Diff
Modified: releases/WebKitGTK/webkit-2.14/LayoutTests/ChangeLog (205595 => 205596)
--- releases/WebKitGTK/webkit-2.14/LayoutTests/ChangeLog 2016-09-08 07:44:11 UTC (rev 205595)
+++ releases/WebKitGTK/webkit-2.14/LayoutTests/ChangeLog 2016-09-08 07:44:49 UTC (rev 205596)
@@ -1,3 +1,16 @@
+2016-08-30 Chris Dumez <[email protected]>
+
+ [[Delete]] should throw for cross-origin Window / Location objects
+ https://bugs.webkit.org/show_bug.cgi?id=161397
+
+ Reviewed by Ryosuke Niwa.
+
+ Update / rebaseline existing test to reflect behavior change.
+
+ * http/tests/security/cross-frame-access-delete-expected.txt:
+ * http/tests/security/cross-frame-access-delete.html:
+ * http/tests/security/resources/cross-frame-iframe-for-delete-test.html:
+
2016-08-30 Zalan Bujtas <[email protected]>
ASSERTION FAILED: opportunitiesInRun <= expansionOpportunityCount in WebCore::computeExpansionForJustifiedText
Modified: releases/WebKitGTK/webkit-2.14/LayoutTests/http/tests/security/cross-frame-access-delete-expected.txt (205595 => 205596)
--- releases/WebKitGTK/webkit-2.14/LayoutTests/http/tests/security/cross-frame-access-delete-expected.txt 2016-09-08 07:44:11 UTC (rev 205595)
+++ releases/WebKitGTK/webkit-2.14/LayoutTests/http/tests/security/cross-frame-access-delete-expected.txt 2016-09-08 07:44:49 UTC (rev 205596)
@@ -1,14 +1,20 @@
-CONSOLE MESSAGE: line 1: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
-CONSOLE MESSAGE: line 1: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
-CONSOLE MESSAGE: line 1: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
-CONSOLE MESSAGE: line 1: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
+Tests [[Delete]] for cross origin Window / Location.
-PASS: eval('delete targetWindow.existingProperty') should be 'false' and is.
-PASS: eval('delete targetWindow[1]') should be 'false' and is.
-PASS: eval('delete targetWindow.location.existingProperty') should be 'false' and is.
-PASS: eval('delete targetWindow.location[1]') should be 'false' and is.
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+PASS delete targetWindow.existingProperty threw exception SecurityError (DOM Exception 18): Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match..
+PASS delete targetWindow.name threw exception SecurityError (DOM Exception 18): Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match..
+PASS delete targetWindow[1] threw exception SecurityError (DOM Exception 18): Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match..
+PASS delete targetWindow.location.existingProperty threw exception SecurityError (DOM Exception 18): Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match..
+PASS delete targetWindow.location.host threw exception SecurityError (DOM Exception 18): Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match..
+PASS delete targetWindow.location[1] threw exception SecurityError (DOM Exception 18): Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match..
+PASS: successfullyParsed should be 'true' and is.
+
+TEST COMPLETE
+
+
+
--------
Frame: '<!--framePath //<!--frame0-->-->'
--------
Modified: releases/WebKitGTK/webkit-2.14/LayoutTests/http/tests/security/cross-frame-access-delete.html (205595 => 205596)
--- releases/WebKitGTK/webkit-2.14/LayoutTests/http/tests/security/cross-frame-access-delete.html 2016-09-08 07:44:11 UTC (rev 205595)
+++ releases/WebKitGTK/webkit-2.14/LayoutTests/http/tests/security/cross-frame-access-delete.html 2016-09-08 07:44:49 UTC (rev 205596)
@@ -1,17 +1,20 @@
<html>
<head>
+ <script src=""
<script src=""
<script>
- if (window.testRunner) {
- testRunner.dumpAsText();
+ description("Tests [[Delete]] for cross origin Window / Location.");
+ jsTestIsAsync = true;
+
+ if (window.testRunner)
testRunner.dumpChildFramesAsText();
- testRunner.waitUntilDone();
- }
receiver = function(e)
{
if (e.data == "setValuesComplete")
deleteTest();
+ if (e.data == "checkValuesComplete")
+ finishJSTest();
}
addEventListener('message', receiver, false);
@@ -19,10 +22,12 @@
{
targetWindow = frames[0];
- shouldBe("eval('delete targetWindow.existingProperty')", "false");
- shouldBe("eval('delete targetWindow[1]')", "false");
- shouldBe("eval('delete targetWindow.location.existingProperty')", "false");
- shouldBe("eval('delete targetWindow.location[1]')", "false");
+ shouldThrowErrorName("delete targetWindow.existingProperty", "SecurityError");
+ shouldThrowErrorName("delete targetWindow.name", "SecurityError");
+ shouldThrowErrorName("delete targetWindow[1]", "SecurityError");
+ shouldThrowErrorName("delete targetWindow.location.existingProperty", "SecurityError");
+ shouldThrowErrorName("delete targetWindow.location.host", "SecurityError");
+ shouldThrowErrorName("delete targetWindow.location[1]", "SecurityError");
targetWindow.postMessage("deletingValuesComplete", "*");
}
@@ -31,5 +36,6 @@
<body>
<iframe src=""
<pre id="console"></pre>
+ <script src=""
</body>
</html>
Modified: releases/WebKitGTK/webkit-2.14/LayoutTests/http/tests/security/resources/cross-frame-iframe-for-delete-test.html (205595 => 205596)
--- releases/WebKitGTK/webkit-2.14/LayoutTests/http/tests/security/resources/cross-frame-iframe-for-delete-test.html 2016-09-08 07:44:11 UTC (rev 205595)
+++ releases/WebKitGTK/webkit-2.14/LayoutTests/http/tests/security/resources/cross-frame-iframe-for-delete-test.html 2016-09-08 07:44:49 UTC (rev 205596)
@@ -32,8 +32,7 @@
shouldBe("window.location.existingProperty", "'test value'");
shouldBe("window.location[1]", "'test value'");
- if (window.testRunner)
- testRunner.notifyDone();
+ window.parent.postMessage("checkValuesComplete", "*");
}
</script>
</head>
Modified: releases/WebKitGTK/webkit-2.14/Source/WebCore/ChangeLog (205595 => 205596)
--- releases/WebKitGTK/webkit-2.14/Source/WebCore/ChangeLog 2016-09-08 07:44:11 UTC (rev 205595)
+++ releases/WebKitGTK/webkit-2.14/Source/WebCore/ChangeLog 2016-09-08 07:44:49 UTC (rev 205596)
@@ -1,3 +1,25 @@
+2016-08-30 Chris Dumez <[email protected]>
+
+ [[Delete]] should throw for cross-origin Window / Location objects
+ https://bugs.webkit.org/show_bug.cgi?id=161397
+
+ Reviewed by Ryosuke Niwa.
+
+ [[Delete]] should throw for cross-origin Window / Location objects:
+ - https://github.com/whatwg/html/pull/1728
+
+ Firefox and Chrome already throw. Previously, WebKit was merely
+ ignoring the call and logging an error message.
+
+ No new tests, updated existing test.
+
+ * bindings/js/JSDOMWindowCustom.cpp:
+ (WebCore::JSDOMWindow::deleteProperty):
+ (WebCore::JSDOMWindow::deletePropertyByIndex):
+ * bindings/js/JSLocationCustom.cpp:
+ (WebCore::JSLocation::deleteProperty):
+ (WebCore::JSLocation::deletePropertyByIndex):
+
2016-08-30 Mark Lam <[email protected]>
Introduce the ThrowScope and force every throw site to instantiate a ThrowScope.
Modified: releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/js/JSDOMWindowCustom.cpp (205595 => 205596)
--- releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/js/JSDOMWindowCustom.cpp 2016-09-08 07:44:11 UTC (rev 205595)
+++ releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/js/JSDOMWindowCustom.cpp 2016-09-08 07:44:49 UTC (rev 205596)
@@ -269,7 +269,7 @@
{
JSDOMWindow* thisObject = jsCast<JSDOMWindow*>(cell);
// Only allow deleting properties by frames in the same origin.
- if (!BindingSecurity::shouldAllowAccessToDOMWindow(exec, thisObject->wrapped()))
+ if (!BindingSecurity::shouldAllowAccessToDOMWindow(exec, thisObject->wrapped(), ThrowSecurityError))
return false;
return Base::deleteProperty(thisObject, exec, propertyName);
}
@@ -278,7 +278,7 @@
{
JSDOMWindow* thisObject = jsCast<JSDOMWindow*>(cell);
// Only allow deleting properties by frames in the same origin.
- if (!BindingSecurity::shouldAllowAccessToDOMWindow(exec, thisObject->wrapped()))
+ if (!BindingSecurity::shouldAllowAccessToDOMWindow(exec, thisObject->wrapped(), ThrowSecurityError))
return false;
return Base::deletePropertyByIndex(thisObject, exec, propertyName);
}
Modified: releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/js/JSLocationCustom.cpp (205595 => 205596)
--- releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/js/JSLocationCustom.cpp 2016-09-08 07:44:11 UTC (rev 205595)
+++ releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/js/JSLocationCustom.cpp 2016-09-08 07:44:49 UTC (rev 205596)
@@ -94,7 +94,7 @@
{
JSLocation* thisObject = jsCast<JSLocation*>(cell);
// Only allow deleting by frames in the same origin.
- if (!shouldAllowAccessToFrame(exec, thisObject->wrapped().frame()))
+ if (!BindingSecurity::shouldAllowAccessToFrame(exec, thisObject->wrapped().frame(), ThrowSecurityError))
return false;
return Base::deleteProperty(thisObject, exec, propertyName);
}
@@ -103,7 +103,7 @@
{
JSLocation* thisObject = jsCast<JSLocation*>(cell);
// Only allow deleting by frames in the same origin.
- if (!shouldAllowAccessToFrame(exec, thisObject->wrapped().frame()))
+ if (!BindingSecurity::shouldAllowAccessToFrame(exec, thisObject->wrapped().frame(), ThrowSecurityError))
return false;
return Base::deletePropertyByIndex(thisObject, exec, propertyName);
}
