframe sandbox="allow-same-origin allow-scripts allow-modals" 27 27 src="data:text/html,<script>alert('PASS: Executed script in data URL');window.parent.postMessage({'pass': true}, '*');</script>"> 28 28 </iframe> -
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/sandboxed-eval.php
r133095 r221193 1 1 <?php 2 header("Content-Security-Policy: sandbox allow-scripts ");2 header("Content-Security-Policy: sandbox allow-scripts allow-modals"); 3 3 ?> 4 4 <script> -
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/sandbox-allow-scripts-in-http-header-control.html
r120174 r221193 1 1 <!DOCTYPE html> 2 <iframe src="resources/sandbox.php?sandbox=allow-scripts%20allow- same-origin"></iframe>2 <iframe src="resources/sandbox.php?sandbox=allow-scripts%20allow-modals%20allow-same-origin"></iframe> 3 3 <script> 4 4 if (window.testRunner) -
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/sandbox-allow-scripts-in-http-header.html
r205136 r221193 1 1 <!DOCTYPE html> 2 <iframe src="resources/sandbox.php?sandbox=allow-scripts "></iframe>2 <iframe src="resources/sandbox.php?sandbox=allow-scripts%20allow-modals"></iframe> 3 3 <script> 4 4 if (window.testRunner) -
trunk/LayoutTests/http/tests/security/contentSecurityPolicy/sandbox-allow-scripts-in-http-header2.php
r196874 r221193 1 1 <?php 2 header("Content-Security-Policy: sandbox allow-scripts ");2 header("Content-Security-Policy: sandbox allow-scripts allow-modals"); 3 3 ?> 4 4 <!DOCTYPE html> -
trunk/LayoutTests/http/tests/security/drag-drop-same-unique-origin.html
r120174 r221193 9 9 </head> 10 10 <body> 11 <iframe src="http://127.0.0.1:8000/security/resources/drag-drop-allowed.html" sandbox="allow-scripts "></iframe>11 <iframe src="http://127.0.0.1:8000/security/resources/drag-drop-allowed.html" sandbox="allow-scripts allow-modals"></iframe> 12 12 </body> 13 13 </html> -
trunk/LayoutTests/http/tests/security/no-indexeddb-from-sandbox.html
r141621 r221193 3 3 testRunner.dumpAsText(); 4 4 </script> 5 <iframe sandbox="allow-scripts "5 <iframe sandbox="allow-scripts allow-modals" 6 6 src="data:text/html, 7 7 <script> -
trunk/LayoutTests/http/tests/security/no-popup-from-sandbox-top.html
r120174 r221193 6 6 </script> 7 7 <p>To run this test outside of DumpRenderTree, please disable your popup blocker!</p> 8 <iframe sandbox="allow-scripts "8 <iframe sandbox="allow-scripts allow-modals" 9 9 src="data:text/html, 10 10 <script> -
trunk/LayoutTests/http/tests/security/no-popup-from-sandbox.html
r120174 r221193 6 6 </script> 7 7 <p>To run this test outside of DumpRenderTree, please disable your popup blocker!</p> 8 <iframe sandbox="allow-scripts "8 <iframe sandbox="allow-scripts allow-modals" 9 9 src="data:text/html, 10 10 <script> -
trunk/LayoutTests/http/tests/security/popup-allowed-by-sandbox-is-sandboxed-control.html
r120174 r221193 9 9 <p>To run this test outside of DumpRenderTree, please disable your popup blocker!</p> 10 10 <p>If you change this test, please be sure to change popup-allowed-by-sandbox-is-sandboxed.html as well!</p> 11 <iframe sandbox="allow-scripts allow- popups allow-forms"11 <iframe sandbox="allow-scripts allow-modals allow-popups allow-forms" 12 12 src="data:text/html, 13 13 <script> -
trunk/LayoutTests/http/tests/security/popup-allowed-by-sandbox-when-allowed.html
r120174 r221193 8 8 </script> 9 9 <p>To run this test outside of DumpRenderTree, please disable your popup blocker!</p> 10 <iframe sandbox="allow-scripts allow- popups"10 <iframe sandbox="allow-scripts allow-modals allow-popups" 11 11 src="data:text/html, 12 12 <script> -
trunk/LayoutTests/http/tests/security/xss-DENIED-window-name-alert.html
r168902 r221193 3 3 testRunner.dumpAsText(); 4 4 </script> 5 <iframe sandbox="allow-scripts "5 <iframe sandbox="allow-scripts allow-modals" 6 6 src="data:text/html,<script> 7 7 window.name='alert2'; -
trunk/Source/WebCore/ChangeLog
r221189 r221193 1 2017-07-25 Frederic Wang <fwang@igalia.com> 2 3 Add flag allow-modals to iframe sandbox 4 https://bugs.webkit.org/show_bug.cgi?id=171321 5 6 This patch implements the "allow-modals" value for the iframe sandbox attribute. It changes 7 the behavior for sandboxed document so that alert, confirm, prompt, print as well as dialogs 8 generated from a beforeunload event are blocked when allow-modals is not set, as defined in 9 the specification. For consistency, we do the same for document.execCommand('print', ...). 10 Users should use the allow-modals flag in order to explictly allow modal dialogs. 11 12 See https://html.spec.whatwg.org/multipage/origin.html#sandboxed-modals-flag 13 14 Reviewed by Brent Fulgham. 15 16 Tests: http/tests/security/sandboxed-iframe-ALLOWED-modals.html 17 http/tests/security/sandboxed-iframe-DENIED-modals.html 18 19 * dom/SecurityContext.cpp: Implement parsing for allow-modals 20 (WebCore::SecurityContext::isSupportedSandboxPolicy): 21 (WebCore::SecurityContext::parseSandboxPolicy): 22 * dom/SecurityContext.h: Introduce flag for allow-modals 23 * loader/FrameLoader.cpp: 24 (WebCore::shouldAskForNavigationConfirmation): Prevent confirm dialog from beforeunload when 25 allow-modals is not set. 26 * page/Chrome.h: Change the signature of print, so it may return a failure when the 27 allow-modals flag is not set. 28 * page/Chrome.cpp: 29 (WebCore::Chrome::print): Returns false and print a message error when the allow-modals flag 30 on the frame's document is not set. Otherwise, execute the command and returns true. 31 * editing/EditorCommand.cpp: 32 (WebCore::executePrint): Ensure that document.execCommand for 'print' returns false when the 33 allow-modals flag is not set. 34 * page/DOMWindow.cpp: Add early exit when alert, confirm or prompt when the allow-modals flag 35 for that document is not set. Note that print is handled in Chrome.cpp. 36 (WebCore::DOMWindow::alert): Add early exit. 37 (WebCore::DOMWindow::confirm): Add early exit with the return value indicated in the spec. 38 (WebCore::DOMWindow::prompt): Ditto. 39 1 40 2017-08-25 Brady Eidson <beidson@apple.com> 2 41 -
trunk/Source/WebCore/dom/SecurityContext.cpp
r219797 r221193 86 86 { 87 87 static const char* const supportedPolicies[] = { 88 "allow-forms", "allow-same-origin", "allow-scripts", "allow-top-navigation", "allow-pointer-lock", "allow-popups", "allow-popups-to-escape-sandbox", "allow-top-navigation-by-user-activation" 88 "allow-forms", "allow-same-origin", "allow-scripts", "allow-top-navigation", "allow-pointer-lock", "allow-popups", "allow-popups-to-escape-sandbox", "allow-top-navigation-by-user-activation", "allow-modals" 89 89 }; 90 90 … … 135 135 else if (equalLettersIgnoringASCIICase(sandboxToken, "allow-top-navigation-by-user-activation")) 136 136 flags &= ~SandboxTopNavigationByUserActivation; 137 else if (equalLettersIgnoringASCIICase(sandboxToken, "allow-modals")) 138 flags &= ~SandboxModals; 137 139 else { 138 140 if (numberOfTokenErrors) -
trunk/Source/WebCore/dom/SecurityContext.h
r221017 r221193 54 54 SandboxTopNavigationByUserActivation = 1 << 10, 55 55 SandboxDocumentDomain = 1 << 11, 56 SandboxModals = 1 << 12, 56 57 SandboxAll = -1 // Mask with all bits set to 1. 57 58 }; -
trunk/Source/WebCore/editing/EditorCommand.cpp
r219213 r221193 931 931 if (!page) 932 932 return false; 933 page->chrome().print(frame); 934 return true; 933 return page->chrome().print(frame); 935 934 } 936 935 -
trunk/Source/WebCore/loader/FrameLoader.cpp
r221162 r221193 3043 3043 static bool shouldAskForNavigationConfirmation(Document& document, const BeforeUnloadEvent& event) 3044 3044 { 3045 // Confirmation dialog should not be displayed when the allow-modals flag is not set. 3046 if (document.isSandboxed(SandboxModals)) 3047 return false; 3048 3045 3049 bool userDidInteractWithPage = document.topDocument().userDidInteractWithPage(); 3046 3050 // Web pages can request we ask for confirmation before navigating by: -
trunk/Source/WebCore/page/Chrome.cpp
r221028 r221193 24 24 25 25 #include "ChromeClient.h" 26 #include "DOMWindow.h" 26 27 #include "Document.h" 27 28 #include "DocumentType.h" … … 396 397 } 397 398 398 voidChrome::print(Frame& frame)399 bool Chrome::print(Frame& frame) 399 400 { 400 401 // FIXME: This should have PageGroupLoadDeferrer, like runModal() or runJavaScriptAlert(), because it's no different from those. 402 403 if (frame.document()->isSandboxed(SandboxModals)) { 404 frame.document()->domWindow()->printErrorMessage("Use of window.print is not allowed in a sandboxed frame when the allow-modals flag is not set."); 405 return false; 406 } 407 401 408 m_client.print(frame); 409 return true; 402 410 } 403 411 -
trunk/Source/WebCore/page/Chrome.h
r221028 r221193 145 145 void setToolTip(const HitTestResult&); 146 146 147 WEBCORE_EXPORT voidprint(Frame&);147 WEBCORE_EXPORT bool print(Frame&); 148 148 149 149 WEBCORE_EXPORT void enableSuddenTermination(); -
trunk/Source/WebCore/page/DOMWindow.cpp
r220815 r221193 1128 1128 return; 1129 1129 1130 if (document()->isSandboxed(SandboxModals)) { 1131 printErrorMessage("Use of window.alert is not allowed in a sandboxed frame when the allow-modals flag is not set."); 1132 return; 1133 } 1134 1130 1135 auto* page = m_frame->page(); 1131 1136 if (!page) … … 1150 1155 return false; 1151 1156 1157 if (document()->isSandboxed(SandboxModals)) { 1158 printErrorMessage("Use of window.confirm is not allowed in a sandboxed frame when the allow-modals flag is not set."); 1159 return false; 1160 } 1161 1152 1162 auto* page = m_frame->page(); 1153 1163 if (!page) … … 1171 1181 if (!m_frame) 1172 1182 return String(); 1183 1184 if (document()->isSandboxed(SandboxModals)) { 1185 printErrorMessage("Use of window.prompt is not allowed in a sandboxed frame when the allow-modals flag is not set."); 1186 return String(); 1187 } 1173 1188 1174 1189 auto* page = m_frame->page();
Note: See TracChangeset
for help on using the changeset viewer.