Changeset 67100 in webkit


Ignore:
Timestamp:
Sep 9, 2010 11:46:14 AM (14 years ago)
Author:
robert@webkit.org
Message:

2010-09-09 Robert Hogan <robert@webkit.org>

Reviewed by Adam Barth.

Give WebKit clients a way to replace window.screen to
foil attempts to track users with it

This allows clients to overload the values returned by the
Screen object through the JSC manipulation API (such as
QWebFrame::addToJavaScriptWindowObject() in Qt). Clients will
want to do this when they do not want to reveal too much
explicit information about the user's desktop configuration.

https://bugs.webkit.org/show_bug.cgi?id=41802

  • fast/dom/Window/window-property-shadowing-expected.txt:
  • fast/dom/Window/window-property-shadowing.html:
  • fast/js/sputnik/Conformance/08_Types/8.6_The_Object_Type/8.6.2_Internal_Properties_and_Methods/S8.6.2_A5_T1-expected.txt:
  • fast/js/var-declarations-shadowing-expected.txt:
  • fast/js/var-declarations-shadowing.html:
  • http/tests/security/cross-frame-access-put-expected.txt:

2010-09-09 Robert Hogan <robert@webkit.org>

Reviewed by Adam Barth.

Give WebKit clients a way to replace window.screen
to foil attempts to track users with it.

This allows clients to overload the values returned by the
Screen object through the JSC manipulation API (such as
QWebFrame::addToJavaScriptWindowObject() in Qt). Clients will
want to do this when they do not want to reveal too much
explicit information about the user's desktop configuration.

https://bugs.webkit.org/show_bug.cgi?id=41802

  • page/DOMWindow.idl:
Location:
trunk
Files:
9 edited

Legend:

Unmodified
Added
Removed
  • trunk/LayoutTests/ChangeLog

    r67098 r67100  
     12010-09-09  Robert Hogan  <robert@webkit.org>
     2
     3        Reviewed by Adam Barth.
     4
     5        Give WebKit clients a way to replace window.screen to
     6        foil attempts to track users with it
     7
     8        This allows clients to overload the values returned by the
     9        Screen object through the JSC manipulation API (such as
     10        QWebFrame::addToJavaScriptWindowObject() in Qt). Clients will
     11        want to do this when they do not want to reveal too much
     12        explicit information about the user's desktop configuration.
     13
     14        https://bugs.webkit.org/show_bug.cgi?id=41802
     15
     16        * fast/dom/Window/window-property-shadowing-expected.txt:
     17        * fast/dom/Window/window-property-shadowing.html:
     18        * fast/js/sputnik/Conformance/08_Types/8.6_The_Object_Type/8.6.2_Internal_Properties_and_Methods/S8.6.2_A5_T1-expected.txt:
     19        * fast/js/var-declarations-shadowing-expected.txt:
     20        * fast/js/var-declarations-shadowing.html:
     21        * http/tests/security/cross-frame-access-put-expected.txt:
     22
    1232010-09-09  Dean Jackson  <dino@apple.com>
    224
  • trunk/LayoutTests/fast/dom/Window/window-property-shadowing-expected.txt

    r29428 r67100  
    1616PASS: navigator successfully shadowed
    1717PASS: clientInformation successfully shadowed
     18PASS: screen successfully shadowed
    1819PASS: offscreenBuffering successfully shadowed
    1920PASS: opener successfully shadowed
  • trunk/LayoutTests/fast/dom/Window/window-property-shadowing.html

    r29590 r67100  
    5050        var clientInformation = 1;
    5151        log(clientInformation == 1 ? "PASS: clientInformation successfully shadowed" : "FAIL: clientInformation was not shadowed");
     52        var screen = 1;
     53        log(screen == 1 ? "PASS: screen successfully shadowed" : "FAIL: screen was not shadowed");
    5254        var offscreenBuffering = 2;
    5355        log(offscreenBuffering == 2 ? "PASS: offscreenBuffering successfully shadowed" : "FAIL: offscreenBuffering was not shadowed");
  • trunk/LayoutTests/fast/js/sputnik/Conformance/08_Types/8.6_The_Object_Type/8.6.2_Internal_Properties_and_Methods/S8.6.2_A5_T1-expected.txt

    r58534 r67100  
    11S8.6.2_A5_T1
    22
    3 FAIL TypeError: Result of expression 'screen.touch' [undefined] is not a function.
     3PASS
    44
    55TEST COMPLETE
  • trunk/LayoutTests/fast/js/var-declarations-shadowing-expected.txt

    r29428 r67100  
    8181PASS: defaultstatus == marker should be true and is.
    8282PASS: eval('defaultstatus == marker') should be true and is.
     83PASS: screen == marker should be true and is.
     84PASS: eval('screen == marker') should be true and is.
    8385-----
    84 PASS: screen == marker should be false and is.
    85 PASS: eval('screen == marker') should be false and is.
    8686PASS: history == marker should be false and is.
    8787PASS: eval('history == marker') should be false and is.
  • trunk/LayoutTests/fast/js/var-declarations-shadowing.html

    r29428 r67100  
    254254shouldBe(eval('defaultstatus == marker'), "eval('defaultstatus == marker')", true);
    255255
     256try {
     257    eval("var screen = marker");
     258} catch(e) { }
     259shouldBe(screen == marker, "screen == marker", true);
     260shouldBe(eval('screen == marker'), "eval('screen == marker')", true);
     261
    256262log("-----");
    257 
    258 try {
    259     eval("var screen = marker");
    260 } catch(e) { }
    261 shouldBe(screen == marker, "screen == marker", false);
    262 shouldBe(eval('screen == marker'), "eval('screen == marker')", false);
    263263
    264264try {
  • trunk/LayoutTests/http/tests/security/cross-frame-access-put-expected.txt

    r61599 r67100  
    11CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/cross-frame-access-put.html from frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-put-test.html. Domains, protocols and ports must match.
     2
     3CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-put-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-put.html. Domains, protocols and ports must match.
    24
    35CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-put-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-put.html. Domains, protocols and ports must match.
  • trunk/WebCore/ChangeLog

    r67099 r67100  
     12010-09-09  Robert Hogan  <robert@webkit.org>
     2
     3        Reviewed by Adam Barth.
     4
     5        Give WebKit clients a way to replace window.screen
     6        to foil attempts to track users with it.
     7
     8        This allows clients to overload the values returned by the
     9        Screen object through the JSC manipulation API (such as
     10        QWebFrame::addToJavaScriptWindowObject() in Qt). Clients will
     11        want to do this when they do not want to reveal too much
     12        explicit information about the user's desktop configuration.
     13
     14        https://bugs.webkit.org/show_bug.cgi?id=41802
     15
     16        * page/DOMWindow.idl:
     17
    1182010-09-09  Kenneth Russell  <kbr@google.com>
    219
  • trunk/WebCore/page/DOMWindow.idl

    r66802 r67100  
    4545    ] DOMWindow {
    4646        // DOM Level 0
    47         readonly attribute Screen screen;
     47        attribute [Replaceable] Screen screen;
    4848        readonly attribute [DoNotCheckDomainSecurity, JSCCustomGetter] History history;
    4949        attribute [Replaceable] BarInfo locationbar;
Note: See TracChangeset for help on using the changeset viewer.