[webkit-changes] [205200] trunk

Tue, 30 Aug 2016 15:24:55 -0700

Title: [205200] trunk
Revision
205200
Author
[email protected]
Date
2016-08-30 15:24:39 -0700 (Tue, 30 Aug 2016)

Log Message

[[Delete]] should throw for cross-origin Window / Location objects
https://bugs.webkit.org/show_bug.cgi?id=161397

Reviewed by Ryosuke Niwa.

Source/WebCore:

[[Delete]] should throw for cross-origin Window / Location objects:
- https://github.com/whatwg/html/pull/1728

Firefox and Chrome already throw. Previously, WebKit was merely
ignoring the call and logging an error message.

No new tests, updated existing test.

* bindings/js/JSDOMWindowCustom.cpp:
(WebCore::JSDOMWindow::deleteProperty):
(WebCore::JSDOMWindow::deletePropertyByIndex):
* bindings/js/JSLocationCustom.cpp:
(WebCore::JSLocation::deleteProperty):
(WebCore::JSLocation::deletePropertyByIndex):

LayoutTests:

Update / rebaseline existing test to reflect behavior change.

* http/tests/security/cross-frame-access-delete-expected.txt:
* http/tests/security/cross-frame-access-delete.html:
* http/tests/security/resources/cross-frame-iframe-for-delete-test.html:

Modified Paths

Diff

Modified: trunk/LayoutTests/ChangeLog (205199 => 205200)


--- trunk/LayoutTests/ChangeLog	2016-08-30 22:23:20 UTC (rev 205199)
+++ trunk/LayoutTests/ChangeLog	2016-08-30 22:24:39 UTC (rev 205200)
@@ -1,3 +1,16 @@
+2016-08-30  Chris Dumez  <[email protected]>
+
+        [[Delete]] should throw for cross-origin Window / Location objects
+        https://bugs.webkit.org/show_bug.cgi?id=161397
+
+        Reviewed by Ryosuke Niwa.
+
+        Update / rebaseline existing test to reflect behavior change.
+
+        * http/tests/security/cross-frame-access-delete-expected.txt:
+        * http/tests/security/cross-frame-access-delete.html:
+        * http/tests/security/resources/cross-frame-iframe-for-delete-test.html:
+
 2016-08-30  Ryan Haddad  <[email protected]>
 
         Marking js/dom/prototype-chain-caching-with-impure-get-own-property-slot-traps-5.html as flaky on mac.

Modified: trunk/LayoutTests/http/tests/security/cross-frame-access-delete-expected.txt (205199 => 205200)


--- trunk/LayoutTests/http/tests/security/cross-frame-access-delete-expected.txt	2016-08-30 22:23:20 UTC (rev 205199)
+++ trunk/LayoutTests/http/tests/security/cross-frame-access-delete-expected.txt	2016-08-30 22:24:39 UTC (rev 205200)
@@ -1,14 +1,20 @@
-CONSOLE MESSAGE: line 1: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
-CONSOLE MESSAGE: line 1: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
-CONSOLE MESSAGE: line 1: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
-CONSOLE MESSAGE: line 1: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
+Tests [[Delete]] for cross origin Window / Location.
 
-PASS: eval('delete targetWindow.existingProperty') should be 'false' and is.
-PASS: eval('delete targetWindow[1]') should be 'false' and is.
-PASS: eval('delete targetWindow.location.existingProperty') should be 'false' and is.
-PASS: eval('delete targetWindow.location[1]') should be 'false' and is.
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
 
 
+PASS delete targetWindow.existingProperty threw exception SecurityError (DOM Exception 18): Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match..
+PASS delete targetWindow.name threw exception SecurityError (DOM Exception 18): Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match..
+PASS delete targetWindow[1] threw exception SecurityError (DOM Exception 18): Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match..
+PASS delete targetWindow.location.existingProperty threw exception SecurityError (DOM Exception 18): Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match..
+PASS delete targetWindow.location.host threw exception SecurityError (DOM Exception 18): Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match..
+PASS delete targetWindow.location[1] threw exception SecurityError (DOM Exception 18): Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match..
+PASS: successfullyParsed should be 'true' and is.
+
+TEST COMPLETE
+
+
+
 --------
 Frame: '<!--framePath //<!--frame0-->-->'
 --------

Modified: trunk/LayoutTests/http/tests/security/cross-frame-access-delete.html (205199 => 205200)


--- trunk/LayoutTests/http/tests/security/cross-frame-access-delete.html	2016-08-30 22:23:20 UTC (rev 205199)
+++ trunk/LayoutTests/http/tests/security/cross-frame-access-delete.html	2016-08-30 22:24:39 UTC (rev 205200)
@@ -1,17 +1,20 @@
 <html>
 <head>
+    <script src=""
     <script src=""
     <script>
-        if (window.testRunner) {
-            testRunner.dumpAsText();
+        description("Tests [[Delete]] for cross origin Window / Location.");
+        jsTestIsAsync = true;
+
+        if (window.testRunner)
             testRunner.dumpChildFramesAsText();
-            testRunner.waitUntilDone();
-        }
 
         receiver = function(e)
         {
             if (e.data == "setValuesComplete")
                 deleteTest();
+            if (e.data == "checkValuesComplete")
+                finishJSTest();
         }
         addEventListener('message', receiver, false);
 
@@ -19,10 +22,12 @@
         {
             targetWindow = frames[0];
 
-            shouldBe("eval('delete targetWindow.existingProperty')", "false");
-            shouldBe("eval('delete targetWindow[1]')", "false");
-            shouldBe("eval('delete targetWindow.location.existingProperty')", "false");
-            shouldBe("eval('delete targetWindow.location[1]')", "false");
+            shouldThrowErrorName("delete targetWindow.existingProperty", "SecurityError");
+            shouldThrowErrorName("delete targetWindow.name", "SecurityError");
+            shouldThrowErrorName("delete targetWindow[1]", "SecurityError");
+            shouldThrowErrorName("delete targetWindow.location.existingProperty", "SecurityError");
+            shouldThrowErrorName("delete targetWindow.location.host", "SecurityError");
+            shouldThrowErrorName("delete targetWindow.location[1]", "SecurityError");
 
             targetWindow.postMessage("deletingValuesComplete", "*");
         }
@@ -31,5 +36,6 @@
 <body>
     <iframe src=""
     <pre id="console"></pre>
+    <script src=""
 </body>
 </html>

Modified: trunk/LayoutTests/http/tests/security/resources/cross-frame-iframe-for-delete-test.html (205199 => 205200)


--- trunk/LayoutTests/http/tests/security/resources/cross-frame-iframe-for-delete-test.html	2016-08-30 22:23:20 UTC (rev 205199)
+++ trunk/LayoutTests/http/tests/security/resources/cross-frame-iframe-for-delete-test.html	2016-08-30 22:24:39 UTC (rev 205200)
@@ -32,8 +32,7 @@
             shouldBe("window.location.existingProperty", "'test value'");
             shouldBe("window.location[1]", "'test value'");
 
-            if (window.testRunner)
-                testRunner.notifyDone();
+             window.parent.postMessage("checkValuesComplete", "*");
         }
     </script>
 </head>

Modified: trunk/Source/WebCore/ChangeLog (205199 => 205200)


--- trunk/Source/WebCore/ChangeLog	2016-08-30 22:23:20 UTC (rev 205199)
+++ trunk/Source/WebCore/ChangeLog	2016-08-30 22:24:39 UTC (rev 205200)
@@ -1,3 +1,25 @@
+2016-08-30  Chris Dumez  <[email protected]>
+
+        [[Delete]] should throw for cross-origin Window / Location objects
+        https://bugs.webkit.org/show_bug.cgi?id=161397
+
+        Reviewed by Ryosuke Niwa.
+
+        [[Delete]] should throw for cross-origin Window / Location objects:
+        - https://github.com/whatwg/html/pull/1728
+
+        Firefox and Chrome already throw. Previously, WebKit was merely
+        ignoring the call and logging an error message.
+
+        No new tests, updated existing test.
+
+        * bindings/js/JSDOMWindowCustom.cpp:
+        (WebCore::JSDOMWindow::deleteProperty):
+        (WebCore::JSDOMWindow::deletePropertyByIndex):
+        * bindings/js/JSLocationCustom.cpp:
+        (WebCore::JSLocation::deleteProperty):
+        (WebCore::JSLocation::deletePropertyByIndex):
+
 2016-08-30  Brady Eidson  <[email protected]>
 
         GameController.framework backend for gamepad API.

Modified: trunk/Source/WebCore/bindings/js/JSDOMWindowCustom.cpp (205199 => 205200)


--- trunk/Source/WebCore/bindings/js/JSDOMWindowCustom.cpp	2016-08-30 22:23:20 UTC (rev 205199)
+++ trunk/Source/WebCore/bindings/js/JSDOMWindowCustom.cpp	2016-08-30 22:24:39 UTC (rev 205200)
@@ -269,7 +269,7 @@
 {
     JSDOMWindow* thisObject = jsCast<JSDOMWindow*>(cell);
     // Only allow deleting properties by frames in the same origin.
-    if (!BindingSecurity::shouldAllowAccessToDOMWindow(exec, thisObject->wrapped()))
+    if (!BindingSecurity::shouldAllowAccessToDOMWindow(exec, thisObject->wrapped(), ThrowSecurityError))
         return false;
     return Base::deleteProperty(thisObject, exec, propertyName);
 }
@@ -278,7 +278,7 @@
 {
     JSDOMWindow* thisObject = jsCast<JSDOMWindow*>(cell);
     // Only allow deleting properties by frames in the same origin.
-    if (!BindingSecurity::shouldAllowAccessToDOMWindow(exec, thisObject->wrapped()))
+    if (!BindingSecurity::shouldAllowAccessToDOMWindow(exec, thisObject->wrapped(), ThrowSecurityError))
         return false;
     return Base::deletePropertyByIndex(thisObject, exec, propertyName);
 }

Modified: trunk/Source/WebCore/bindings/js/JSLocationCustom.cpp (205199 => 205200)


--- trunk/Source/WebCore/bindings/js/JSLocationCustom.cpp	2016-08-30 22:23:20 UTC (rev 205199)
+++ trunk/Source/WebCore/bindings/js/JSLocationCustom.cpp	2016-08-30 22:24:39 UTC (rev 205200)
@@ -94,7 +94,7 @@
 {
     JSLocation* thisObject = jsCast<JSLocation*>(cell);
     // Only allow deleting by frames in the same origin.
-    if (!shouldAllowAccessToFrame(exec, thisObject->wrapped().frame()))
+    if (!BindingSecurity::shouldAllowAccessToFrame(exec, thisObject->wrapped().frame(), ThrowSecurityError))
         return false;
     return Base::deleteProperty(thisObject, exec, propertyName);
 }
@@ -103,7 +103,7 @@
 {
     JSLocation* thisObject = jsCast<JSLocation*>(cell);
     // Only allow deleting by frames in the same origin.
-    if (!shouldAllowAccessToFrame(exec, thisObject->wrapped().frame()))
+    if (!BindingSecurity::shouldAllowAccessToFrame(exec, thisObject->wrapped().frame(), ThrowSecurityError))
         return false;
     return Base::deletePropertyByIndex(thisObject, exec, propertyName);
 }

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to