Changeset 32922 in webkit
- Timestamp:
- May 6, 2008 3:00:05 PM (16 years ago)
- Location:
- trunk
- Files:
-
- 3 added
- 27 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r32879 r32922 1 2008-05-06 Adam Barth <abarth-webkit@adambarth.com> 2 3 Reviewed by Sam Weinig. 4 5 https://bugs.webkit.org/show_bug.cgi?id=18725 6 Update tests for asynchronous postMessage. 7 8 Collin Jackson <collinj-webkit@collinjackson.com> also contributed to this patch. 9 10 * http/tests/messaging/cross-domain-message-send.html: 11 * http/tests/messaging/resources/cross-domain-message-receive.html: 12 * http/tests/security/cross-frame-access-delete.html: 13 * http/tests/security/cross-frame-access-history-put.html: 14 * http/tests/security/cross-frame-access-location-put.html: 15 * http/tests/security/postMessage/delivery-order-expected.txt: Added. 16 * http/tests/security/postMessage/delivery-order.html: Added. 17 * http/tests/security/postMessage/invalid-origin-throws-exception-expected.txt: 18 * http/tests/security/postMessage/invalid-origin-throws-exception.html: 19 * http/tests/security/postMessage/origin-unaffected-by-base-tag-expected.txt: 20 * http/tests/security/postMessage/origin-unaffected-by-base-tag.html: 21 * http/tests/security/postMessage/origin-unaffected-by-document-domain-expected.txt: 22 * http/tests/security/postMessage/origin-unaffected-by-document-domain.html: 23 * http/tests/security/postMessage/resources/javascript-post-message-sender.html: 24 * http/tests/security/postMessage/resources/post-message-listener.html: 25 * http/tests/security/postMessage/resources/recv.js: Added. 26 * http/tests/security/postMessage/target-origin-expected.txt: 27 * http/tests/security/postMessage/target-origin.html: 28 * http/tests/security/resources/cross-frame-iframe-for-delete-test.html: 29 * http/tests/security/resources/cross-frame-iframe-for-history-put-test.html: 30 * http/tests/security/resources/cross-frame-iframe-for-location-put-test.html: 31 * http/tests/security/resources/xss-eval3.html: 32 * http/tests/security/xss-eval.html: 33 1 34 2008-05-05 Alexey Proskuryakov <ap@webkit.org> 2 35 -
trunk/LayoutTests/http/tests/messaging/cross-domain-message-send.html
r29051 r32922 13 13 14 14 function postIt () { 15 document.getElementById("receiver").contentWindow.postMessage("Something" );15 document.getElementById("receiver").contentWindow.postMessage("Something", "*"); 16 16 } 17 17 -
trunk/LayoutTests/http/tests/messaging/resources/cross-domain-message-receive.html
r32597 r32922 11 11 result += "data: " + e.data + "\n"; 12 12 result += "origin: " + e.origin + "\n"; 13 e.source.postMessage(result );13 e.source.postMessage(result, "*"); 14 14 } 15 15 -
trunk/LayoutTests/http/tests/security/cross-frame-access-delete.html
r30032 r32922 27 27 shouldBe("eval('delete targetWindow.location[1]')", "false"); 28 28 29 targetWindow.postMessage("deletingValuesComplete" );29 targetWindow.postMessage("deletingValuesComplete", "*"); 30 30 } 31 31 </script> -
trunk/LayoutTests/http/tests/security/cross-frame-access-history-put.html
r30157 r32922 44 44 45 45 if (window.postMessage) 46 targetWindow.postMessage("settingValuesComplete" );46 targetWindow.postMessage("settingValuesComplete", "*"); 47 47 else 48 48 log("\nSet Test complete! Click button entitled 'Step 2 - Set Check' to finish the test."); -
trunk/LayoutTests/http/tests/security/cross-frame-access-location-put.html
r30157 r32922 45 45 46 46 if (window.postMessage) 47 targetWindow.postMessage("settingValuesComplete" );47 targetWindow.postMessage("settingValuesComplete", "*"); 48 48 else 49 49 log("\nSet Test complete! Click button entitled 'Step 2 - Set Check' to finish the test."); -
trunk/LayoutTests/http/tests/security/postMessage/invalid-origin-throws-exception-expected.txt
r32597 r32922 1 CONSOLE MESSAGE: line 0: Unable to post message to asdf: . Recipient has origin http://localhost:8000.1 CONSOLE MESSAGE: line 0: Unable to post message to asdf://. Recipient has origin http://localhost:8000. 2 2 3 CONSOLE MESSAGE: line 0: Unable to post message to http: . Recipient has origin http://localhost:8000.3 CONSOLE MESSAGE: line 0: Unable to post message to http://. Recipient has origin http://localhost:8000. 4 4 5 CONSOLE MESSAGE: line 0: Unable to post message to /tmp/foo. Recipient has origin http://localhost:8000.5 CONSOLE MESSAGE: line 0: Unable to post message to localhost:8000. 6 6 7 CONSOLE MESSAGE: line 0: Unable to post message to //localhost. Recipient has origin http://localhost:8000.7 CONSOLE MESSAGE: line 0: Unable to post message to localhost:8000. 8 8 9 9 window.location.href = http://127.0.0.1:8000/security/postMessage/invalid-origin-throws-exception.html … … 16 16 Posted message to '/tmp/foo' without any exceptions. 17 17 Posted message to '//localhost' without any exceptions. 18 Received message: data="Received message: data="done" origin="http://127.0.0.1:8000"" origin="http://localhost:8000" -
trunk/LayoutTests/http/tests/security/postMessage/invalid-origin-throws-exception.html
r32597 r32922 1 <script>2 if (window.layoutTestController)3 layoutTestController.dumpAsText();4 </script>5 6 1 <!DOCTYPE html> 7 2 <html> 8 3 <head> 4 <script src="resources/recv.js"></script> 9 5 <script> 10 6 if (window.layoutTestController) { 11 7 layoutTestController.dumpAsText(); 12 8 layoutTestController.waitUntilDone(); 13 }14 15 function recv(e) {16 document.getElementById("result").innerHTML += "<br>" + e.data;17 9 } 18 10 … … 44 36 tryPostMessage("//localhost"); 45 37 46 if (window.layoutTestController)47 layoutTestController.notifyDone();38 39 win.postMessage('done', '*'); 48 40 } 49 41 </script> -
trunk/LayoutTests/http/tests/security/postMessage/origin-unaffected-by-base-tag-expected.txt
r32597 r32922 1 1 window.location.href = http://127.0.0.1:8000/security/postMessage/origin-unaffected-by-base-tag.html 2 2 3 Received message: data="Message from parent" origin="http://127.0.0.1:8000" 3 waiting... 4 Received message: data="Received message: data="Message from parent" origin="http://127.0.0.1:8000"" origin="http://localhost:8000" 5 Received message: data="Received message: data="done" origin="http://127.0.0.1:8000"" origin="http://localhost:8000" -
trunk/LayoutTests/http/tests/security/postMessage/origin-unaffected-by-base-tag.html
r32597 r32922 2 2 <html> 3 3 <head> 4 <script src="resources/recv.js"></script> 4 5 <script> 5 6 if (window.layoutTestController) { 6 7 layoutTestController.dumpAsText(); 7 8 layoutTestController.waitUntilDone(); 8 }9 10 function recv(e) {11 document.getElementById("result").firstChild.data = e.data;12 13 if (window.layoutTestController)14 layoutTestController.notifyDone();15 9 } 16 10 … … 20 14 var iframe = document.getElementById('child'); 21 15 var win = iframe.contentWindow; 22 win.postMessage('Message from parent'); 16 win.postMessage('Message from parent', '*'); 17 18 win.postMessage('done', '*'); 23 19 } 24 20 </script> -
trunk/LayoutTests/http/tests/security/postMessage/origin-unaffected-by-document-domain-expected.txt
r32597 r32922 2 2 document.domain = 0.0.1 3 3 4 Received message: data="Message from parent" origin="http://127.0.0.1:8000" 4 waiting... 5 Received message: data="Received message: data="Message from parent" origin="http://127.0.0.1:8000"" origin="http://localhost:8000" 6 Received message: data="Received message: data="done" origin="http://127.0.0.1:8000"" origin="http://localhost:8000" -
trunk/LayoutTests/http/tests/security/postMessage/origin-unaffected-by-document-domain.html
r32597 r32922 2 2 <html> 3 3 <head> 4 <script src="resources/recv.js"></script> 4 5 <script> 5 6 if (window.layoutTestController) { 6 7 layoutTestController.dumpAsText(); 7 8 layoutTestController.waitUntilDone(); 8 }9 10 function recv(e) {11 document.getElementById("result").firstChild.data = e.data;12 13 if (window.layoutTestController)14 layoutTestController.notifyDone();15 9 } 16 10 … … 20 14 var iframe = document.getElementById('child'); 21 15 var win = iframe.contentWindow; 22 win.postMessage('Message from parent'); 16 win.postMessage('Message from parent', '*'); 17 18 win.postMessage('done', '*'); 23 19 } 24 20 -
trunk/LayoutTests/http/tests/security/postMessage/resources/javascript-post-message-sender.html
r29678 r32922 5 5 function nav() { 6 6 var url = "javascript:'<script>" + 7 "top.postMessage(\"Hello from child\" );" +7 "top.postMessage(\"Hello from child\", \"*\");" + 8 8 "document.write(\"Message sent\");" + 9 9 "</scri" + "pt>'"; -
trunk/LayoutTests/http/tests/security/postMessage/resources/post-message-listener.html
r32597 r32922 6 6 function recv(e) { 7 7 var msg = 'Received message: data="' + e.data + '" origin="' + e.origin + '"'; 8 top.postMessage(msg );8 top.postMessage(msg, '*'); 9 9 } 10 10 -
trunk/LayoutTests/http/tests/security/postMessage/target-origin-expected.txt
r32597 r32922 12 12 13 13 waiting... 14 Received message: data="Trying origin=http://localhost:8000" origin="http://127.0.0.1:8000" 15 Received message: data="Trying origin=http://localhost:8000/" origin="http://127.0.0.1:8000" 16 Received message: data="Trying origin=http://localhost:8000/foo" origin="http://127.0.0.1:8000" 17 Received message: data="Trying origin=http://localhost:8000/foo?bar" origin="http://127.0.0.1:8000" 18 Received message: data="Trying origin=http://localhost:8000/foo?bar#baz" origin="http://127.0.0.1:8000" 19 Received message: data="Trying origin=http://user:pass@localhost:8000/foo?bar#baz" origin="http://127.0.0.1:8000" 20 Received message: data="Trying origin=null" origin="http://127.0.0.1:8000" 21 Received message: data="Trying origin=undefined" origin="http://127.0.0.1:8000" 14 Error sending message to null. Error: SYNTAX_ERR: DOM Exception 12 15 Error sending message to undefined. Error: SYNTAX_ERR: DOM Exception 12 16 Received message: data="Received message: data="Trying origin=http://localhost:8000" origin="http://127.0.0.1:8000"" origin="http://localhost:8000" 17 Received message: data="Received message: data="Trying origin=http://localhost:8000/" origin="http://127.0.0.1:8000"" origin="http://localhost:8000" 18 Received message: data="Received message: data="Trying origin=http://localhost:8000/foo" origin="http://127.0.0.1:8000"" origin="http://localhost:8000" 19 Received message: data="Received message: data="Trying origin=http://localhost:8000/foo?bar" origin="http://127.0.0.1:8000"" origin="http://localhost:8000" 20 Received message: data="Received message: data="Trying origin=http://localhost:8000/foo?bar#baz" origin="http://127.0.0.1:8000"" origin="http://localhost:8000" 21 Received message: data="Received message: data="Trying origin=http://user:pass@localhost:8000/foo?bar#baz" origin="http://127.0.0.1:8000"" origin="http://localhost:8000" 22 Received message: data="Received message: data="Trying origin=*" origin="http://127.0.0.1:8000"" origin="http://localhost:8000" 23 Received message: data="Received message: data="done" origin="http://127.0.0.1:8000"" origin="http://localhost:8000" -
trunk/LayoutTests/http/tests/security/postMessage/target-origin.html
r32597 r32922 2 2 <html> 3 3 <head> 4 <script src="resources/recv.js"></script> 4 5 <script> 5 6 if (window.layoutTestController) { … … 8 9 } 9 10 10 function recv(e) {11 document.getElementById("result").innerHTML += "<br>" + e.data;12 }13 14 11 document.addEventListener("message", recv, false); 15 12 16 13 function tryPostMessage(win, origin) { 17 win.postMessage("Trying origin=" + origin, origin); 14 try { 15 win.postMessage("Trying origin=" + origin, origin); 16 } catch(ex) { 17 log("Error sending message to " + origin + ". " + ex); 18 } 18 19 } 19 20 … … 29 30 tryPostMessage(win, "http://localhost:8000/foo?bar#baz"); 30 31 tryPostMessage(win, "http://user:pass@localhost:8000/foo?bar#baz"); 31 tryPostMessage(win, null); 32 tryPostMessage(win, undefined); 32 tryPostMessage(win, "*"); 33 33 34 34 // Should fail: … … 39 39 tryPostMessage(win, "http://www.example.com"); 40 40 41 if (window.layoutTestController) 42 layoutTestController.notifyDone(); 41 // Should throw syntax error: 42 tryPostMessage(win, null); 43 tryPostMessage(win, undefined); 44 45 win.postMessage('done', '*'); 43 46 } 44 47 </script> -
trunk/LayoutTests/http/tests/security/resources/cross-frame-iframe-for-delete-test.html
r30032 r32922 19 19 window.location[1] = "test value"; 20 20 21 window.parent.postMessage("setValuesComplete" );21 window.parent.postMessage("setValuesComplete", "*"); 22 22 } 23 23 -
trunk/LayoutTests/http/tests/security/resources/cross-frame-iframe-for-history-put-test.html
r30157 r32922 37 37 38 38 if (window.postMessage) 39 window.parent.postMessage("storedOldValuesComplete" );39 window.parent.postMessage("storedOldValuesComplete", "*"); 40 40 } 41 41 -
trunk/LayoutTests/http/tests/security/resources/cross-frame-iframe-for-location-put-test.html
r30157 r32922 35 35 36 36 if (window.postMessage) 37 window.parent.postMessage("storedOldValuesComplete" );37 window.parent.postMessage("storedOldValuesComplete", "*"); 38 38 } 39 39 -
trunk/LayoutTests/http/tests/security/resources/xss-eval2.html
r30871 r32922 3 3 4 4 parent.childEvalCaller = function(s) { 5 return eval(s);5 return window.eval(s); 6 6 } 7 7 -
trunk/LayoutTests/http/tests/security/resources/xss-eval3.html
r30871 r32922 1 1 <script> 2 parent.postMessage("done" );2 parent.postMessage("done", "*"); 3 3 </script> -
trunk/LayoutTests/http/tests/security/xss-eval.html
r30871 r32922 26 26 } 27 27 28 addEventListener("message", function()28 document.addEventListener("message", function() 29 29 { 30 30 shouldBe("eval.call(frames[0], 'document')", (function() { try { return eval.call(frames[0], 'document'); } catch(e) { return e.name; } })(), "EvalError"); -
trunk/WebCore/ChangeLog
r32920 r32922 1 2008-05-06 Adam Barth <abarth-webkit@adambarth.com> 2 3 Reviewed by Sam Weinig. 4 5 https://bugs.webkit.org/show_bug.cgi?id=18725 6 Implement asynchronous postMessage. 7 MessageEvent no longer bubbles as per r1237 in the HTML 5 working draft. 8 9 Collin Jackson <collinj-webkit@collinjackson.com> also contributed to this patch. 10 11 Test: http/tests/security/postMessage/delivery-order.html 12 13 * dom/MessageEvent.cpp: 14 (WebCore::MessageEvent::MessageEvent): 15 * page/DOMWindow.cpp: 16 (WebCore::PostMessageTimer::PostMessageTimer): 17 (WebCore::PostMessageTimer::event): 18 (WebCore::PostMessageTimer::targetOrigin): 19 (WebCore::PostMessageTimer::fired): 20 (WebCore::DOMWindow::postMessage): 21 (WebCore::DOMWindow::postMessageTimerFired): 22 * page/DOMWindow.h: 23 * page/DOMWindow.idl: 24 1 25 2008-05-06 Anders Carlsson <andersca@apple.com> 2 26 -
trunk/WebCore/dom/MessageEvent.cpp
r32597 r32922 43 43 44 44 MessageEvent::MessageEvent(const String& data, const String& origin, DOMWindow* source) 45 : Event(messageEvent, true, true)45 : Event(messageEvent, false, true) 46 46 , m_data(data) 47 47 , m_origin(origin) -
trunk/WebCore/page/DOMWindow.cpp
r32899 r32922 80 80 namespace WebCore { 81 81 82 #if ENABLE(CROSS_DOCUMENT_MESSAGING) 83 class PostMessageTimer : public TimerBase { 84 public: 85 PostMessageTimer(DOMWindow* window, MessageEvent* event, SecurityOrigin* targetOrigin) 86 : m_window(window) 87 , m_event(event) 88 , m_targetOrigin(targetOrigin) 89 { 90 } 91 92 MessageEvent* event() const { return m_event.get(); } 93 SecurityOrigin* targetOrigin() const { return m_targetOrigin.get(); } 94 95 private: 96 virtual void fired() 97 { 98 m_window->postMessageTimerFired(this); 99 } 100 101 RefPtr<DOMWindow> m_window; 102 RefPtr<MessageEvent> m_event; 103 RefPtr<SecurityOrigin> m_targetOrigin; 104 }; 105 #endif 106 82 107 // This function: 83 108 // 1) Validates the pending changes are not changing to NaN … … 326 351 327 352 #if ENABLE(CROSS_DOCUMENT_MESSAGING) 328 void DOMWindow::postMessage(const String& message, const String& targetOrigin, DOMWindow* source, ExceptionCode& ecForSender) const 329 { 330 if (!m_frame) 331 return; 332 333 if (!targetOrigin.isNull()) { 334 KURL desiredTargetURL(targetOrigin); 335 if (!desiredTargetURL.isValid()) { 336 ecForSender = SYNTAX_ERR; 353 void DOMWindow::postMessage(const String& message, const String& targetOrigin, DOMWindow* source, ExceptionCode& ec) 354 { 355 if (!m_frame) 356 return; 357 358 // Compute the target origin. We need to do this synchronously in order 359 // to generate the SYNTAX_ERR exception correctly. 360 RefPtr<SecurityOrigin> target; 361 if (targetOrigin != "*") { 362 target = SecurityOrigin::create(KURL(targetOrigin)); 363 if (target->isEmpty()) { 364 ec = SYNTAX_ERR; 337 365 return; 338 366 } 339 340 RefPtr<SecurityOrigin> desiredTargetOrigin = SecurityOrigin::create(desiredTargetURL); 341 SecurityOrigin* actualTargetOrigin = document()->securityOrigin(); 342 if (desiredTargetOrigin->isEmpty() || !desiredTargetOrigin->isSameSchemeHostPort(actualTargetOrigin)) { 343 // The sender is not allowed to find out the origin of 344 // the recipient, so we fail silently and log a message 345 // to the console. 367 } 368 369 // Capture the source of the message. We need to do this synchronously 370 // in order to capture the source of the message correctly. 371 Document* sourceDocument = source->document(); 372 if (!sourceDocument) 373 return; 374 String sourceOrigin = sourceDocument->securityOrigin()->toString(); 375 376 // Schedule the message. 377 PostMessageTimer* timer = new PostMessageTimer(this, new MessageEvent(message, sourceOrigin, source), target.get()); 378 timer->startOneShot(0); 379 } 380 381 void DOMWindow::postMessageTimerFired(PostMessageTimer* t) 382 { 383 OwnPtr<PostMessageTimer> timer(t); 384 385 if (!document()) 386 return; 387 388 if (timer->targetOrigin()) { 389 // Check target origin now since the target document may have changed since the simer was scheduled. 390 if (!timer->targetOrigin()->isSameSchemeHostPort(document()->securityOrigin())) { 346 391 String message = String::format("Unable to post message to %s. Recipient has origin %s.\n", 347 t argetOrigin.utf8().data(), actualTargetOrigin->toString().utf8().data());392 timer->targetOrigin()->toString().utf8().data(), document()->securityOrigin()->toString().utf8().data()); 348 393 console()->addMessage(JSMessageSource, ErrorMessageLevel, message, 0, String()); 349 394 return; … … 351 396 } 352 397 353 Document* sourceDocument = source->document(); 354 if (!sourceDocument) 355 return; 356 String sourceOrigin = sourceDocument->securityOrigin()->toString(); 357 358 // Sender is not allowed to see exceptions other than syntax errors 359 ExceptionCode ec; 360 document()->dispatchEvent(new MessageEvent(message, sourceOrigin, source), ec, true); 398 ExceptionCode ec; 399 document()->dispatchEvent(timer->event(), ec, true); 361 400 } 362 401 #endif -
trunk/WebCore/page/DOMWindow.h
r32791 r32922 51 51 class History; 52 52 class Location; 53 #if ENABLE(CROSS_DOCUMENT_MESSAGING) 54 class PostMessageTimer; 55 #endif 53 56 class Navigator; 54 57 class Screen; … … 173 176 DOMApplicationCache* applicationCache() const; 174 177 #endif 178 175 179 #if ENABLE(CROSS_DOCUMENT_MESSAGING) 176 void postMessage(const String& message, const String& targetOrigin, DOMWindow* source, ExceptionCode& ecForSender) const; 180 void postMessage(const String& message, const String& targetOrigin, DOMWindow* source, ExceptionCode&); 181 void postMessageTimerFired(PostMessageTimer*); 177 182 #endif 178 183 -
trunk/WebCore/page/DOMWindow.idl
r32604 r32922 149 149 #if defined(ENABLE_CROSS_DOCUMENT_MESSAGING) 150 150 // cross-document messaging 151 [DoNotCheckDomainSecurity, Custom] void postMessage(in DOMString message, in [Optional]DOMString targetOrigin)151 [DoNotCheckDomainSecurity, Custom] void postMessage(in DOMString message, in DOMString targetOrigin) 152 152 raises(DOMException); 153 153 #endif
Note: See TracChangeset
for help on using the changeset viewer.