[webkit-changes] [205800] branches/safari-602-branch

Mon, 12 Sep 2016 00:54:07 -0700

Title: [205800] branches/safari-602-branch

Diff

Modified: branches/safari-602-branch/LayoutTests/ChangeLog (205799 => 205800)


--- branches/safari-602-branch/LayoutTests/ChangeLog	2016-09-12 07:53:56 UTC (rev 205799)
+++ branches/safari-602-branch/LayoutTests/ChangeLog	2016-09-12 07:54:00 UTC (rev 205800)
@@ -1,5 +1,22 @@
 2016-09-12  Babak Shafiei  <[email protected]>
 
+        Merge r204923. rdar://problem/28233330
+
+    2016-08-24  Chris Dumez  <[email protected]>
+
+            It should not be possible to access Location attributes cross origin
+            https://bugs.webkit.org/show_bug.cgi?id=161125
+            <rdar://problem/27982472>
+
+            Reviewed by Brent Fulgham.
+
+            Add layout test coverage.
+
+            * http/tests/security/location-cross-origin-expected.txt: Added.
+            * http/tests/security/location-cross-origin.html: Added.
+
+2016-09-12  Babak Shafiei  <[email protected]>
+
         Merge r205765. rdar://problem/28033492
 
     2016-09-09  Tim Horton  <[email protected]>

Added: branches/safari-602-branch/LayoutTests/http/tests/security/location-cross-origin-expected.txt (0 => 205800)


--- branches/safari-602-branch/LayoutTests/http/tests/security/location-cross-origin-expected.txt	                        (rev 0)
+++ branches/safari-602-branch/LayoutTests/http/tests/security/location-cross-origin-expected.txt	2016-09-12 07:54:00 UTC (rev 205800)
@@ -0,0 +1,57 @@
+CONSOLE MESSAGE: line 526: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
+CONSOLE MESSAGE: line 526: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
+CONSOLE MESSAGE: line 526: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
+CONSOLE MESSAGE: line 526: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
+CONSOLE MESSAGE: line 526: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
+CONSOLE MESSAGE: line 526: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
+CONSOLE MESSAGE: line 526: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
+CONSOLE MESSAGE: line 526: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
+CONSOLE MESSAGE: line 526: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
+CONSOLE MESSAGE: line 600: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
+CONSOLE MESSAGE: line 600: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
+CONSOLE MESSAGE: line 600: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
+CONSOLE MESSAGE: line 526: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
+CONSOLE MESSAGE: line 1: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
+CONSOLE MESSAGE: line 1: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
+CONSOLE MESSAGE: line 1: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
+CONSOLE MESSAGE: line 1: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
+CONSOLE MESSAGE: line 1: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
+CONSOLE MESSAGE: line 1: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
+CONSOLE MESSAGE: line 1: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
+CONSOLE MESSAGE: line 1: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
+CONSOLE MESSAGE: line 1: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
+CONSOLE MESSAGE: line 1: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
+CONSOLE MESSAGE: line 1: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
+Test security checking for access to Location.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS frames[0].location.protocol is undefined.
+PASS frames[0].location.host is undefined.
+PASS frames[0].location.hostname is undefined.
+PASS frames[0].location.port is undefined.
+PASS frames[0].location.pathname is undefined.
+PASS frames[0].location.search is undefined.
+PASS frames[0].location.hash is undefined.
+PASS frames[0].location.origin is undefined.
+PASS frames[0].location.ancestorOrigins is undefined.
+PASS frames[0].location.toString() threw exception TypeError: frames[0].location.toString is not a function. (In 'frames[0].location.toString()', 'frames[0].location.toString' is undefined).
+PASS frames[0].location.reload() threw exception TypeError: frames[0].location.reload is not a function. (In 'frames[0].location.reload()', 'frames[0].location.reload' is undefined).
+PASS frames[0].location.assign('about:blank') threw exception TypeError: frames[0].location.assign is not a function. (In 'frames[0].location.assign('about:blank')', 'frames[0].location.assign' is undefined).
+PASS frames[0].location.href is undefined.
+PASS Object.getOwnPropertyDescriptor(window.location, 'protocol').get.call(frames[0].location) is undefined.
+PASS Object.getOwnPropertyDescriptor(window.location, 'host').get.call(frames[0].location) is undefined.
+PASS Object.getOwnPropertyDescriptor(window.location, 'hostname').get.call(frames[0].location) is undefined.
+PASS Object.getOwnPropertyDescriptor(window.location, 'port').get.call(frames[0].location) is undefined.
+PASS Object.getOwnPropertyDescriptor(window.location, 'pathname').get.call(frames[0].location) is undefined.
+PASS Object.getOwnPropertyDescriptor(window.location, 'search').get.call(frames[0].location) is undefined.
+PASS Object.getOwnPropertyDescriptor(window.location, 'hash').get.call(frames[0].location) is undefined.
+PASS Object.getOwnPropertyDescriptor(window.location, 'origin').get.call(frames[0].location) is undefined.
+PASS Object.getOwnPropertyDescriptor(window.location, 'ancestorOrigins').get.call(frames[0].location) is undefined.
+PASS Object.getOwnPropertyDescriptor(window.location, 'toString').value.call(frames[0].location) is undefined.
+PASS Object.getOwnPropertyDescriptor(window.location, 'href').get.call(frames[0].location) is undefined.
+PASS successfullyParsed is true
+
+TEST COMPLETE
+

Added: branches/safari-602-branch/LayoutTests/http/tests/security/location-cross-origin.html (0 => 205800)


--- branches/safari-602-branch/LayoutTests/http/tests/security/location-cross-origin.html	                        (rev 0)
+++ branches/safari-602-branch/LayoutTests/http/tests/security/location-cross-origin.html	2016-09-12 07:54:00 UTC (rev 205800)
@@ -0,0 +1,44 @@
+<!DOCTYPE html>
+<html>
+<body>
+<script src=""
+<iframe src=""
+<script>
+description("Test security checking for access to Location.");
+jsTestIsAsync = true;
+
+_onload_ = function() {
+    shouldBeUndefined("frames[0].location.protocol");
+    shouldBeUndefined("frames[0].location.host");
+    shouldBeUndefined("frames[0].location.hostname");
+    shouldBeUndefined("frames[0].location.port");
+    shouldBeUndefined("frames[0].location.pathname");
+    shouldBeUndefined("frames[0].location.search");
+    shouldBeUndefined("frames[0].location.hash");
+    shouldBeUndefined("frames[0].location.origin");
+    shouldBeUndefined("frames[0].location.ancestorOrigins");
+    shouldThrow("frames[0].location.toString()");
+    shouldThrow("frames[0].location.reload()");
+    shouldThrow("frames[0].location.assign('about:blank')");
+    // The specification seems to allow access to href but Firefox does not.
+    shouldBeUndefined("frames[0].location.href");
+
+    shouldBeUndefined("Object.getOwnPropertyDescriptor(window.location, 'protocol').get.call(frames[0].location)");
+    shouldBeUndefined("Object.getOwnPropertyDescriptor(window.location, 'host').get.call(frames[0].location)");
+    shouldBeUndefined("Object.getOwnPropertyDescriptor(window.location, 'hostname').get.call(frames[0].location)");
+    shouldBeUndefined("Object.getOwnPropertyDescriptor(window.location, 'port').get.call(frames[0].location)");
+    shouldBeUndefined("Object.getOwnPropertyDescriptor(window.location, 'pathname').get.call(frames[0].location)");
+    shouldBeUndefined("Object.getOwnPropertyDescriptor(window.location, 'search').get.call(frames[0].location)");
+    shouldBeUndefined("Object.getOwnPropertyDescriptor(window.location, 'hash').get.call(frames[0].location)");
+    shouldBeUndefined("Object.getOwnPropertyDescriptor(window.location, 'origin').get.call(frames[0].location)");
+    shouldBeUndefined("Object.getOwnPropertyDescriptor(window.location, 'ancestorOrigins').get.call(frames[0].location)");
+    shouldBeUndefined("Object.getOwnPropertyDescriptor(window.location, 'toString').value.call(frames[0].location)");
+    // The specification seems to allow access to href but Firefox does not.
+    shouldBeUndefined("Object.getOwnPropertyDescriptor(window.location, 'href').get.call(frames[0].location)");
+
+    finishJSTest();
+};
+</script>
+<script src=""
+</body>
+</html>

Modified: branches/safari-602-branch/Source/WebCore/ChangeLog (205799 => 205800)


--- branches/safari-602-branch/Source/WebCore/ChangeLog	2016-09-12 07:53:56 UTC (rev 205799)
+++ branches/safari-602-branch/Source/WebCore/ChangeLog	2016-09-12 07:54:00 UTC (rev 205800)
@@ -1,5 +1,31 @@
 2016-09-12  Babak Shafiei  <[email protected]>
 
+        Merge r204923. rdar://problem/28233330
+
+    2016-08-24  Chris Dumez  <[email protected]>
+
+            It should not be possible to access Location attributes cross origin
+            https://bugs.webkit.org/show_bug.cgi?id=161125
+            <rdar://problem/27982472>
+
+            Reviewed by Brent Fulgham.
+
+            It should not be possible to access Location attributes cross origin:
+            - https://html.spec.whatwg.org/#crossoriginproperties-(-o-)
+
+            We allow access to replace() as per the specification and consistently
+            with Firefox. The specification seems to indicate we should allow access
+            to 'href' but Firefox does not and we previously did not so I am not
+            allowing it in this patch.
+
+            Test: http/tests/security/location-cross-origin.html
+
+            * bindings/scripts/CodeGeneratorJS.pm:
+            (GenerateImplementation):
+            * page/Location.idl:
+
+2016-09-12  Babak Shafiei  <[email protected]>
+
         Merge r205784. rdar://problem/28230123
 
     2016-09-10  Wenson Hsieh  <[email protected]>

Modified: branches/safari-602-branch/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm (205799 => 205800)


--- branches/safari-602-branch/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm	2016-09-12 07:53:56 UTC (rev 205799)
+++ branches/safari-602-branch/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm	2016-09-12 07:54:00 UTC (rev 205800)
@@ -2615,7 +2615,11 @@
             if ($interface->extendedAttributes->{"CheckSecurity"} &&
                 !$attribute->signature->extendedAttributes->{"DoNotCheckSecurity"} &&
                 !$attribute->signature->extendedAttributes->{"DoNotCheckSecurityOnGetter"}) {
-                push(@implContent, "    if (!BindingSecurity::shouldAllowAccessToDOMWindow(state, castedThis->wrapped()))\n");
+                if ($interfaceName eq "DOMWindow") {
+                    push(@implContent, "    if (!BindingSecurity::shouldAllowAccessToDOMWindow(state, castedThis->wrapped()))\n");
+                } else {
+                    push(@implContent, "    if (!shouldAllowAccessToFrame(state, castedThis->wrapped().frame()))\n");
+                }
                 push(@implContent, "        return JSValue::encode(jsUndefined());\n");
             }
 
@@ -3186,9 +3190,12 @@
             } else {
                 GenerateFunctionCastedThis($interface, $className, $function);
 
-                if ($interface->extendedAttributes->{"CheckSecurity"} and
-                    !$function->signature->extendedAttributes->{"DoNotCheckSecurity"}) {
-                    push(@implContent, "    if (!BindingSecurity::shouldAllowAccessToDOMWindow(state, castedThis->wrapped()))\n");
+                if ($interface->extendedAttributes->{"CheckSecurity"} and !$function->signature->extendedAttributes->{"DoNotCheckSecurity"}) {
+                    if ($interfaceName eq "DOMWindow") {
+                        push(@implContent, "    if (!BindingSecurity::shouldAllowAccessToDOMWindow(state, castedThis->wrapped()))\n");
+                    } else {
+                        push(@implContent, "    if (!shouldAllowAccessToFrame(state, castedThis->wrapped().frame()))\n");
+                    }
                     push(@implContent, "        return JSValue::encode(jsUndefined());\n");
                 }

Modified: branches/safari-602-branch/Source/WebCore/page/Location.idl (205799 => 205800)


--- branches/safari-602-branch/Source/WebCore/page/Location.idl	2016-09-12 07:53:56 UTC (rev 205799)
+++ branches/safari-602-branch/Source/WebCore/page/Location.idl	2016-09-12 07:54:00 UTC (rev 205800)
@@ -28,6 +28,7 @@
 
 [
     JSCustomGetOwnPropertySlotAndDescriptor,
+    CheckSecurity,
     CustomNamedSetter,
     GenerateIsReachable=ImplFrame,
     CustomDeleteProperty,
@@ -40,7 +41,7 @@
     [SetterCallWith=ActiveWindow&FirstWindow] attribute DOMString href;
 
     [CallWith=ActiveWindow&FirstWindow, ForwardDeclareInHeader] void assign(DOMString url);
-    [CallWith=ActiveWindow&FirstWindow, ForwardDeclareInHeader] void replace(DOMString url);
+    [DoNotCheckSecurity, CallWith=ActiveWindow&FirstWindow, ForwardDeclareInHeader] void replace(DOMString url);
     [CallWith=ActiveWindow, ForwardDeclareInHeader] void reload();
 
     // URI decomposition attributes

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to