Diff
Modified: trunk/LayoutTests/ChangeLog (211755 => 211756)
--- trunk/LayoutTests/ChangeLog 2017-02-06 23:47:51 UTC (rev 211755)
+++ trunk/LayoutTests/ChangeLog 2017-02-06 23:50:39 UTC (rev 211756)
@@ -1,3 +1,19 @@
+2017-02-06 Chris Dumez <[email protected]>
+
+ Align [[OwnPropertyKeys]] with the HTML specification for cross-origin Window / Location objects
+ https://bugs.webkit.org/show_bug.cgi?id=167647
+ <rdar://problem/30339489>
+
+ Reviewed by Sam Weinig.
+
+ Extend test coverage for [[OwnPropertyKeys]] for cross-origin Window / Location objects.
+
+ * http/tests/security/cross-frame-access-enumeration-expected.txt:
+ * http/tests/security/cross-frame-access-enumeration.html:
+ * http/tests/security/resources/cross-frame-iframe-for-enumeration-test.html:
+ * js/dom/getOwnPropertyDescriptor-expected.txt:
+ * js/resources/getOwnPropertyDescriptor.js:
+
2017-02-06 Yoav Weiss <[email protected]>
http/tests/preload/dynamic_removing_preload.html fails to test what it should
Modified: trunk/LayoutTests/http/tests/security/cross-frame-access-enumeration-expected.txt (211755 => 211756)
--- trunk/LayoutTests/http/tests/security/cross-frame-access-enumeration-expected.txt 2017-02-06 23:47:51 UTC (rev 211755)
+++ trunk/LayoutTests/http/tests/security/cross-frame-access-enumeration-expected.txt 2017-02-06 23:50:39 UTC (rev 211756)
@@ -11,8 +11,10 @@
PASS: Cross frame access by enumerating the Location object was denied.
PASS: Cross frame access by getting the keys of the Location object was denied.
PASS: Cross frame access by getting the property names of the Location object was denied.
-PASS: areArraysEqual(Object.getOwnPropertyNames(b_win).sort(), whitelistedWindowProperties.sort()) should be 'true' and is.
-PASS: areArraysEqual(Object.getOwnPropertyNames(b_win.location).sort(), whitelistedLocationProperties.sort()) should be 'true' and is.
+PASS: areArraysEqual(Object.getOwnPropertyNames(b_win), whitelistedWindowProperties) should be 'true' and is.
+PASS: areArraysEqual(Reflect.ownKeys(b_win), whitelistedWindowProperties.concat(whitelistedSymbols)) should be 'true' and is.
+PASS: areArraysEqual(Object.getOwnPropertyNames(b_win.location), whitelistedLocationProperties) should be 'true' and is.
+PASS: areArraysEqual(Reflect.ownKeys(b_win.location), whitelistedLocationProperties.concat(whitelistedSymbols)) should be 'true' and is.
PASS: successfullyParsed should be 'true' and is.
TEST COMPLETE
Modified: trunk/LayoutTests/http/tests/security/cross-frame-access-enumeration.html (211755 => 211756)
--- trunk/LayoutTests/http/tests/security/cross-frame-access-enumeration.html 2017-02-06 23:47:51 UTC (rev 211755)
+++ trunk/LayoutTests/http/tests/security/cross-frame-access-enumeration.html 2017-02-06 23:50:39 UTC (rev 211756)
@@ -85,10 +85,13 @@
}
log("PASS: Cross frame access by getting the property names of the Location object was denied.");
- whitelistedWindowProperties = ['location', 'postMessage', 'window', 'frames', 'self', 'top', 'parent', 'opener', 'closed', 'close', 'blur', 'focus', 'length'];
+ whitelistedWindowProperties = ['0', '1', '2', 'blur', 'close', 'closed', 'focus', 'frames', 'length', 'location', 'opener', 'parent', 'postMessage', 'self', 'top', 'window', 'frameA', 'frameC'];
whitelistedLocationProperties = ['href', 'replace'];
- shouldBeTrue("areArraysEqual(Object.getOwnPropertyNames(b_win).sort(), whitelistedWindowProperties.sort())");
- shouldBeTrue("areArraysEqual(Object.getOwnPropertyNames(b_win.location).sort(), whitelistedLocationProperties.sort())");
+ whitelistedSymbols = [Symbol.toStringTag, Symbol.hasInstance, Symbol.isConcatSpreadable];
+ shouldBeTrue("areArraysEqual(Object.getOwnPropertyNames(b_win), whitelistedWindowProperties)");
+ shouldBeTrue("areArraysEqual(Reflect.ownKeys(b_win), whitelistedWindowProperties.concat(whitelistedSymbols))");
+ shouldBeTrue("areArraysEqual(Object.getOwnPropertyNames(b_win.location), whitelistedLocationProperties)");
+ shouldBeTrue("areArraysEqual(Reflect.ownKeys(b_win.location), whitelistedLocationProperties.concat(whitelistedSymbols))");
}
</script>
</head>
Modified: trunk/LayoutTests/http/tests/security/resources/cross-frame-iframe-for-enumeration-test.html (211755 => 211756)
--- trunk/LayoutTests/http/tests/security/resources/cross-frame-iframe-for-enumeration-test.html 2017-02-06 23:47:51 UTC (rev 211755)
+++ trunk/LayoutTests/http/tests/security/resources/cross-frame-iframe-for-enumeration-test.html 2017-02-06 23:50:39 UTC (rev 211756)
@@ -1,3 +1,6 @@
+<iframe src="" name="frameA"></iframe>
+<iframe src=""
+<iframe src="" name="frameC"></iframe>
<script>
window.customWindowProperty = 1;
window.history.customHistoryProperty = 1;
Modified: trunk/LayoutTests/imported/w3c/ChangeLog (211755 => 211756)
--- trunk/LayoutTests/imported/w3c/ChangeLog 2017-02-06 23:47:51 UTC (rev 211755)
+++ trunk/LayoutTests/imported/w3c/ChangeLog 2017-02-06 23:50:39 UTC (rev 211756)
@@ -1,5 +1,17 @@
2017-02-06 Chris Dumez <[email protected]>
+ Align [[OwnPropertyKeys]] with the HTML specification for cross-origin Window / Location objects
+ https://bugs.webkit.org/show_bug.cgi?id=167647
+ <rdar://problem/30339489>
+
+ Reviewed by Sam Weinig.
+
+ Rebaseline web platform test now that more checks are passing.
+
+ * web-platform-tests/html/browsers/origin/cross-origin-objects/cross-origin-objects-expected.txt:
+
+2017-02-06 Chris Dumez <[email protected]>
+
Re-sync html/browsers/origin/cross-origin-objects tests
https://bugs.webkit.org/show_bug.cgi?id=167881
Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/html/browsers/origin/cross-origin-objects/cross-origin-objects-expected.txt (211755 => 211756)
--- trunk/LayoutTests/imported/w3c/web-platform-tests/html/browsers/origin/cross-origin-objects/cross-origin-objects-expected.txt 2017-02-06 23:47:51 UTC (rev 211755)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/html/browsers/origin/cross-origin-objects/cross-origin-objects-expected.txt 2017-02-06 23:50:39 UTC (rev 211756)
@@ -15,7 +15,7 @@
FAIL [[PreventExtensions]] should throw for cross-origin objects (exception type) assert_throws: preventExtensions on cross-origin Location should throw function "function () { Object.preventExtensions(C.location) }" threw object "SecurityError (DOM Exception 18): Blocked a frame with or..." ("SecurityError") expected object "TypeError" ("TypeError")
PASS [[GetOwnProperty]] - Properties on cross-origin objects should be reported |own|
PASS [[GetOwnProperty]] - Properties on cross-origin objects should be reported |own| (exception type)
-FAIL [[GetOwnProperty]] - Property descriptors for cross-origin properties should be set up correctly assert_equals: property descriptor for 0 should be configurable expected true but got false
+FAIL [[GetOwnProperty]] - Property descriptors for cross-origin properties should be set up correctly assert_equals: property descriptor for Symbol(Symbol.toStringTag) should be configurable expected true but got false
FAIL [[GetOwnProperty]] - Property descriptors for cross-origin properties should be set up correctly (exception type) assert_unreached: Main test failed Reached unreachable code
PASS [[Delete]] Should throw on cross-origin objects
PASS [[Delete]] Should throw on cross-origin objects (exception type)
@@ -23,12 +23,12 @@
PASS [[DefineOwnProperty]] Should throw for cross-origin objects (exception type)
PASS [[Enumerate]] should return an empty iterator
PASS [[Enumerate]] should return an empty iterator (exception type)
-FAIL [[OwnPropertyKeys]] should return all properties from cross-origin objects assert_array_equals: Object.getOwnPropertyNames() gives the right answer for cross-origin Window lengths differ, expected 15 got 13
-FAIL [[OwnPropertyKeys]] should return all properties from cross-origin objects (exception type) assert_unreached: Main test failed Reached unreachable code
-FAIL [[OwnPropertyKeys]] should return the right symbol-named properties for cross-origin objects assert_array_equals: Object.getOwnPropertySymbols() should return the three symbol-named properties that are exposed on a cross-origin Window lengths differ, expected 3 got 0
-FAIL [[OwnPropertyKeys]] should return the right symbol-named properties for cross-origin objects (exception type) assert_unreached: Main test failed Reached unreachable code
-FAIL [[OwnPropertyKeys]] should place the symbols after the property names after the subframe indices assert_array_equals: Reflect.ownKeys should start with the indices exposed on the cross-origin window. property 0, expected "0" but got "blur"
-FAIL [[OwnPropertyKeys]] should place the symbols after the property names after the subframe indices (exception type) assert_unreached: Main test failed Reached unreachable code
+PASS [[OwnPropertyKeys]] should return all properties from cross-origin objects
+PASS [[OwnPropertyKeys]] should return all properties from cross-origin objects (exception type)
+PASS [[OwnPropertyKeys]] should return the right symbol-named properties for cross-origin objects
+PASS [[OwnPropertyKeys]] should return the right symbol-named properties for cross-origin objects (exception type)
+PASS [[OwnPropertyKeys]] should place the symbols after the property names after the subframe indices
+PASS [[OwnPropertyKeys]] should place the symbols after the property names after the subframe indices (exception type)
PASS A and B jointly observe the same identity for cross-origin Window and Location
PASS A and B jointly observe the same identity for cross-origin Window and Location (exception type)
PASS Cross-origin functions get local Function.prototype
Modified: trunk/LayoutTests/js/dom/getOwnPropertyDescriptor-expected.txt (211755 => 211756)
--- trunk/LayoutTests/js/dom/getOwnPropertyDescriptor-expected.txt 2017-02-06 23:47:51 UTC (rev 211755)
+++ trunk/LayoutTests/js/dom/getOwnPropertyDescriptor-expected.txt 2017-02-06 23:50:39 UTC (rev 211756)
@@ -129,7 +129,7 @@
PASS Object.getOwnPropertyDescriptor(global, 0).hasOwnProperty('get') is false
PASS Object.getOwnPropertyDescriptor(global, 0).hasOwnProperty('set') is false
PASS Object.getOwnPropertyDescriptor(global, 0).enumerable is false
-PASS Object.getOwnPropertyDescriptor(global, 0).configurable is false
+PASS Object.getOwnPropertyDescriptor(global, 0).configurable is true
PASS Object.getOwnPropertyDescriptor(document.getElementsByTagName('div'), 0).value is document.getElementsByTagName('div')[0]
PASS Object.getOwnPropertyDescriptor(document.getElementsByTagName('div'), 0).hasOwnProperty('get') is false
PASS Object.getOwnPropertyDescriptor(document.getElementsByTagName('div'), 0).hasOwnProperty('set') is false
Modified: trunk/LayoutTests/js/resources/getOwnPropertyDescriptor.js (211755 => 211756)
--- trunk/LayoutTests/js/resources/getOwnPropertyDescriptor.js 2017-02-06 23:47:51 UTC (rev 211755)
+++ trunk/LayoutTests/js/resources/getOwnPropertyDescriptor.js 2017-02-06 23:50:39 UTC (rev 211756)
@@ -44,7 +44,7 @@
var globalWindowGetter = Object.getOwnPropertyDescriptor(global, 'window').get;
descriptorShouldBe("global", "'window'", {get: 'globalWindowGetter', set: undefined, enumerable: true, configurable: false});
descriptorShouldBe("global", "'XMLHttpRequest'", {writable: true, enumerable: false, configurable: true, value:"XMLHttpRequest"});
-descriptorShouldBe("global", "0", {writable: true, enumerable: false, configurable: false, value:"global[0]"});
+descriptorShouldBe("global", "0", {writable: true, enumerable: false, configurable: true, value:"global[0]"});
descriptorShouldBe("document.getElementsByTagName('div')", "0", {writable: false, enumerable: true, configurable: true, value:"document.getElementsByTagName('div')[0]"});
descriptorShouldBe("document.getElementsByClassName('pass')", "0", {writable: false, enumerable: true, configurable: true, value:"document.getElementsByClassName('pass')[0]"});
var canvas = document.createElement("canvas");
Modified: trunk/Source/WebCore/ChangeLog (211755 => 211756)
--- trunk/Source/WebCore/ChangeLog 2017-02-06 23:47:51 UTC (rev 211755)
+++ trunk/Source/WebCore/ChangeLog 2017-02-06 23:50:39 UTC (rev 211756)
@@ -1,3 +1,44 @@
+2017-02-06 Chris Dumez <[email protected]>
+
+ Align [[OwnPropertyKeys]] with the HTML specification for cross-origin Window / Location objects
+ https://bugs.webkit.org/show_bug.cgi?id=167647
+ <rdar://problem/30339489>
+
+ Reviewed by Sam Weinig.
+
+ Align [[OwnPropertyKeys]] with the HTML specification for cross-origin Window / Location objects:
+ - https://html.spec.whatwg.org/#windowproxy-ownpropertykeys [1]
+ - https://html.spec.whatwg.org/#crossoriginownpropertykeys-(-o-) [2]
+ - https://html.spec.whatwg.org/#crossoriginproperties-(-o-) [3]
+
+ In particular, the following changes were made:
+ - Location:
+ - We now return the following symbols as well: @@toStringTag, @@hasInstance,
+ @@isConcatSpreadable as per [2].
+ - Window:
+ - We now return the following symbols as well: @@toStringTag, @@hasInstance,
+ @@isConcatSpreadable as per [2].
+ - We now return the indices of the child browsing contexts as per [1].
+ - We now return the names of the child browsing contexts as per [3].
+
+ No new tests, updated / rebaselined existing tests.
+
+ * bindings/js/JSDOMWindowCustom.cpp:
+ (WebCore::JSDOMWindow::getOwnPropertySlotByIndex):
+ Index properties should be configurable as per:
+ - https://html.spec.whatwg.org/#windowproxy-getownproperty (step 2.5)
+
+ (WebCore::inScope):
+ (WebCore::addScopedChildrenNames):
+ (WebCore::addCrossOriginPropertyNames):
+ (WebCore::addScopedChildrenIndexes):
+ (WebCore::addCrossOriginOwnPropertyNames):
+ (WebCore::JSDOMWindow::getOwnPropertyNames):
+ * bindings/js/JSLocationCustom.cpp:
+ (WebCore::addCrossOriginPropertyNames):
+ (WebCore::addCrossOriginOwnPropertyNames):
+ (WebCore::JSLocation::getOwnPropertyNames):
+
2017-02-06 Yoav Weiss <[email protected]>
http/tests/preload/dynamic_removing_preload.html fails to test what it should
Modified: trunk/Source/WebCore/bindings/js/JSDOMWindowCustom.cpp (211755 => 211756)
--- trunk/Source/WebCore/bindings/js/JSDOMWindowCustom.cpp 2017-02-06 23:47:51 UTC (rev 211755)
+++ trunk/Source/WebCore/bindings/js/JSDOMWindowCustom.cpp 2017-02-06 23:50:39 UTC (rev 211756)
@@ -25,6 +25,7 @@
#include "Frame.h"
#include "HTMLCollection.h"
#include "HTMLDocument.h"
+#include "HTMLFrameOwnerElement.h"
#include "JSDOMBindingSecurity.h"
#include "JSEvent.h"
#include "JSEventListener.h"
@@ -223,7 +224,7 @@
// (1) First, indexed properties.
// These are also allowed cross-orgin, so come before the access check.
if (frame && index < frame->tree().scopedChildCount()) {
- slot.setValue(thisObject, ReadOnly | DontDelete | DontEnum, toJS(state, frame->tree().scopedChild(index)->document()->domWindow()));
+ slot.setValue(thisObject, ReadOnly | DontEnum, toJS(state, frame->tree().scopedChild(index)->document()->domWindow()));
return true;
}
@@ -324,9 +325,36 @@
Base::getPropertyNames(thisObject, exec, propertyNames, mode);
}
-static void addCrossOriginWindowPropertyNames(ExecState& state, PropertyNameArray& propertyNames)
+static bool inScope(Frame& frame, TreeScope& scope)
{
- // https://html.spec.whatwg.org/#crossoriginproperties-(-o-)
+ auto* document = frame.document();
+ if (!document)
+ return false;
+ auto* owner = document->ownerElement();
+ return owner && &owner->treeScope() == &scope;
+}
+
+static void addScopedChildrenNames(ExecState& state, DOMWindow& window, PropertyNameArray& propertyNames)
+{
+ auto* document = window.document();
+ if (!document)
+ return;
+
+ auto* frame = document->frame();
+ if (!frame)
+ return;
+
+ for (auto* child = frame->tree().firstChild(); child; child = child->tree().nextSibling()) {
+ if (!inScope(*child, *document))
+ continue;
+ if (!child->tree().name().isEmpty())
+ propertyNames.add(Identifier::fromString(&state, child->tree().name()));
+ }
+}
+
+// https://html.spec.whatwg.org/#crossoriginproperties-(-o-)
+static void addCrossOriginPropertyNames(ExecState& state, DOMWindow& window, PropertyNameArray& propertyNames)
+{
static const Identifier* const properties[] = {
&state.propertyNames().blur, &state.propertyNames().close, &state.propertyNames().closed,
&state.propertyNames().focus, &state.propertyNames().frames, &state.propertyNames().length,
@@ -336,14 +364,46 @@
};
for (auto* property : properties)
propertyNames.add(*property);
+
+ addScopedChildrenNames(state, window, propertyNames);
}
+static void addScopedChildrenIndexes(ExecState& state, DOMWindow& window, PropertyNameArray& propertyNames)
+{
+ auto* document = window.document();
+ if (!document)
+ return;
+
+ auto* frame = document->frame();
+ if (!frame)
+ return;
+
+ unsigned scopedChildCount = frame->tree().scopedChildCount();
+ for (unsigned i = 0; i < scopedChildCount; ++i)
+ propertyNames.add(Identifier::from(&state, i));
+}
+
+// https://html.spec.whatwg.org/#crossoriginownpropertykeys-(-o-)
+static void addCrossOriginOwnPropertyNames(ExecState& state, DOMWindow& window, PropertyNameArray& propertyNames)
+{
+ addCrossOriginPropertyNames(state, window, propertyNames);
+
+ propertyNames.add(state.propertyNames().toStringTagSymbol);
+ propertyNames.add(state.propertyNames().hasInstanceSymbol);
+ propertyNames.add(state.propertyNames().isConcatSpreadableSymbol);
+}
+
+// https://html.spec.whatwg.org/#windowproxy-ownpropertykeys
void JSDOMWindow::getOwnPropertyNames(JSObject* object, ExecState* exec, PropertyNameArray& propertyNames, EnumerationMode mode)
{
JSDOMWindow* thisObject = jsCast<JSDOMWindow*>(object);
+
+ if (mode.includeDontEnumProperties())
+ addScopedChildrenIndexes(*exec, thisObject->wrapped(), propertyNames);
+
if (!BindingSecurity::shouldAllowAccessToDOMWindow(exec, thisObject->wrapped(), DoNotReportSecurityError)) {
if (mode.includeDontEnumProperties())
- addCrossOriginWindowPropertyNames(*exec, propertyNames);
+ addCrossOriginOwnPropertyNames(*exec, thisObject->wrapped(), propertyNames);
return;
}
Base::getOwnPropertyNames(thisObject, exec, propertyNames, mode);
Modified: trunk/Source/WebCore/bindings/js/JSLocationCustom.cpp (211755 => 211756)
--- trunk/Source/WebCore/bindings/js/JSLocationCustom.cpp 2017-02-06 23:47:51 UTC (rev 211755)
+++ trunk/Source/WebCore/bindings/js/JSLocationCustom.cpp 2017-02-06 23:50:39 UTC (rev 211756)
@@ -121,20 +121,30 @@
return Base::deletePropertyByIndex(thisObject, exec, propertyName);
}
-static void addCrossOriginLocationPropertyNames(ExecState& state, PropertyNameArray& propertyNames)
+// https://html.spec.whatwg.org/#crossoriginproperties-(-o-)
+static void addCrossOriginPropertyNames(ExecState& state, PropertyNameArray& propertyNames)
{
- // https://html.spec.whatwg.org/#crossoriginproperties-(-o-)
static const Identifier* const properties[] = { &state.propertyNames().href, &state.propertyNames().replace };
for (auto* property : properties)
propertyNames.add(*property);
}
+// https://html.spec.whatwg.org/#crossoriginownpropertykeys-(-o-)
+static void addCrossOriginOwnPropertyNames(ExecState& state, PropertyNameArray& propertyNames)
+{
+ addCrossOriginPropertyNames(state, propertyNames);
+
+ propertyNames.add(state.propertyNames().toStringTagSymbol);
+ propertyNames.add(state.propertyNames().hasInstanceSymbol);
+ propertyNames.add(state.propertyNames().isConcatSpreadableSymbol);
+}
+
void JSLocation::getOwnPropertyNames(JSObject* object, ExecState* exec, PropertyNameArray& propertyNames, EnumerationMode mode)
{
JSLocation* thisObject = jsCast<JSLocation*>(object);
if (!BindingSecurity::shouldAllowAccessToFrame(exec, thisObject->wrapped().frame(), DoNotReportSecurityError)) {
if (mode.includeDontEnumProperties())
- addCrossOriginLocationPropertyNames(*exec, propertyNames);
+ addCrossOriginOwnPropertyNames(*exec, propertyNames);
return;
}
Base::getOwnPropertyNames(thisObject, exec, propertyNames, mode);
