Changeset 86462 in webkit
- Timestamp:
- May 13, 2011 2:44:11 PM (13 years ago)
- Location:
- trunk
- Files:
-
- 4 added
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r86461 r86462 1 2011-05-13 Adam Barth <abarth@webkit.org> 2 3 Reviewed by Eric Seidel. 4 5 iframe sandbox doesn't properly block popups 6 https://bugs.webkit.org/show_bug.cgi?id=60784 7 8 Test that we block popup windows from inside sandbox. 9 10 * http/tests/security/no-popup-from-sandbox-expected.txt: Added. 11 * http/tests/security/no-popup-from-sandbox-top-expected.txt: Added. 12 * http/tests/security/no-popup-from-sandbox-top.html: Added. 13 * http/tests/security/no-popup-from-sandbox.html: Added. 14 1 15 2011-05-13 Ryosuke Niwa <rniwa@webkit.org> 2 16 -
trunk/Source/WebCore/ChangeLog
r86461 r86462 1 2011-05-13 Adam Barth <abarth@webkit.org> 2 3 Reviewed by Eric Seidel. 4 5 iframe sandbox doesn't properly block popups 6 https://bugs.webkit.org/show_bug.cgi?id=60784 7 8 Previously, we weren't implementing this requirement from the spec: 9 10 "This flag also prevents content from creating new auxiliary browsing 11 contexts, e.g. using the target attribute or the window.open() method." 12 13 Tests: http/tests/security/no-popup-from-sandbox-top.html 14 http/tests/security/no-popup-from-sandbox.html 15 16 * loader/PolicyChecker.cpp: 17 (WebCore::PolicyChecker::checkNewWindowPolicy): 18 1 19 2011-05-13 Ryosuke Niwa <rniwa@webkit.org> 2 20 -
trunk/Source/WebCore/loader/PolicyChecker.cpp
r80475 r86462 38 38 #include "FrameLoaderClient.h" 39 39 #include "HTMLFormElement.h" 40 #include "SecurityOrigin.h" 40 41 41 42 namespace WebCore { … … 93 94 const ResourceRequest& request, PassRefPtr<FormState> formState, const String& frameName, void* argument) 94 95 { 96 if (m_frame->document() && m_frame->document()->securityOrigin()->isSandboxed(SandboxNavigation)) 97 return continueAfterNavigationPolicy(PolicyIgnore); 98 95 99 m_callback.set(request, formState, frameName, action, function, argument); 96 100 m_frame->loader()->client()->dispatchDecidePolicyForNewWindowAction(&PolicyChecker::continueAfterNewWindowPolicy,
Note: See TracChangeset
for help on using the changeset viewer.