Diff
Modified: trunk/LayoutTests/ChangeLog (205095 => 205096)
--- trunk/LayoutTests/ChangeLog 2016-08-28 05:24:39 UTC (rev 205095)
+++ trunk/LayoutTests/ChangeLog 2016-08-28 05:29:05 UTC (rev 205096)
@@ -1,3 +1,22 @@
+2016-08-27 Chris Dumez <[email protected]>
+
+ Update generated bindings to throw a SecurityError when denying cross-origin access to properties
+ https://bugs.webkit.org/show_bug.cgi?id=161270
+
+ Reviewed by Darin Adler.
+
+ Update / rebaseline existing tests to reflect behavior change.
+
+ * http/tests/security/aboutBlank/xss-DENIED-set-opener-expected.txt:
+ * http/tests/security/cross-frame-access-call-expected.txt:
+ * http/tests/security/cross-frame-access-call.html:
+ * http/tests/security/cross-origin-window-property-access-expected.txt:
+ * http/tests/security/location-cross-origin-expected.txt:
+ * http/tests/security/location-cross-origin.html:
+ * http/tests/security/xss-DENIED-assign-location-href-_javascript_-expected.txt:
+ * http/tests/security/xss-DENIED-method-with-iframe-proto-expected.txt:
+ * http/tests/security/xss-DENIED-method-with-iframe-proto.html:
+
2016-08-27 Jonathan Bedard <[email protected]>
WTR needs an implementation of setAutomaticLinkDetectionEnabled
Modified: trunk/LayoutTests/http/tests/security/aboutBlank/xss-DENIED-set-opener-expected.txt (205095 => 205096)
--- trunk/LayoutTests/http/tests/security/aboutBlank/xss-DENIED-set-opener-expected.txt 2016-08-28 05:24:39 UTC (rev 205095)
+++ trunk/LayoutTests/http/tests/security/aboutBlank/xss-DENIED-set-opener-expected.txt 2016-08-28 05:29:05 UTC (rev 205096)
@@ -1,4 +1,4 @@
-CONSOLE MESSAGE: line 55: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
+CONSOLE MESSAGE: line 55: SecurityError (DOM Exception 18): Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
CONSOLE MESSAGE: line 2: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
CONSOLE MESSAGE: line 1: TypeError: undefined is not an object (evaluating 'target.document.body')
This page opens a window to "", injects malicious code, and then uses window.open.call to set its opener to the victim. The opened window then tries to scripts its opener.
Modified: trunk/LayoutTests/http/tests/security/cross-frame-access-call-expected.txt (205095 => 205096)
--- trunk/LayoutTests/http/tests/security/cross-frame-access-call-expected.txt 2016-08-28 05:24:39 UTC (rev 205095)
+++ trunk/LayoutTests/http/tests/security/cross-frame-access-call-expected.txt 2016-08-28 05:29:05 UTC (rev 205096)
@@ -1,66 +1,42 @@
-CONSOLE MESSAGE: line 1: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
-CONSOLE MESSAGE: line 1: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
-CONSOLE MESSAGE: line 1: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
-CONSOLE MESSAGE: line 1: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
-CONSOLE MESSAGE: line 1: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
-CONSOLE MESSAGE: line 1: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
-CONSOLE MESSAGE: line 1: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
-CONSOLE MESSAGE: line 1: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
-CONSOLE MESSAGE: line 1: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
-CONSOLE MESSAGE: line 1: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
-CONSOLE MESSAGE: line 1: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
-CONSOLE MESSAGE: line 1: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
-CONSOLE MESSAGE: line 1: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
-CONSOLE MESSAGE: line 1: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
-CONSOLE MESSAGE: line 1: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
-CONSOLE MESSAGE: line 1: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
-CONSOLE MESSAGE: line 1: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
-CONSOLE MESSAGE: line 1: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
-CONSOLE MESSAGE: line 1: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
-CONSOLE MESSAGE: line 1: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
-CONSOLE MESSAGE: line 1: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
-CONSOLE MESSAGE: line 1: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
-CONSOLE MESSAGE: line 1: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
-CONSOLE MESSAGE: line 1: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
-CONSOLE MESSAGE: line 1: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
-CONSOLE MESSAGE: line 1: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
-CONSOLE MESSAGE: line 1: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
-CONSOLE MESSAGE: line 1: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
-CONSOLE MESSAGE: line 1: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
CONSOLE MESSAGE: line 10: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
+Tests for calling methods of another frame using Function.call
------ tests for calling methods of another frame using Function.call -----
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
-PASS: window.setTimeout.call(targetWindow, 'void(0);', 0) should be 'undefined' and is.
-PASS: window.setInterval.call(targetWindow, 'void(0);', 0) should be 'undefined' and is.
-PASS: window.getSelection.call(targetWindow) should be 'undefined' and is.
-PASS: window.find.call(targetWindow, 'string', false, false, false, false, false, false) should be 'undefined' and is.
-PASS: window.confirm.call(targetWindow, 'message') should be 'undefined' and is.
-PASS: window.prompt.call(targetWindow, 'message', 'defaultValue') should be 'undefined' and is.
-PASS: window.getComputedStyle.call(targetWindow, document.body, '') should be 'undefined' and is.
-PASS: window.getMatchedCSSRules.call(targetWindow, document.body, '') should be 'undefined' and is.
-PASS: window.openDatabase.call(targetWindow, 'name', '1.0', 'description', 0) should be 'undefined' and is.
-PASS: window.atob.call(targetWindow, 'string') should be 'undefined' and is.
-PASS: window.btoa.call(targetWindow, 'string') should be 'undefined' and is.
-PASS: window.open.call(targetWindow, '') should be 'undefined' and is.
-PASS: window.addEventListener.call(targetWindow, 'load', null, false); should be 'undefined' and is.
-PASS: window.removeEventListener.call(targetWindow, 'load', null, false); should be 'undefined' and is.
-PASS: window.dispatchEvent.call(targetWindow, new Event('click')); should be 'undefined' and is.
-PASS: window.clearTimeout.call(targetWindow, 0); should be 'undefined' and is.
-PASS: window.clearInterval.call(targetWindow, 0); should be 'undefined' and is.
-PASS: window.print.call(targetWindow); should be 'undefined' and is.
-PASS: window.stop.call(targetWindow); should be 'undefined' and is.
-PASS: window.alert.call(targetWindow, 'message'); should be 'undefined' and is.
-PASS: window.scrollBy.call(targetWindow, 0, 0); should be 'undefined' and is.
-PASS: window.scrollTo.call(targetWindow, 0, 0); should be 'undefined' and is.
-PASS: window.scroll.call(targetWindow, 0, 0); should be 'undefined' and is.
-PASS: window.moveBy.call(targetWindow, 0, 0); should be 'undefined' and is.
-PASS: window.moveTo.call(targetWindow, 0, 0); should be 'undefined' and is.
-PASS: window.resizeBy.call(targetWindow, 0, 0); should be 'undefined' and is.
-PASS: window.resizeTo.call(targetWindow, 0, 0); should be 'undefined' and is.
-PASS: window.showModalDialog.call(targetWindow); should be 'undefined' and is.
+
+PASS window.setTimeout.call(targetWindow, 'void(0);', 0) threw exception SecurityError (DOM Exception 18): Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match..
+PASS window.setInterval.call(targetWindow, 'void(0);', 0) threw exception SecurityError (DOM Exception 18): Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match..
+PASS window.getSelection.call(targetWindow) threw exception SecurityError (DOM Exception 18): Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match..
+PASS window.find.call(targetWindow, 'string', false, false, false, false, false, false) threw exception SecurityError (DOM Exception 18): Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match..
+PASS window.confirm.call(targetWindow, 'message') threw exception SecurityError (DOM Exception 18): Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match..
+PASS window.prompt.call(targetWindow, 'message', 'defaultValue') threw exception SecurityError (DOM Exception 18): Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match..
+PASS window.getComputedStyle.call(targetWindow, document.body, '') threw exception SecurityError (DOM Exception 18): Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match..
+PASS window.getMatchedCSSRules.call(targetWindow, document.body, '') threw exception SecurityError (DOM Exception 18): Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match..
+PASS window.openDatabase.call(targetWindow, 'name', '1.0', 'description', 0) threw exception SecurityError (DOM Exception 18): Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match..
+PASS window.atob.call(targetWindow, 'string') threw exception SecurityError (DOM Exception 18): Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match..
+PASS window.btoa.call(targetWindow, 'string') threw exception SecurityError (DOM Exception 18): Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match..
+PASS window.open.call(targetWindow, '') threw exception SecurityError (DOM Exception 18): Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match..
+PASS window.addEventListener.call(targetWindow, 'load', null, false); threw exception SecurityError (DOM Exception 18): Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match..
+PASS window.removeEventListener.call(targetWindow, 'load', null, false); threw exception SecurityError (DOM Exception 18): Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match..
+PASS window.dispatchEvent.call(targetWindow, new Event('click')); threw exception SecurityError (DOM Exception 18): Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match..
+PASS window.clearTimeout.call(targetWindow, 0); threw exception SecurityError (DOM Exception 18): Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match..
+PASS window.clearInterval.call(targetWindow, 0); threw exception SecurityError (DOM Exception 18): Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match..
+PASS window.print.call(targetWindow); threw exception SecurityError (DOM Exception 18): Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match..
+PASS window.stop.call(targetWindow); threw exception SecurityError (DOM Exception 18): Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match..
+PASS window.alert.call(targetWindow, 'message'); threw exception SecurityError (DOM Exception 18): Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match..
+PASS window.scrollBy.call(targetWindow, 0, 0); threw exception SecurityError (DOM Exception 18): Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match..
+PASS window.scrollTo.call(targetWindow, 0, 0); threw exception SecurityError (DOM Exception 18): Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match..
+PASS window.scroll.call(targetWindow, 0, 0); threw exception SecurityError (DOM Exception 18): Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match..
+PASS window.moveBy.call(targetWindow, 0, 0); threw exception SecurityError (DOM Exception 18): Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match..
+PASS window.moveTo.call(targetWindow, 0, 0); threw exception SecurityError (DOM Exception 18): Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match..
+PASS window.resizeBy.call(targetWindow, 0, 0); threw exception SecurityError (DOM Exception 18): Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match..
+PASS window.resizeTo.call(targetWindow, 0, 0); threw exception SecurityError (DOM Exception 18): Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match..
+PASS window.showModalDialog.call(targetWindow); threw exception SecurityError (DOM Exception 18): Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match..
PASS: window.eval.call(targetWindow, '1+2'); should be '3' and is.
-PASS: window.location.toString.call(targetWindow.location) should be 'undefined' and is.
+PASS window.location.toString.call(targetWindow.location) threw exception SecurityError (DOM Exception 18): Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match..
PASS: targetWindow.history should be 'undefined' and is.
+PASS: successfullyParsed should be 'true' and is.
+TEST COMPLETE
+
Modified: trunk/LayoutTests/http/tests/security/cross-frame-access-call.html (205095 => 205096)
--- trunk/LayoutTests/http/tests/security/cross-frame-access-call.html 2016-08-28 05:24:39 UTC (rev 205095)
+++ trunk/LayoutTests/http/tests/security/cross-frame-access-call.html 2016-08-28 05:29:05 UTC (rev 205096)
@@ -1,5 +1,6 @@
<html>
<head>
+ <script src=""
<script src=""
</head>
<body>
@@ -6,18 +7,16 @@
<iframe src="" style=""></iframe>
<pre id="console"></pre>
<script>
+description("Tests for calling methods of another frame using Function.call");
+jsTestIsAsync = true;
window.targetWindow = frames[0];
window._onload_ = function()
{
- if (window.testRunner) {
+ if (window.testRunner)
testRunner.setCanOpenWindows(true);
- testRunner.dumpAsText();
- }
- log("\n----- tests for calling methods of another frame using Function.call -----\n");
-
// Allowed
// void focus();
// void blur();
@@ -26,36 +25,36 @@
// - Tests for the Window object -
// undefined value indicates failure
- shouldBe("window.setTimeout.call(targetWindow, 'void(0);', 0)", "undefined");
- shouldBe("window.setInterval.call(targetWindow, 'void(0);', 0)", "undefined");
- shouldBe("window.getSelection.call(targetWindow)", "undefined");
- shouldBe("window.find.call(targetWindow, 'string', false, false, false, false, false, false)", "undefined");
- shouldBe("window.confirm.call(targetWindow, 'message')", "undefined");
- shouldBe("window.prompt.call(targetWindow, 'message', 'defaultValue')", "undefined");
- shouldBe("window.getComputedStyle.call(targetWindow, document.body, '')", "undefined");
- shouldBe("window.getMatchedCSSRules.call(targetWindow, document.body, '')", "undefined");
- shouldBe("window.openDatabase.call(targetWindow, 'name', '1.0', 'description', 0)", "undefined");
- shouldBe("window.atob.call(targetWindow, 'string')", "undefined");
- shouldBe("window.btoa.call(targetWindow, 'string')", "undefined");
- shouldBe("window.open.call(targetWindow, '')", "undefined");
+ shouldThrowErrorName("window.setTimeout.call(targetWindow, 'void(0);', 0)", "SecurityError");
+ shouldThrowErrorName("window.setInterval.call(targetWindow, 'void(0);', 0)", "SecurityError");
+ shouldThrowErrorName("window.getSelection.call(targetWindow)", "SecurityError");
+ shouldThrowErrorName("window.find.call(targetWindow, 'string', false, false, false, false, false, false)", "SecurityError");
+ shouldThrowErrorName("window.confirm.call(targetWindow, 'message')", "SecurityError");
+ shouldThrowErrorName("window.prompt.call(targetWindow, 'message', 'defaultValue')", "SecurityError");
+ shouldThrowErrorName("window.getComputedStyle.call(targetWindow, document.body, '')", "SecurityError");
+ shouldThrowErrorName("window.getMatchedCSSRules.call(targetWindow, document.body, '')", "SecurityError");
+ shouldThrowErrorName("window.openDatabase.call(targetWindow, 'name', '1.0', 'description', 0)", "SecurityError");
+ shouldThrowErrorName("window.atob.call(targetWindow, 'string')", "SecurityError");
+ shouldThrowErrorName("window.btoa.call(targetWindow, 'string')", "SecurityError");
+ shouldThrowErrorName("window.open.call(targetWindow, '')", "SecurityError");
// These always return undefined so we use the error console to detect failure
- shouldBe("window.addEventListener.call(targetWindow, 'load', null, false);", "undefined");
- shouldBe("window.removeEventListener.call(targetWindow, 'load', null, false);", "undefined");
- shouldBe("window.dispatchEvent.call(targetWindow, new Event('click'));", "undefined");
- shouldBe("window.clearTimeout.call(targetWindow, 0);", "undefined");
- shouldBe("window.clearInterval.call(targetWindow, 0);", "undefined");
- shouldBe("window.print.call(targetWindow);", "undefined");
- shouldBe("window.stop.call(targetWindow);", "undefined");
- shouldBe("window.alert.call(targetWindow, 'message');", "undefined");
- shouldBe("window.scrollBy.call(targetWindow, 0, 0);", "undefined");
- shouldBe("window.scrollTo.call(targetWindow, 0, 0);", "undefined");
- shouldBe("window.scroll.call(targetWindow, 0, 0);", "undefined");
- shouldBe("window.moveBy.call(targetWindow, 0, 0);", "undefined");
- shouldBe("window.moveTo.call(targetWindow, 0, 0);", "undefined");
- shouldBe("window.resizeBy.call(targetWindow, 0, 0);", "undefined");
- shouldBe("window.resizeTo.call(targetWindow, 0, 0);", "undefined");
- shouldBe("window.showModalDialog.call(targetWindow);", "undefined");
+ shouldThrowErrorName("window.addEventListener.call(targetWindow, 'load', null, false);", "SecurityError");
+ shouldThrowErrorName("window.removeEventListener.call(targetWindow, 'load', null, false);", "SecurityError");
+ shouldThrowErrorName("window.dispatchEvent.call(targetWindow, new Event('click'));", "SecurityError");
+ shouldThrowErrorName("window.clearTimeout.call(targetWindow, 0);", "SecurityError");
+ shouldThrowErrorName("window.clearInterval.call(targetWindow, 0);", "SecurityError");
+ shouldThrowErrorName("window.print.call(targetWindow);", "SecurityError");
+ shouldThrowErrorName("window.stop.call(targetWindow);", "SecurityError");
+ shouldThrowErrorName("window.alert.call(targetWindow, 'message');", "SecurityError");
+ shouldThrowErrorName("window.scrollBy.call(targetWindow, 0, 0);", "SecurityError");
+ shouldThrowErrorName("window.scrollTo.call(targetWindow, 0, 0);", "SecurityError");
+ shouldThrowErrorName("window.scroll.call(targetWindow, 0, 0);", "SecurityError");
+ shouldThrowErrorName("window.moveBy.call(targetWindow, 0, 0);", "SecurityError");
+ shouldThrowErrorName("window.moveTo.call(targetWindow, 0, 0);", "SecurityError");
+ shouldThrowErrorName("window.resizeBy.call(targetWindow, 0, 0);", "SecurityError");
+ shouldThrowErrorName("window.resizeTo.call(targetWindow, 0, 0);", "SecurityError");
+ shouldThrowErrorName("window.showModalDialog.call(targetWindow);", "SecurityError");
// Throws an EvalError and logs to the error console
shouldBe("window.eval.call(targetWindow, '1+2');", '3');
@@ -62,7 +61,7 @@
// - Tests for the Location object -
// undefined value indicates failure
- shouldBe("window.location.toString.call(targetWindow.location)", "undefined");
+ shouldThrowErrorName("window.location.toString.call(targetWindow.location)", "SecurityError");
// - Tests for the History object -
shouldBeUndefined("targetWindow.history");
@@ -69,7 +68,10 @@
// Work around DRT bug that causes subsequent tests to fail.
window.stop();
+
+ finishJSTest();
}
</script>
+<script src=""
</body>
</html>
Modified: trunk/LayoutTests/http/tests/security/cross-origin-window-property-access-expected.txt (205095 => 205096)
--- trunk/LayoutTests/http/tests/security/cross-origin-window-property-access-expected.txt 2016-08-28 05:24:39 UTC (rev 205095)
+++ trunk/LayoutTests/http/tests/security/cross-origin-window-property-access-expected.txt 2016-08-28 05:29:05 UTC (rev 205096)
@@ -1,9 +1,3 @@
-CONSOLE MESSAGE: line 1: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
-CONSOLE MESSAGE: line 1: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
-CONSOLE MESSAGE: line 1: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
-CONSOLE MESSAGE: line 1: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
-CONSOLE MESSAGE: line 1: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
-CONSOLE MESSAGE: line 1: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
CONSOLE MESSAGE: line 15: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
CONSOLE MESSAGE: line 15: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
Tests that using another window's property getter does not bypass cross-origin checks.
@@ -11,12 +5,12 @@
On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
-PASS Object.getOwnPropertyDescriptor(window, "document").get.call(crossOriginWindow) returned undefined.
-PASS Object.getOwnPropertyDescriptor(window, "name").get.call(crossOriginWindow) returned undefined.
-PASS Object.getOwnPropertyDescriptor(window, "menubar").get.call(crossOriginWindow) returned undefined.
-PASS Object.getOwnPropertyDescriptor(window, "scrollbars").get.call(crossOriginWindow) returned undefined.
-PASS Object.getOwnPropertyDescriptor(window, "navigator").get.call(crossOriginWindow) returned undefined.
-PASS Object.getOwnPropertyDescriptor(window, "screenX").get.call(crossOriginWindow) returned undefined.
+PASS Object.getOwnPropertyDescriptor(window, "document").get.call(crossOriginWindow) threw exception SecurityError (DOM Exception 18): Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match..
+PASS Object.getOwnPropertyDescriptor(window, "name").get.call(crossOriginWindow) threw exception SecurityError (DOM Exception 18): Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match..
+PASS Object.getOwnPropertyDescriptor(window, "menubar").get.call(crossOriginWindow) threw exception SecurityError (DOM Exception 18): Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match..
+PASS Object.getOwnPropertyDescriptor(window, "scrollbars").get.call(crossOriginWindow) threw exception SecurityError (DOM Exception 18): Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match..
+PASS Object.getOwnPropertyDescriptor(window, "navigator").get.call(crossOriginWindow) threw exception SecurityError (DOM Exception 18): Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match..
+PASS Object.getOwnPropertyDescriptor(window, "screenX").get.call(crossOriginWindow) threw exception SecurityError (DOM Exception 18): Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match..
PASS Object.getOwnPropertyDescriptor(window.__proto__, "constructor").get.call(crossOriginWindow) threw exception TypeError: undefined is not an object (evaluating 'Object.getOwnPropertyDescriptor(window.__proto__, "constructor").get.call').
PASS Object.getOwnPropertyDescriptor(window.__proto__, "constructor").get.call(crossOriginWindow.__proto__) threw exception TypeError: undefined is not an object (evaluating 'Object.getOwnPropertyDescriptor(window.__proto__, "constructor").get.call').
PASS crossOriginWindow.constructor returned undefined.
Modified: trunk/LayoutTests/http/tests/security/location-cross-origin-expected.txt (205095 => 205096)
--- trunk/LayoutTests/http/tests/security/location-cross-origin-expected.txt 2016-08-28 05:24:39 UTC (rev 205095)
+++ trunk/LayoutTests/http/tests/security/location-cross-origin-expected.txt 2016-08-28 05:29:05 UTC (rev 205096)
@@ -1,14 +1,3 @@
-CONSOLE MESSAGE: line 1: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
-CONSOLE MESSAGE: line 1: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
-CONSOLE MESSAGE: line 1: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
-CONSOLE MESSAGE: line 1: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
-CONSOLE MESSAGE: line 1: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
-CONSOLE MESSAGE: line 1: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
-CONSOLE MESSAGE: line 1: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
-CONSOLE MESSAGE: line 1: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
-CONSOLE MESSAGE: line 1: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
-CONSOLE MESSAGE: line 1: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
-CONSOLE MESSAGE: line 1: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
Test security checking for access to Location.
On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
@@ -27,17 +16,17 @@
PASS frames[0].location.reload() threw exception SecurityError (DOM Exception 18): Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match..
PASS frames[0].location.assign('about:blank') threw exception SecurityError (DOM Exception 18): Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match..
PASS frames[0].location.href threw exception SecurityError (DOM Exception 18): Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match..
-PASS Object.getOwnPropertyDescriptor(window.location, 'protocol').get.call(frames[0].location) is undefined.
-PASS Object.getOwnPropertyDescriptor(window.location, 'host').get.call(frames[0].location) is undefined.
-PASS Object.getOwnPropertyDescriptor(window.location, 'hostname').get.call(frames[0].location) is undefined.
-PASS Object.getOwnPropertyDescriptor(window.location, 'port').get.call(frames[0].location) is undefined.
-PASS Object.getOwnPropertyDescriptor(window.location, 'pathname').get.call(frames[0].location) is undefined.
-PASS Object.getOwnPropertyDescriptor(window.location, 'search').get.call(frames[0].location) is undefined.
-PASS Object.getOwnPropertyDescriptor(window.location, 'hash').get.call(frames[0].location) is undefined.
-PASS Object.getOwnPropertyDescriptor(window.location, 'origin').get.call(frames[0].location) is undefined.
-PASS Object.getOwnPropertyDescriptor(window.location, 'ancestorOrigins').get.call(frames[0].location) is undefined.
-PASS Object.getOwnPropertyDescriptor(window.location, 'toString').value.call(frames[0].location) is undefined.
-PASS Object.getOwnPropertyDescriptor(window.location, 'href').get.call(frames[0].location) is undefined.
+PASS Object.getOwnPropertyDescriptor(window.location, 'protocol').get.call(frames[0].location) threw exception SecurityError (DOM Exception 18): Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match..
+PASS Object.getOwnPropertyDescriptor(window.location, 'host').get.call(frames[0].location) threw exception SecurityError (DOM Exception 18): Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match..
+PASS Object.getOwnPropertyDescriptor(window.location, 'hostname').get.call(frames[0].location) threw exception SecurityError (DOM Exception 18): Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match..
+PASS Object.getOwnPropertyDescriptor(window.location, 'port').get.call(frames[0].location) threw exception SecurityError (DOM Exception 18): Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match..
+PASS Object.getOwnPropertyDescriptor(window.location, 'pathname').get.call(frames[0].location) threw exception SecurityError (DOM Exception 18): Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match..
+PASS Object.getOwnPropertyDescriptor(window.location, 'search').get.call(frames[0].location) threw exception SecurityError (DOM Exception 18): Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match..
+PASS Object.getOwnPropertyDescriptor(window.location, 'hash').get.call(frames[0].location) threw exception SecurityError (DOM Exception 18): Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match..
+PASS Object.getOwnPropertyDescriptor(window.location, 'origin').get.call(frames[0].location) threw exception SecurityError (DOM Exception 18): Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match..
+PASS Object.getOwnPropertyDescriptor(window.location, 'ancestorOrigins').get.call(frames[0].location) threw exception SecurityError (DOM Exception 18): Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match..
+PASS Object.getOwnPropertyDescriptor(window.location, 'toString').value.call(frames[0].location) threw exception SecurityError (DOM Exception 18): Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match..
+PASS Object.getOwnPropertyDescriptor(window.location, 'href').get.call(frames[0].location) threw exception SecurityError (DOM Exception 18): Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match..
PASS successfullyParsed is true
TEST COMPLETE
Modified: trunk/LayoutTests/http/tests/security/location-cross-origin.html (205095 => 205096)
--- trunk/LayoutTests/http/tests/security/location-cross-origin.html 2016-08-28 05:24:39 UTC (rev 205095)
+++ trunk/LayoutTests/http/tests/security/location-cross-origin.html 2016-08-28 05:29:05 UTC (rev 205096)
@@ -22,18 +22,17 @@
shouldThrowErrorName("frames[0].location.assign('about:blank')", "SecurityError");
shouldThrowErrorName("frames[0].location.href", "SecurityError");
- shouldBeUndefined("Object.getOwnPropertyDescriptor(window.location, 'protocol').get.call(frames[0].location)");
- shouldBeUndefined("Object.getOwnPropertyDescriptor(window.location, 'host').get.call(frames[0].location)");
- shouldBeUndefined("Object.getOwnPropertyDescriptor(window.location, 'hostname').get.call(frames[0].location)");
- shouldBeUndefined("Object.getOwnPropertyDescriptor(window.location, 'port').get.call(frames[0].location)");
- shouldBeUndefined("Object.getOwnPropertyDescriptor(window.location, 'pathname').get.call(frames[0].location)");
- shouldBeUndefined("Object.getOwnPropertyDescriptor(window.location, 'search').get.call(frames[0].location)");
- shouldBeUndefined("Object.getOwnPropertyDescriptor(window.location, 'hash').get.call(frames[0].location)");
- shouldBeUndefined("Object.getOwnPropertyDescriptor(window.location, 'origin').get.call(frames[0].location)");
- shouldBeUndefined("Object.getOwnPropertyDescriptor(window.location, 'ancestorOrigins').get.call(frames[0].location)");
- shouldBeUndefined("Object.getOwnPropertyDescriptor(window.location, 'toString').value.call(frames[0].location)");
- // The specification seems to allow access to href but Firefox does not.
- shouldBeUndefined("Object.getOwnPropertyDescriptor(window.location, 'href').get.call(frames[0].location)");
+ shouldThrowErrorName("Object.getOwnPropertyDescriptor(window.location, 'protocol').get.call(frames[0].location)", "SecurityError");
+ shouldThrowErrorName("Object.getOwnPropertyDescriptor(window.location, 'host').get.call(frames[0].location)", "SecurityError");
+ shouldThrowErrorName("Object.getOwnPropertyDescriptor(window.location, 'hostname').get.call(frames[0].location)", "SecurityError");
+ shouldThrowErrorName("Object.getOwnPropertyDescriptor(window.location, 'port').get.call(frames[0].location)", "SecurityError");
+ shouldThrowErrorName("Object.getOwnPropertyDescriptor(window.location, 'pathname').get.call(frames[0].location)", "SecurityError");
+ shouldThrowErrorName("Object.getOwnPropertyDescriptor(window.location, 'search').get.call(frames[0].location)", "SecurityError");
+ shouldThrowErrorName("Object.getOwnPropertyDescriptor(window.location, 'hash').get.call(frames[0].location)", "SecurityError");
+ shouldThrowErrorName("Object.getOwnPropertyDescriptor(window.location, 'origin').get.call(frames[0].location)", "SecurityError");
+ shouldThrowErrorName("Object.getOwnPropertyDescriptor(window.location, 'ancestorOrigins').get.call(frames[0].location)", "SecurityError");
+ shouldThrowErrorName("Object.getOwnPropertyDescriptor(window.location, 'toString').value.call(frames[0].location)", "SecurityError");
+ shouldThrowErrorName("Object.getOwnPropertyDescriptor(window.location, 'href').get.call(frames[0].location)", "SecurityError");
finishJSTest();
};
Modified: trunk/LayoutTests/http/tests/security/xss-DENIED-assign-location-href-_javascript_-expected.txt (205095 => 205096)
--- trunk/LayoutTests/http/tests/security/xss-DENIED-assign-location-href-_javascript_-expected.txt 2016-08-28 05:24:39 UTC (rev 205095)
+++ trunk/LayoutTests/http/tests/security/xss-DENIED-assign-location-href-_javascript_-expected.txt 2016-08-28 05:29:05 UTC (rev 205096)
@@ -1,5 +1,5 @@
CONSOLE MESSAGE: line 13: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
-CONSOLE MESSAGE: line 13: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
+CONSOLE MESSAGE: line 9: SecurityError (DOM Exception 18): Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
--------
Modified: trunk/LayoutTests/http/tests/security/xss-DENIED-method-with-iframe-proto-expected.txt (205095 => 205096)
--- trunk/LayoutTests/http/tests/security/xss-DENIED-method-with-iframe-proto-expected.txt 2016-08-28 05:24:39 UTC (rev 205095)
+++ trunk/LayoutTests/http/tests/security/xss-DENIED-method-with-iframe-proto-expected.txt 2016-08-28 05:29:05 UTC (rev 205096)
@@ -1,7 +1,7 @@
CONSOLE MESSAGE: line 37: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
-CONSOLE MESSAGE: line 42: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
-CONSOLE MESSAGE: line 47: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
+CONSOLE MESSAGE: line 40: TypeError: targetWindow.setTimeout is not a function. (In 'targetWindow.setTimeout(callback, 0, this)', 'targetWindow.setTimeout' is undefined)
+CONSOLE MESSAGE: line 47: SecurityError (DOM Exception 18): Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
+CONSOLE MESSAGE: line 54: SecurityError (DOM Exception 18): Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
Tests that making other frame window a prototype doesn't expose that window methods
-PASS: this.wasInvoked should be 'false' and is.
Modified: trunk/LayoutTests/http/tests/security/xss-DENIED-method-with-iframe-proto.html (205095 => 205096)
--- trunk/LayoutTests/http/tests/security/xss-DENIED-method-with-iframe-proto.html 2016-08-28 05:24:39 UTC (rev 205095)
+++ trunk/LayoutTests/http/tests/security/xss-DENIED-method-with-iframe-proto.html 2016-08-28 05:29:05 UTC (rev 205096)
@@ -36,17 +36,23 @@
try {
targetWindow.setTimeout(callback, 0, this);
needsCheck = true;
- } catch (e) { }
+ } catch (e) {
+ console.log(e);
+ }
try {
setTimeout.call(targetWindow, callback, 0, this);
needsCheck = true;
- } catch(e) { }
+ } catch(e) {
+ console.log(e);
+ }
try {
originalSetTimeout.call(targetWindow, callback, 0, this);
needsCheck = true;
- } catch(e) { }
+ } catch(e) {
+ console.log(e);
+ }
if (needsCheck) {
originalSetTimeout(check, 10);
Modified: trunk/Source/WebCore/ChangeLog (205095 => 205096)
--- trunk/Source/WebCore/ChangeLog 2016-08-28 05:24:39 UTC (rev 205095)
+++ trunk/Source/WebCore/ChangeLog 2016-08-28 05:29:05 UTC (rev 205096)
@@ -1,5 +1,29 @@
2016-08-27 Chris Dumez <[email protected]>
+ Update generated bindings to throw a SecurityError when denying cross-origin access to properties
+ https://bugs.webkit.org/show_bug.cgi?id=161270
+
+ Reviewed by Darin Adler.
+
+ Update generated bindings to throw a SecurityError when denying cross-origin
+ access to properties, as per the HTML specification:
+ - https://html.spec.whatwg.org/#crossorigingetownpropertyhelper-(-o,-p-)
+ - https://html.spec.whatwg.org/#crossoriginproperties-(-o-)
+
+ Firefox and Chrome already throw but Webkit was logging an error message and
+ returning undefined instead.
+
+ No new tests, updated existing tests.
+
+ * bindings/js/JSDOMBinding.cpp:
+ (WebCore::canAccessDocument):
+ (WebCore::BindingSecurity::shouldAllowAccessToNode):
+ * bindings/js/JSDOMBinding.h:
+ * bindings/scripts/CodeGeneratorJS.pm:
+ (GenerateImplementation):
+
+2016-08-27 Chris Dumez <[email protected]>
+
Follow-up fixes after r205030.
https://bugs.webkit.org/show_bug.cgi?id=161216
Modified: trunk/Source/WebCore/bindings/js/JSDOMBinding.cpp (205095 => 205096)
--- trunk/Source/WebCore/bindings/js/JSDOMBinding.cpp 2016-08-28 05:24:39 UTC (rev 205095)
+++ trunk/Source/WebCore/bindings/js/JSDOMBinding.cpp 2016-08-28 05:29:05 UTC (rev 205096)
@@ -760,7 +760,7 @@
return asJSDOMWindow(exec->vmEntryGlobalObject())->wrapped();
}
-static inline bool canAccessDocument(JSC::ExecState* state, Document* targetDocument, SecurityReportingOption reportingOption = ReportSecurityError)
+static inline bool canAccessDocument(JSC::ExecState* state, Document* targetDocument, SecurityReportingOption reportingOption)
{
if (!targetDocument)
return false;
@@ -770,8 +770,16 @@
if (active.document()->securityOrigin()->canAccess(targetDocument->securityOrigin()))
return true;
- if (reportingOption == ReportSecurityError)
+ switch (reportingOption) {
+ case ThrowSecurityError:
+ throwSecurityError(*state, targetDocument->domWindow()->crossDomainAccessErrorMessage(active));
+ break;
+ case LogSecurityError:
printErrorMessageForFrame(targetDocument->frame(), targetDocument->domWindow()->crossDomainAccessErrorMessage(active));
+ break;
+ case DoNotReportSecurityError:
+ break;
+ }
return false;
}
@@ -788,7 +796,7 @@
bool BindingSecurity::shouldAllowAccessToNode(JSC::ExecState* state, Node* target)
{
- return target && canAccessDocument(state, &target->document());
+ return target && canAccessDocument(state, &target->document(), LogSecurityError);
}
static EncodedJSValue throwTypeError(JSC::ExecState& state, const String& errorMessage)
Modified: trunk/Source/WebCore/bindings/js/JSDOMBinding.h (205095 => 205096)
--- trunk/Source/WebCore/bindings/js/JSDOMBinding.h 2016-08-28 05:24:39 UTC (rev 205095)
+++ trunk/Source/WebCore/bindings/js/JSDOMBinding.h 2016-08-28 05:29:05 UTC (rev 205096)
@@ -297,13 +297,17 @@
bool shouldAllowAccessToFrame(JSC::ExecState*, Frame*, String& message);
bool shouldAllowAccessToDOMWindow(JSC::ExecState*, DOMWindow&, String& message);
-enum SecurityReportingOption { DoNotReportSecurityError, ReportSecurityError };
+enum SecurityReportingOption {
+ DoNotReportSecurityError,
+ LogSecurityError, // Legacy behavior.
+ ThrowSecurityError
+};
class BindingSecurity {
public:
static bool shouldAllowAccessToNode(JSC::ExecState*, Node*);
- static bool shouldAllowAccessToDOMWindow(JSC::ExecState*, DOMWindow&, SecurityReportingOption = ReportSecurityError);
- static bool shouldAllowAccessToFrame(JSC::ExecState*, Frame*, SecurityReportingOption = ReportSecurityError);
+ static bool shouldAllowAccessToDOMWindow(JSC::ExecState*, DOMWindow&, SecurityReportingOption = LogSecurityError);
+ static bool shouldAllowAccessToFrame(JSC::ExecState*, Frame*, SecurityReportingOption = LogSecurityError);
};
void printErrorMessageForFrame(Frame*, const String& message);
Modified: trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm (205095 => 205096)
--- trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm 2016-08-28 05:24:39 UTC (rev 205095)
+++ trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm 2016-08-28 05:29:05 UTC (rev 205096)
@@ -2863,9 +2863,9 @@
!$attribute->signature->extendedAttributes->{"DoNotCheckSecurity"} &&
!$attribute->signature->extendedAttributes->{"DoNotCheckSecurityOnGetter"}) {
if ($interfaceName eq "DOMWindow") {
- push(@implContent, " if (!BindingSecurity::shouldAllowAccessToDOMWindow(state, castedThis->wrapped()))\n");
+ push(@implContent, " if (!BindingSecurity::shouldAllowAccessToDOMWindow(state, castedThis->wrapped(), ThrowSecurityError))\n");
} else {
- push(@implContent, " if (!shouldAllowAccessToFrame(state, castedThis->wrapped().frame()))\n");
+ push(@implContent, " if (!BindingSecurity::shouldAllowAccessToFrame(state, castedThis->wrapped().frame(), ThrowSecurityError))\n");
}
push(@implContent, " return JSValue::encode(jsUndefined());\n");
}
@@ -3127,9 +3127,9 @@
}
if ($interface->extendedAttributes->{"CheckSecurity"} && !$attribute->signature->extendedAttributes->{"DoNotCheckSecurity"}) {
if ($interfaceName eq "DOMWindow") {
- push(@implContent, " if (!BindingSecurity::shouldAllowAccessToDOMWindow(state, castedThis->wrapped()))\n");
+ push(@implContent, " if (!BindingSecurity::shouldAllowAccessToDOMWindow(state, castedThis->wrapped(), ThrowSecurityError))\n");
} else {
- push(@implContent, " if (!shouldAllowAccessToFrame(state, castedThis->wrapped().frame()))\n");
+ push(@implContent, " if (!BindingSecurity::shouldAllowAccessToFrame(state, castedThis->wrapped().frame(), ThrowSecurityError))\n");
}
push(@implContent, " return false;\n");
}
@@ -3425,9 +3425,9 @@
if ($interface->extendedAttributes->{"CheckSecurity"} and !$function->signature->extendedAttributes->{"DoNotCheckSecurity"}) {
if ($interfaceName eq "DOMWindow") {
- push(@implContent, " if (!BindingSecurity::shouldAllowAccessToDOMWindow(state, castedThis->wrapped()))\n");
+ push(@implContent, " if (!BindingSecurity::shouldAllowAccessToDOMWindow(state, castedThis->wrapped(), ThrowSecurityError))\n");
} else {
- push(@implContent, " if (!shouldAllowAccessToFrame(state, castedThis->wrapped().frame()))\n");
+ push(@implContent, " if (!BindingSecurity::shouldAllowAccessToFrame(state, castedThis->wrapped().frame(), ThrowSecurityError))\n");
}
push(@implContent, " return JSValue::encode(jsUndefined());\n");
}
@@ -3449,7 +3449,7 @@
if ($interface->name eq "EventTarget") {
$implIncludes{"DOMWindow.h"} = 1;
push(@implContent, " if (auto* window = castedThis->wrapped().toDOMWindow()) {\n");
- push(@implContent, " if (!window->frame() || !BindingSecurity::shouldAllowAccessToDOMWindow(state, *window))\n");
+ push(@implContent, " if (!window->frame() || !BindingSecurity::shouldAllowAccessToDOMWindow(state, *window, ThrowSecurityError))\n");
push(@implContent, " return JSValue::encode(jsUndefined());\n");
push(@implContent, " }\n");
}
Modified: trunk/Source/WebCore/bindings/scripts/test/JS/JSTestActiveDOMObject.cpp (205095 => 205096)
--- trunk/Source/WebCore/bindings/scripts/test/JS/JSTestActiveDOMObject.cpp 2016-08-28 05:24:39 UTC (rev 205095)
+++ trunk/Source/WebCore/bindings/scripts/test/JS/JSTestActiveDOMObject.cpp 2016-08-28 05:29:05 UTC (rev 205096)
@@ -149,7 +149,7 @@
if (UNLIKELY(!castedThis)) {
return throwGetterTypeError(*state, "TestActiveDOMObject", "excitingAttr");
}
- if (!shouldAllowAccessToFrame(state, castedThis->wrapped().frame()))
+ if (!BindingSecurity::shouldAllowAccessToFrame(state, castedThis->wrapped().frame(), ThrowSecurityError))
return JSValue::encode(jsUndefined());
auto& impl = castedThis->wrapped();
JSValue result = jsNumber(impl.excitingAttr());
@@ -189,7 +189,7 @@
if (UNLIKELY(!castedThis))
return throwThisTypeError(*state, "TestActiveDOMObject", "excitingFunction");
ASSERT_GC_OBJECT_INHERITS(castedThis, JSTestActiveDOMObject::info());
- if (!shouldAllowAccessToFrame(state, castedThis->wrapped().frame()))
+ if (!BindingSecurity::shouldAllowAccessToFrame(state, castedThis->wrapped().frame(), ThrowSecurityError))
return JSValue::encode(jsUndefined());
auto& impl = castedThis->wrapped();
if (UNLIKELY(state->argumentCount() < 1))
