Diff
Modified: branches/safari-613-branch/LayoutTests/ChangeLog (288319 => 288320)
--- branches/safari-613-branch/LayoutTests/ChangeLog 2022-01-20 21:26:38 UTC (rev 288319)
+++ branches/safari-613-branch/LayoutTests/ChangeLog 2022-01-20 21:26:43 UTC (rev 288320)
@@ -1,3 +1,45 @@
+2022-01-20 Russell Epstein <repst...@apple.com>
+
+ Cherry-pick r288078. rdar://problem/87662271
+
+ database names leak cross-origin within the same browser session
+ https://bugs.webkit.org/show_bug.cgi?id=233548
+
+ Reviewed by Geoff Garen.
+
+ Source/WebCore:
+
+ Test: http/tests/security/getdatabases-crossorigin.html
+
+ * Modules/indexeddb/server/IDBServer.cpp:
+ (WebCore::IDBServer::IDBServer::getAllDatabaseNamesAndVersions): When iterating the set of all open
+ UniqueIDBDatabases, only add them to the results list if their origins match.
+
+ * page/ClientOrigin.h:
+ (WebCore::ClientOrigin::operator!= const):
+
+ LayoutTests:
+
+ * http/tests/security/getdatabases-crossorigin-expected.txt: Added.
+ * http/tests/security/getdatabases-crossorigin.html: Added.
+ * http/tests/security/resources/getdatabases-otherframe.html: Added.
+ * http/tests/security/resources/getdatabases-otherwindow.html: Added.
+
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@288078 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2022-01-16 Brady Eidson <beid...@apple.com>
+
+ database names leak cross-origin within the same browser session
+ https://bugs.webkit.org/show_bug.cgi?id=233548
+
+ Reviewed by Geoff Garen.
+
+ * http/tests/security/getdatabases-crossorigin-expected.txt: Added.
+ * http/tests/security/getdatabases-crossorigin.html: Added.
+ * http/tests/security/resources/getdatabases-otherframe.html: Added.
+ * http/tests/security/resources/getdatabases-otherwindow.html: Added.
+
2022-01-10 Carlos Garcia Campos <cgar...@igalia.com>
[GTK][a11y] WTR: do not show html-id and toolkit attributes in test results
Added: branches/safari-613-branch/LayoutTests/http/tests/security/getdatabases-crossorigin-expected.txt (0 => 288320)
--- branches/safari-613-branch/LayoutTests/http/tests/security/getdatabases-crossorigin-expected.txt (rev 0)
+++ branches/safari-613-branch/LayoutTests/http/tests/security/getdatabases-crossorigin-expected.txt 2022-01-20 21:26:43 UTC (rev 288320)
@@ -0,0 +1,4 @@
+CONSOLE MESSAGE: Message received from other context
+CONSOLE MESSAGE: Message received from other context
+CONSOLE MESSAGE: PASS
+
Added: branches/safari-613-branch/LayoutTests/http/tests/security/getdatabases-crossorigin.html (0 => 288320)
--- branches/safari-613-branch/LayoutTests/http/tests/security/getdatabases-crossorigin.html (rev 0)
+++ branches/safari-613-branch/LayoutTests/http/tests/security/getdatabases-crossorigin.html 2022-01-20 21:26:43 UTC (rev 288320)
@@ -0,0 +1,43 @@
+<!-- webkit-test-runner [ _javascript_CanOpenWindowsAutomatically=true ] -->
+<html>
+<head>
+<script>
+
+if (window.location.hostname == "localhost")
+ console.log("FAIL: Must be run as 127.0.0.1, not localhost");
+
+if (window.testRunner) {
+ testRunner.dumpAsText();
+ testRunner.waitUntilDone();
+}
+
+var messagesReceived = 0;
+
+window._onmessage_ = function(event) {
+ console.log("Message received from other context")
+
+ if (++messagesReceived < 2)
+ return;
+
+ indexedDB.databases().then((result) => {
+ databases = result;
+ if (databases.length != 0)
+ console.log("FAIL: There are " + databases.length + " database(s) when there should be 0");
+ else
+ console.log("PASS");
+ if (testRunner)
+ testRunner.notifyDone();
+ });
+};
+
+function openOtherWindow()
+{
+ window.open("http://localhost:8000/security/resources/getdatabases-otherwindow.html")
+}
+
+</script>
+</head>
+<body _onload_="openOtherWindow()">
+<iframe src=""
+</body>
+</html>
\ No newline at end of file
Added: branches/safari-613-branch/LayoutTests/http/tests/security/resources/getdatabases-otherframe.html (0 => 288320)
--- branches/safari-613-branch/LayoutTests/http/tests/security/resources/getdatabases-otherframe.html (rev 0)
+++ branches/safari-613-branch/LayoutTests/http/tests/security/resources/getdatabases-otherframe.html 2022-01-20 21:26:43 UTC (rev 288320)
@@ -0,0 +1,9 @@
+<head>
+<script>
+indexedDB.deleteDatabase('getdatabase-otherframe')._onsuccess_ = () => {
+ indexedDB.open('getdatabase-otherframe')._onsuccess_ = () => {
+ window.parent.postMessage("Hi there!", "*");
+ }
+}
+</script>
+</head>
Added: branches/safari-613-branch/LayoutTests/http/tests/security/resources/getdatabases-otherwindow.html (0 => 288320)
--- branches/safari-613-branch/LayoutTests/http/tests/security/resources/getdatabases-otherwindow.html (rev 0)
+++ branches/safari-613-branch/LayoutTests/http/tests/security/resources/getdatabases-otherwindow.html 2022-01-20 21:26:43 UTC (rev 288320)
@@ -0,0 +1,9 @@
+<head>
+<script>
+indexedDB.deleteDatabase('getdatabase-otherwindow')._onsuccess_ = () => {
+ indexedDB.open('getdatabase-otherwindow')._onsuccess_ = () => {
+ window.opener.postMessage("Hi there!", "*");
+ }
+}
+</script>
+</head>
Modified: branches/safari-613-branch/Source/WebCore/ChangeLog (288319 => 288320)
--- branches/safari-613-branch/Source/WebCore/ChangeLog 2022-01-20 21:26:38 UTC (rev 288319)
+++ branches/safari-613-branch/Source/WebCore/ChangeLog 2022-01-20 21:26:43 UTC (rev 288320)
@@ -1,3 +1,49 @@
+2022-01-20 Russell Epstein <repst...@apple.com>
+
+ Cherry-pick r288078. rdar://problem/87662271
+
+ database names leak cross-origin within the same browser session
+ https://bugs.webkit.org/show_bug.cgi?id=233548
+
+ Reviewed by Geoff Garen.
+
+ Source/WebCore:
+
+ Test: http/tests/security/getdatabases-crossorigin.html
+
+ * Modules/indexeddb/server/IDBServer.cpp:
+ (WebCore::IDBServer::IDBServer::getAllDatabaseNamesAndVersions): When iterating the set of all open
+ UniqueIDBDatabases, only add them to the results list if their origins match.
+
+ * page/ClientOrigin.h:
+ (WebCore::ClientOrigin::operator!= const):
+
+ LayoutTests:
+
+ * http/tests/security/getdatabases-crossorigin-expected.txt: Added.
+ * http/tests/security/getdatabases-crossorigin.html: Added.
+ * http/tests/security/resources/getdatabases-otherframe.html: Added.
+ * http/tests/security/resources/getdatabases-otherwindow.html: Added.
+
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@288078 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2022-01-16 Brady Eidson <beid...@apple.com>
+
+ database names leak cross-origin within the same browser session
+ https://bugs.webkit.org/show_bug.cgi?id=233548
+
+ Reviewed by Geoff Garen.
+
+ Test: http/tests/security/getdatabases-crossorigin.html
+
+ * Modules/indexeddb/server/IDBServer.cpp:
+ (WebCore::IDBServer::IDBServer::getAllDatabaseNamesAndVersions): When iterating the set of all open
+ UniqueIDBDatabases, only add them to the results list if their origins match.
+
+ * page/ClientOrigin.h:
+ (WebCore::ClientOrigin::operator!= const):
+
2022-01-11 Russell Epstein <repst...@apple.com>
Cherry-pick r287884. rdar://problem/87206692
Modified: branches/safari-613-branch/Source/WebCore/Modules/indexeddb/server/IDBServer.cpp (288319 => 288320)
--- branches/safari-613-branch/Source/WebCore/Modules/indexeddb/server/IDBServer.cpp 2022-01-20 21:26:38 UTC (rev 288319)
+++ branches/safari-613-branch/Source/WebCore/Modules/indexeddb/server/IDBServer.cpp 2022-01-20 21:26:43 UTC (rev 288320)
@@ -530,6 +530,9 @@
HashSet<String> visitedDatabasePaths;
for (auto& database : m_uniqueIDBDatabaseMap.values()) {
+ if (database->identifier().origin() != origin)
+ continue;
+
auto path = database->filePath();
if (!path.isEmpty())
visitedDatabasePaths.add(path);
Modified: branches/safari-613-branch/Source/WebCore/page/ClientOrigin.h (288319 => 288320)
--- branches/safari-613-branch/Source/WebCore/page/ClientOrigin.h 2022-01-20 21:26:38 UTC (rev 288319)
+++ branches/safari-613-branch/Source/WebCore/page/ClientOrigin.h 2022-01-20 21:26:43 UTC (rev 288320)
@@ -37,6 +37,7 @@
unsigned hash() const;
bool operator==(const ClientOrigin&) const;
+ bool operator!=(const ClientOrigin& other) const { return !(*this == other); }
template<class Encoder> void encode(Encoder&) const;
template<class Decoder> static std::optional<ClientOrigin> decode(Decoder&);
