Changeset 263728 in webkit


Ignore:
Timestamp:
Jun 29, 2020 10:55:14 PM (4 years ago)
Author:
Wenson Hsieh
Message:

REGRESSION (r263624): http/tests/quicklook/submit-form-blocked.html fails consistently
https://bugs.webkit.org/show_bug.cgi?id=213767
<rdar://problem/64893698>

Reviewed by Tim Horton.

This test loads a Word document (.docx) in an iframe, and then taps a JavaScript link in the Word document
that creates a new form element and attempts to submit it. The test requires a particular error message to be
logged to the console in order to pass (i.e. "Blocked form submission to '<URL>' because the form's frame is
sandboxed and the 'allow-forms' permission is not set.").

After r263624, this message is no longer logged, because the form element created by the Word document's
JavaScript link is disconnected from the DOM, and so we bail immediately in HTMLFormElement::submit without
ever getting to the security check.

To fix this and make it exercise what it was originally intended to test, we tweak the JavaScript link contained
within the Word document, such that it additionally appends the newly created form element to the document. This
is the modified (percent-decoded) JavaScript URL:

`
(function() {

var form = document.createElement("form");
document.body.appendChild(form);
form.action = "fail.html";
form.innerHTML = '<input type="hidden" name="secret" value="webkit">';
form.submit();

})();
`

This patch simply adds the third line (with the call to document.body.appendChild).

  • http/tests/quicklook/resources/submit-form-blocked.docx:
  • http/tests/quicklook/submit-form-blocked.html:

Make sure we also hit-test to the link in the Word document by making the link much bigger, and adjusting the
touch location offset to match.

Location:
trunk/LayoutTests
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/LayoutTests/ChangeLog

    r263725 r263728  
     12020-06-29  Wenson Hsieh  <wenson_hsieh@apple.com>
     2
     3        REGRESSION (r263624): http/tests/quicklook/submit-form-blocked.html fails consistently
     4        https://bugs.webkit.org/show_bug.cgi?id=213767
     5        <rdar://problem/64893698>
     6
     7        Reviewed by Tim Horton.
     8
     9        This test loads a Word document (`.docx`) in an iframe, and then taps a JavaScript link in the Word document
     10        that creates a new `form` element and attempts to submit it. The test requires a particular error message to be
     11        logged to the console in order to pass (i.e. "Blocked form submission to '<URL>' because the form's frame is
     12        sandboxed and the 'allow-forms' permission is not set.").
     13
     14        After r263624, this message is no longer logged, because the `form` element created by the Word document's
     15        JavaScript link is disconnected from the DOM, and so we bail immediately in `HTMLFormElement::submit` without
     16        ever getting to the security check.
     17
     18        To fix this and make it exercise what it was originally intended to test, we tweak the JavaScript link contained
     19        within the Word document, such that it additionally appends the newly created form element to the document. This
     20        is the modified (percent-decoded) JavaScript URL:
     21
     22        ```
     23        (function() {
     24            var form = document.createElement("form");
     25            document.body.appendChild(form);
     26            form.action = "fail.html";
     27            form.innerHTML = '<input type="hidden" name="secret" value="webkit">';
     28            form.submit();
     29        })();
     30        ```
     31
     32        This patch simply adds the third line (with the call to `document.body.appendChild`).
     33
     34        * http/tests/quicklook/resources/submit-form-blocked.docx:
     35        * http/tests/quicklook/submit-form-blocked.html:
     36
     37        Make sure we also hit-test to the link in the Word document by making the link much bigger, and adjusting the
     38        touch location offset to match.
     39
    1402020-06-29  Diego Pino Garcia  <dpino@igalia.com>
    241
  • trunk/LayoutTests/http/tests/quicklook/submit-form-blocked.html

    r211373 r263728  
    1212<body>
    1313<p>This test verifies that form submission is blocked using QuickLook to preview a Microsoft Word document. This test PASSED only if a security error is logged to the console.</p>
    14 <iframe src="resources/submit-form-blocked.docx" onload="runTest(this)"></iframe>
     14<iframe src="resources/submit-form-blocked.docx" onload="runTest(this, 50)"></iframe>
    1515</body>
    1616</html>
Note: See TracChangeset for help on using the changeset viewer.