Changeset 99138 in webkit

Timestamp:

Nov 2, 2011 9:39:32 PM (12 years ago)

Author:

abarth@webkit.org

Message:

Implement allow-popups for iframe@sandbox
​https://bugs.webkit.org/show_bug.cgi?id=66505

Reviewed by Eric Seidel.

Source/WebCore:

There's been some discussion in the HTML working group about adding an
allow-popups directive to the iframe sandbox. Microsoft has added it
to IE10 platform preview and is fairly adamant about this feature
because it's needed by one or their products that's planning to use
iframe sandbox. Hixie says he'll add it to the spec once we implement
it, so here's our implementation. (See discussion in the W3C linked in
the bug for more details.)

Tests: http/tests/security/popup-allowed-by-sandbox-is-sandboxed-control.html

http/tests/security/popup-allowed-by-sandbox-is-sandboxed.html
http/tests/security/popup-allowed-by-sandbox-when-allowed.html

• html/HTMLIFrameElement.cpp:

(WebCore::HTMLIFrameElement::parseMappedAttribute):

• loader/FrameLoader.cpp:

(WebCore::FrameLoader::setOpener):
(WebCore::createWindow):

• loader/FrameLoader.h:

(WebCore::FrameLoader::forceSandboxFlags):

• loader/FrameLoaderTypes.h:
• loader/PolicyChecker.cpp:

(WebCore::PolicyChecker::checkNewWindowPolicy):

• page/SecurityOrigin.cpp:

(WebCore::SecurityOrigin::parseSandboxPolicy):

• page/SecurityOrigin.h:

(WebCore::SecurityOrigin::sandboxFlags):

• svg/graphics/SVGImage.cpp:

(WebCore::SVGImage::dataChanged):

LayoutTests:

Test that the allow-popups directive works as expected. Note:
no-popup-from-sandbox.html verifies that we still block popups without
the directive.

• http/tests/security/popup-allowed-by-sandbox-is-sandboxed-control-expected.txt: Added.
• http/tests/security/popup-allowed-by-sandbox-is-sandboxed-control.html: Added.
• http/tests/security/popup-allowed-by-sandbox-is-sandboxed-expected.txt: Added.
• http/tests/security/popup-allowed-by-sandbox-is-sandboxed.html: Added.
• http/tests/security/popup-allowed-by-sandbox-when-allowed-expected.txt: Added.
• http/tests/security/popup-allowed-by-sandbox-when-allowed.html: Added.

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/http/tests/security/popup-allowed-by-sandbox-is-sandboxed-control-expected.txt (added)
• LayoutTests/http/tests/security/popup-allowed-by-sandbox-is-sandboxed-control.html (added)
• LayoutTests/http/tests/security/popup-allowed-by-sandbox-is-sandboxed-expected.txt (added)
• LayoutTests/http/tests/security/popup-allowed-by-sandbox-is-sandboxed.html (added)
• LayoutTests/http/tests/security/popup-allowed-by-sandbox-when-allowed-expected.txt (added)
• LayoutTests/http/tests/security/popup-allowed-by-sandbox-when-allowed.html (added)
• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/html/HTMLIFrameElement.cpp (modified) (3 diffs)
• Source/WebCore/loader/FrameLoader.cpp (modified) (2 diffs)
• Source/WebCore/loader/FrameLoader.h (modified) (1 diff)
• Source/WebCore/loader/FrameLoaderTypes.h (modified) (1 diff)
• Source/WebCore/loader/PolicyChecker.cpp (modified) (1 diff)
• Source/WebCore/page/SecurityOrigin.cpp (modified) (1 diff)
• Source/WebCore/page/SecurityOrigin.h (modified) (3 diffs)
• Source/WebCore/svg/graphics/SVGImage.cpp (modified) (1 diff)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2011-11-02  Adam Barth  <abarth@webkit.org>
+
+        Implement allow-popups for iframe@sandbox
+        https://bugs.webkit.org/show_bug.cgi?id=66505
+
+        Reviewed by Eric Seidel.
+
+        Test that the allow-popups directive works as expected.  Note:
+        no-popup-from-sandbox.html verifies that we still block popups without
+        the directive.
+
+        * http/tests/security/popup-allowed-by-sandbox-is-sandboxed-control-expected.txt: Added.
+        * http/tests/security/popup-allowed-by-sandbox-is-sandboxed-control.html: Added.
+        * http/tests/security/popup-allowed-by-sandbox-is-sandboxed-expected.txt: Added.
+        * http/tests/security/popup-allowed-by-sandbox-is-sandboxed.html: Added.
+        * http/tests/security/popup-allowed-by-sandbox-when-allowed-expected.txt: Added.
+        * http/tests/security/popup-allowed-by-sandbox-when-allowed.html: Added.
+
 2011-11-02  Sam Weinig  <sam@webkit.org>
 

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2011-11-02  Adam Barth  <abarth@webkit.org>
+
+        Implement allow-popups for iframe@sandbox
+        https://bugs.webkit.org/show_bug.cgi?id=66505
+
+        Reviewed by Eric Seidel.
+
+        There's been some discussion in the HTML working group about adding an
+        allow-popups directive to the iframe sandbox.  Microsoft has added it
+        to IE10 platform preview and is fairly adamant about this feature
+        because it's needed by one or their products that's planning to use
+        iframe sandbox.  Hixie says he'll add it to the spec once we implement
+        it, so here's our implementation.  (See discussion in the W3C linked in
+        the bug for more details.)
+
+        Tests: http/tests/security/popup-allowed-by-sandbox-is-sandboxed-control.html
+               http/tests/security/popup-allowed-by-sandbox-is-sandboxed.html
+               http/tests/security/popup-allowed-by-sandbox-when-allowed.html
+
+        * html/HTMLIFrameElement.cpp:
+        (WebCore::HTMLIFrameElement::parseMappedAttribute):
+        * loader/FrameLoader.cpp:
+        (WebCore::FrameLoader::setOpener):
+        (WebCore::createWindow):
+        * loader/FrameLoader.h:
+        (WebCore::FrameLoader::forceSandboxFlags):
+        * loader/FrameLoaderTypes.h:
+        * loader/PolicyChecker.cpp:
+        (WebCore::PolicyChecker::checkNewWindowPolicy):
+        * page/SecurityOrigin.cpp:
+        (WebCore::SecurityOrigin::parseSandboxPolicy):
+        * page/SecurityOrigin.h:
+        (WebCore::SecurityOrigin::sandboxFlags):
+        * svg/graphics/SVGImage.cpp:
+        (WebCore::SVGImage::dataChanged):
+
 2011-11-02  Sam Weinig  <sam@webkit.org>
 

trunk/Source/WebCore/html/HTMLIFrameElement.cpp

@@ -33 +33 @@
 #include "NodeRenderingContext.h"
 #include "RenderIFrame.h"
+#include "SecurityOrigin.h"
 
 namespace WebCore {
@@ -69 +70 @@
 }
 
-static SandboxFlags parseSandboxAttribute(Attribute* attribute)
-{
-    if (attribute->isNull())
-        return SandboxNone;
-
-    // Parse the unordered set of unique space-separated tokens.
-    SandboxFlags flags = SandboxAll;
-    const UChar* characters = attribute->value().characters();
-    unsigned length = attribute->value().length();
-    unsigned start = 0;
-    while (true) {
-        while (start < length && isASCIISpace(characters[start]))
-            ++start;
-        if (start >= length)
-            break;
-        unsigned end = start + 1;
-        while (end < length && !isASCIISpace(characters[end]))
-            ++end;
-
-        // Turn off the corresponding sandbox flag if it's set as "allowed".
-        String sandboxToken = String(characters + start, end - start);
-        if (equalIgnoringCase(sandboxToken, "allow-same-origin"))
-            flags &= ~SandboxOrigin;
-        else if (equalIgnoringCase(sandboxToken, "allow-forms"))
-            flags &= ~SandboxForms;
-        else if (equalIgnoringCase(sandboxToken, "allow-scripts"))
-            flags &= ~SandboxScripts;
-        else if (equalIgnoringCase(sandboxToken, "allow-top-navigation"))
-            flags &= ~SandboxTopNavigation;
-
-        start = end + 1;
-    }
-
-    return flags;
-}
-
 void HTMLIFrameElement::parseMappedAttribute(Attribute* attr)
 {
@@ -128 +93 @@
             addCSSLength(attr, CSSPropertyBorderWidth, "0");
     } else if (attr->name() == sandboxAttr)
-        setSandboxFlags(parseSandboxAttribute(attr));
+        setSandboxFlags(attr->isNull() ? SandboxNone : SecurityOrigin::parseSandboxPolicy(attr->value()));
     else
         HTMLFrameElementBase::parseMappedAttribute(attr);

trunk/Source/WebCore/loader/FrameLoader.cpp

@@ -946 +946 @@
     if (opener)
         opener->loader()->m_openedFrames.add(m_frame);
+
     m_opener = opener;
+
+    if (m_opener && !m_frame->tree()->parent())
+        forceSandboxFlags(m_opener->document()->securityOrigin()->sandboxFlags());
 
     if (m_frame->document()) {
@@ -3269 +3273 @@
 
     // Sandboxed frames cannot open new auxiliary browsing contexts.
-    if (isDocumentSandboxed(openerFrame, SandboxNavigation))
+    if (isDocumentSandboxed(openerFrame, SandboxPopups))
         return 0;
 

trunk/Source/WebCore/loader/FrameLoader.h

@@ -216 +216 @@
     // The following sandbox flags will be forced, regardless of changes to
     // the sandbox attribute of any parent frames.
-    void setForcedSandboxFlags(SandboxFlags flags) { m_forcedSandboxFlags = flags; m_sandboxFlags |= flags; }
+    void forceSandboxFlags(SandboxFlags flags) { m_forcedSandboxFlags |= flags; m_sandboxFlags |= flags; }
 
     // Mixed content related functions.

trunk/Source/WebCore/loader/FrameLoaderTypes.h

@@ -101 +101 @@
         SandboxScripts = 1 << 4,
         SandboxTopNavigation = 1 << 5,
+        SandboxPopups = 1 << 6,
         SandboxAll = -1 // Mask with all bits set to 1.
     };

trunk/Source/WebCore/loader/PolicyChecker.cpp

@@ -94 +94 @@
     const ResourceRequest& request, PassRefPtr<FormState> formState, const String& frameName, void* argument)
 {
-    if (m_frame->document() && m_frame->document()->securityOrigin()->isSandboxed(SandboxNavigation))
+    if (m_frame->document() && m_frame->document()->securityOrigin()->isSandboxed(SandboxPopups))
         return continueAfterNavigationPolicy(PolicyIgnore);
 

trunk/Source/WebCore/page/SecurityOrigin.cpp

@@ -544 +544 @@
 }
 
+SandboxFlags SecurityOrigin::parseSandboxPolicy(const String& policy)
+{
+    // Parse the unordered set of unique space-separated tokens.
+    SandboxFlags flags = SandboxAll;
+    const UChar* characters = policy.characters();
+    unsigned length = policy.length();
+    unsigned start = 0;
+    while (true) {
+        while (start < length && isASCIISpace(characters[start]))
+            ++start;
+        if (start >= length)
+            break;
+        unsigned end = start + 1;
+        while (end < length && !isASCIISpace(characters[end]))
+            ++end;
+
+        // Turn off the corresponding sandbox flag if it's set as "allowed".
+        String sandboxToken = String(characters + start, end - start);
+        if (equalIgnoringCase(sandboxToken, "allow-same-origin"))
+            flags &= ~SandboxOrigin;
+        else if (equalIgnoringCase(sandboxToken, "allow-forms"))
+            flags &= ~SandboxForms;
+        else if (equalIgnoringCase(sandboxToken, "allow-scripts"))
+            flags &= ~SandboxScripts;
+        else if (equalIgnoringCase(sandboxToken, "allow-top-navigation"))
+            flags &= ~SandboxTopNavigation;
+        else if (equalIgnoringCase(sandboxToken, "allow-popups"))
+            flags &= ~SandboxPopups;
+
+        start = end + 1;
+    }
+
+    return flags;
+}
+
 void SecurityOrigin::setLocalLoadPolicy(LocalLoadPolicy policy)
 {

trunk/Source/WebCore/page/SecurityOrigin.h

@@ -57 +57 @@
     bool domainWasSetInDOM() const { return m_domainWasSetInDOM; }
 
+    // FIXME: This should move to SchemeRegistry.
     static void setDomainRelaxationForbiddenForURLScheme(bool forbidden, const String&);
     static bool isDomainRelaxationForbiddenForURLScheme(const String&);
@@ -115 +116 @@
 
     bool isSandboxed(SandboxFlags mask) const { return m_sandboxFlags & mask; }
+    SandboxFlags sandboxFlags() const { return m_sandboxFlags; }
 
     bool canAccessDatabase() const { return !isUnique(); }
@@ -178 +180 @@
     // (and whether it was set) but considering the host. It is used for postMessage.
     bool isSameSchemeHostPort(const SecurityOrigin*) const;
+
+    static SandboxFlags parseSandboxPolicy(const String& policy);
 
     static bool shouldHideReferrer(const KURL&, const String& referrer);

trunk/Source/WebCore/svg/graphics/SVGImage.cpp

@@ -314 +314 @@
         frame->init();
         FrameLoader* loader = frame->loader();
-        loader->setForcedSandboxFlags(SandboxAll);
+        loader->forceSandboxFlags(SandboxAll);
 
         frame->view()->setCanHaveScrollbars(false); // SVG Images will always synthesize a viewBox, if it's not available, and thus never see scrollbars.