Changeset 224287 in webkit

Timestamp:

Nov 1, 2017 12:39:12 PM (7 years ago)

Author:

Chris Dumez

Message:

Regression(r219659): Can no longer log into ifttt.com using Google account
​https://bugs.webkit.org/show_bug.cgi?id=179117

Reviewed by Geoffrey Garen.

LayoutTests/imported/w3c:

Rebaseline WPT tests.

• web-platform-tests/html/browsers/origin/cross-origin-objects/cross-origin-objects-expected.txt:
• web-platform-tests/html/browsers/the-window-object/window-indexed-properties-expected.txt:

Source/WebCore:

After r219659, it is no longer possible to log into ifttt.com using a Google
account:

• Signed into a Google account already
• Visit ​https://ifttt.com/login
• Click "Continue with Google"
• Select the signed in account

It turns out that this change to the HTML specification was not Web-compatible:
See ​https://bugzilla.mozilla.org/show_bug.cgi?id=1412741 & ​https://github.com/whatwg/html/issues/3183

This patch reverts r219659 for now until we agree on what behavior should get
specified.

No new tests, rebaselined existing tests.

• bindings/js/JSDOMWindowCustom.cpp:

(WebCore::jsDOMWindowGetOwnPropertySlotRestrictedAccess):
(WebCore::JSDOMWindow::getOwnPropertySlotByIndex):
(WebCore::JSDOMWindow::getOwnPropertyNames):

• bindings/js/JSLocationCustom.cpp:

(WebCore::getOwnPropertySlotCommon):
(WebCore::JSLocation::getOwnPropertyNames):

LayoutTests:

Update / rebaseline existing test.

• http/tests/security/cross-origin-descriptors-expected.txt:
• http/tests/security/cross-origin-descriptors.html:

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/http/tests/security/cross-origin-descriptors-expected.txt (modified) (2 diffs)
• LayoutTests/http/tests/security/cross-origin-descriptors.html (modified) (1 diff)
• LayoutTests/imported/w3c/ChangeLog (modified) (1 diff)
• LayoutTests/imported/w3c/web-platform-tests/html/browsers/origin/cross-origin-objects/cross-origin-objects-expected.txt (modified) (1 diff)
• LayoutTests/imported/w3c/web-platform-tests/html/browsers/the-window-object/window-indexed-properties-expected.txt (modified) (1 diff)
• LayoutTests/js/dom/getOwnPropertyDescriptor-expected.txt (modified) (1 diff)
• LayoutTests/js/resources/getOwnPropertyDescriptor.js (modified) (1 diff)
• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/bindings/js/JSDOMWindowCustom.cpp (modified) (6 diffs)
• Source/WebCore/bindings/js/JSLocationCustom.cpp (modified) (3 diffs)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2017-11-01  Chris Dumez  <cdumez@apple.com>
+
+        Regression(r219659): Can no longer log into ifttt.com using Google account
+        https://bugs.webkit.org/show_bug.cgi?id=179117
+
+        Reviewed by Geoffrey Garen.
+
+        Update / rebaseline existing test.
+
+        * http/tests/security/cross-origin-descriptors-expected.txt:
+        * http/tests/security/cross-origin-descriptors.html:
+
 2017-11-01  Frederic Wang  <fwang@igalia.com>
 

trunk/LayoutTests/http/tests/security/cross-origin-descriptors-expected.txt

@@ -7 +7 @@
 PASS descriptor.get is undefined.
 PASS descriptor.set is an instance of Function
-PASS descriptor.enumerable is true
+PASS descriptor.enumerable is false
 PASS descriptor.configurable is true
 * Location.replace
 PASS descriptor.value is an instance of Function
 PASS descriptor.writable is false
-PASS descriptor.enumerable is true
+PASS descriptor.enumerable is false
 PASS descriptor.configurable is true
 
@@ -18 +18 @@
 PASS descriptor.get is an instance of Function
 PASS descriptor.set is undefined.
-PASS descriptor.enumerable is true
+PASS descriptor.enumerable is false
 PASS descriptor.configurable is true
 * Window.self
 PASS descriptor.get is an instance of Function
 PASS descriptor.set is undefined.
-PASS descriptor.enumerable is true
+PASS descriptor.enumerable is false
 PASS descriptor.configurable is true
 * Window.location
 PASS descriptor.get is an instance of Function
 PASS descriptor.set is an instance of Function
-PASS descriptor.enumerable is true
+PASS descriptor.enumerable is false
 PASS descriptor.configurable is true
 * Window.close
 PASS descriptor.value is an instance of Function
 PASS descriptor.writable is false
-PASS descriptor.enumerable is true
+PASS descriptor.enumerable is false
 PASS descriptor.configurable is true
 * Window.closed
 PASS descriptor.get is an instance of Function
 PASS descriptor.set is undefined.
-PASS descriptor.enumerable is true
+PASS descriptor.enumerable is false
 PASS descriptor.configurable is true
 * Window.focus
 PASS descriptor.value is an instance of Function
 PASS descriptor.writable is false
-PASS descriptor.enumerable is true
+PASS descriptor.enumerable is false
 PASS descriptor.configurable is true
 * Window.blur
 PASS descriptor.value is an instance of Function
 PASS descriptor.writable is false
-PASS descriptor.enumerable is true
+PASS descriptor.enumerable is false
 PASS descriptor.configurable is true
 * Window.frames
 PASS descriptor.get is an instance of Function
 PASS descriptor.set is undefined.
-PASS descriptor.enumerable is true
+PASS descriptor.enumerable is false
 PASS descriptor.configurable is true
 * Window.length
 PASS descriptor.get is an instance of Function
 PASS descriptor.set is undefined.
-PASS descriptor.enumerable is true
+PASS descriptor.enumerable is false
 PASS descriptor.configurable is true
 * Window.top
 PASS descriptor.get is an instance of Function
 PASS descriptor.set is undefined.
-PASS descriptor.enumerable is true
+PASS descriptor.enumerable is false
 PASS descriptor.configurable is true
 * Window.opener
 PASS descriptor.get is an instance of Function
 PASS descriptor.set is undefined.
-PASS descriptor.enumerable is true
+PASS descriptor.enumerable is false
 PASS descriptor.configurable is true
 * Window.parent
 PASS descriptor.get is an instance of Function
 PASS descriptor.set is undefined.
-PASS descriptor.enumerable is true
+PASS descriptor.enumerable is false
 PASS descriptor.configurable is true
 * Window.postMessage
 PASS descriptor.value is an instance of Function
 PASS descriptor.writable is false
-PASS descriptor.enumerable is true
+PASS descriptor.enumerable is false
 PASS descriptor.configurable is true
 

trunk/LayoutTests/http/tests/security/cross-origin-descriptors.html

@@ -28 +28 @@
         shouldBeFalse("descriptor.writable");
     }
-    shouldBeTrue("descriptor.enumerable");
+    shouldBeFalse("descriptor.enumerable");
     shouldBeTrue("descriptor.configurable");
 }

trunk/LayoutTests/imported/w3c/ChangeLog

@@ +1 @@
+2017-11-01  Chris Dumez  <cdumez@apple.com>
+
+        Regression(r219659): Can no longer log into ifttt.com using Google account
+        https://bugs.webkit.org/show_bug.cgi?id=179117
+
+        Reviewed by Geoffrey Garen.
+
+        Rebaseline WPT tests.
+
+        * web-platform-tests/html/browsers/origin/cross-origin-objects/cross-origin-objects-expected.txt:
+        * web-platform-tests/html/browsers/the-window-object/window-indexed-properties-expected.txt:
+
 2017-10-31  Dean Jackson  <dino@apple.com>
 

trunk/LayoutTests/imported/w3c/web-platform-tests/html/browsers/origin/cross-origin-objects/cross-origin-objects-expected.txt

@@ -7 +7 @@
 PASS [[PreventExtensions]] should throw for cross-origin objects 
 PASS [[GetOwnProperty]] - Properties on cross-origin objects should be reported |own| 
-PASS [[GetOwnProperty]] - Property descriptors for cross-origin properties should be set up correctly 
+FAIL [[GetOwnProperty]] - Property descriptors for cross-origin properties should be set up correctly assert_equals: property descriptor for 0 should be enumerable expected true but got false
 PASS [[Delete]] Should throw on cross-origin objects 
 PASS [[DefineOwnProperty]] Should throw for cross-origin objects 
-PASS Can only enumerate safelisted properties 
-PASS [[OwnPropertyKeys]] should return all properties from cross-origin objects 
+FAIL Can only enumerate safelisted properties assert_equals: Enumerate all safelisted cross-origin Window properties expected 15 but got 0
+FAIL [[OwnPropertyKeys]] should return all properties from cross-origin objects assert_array_equals: Object.keys() gives the right answer for cross-origin Window lengths differ, expected 15 got 0
 PASS [[OwnPropertyKeys]] should return the right symbol-named properties for cross-origin objects 
 PASS [[OwnPropertyKeys]] should place the symbols after the property names after the subframe indices 

trunk/LayoutTests/imported/w3c/web-platform-tests/html/browsers/the-window-object/window-indexed-properties-expected.txt

@@ -1 +1 @@
 
 PASS Indexed properties of the window object (non-strict mode) 
-PASS Ensure indexed properties have the correct configuration 
+FAIL Ensure indexed properties have the correct configuration assert_true: expected true got false
 FAIL Indexed properties of the window object (non-strict mode) 1 assert_throws: function "() => Object.defineProperty(window, 0, { value: "bar" })" did not throw
 FAIL Indexed properties of the window object (non-strict mode) 2 assert_throws: function "() => Object.defineProperty(window, 1, { value: "bar" })" did not throw

trunk/LayoutTests/js/dom/getOwnPropertyDescriptor-expected.txt

@@ -129 +129 @@
 PASS Object.getOwnPropertyDescriptor(global, 0).hasOwnProperty('get') is false
 PASS Object.getOwnPropertyDescriptor(global, 0).hasOwnProperty('set') is false
-PASS Object.getOwnPropertyDescriptor(global, 0).enumerable is true
+PASS Object.getOwnPropertyDescriptor(global, 0).enumerable is false
 PASS Object.getOwnPropertyDescriptor(global, 0).configurable is true
 PASS Object.getOwnPropertyDescriptor(document.getElementsByTagName('div'), 0).value is document.getElementsByTagName('div')[0]

trunk/LayoutTests/js/resources/getOwnPropertyDescriptor.js

@@ -45 +45 @@
 descriptorShouldBe("global", "'window'", {get: 'globalWindowGetter', set: undefined, enumerable: true, configurable: false});
 descriptorShouldBe("global", "'XMLHttpRequest'", {writable: true, enumerable: false, configurable: true, value:"XMLHttpRequest"});
-descriptorShouldBe("global", "0", {writable: true, enumerable: true, configurable: true, value:"global[0]"});
+descriptorShouldBe("global", "0", {writable: true, enumerable: false, configurable: true, value:"global[0]"});
 descriptorShouldBe("document.getElementsByTagName('div')", "0", {writable: false, enumerable: true, configurable: true, value:"document.getElementsByTagName('div')[0]"});
 descriptorShouldBe("document.getElementsByClassName('pass')", "0", {writable: false, enumerable: true, configurable: true, value:"document.getElementsByClassName('pass')[0]"});

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2017-11-01  Chris Dumez  <cdumez@apple.com>
+
+        Regression(r219659): Can no longer log into ifttt.com using Google account
+        https://bugs.webkit.org/show_bug.cgi?id=179117
+
+        Reviewed by Geoffrey Garen.
+
+        After r219659, it is no longer possible to log into ifttt.com using a Google
+        account:
+        - Signed into a Google account already
+        - Visit https://ifttt.com/login
+        - Click "Continue with Google"
+        - Select the signed in account
+
+        It turns out that this change to the HTML specification was not Web-compatible:
+        See https://bugzilla.mozilla.org/show_bug.cgi?id=1412741 & https://github.com/whatwg/html/issues/3183
+
+        This patch reverts r219659 for now until we agree on what behavior should get
+        specified.
+
+        No new tests, rebaselined existing tests.
+
+        * bindings/js/JSDOMWindowCustom.cpp:
+        (WebCore::jsDOMWindowGetOwnPropertySlotRestrictedAccess):
+        (WebCore::JSDOMWindow::getOwnPropertySlotByIndex):
+        (WebCore::JSDOMWindow::getOwnPropertyNames):
+        * bindings/js/JSLocationCustom.cpp:
+        (WebCore::getOwnPropertySlotCommon):
+        (WebCore::JSLocation::getOwnPropertyNames):
+
 2017-10-31  Dean Jackson  <dino@apple.com>
 

trunk/Source/WebCore/bindings/js/JSDOMWindowCustom.cpp

@@ -92 +92 @@
     if (!frame) {
         if (propertyName == builtinNames.closedPublicName()) {
-            slot.setCustom(thisObject, JSC::PropertyAttribute::ReadOnly | JSC::PropertyAttribute::DontDelete, jsDOMWindowClosed);
+            slot.setCustom(thisObject, JSC::PropertyAttribute::ReadOnly | JSC::PropertyAttribute::DontDelete | JSC::PropertyAttribute::DontEnum, jsDOMWindowClosed);
             return true;
         }
         if (propertyName == builtinNames.closePublicName()) {
-            slot.setCustom(thisObject, JSC::PropertyAttribute::ReadOnly | JSC::PropertyAttribute::DontDelete, nonCachingStaticFunctionGetter<jsDOMWindowInstanceFunctionClose, 0>);
+            slot.setCustom(thisObject, JSC::PropertyAttribute::ReadOnly | JSC::PropertyAttribute::DontDelete | JSC::PropertyAttribute::DontEnum, nonCachingStaticFunctionGetter<jsDOMWindowInstanceFunctionClose, 0>);
             return true;
         }
@@ -115 +115 @@
     // Always provide the original function, on a fresh uncached function object.
     if (propertyName == builtinNames.blurPublicName()) {
-        slot.setCustom(thisObject, static_cast<unsigned>(JSC::PropertyAttribute::ReadOnly), nonCachingStaticFunctionGetter<jsDOMWindowInstanceFunctionBlur, 0>);
+        slot.setCustom(thisObject, static_cast<unsigned>(JSC::PropertyAttribute::ReadOnly | JSC::PropertyAttribute::DontEnum), nonCachingStaticFunctionGetter<jsDOMWindowInstanceFunctionBlur, 0>);
         return true;
     }
     if (propertyName == builtinNames.closePublicName()) {
-        slot.setCustom(thisObject, static_cast<unsigned>(JSC::PropertyAttribute::ReadOnly), nonCachingStaticFunctionGetter<jsDOMWindowInstanceFunctionClose, 0>);
+        slot.setCustom(thisObject, static_cast<unsigned>(JSC::PropertyAttribute::ReadOnly | JSC::PropertyAttribute::DontEnum), nonCachingStaticFunctionGetter<jsDOMWindowInstanceFunctionClose, 0>);
         return true;
     }
     if (propertyName == builtinNames.focusPublicName()) {
-        slot.setCustom(thisObject, static_cast<unsigned>(JSC::PropertyAttribute::ReadOnly), nonCachingStaticFunctionGetter<jsDOMWindowInstanceFunctionFocus, 0>);
+        slot.setCustom(thisObject, static_cast<unsigned>(JSC::PropertyAttribute::ReadOnly | JSC::PropertyAttribute::DontEnum), nonCachingStaticFunctionGetter<jsDOMWindowInstanceFunctionFocus, 0>);
         return true;
     }
     if (propertyName == builtinNames.postMessagePublicName()) {
-        slot.setCustom(thisObject, static_cast<unsigned>(JSC::PropertyAttribute::ReadOnly), nonCachingStaticFunctionGetter<jsDOMWindowInstanceFunctionPostMessage, 2>);
+        slot.setCustom(thisObject, static_cast<unsigned>(JSC::PropertyAttribute::ReadOnly | JSC::PropertyAttribute::DontEnum), nonCachingStaticFunctionGetter<jsDOMWindowInstanceFunctionPostMessage, 2>);
         return true;
     }
@@ -147 +147 @@
             bool shouldExposeSetter = propertyName == builtinNames.locationPublicName();
             CustomGetterSetter* customGetterSetter = CustomGetterSetter::create(vm, entry->propertyGetter(), shouldExposeSetter ? entry->propertyPutter() : nullptr);
-            slot.setCustomGetterSetter(thisObject, static_cast<unsigned>(JSC::PropertyAttribute::CustomAccessor), customGetterSetter);
+            slot.setCustomGetterSetter(thisObject, static_cast<unsigned>(JSC::PropertyAttribute::CustomAccessor | JSC::PropertyAttribute::DontEnum), customGetterSetter);
             return true;
         }
@@ -164 +164 @@
     // the Moz way.
     if (auto* scopedChild = frame->tree().scopedChild(propertyNameToAtomicString(propertyName))) {
-        slot.setValue(thisObject, JSC::PropertyAttribute::ReadOnly | JSC::PropertyAttribute::DontDelete, toJS(exec, scopedChild->document()->domWindow()));
+        slot.setValue(thisObject, JSC::PropertyAttribute::ReadOnly | JSC::PropertyAttribute::DontDelete | JSC::PropertyAttribute::DontEnum, toJS(exec, scopedChild->document()->domWindow()));
         return true;
     }
@@ -234 +234 @@
     // These are also allowed cross-orgin, so come before the access check.
     if (frame && index < frame->tree().scopedChildCount()) {
-        slot.setValue(thisObject, static_cast<unsigned>(JSC::PropertyAttribute::ReadOnly), toJS(state, frame->tree().scopedChild(index)->document()->domWindow()));
+        slot.setValue(thisObject, static_cast<unsigned>(JSC::PropertyAttribute::ReadOnly | JSC::PropertyAttribute::DontEnum), toJS(state, frame->tree().scopedChild(index)->document()->domWindow()));
         return true;
     }
@@ -352 +352 @@
     JSDOMWindow* thisObject = jsCast<JSDOMWindow*>(object);
 
-    addScopedChildrenIndexes(*exec, thisObject->wrapped(), propertyNames);
+    if (mode.includeDontEnumProperties())
+        addScopedChildrenIndexes(*exec, thisObject->wrapped(), propertyNames);
 
     if (!BindingSecurity::shouldAllowAccessToDOMWindow(exec, thisObject->wrapped(), DoNotReportSecurityError)) {
-        addCrossOriginWindowOwnPropertyNames(*exec, propertyNames);
+        if (mode.includeDontEnumProperties())
+            addCrossOriginWindowOwnPropertyNames(*exec, propertyNames);
         return;
     }

trunk/Source/WebCore/bindings/js/JSLocationCustom.cpp

@@ -63 +63 @@
     // We only allow access to Location.replace() cross origin.
     if (propertyName == vm.propertyNames->replace) {
-        slot.setCustom(&thisObject, static_cast<unsigned>(PropertyAttribute::ReadOnly), nonCachingStaticFunctionGetter<jsLocationInstanceFunctionReplace, 1>);
+        slot.setCustom(&thisObject, static_cast<unsigned>(PropertyAttribute::ReadOnly | PropertyAttribute::DontEnum), nonCachingStaticFunctionGetter<jsLocationInstanceFunctionReplace, 1>);
         return true;
     }
@@ -72 +72 @@
         auto* entry = JSLocation::info()->staticPropHashTable->entry(propertyName);
         CustomGetterSetter* customGetterSetter = CustomGetterSetter::create(vm, nullptr, entry->propertyPutter());
-        slot.setCustomGetterSetter(&thisObject, static_cast<unsigned>(JSC::PropertyAttribute::CustomAccessor), customGetterSetter);
+        slot.setCustomGetterSetter(&thisObject, static_cast<unsigned>(JSC::PropertyAttribute::CustomAccessor | PropertyAttribute::DontEnum), customGetterSetter);
         return true;
     }
@@ -189 +189 @@
     JSLocation* thisObject = jsCast<JSLocation*>(object);
     if (!BindingSecurity::shouldAllowAccessToFrame(exec, thisObject->wrapped().frame(), DoNotReportSecurityError)) {
-        addCrossOriginLocationOwnPropertyNames(*exec, propertyNames);
+        if (mode.includeDontEnumProperties())
+            addCrossOriginLocationOwnPropertyNames(*exec, propertyNames);
         return;
     }