Title: [216341] trunk
- Revision
- 216341
- Author
- cdu...@apple.com
- Date
- 2017-05-06 22:18:34 -0700 (Sat, 06 May 2017)
Log Message
Implement the concept of cookie-averse document
https://bugs.webkit.org/show_bug.cgi?id=171746
<rdar://problem/32004466>
Reviewed by Sam Weinig.
Source/WebCore:
Implement the concept of cookie-averse document:
- https://html.spec.whatwg.org/#cookie-averse-document-object
Test: fast/cookies/cookie-averse-document.html
* dom/Document.cpp:
(WebCore::Document::isCookieAverse):
(WebCore::Document::cookie):
(WebCore::Document::setCookie):
* dom/Document.h:
LayoutTests:
Add layout test coverage.
* fast/cookies/cookie-averse-document-expected.txt: Added.
* fast/cookies/cookie-averse-document.html: Added.
Modified Paths
Added Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (216340 => 216341)
--- trunk/LayoutTests/ChangeLog 2017-05-07 03:57:05 UTC (rev 216340)
+++ trunk/LayoutTests/ChangeLog 2017-05-07 05:18:34 UTC (rev 216341)
@@ -1,5 +1,18 @@
2017-05-06 Chris Dumez <cdu...@apple.com>
+ Implement the concept of cookie-averse document
+ https://bugs.webkit.org/show_bug.cgi?id=171746
+ <rdar://problem/32004466>
+
+ Reviewed by Sam Weinig.
+
+ Add layout test coverage.
+
+ * fast/cookies/cookie-averse-document-expected.txt: Added.
+ * fast/cookies/cookie-averse-document.html: Added.
+
+2017-05-06 Chris Dumez <cdu...@apple.com>
+
Align our IDL files with the latest DOM specification
https://bugs.webkit.org/show_bug.cgi?id=171777
Added: trunk/LayoutTests/fast/cookies/cookie-averse-document-expected.txt (0 => 216341)
--- trunk/LayoutTests/fast/cookies/cookie-averse-document-expected.txt (rev 0)
+++ trunk/LayoutTests/fast/cookies/cookie-averse-document-expected.txt 2017-05-07 05:18:34 UTC (rev 216341)
@@ -0,0 +1,41 @@
+Tests that cookie-averse documents cannot return or set cookies.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS document.cookie.indexOf('ppkcookie1=testcookie') is -1
+PASS document.cookie = 'ppkcookie1=testcookie' did not throw exception.
+PASS document.cookie.indexOf('ppkcookie1=testcookie') >= 0 is true
+
+* Frameless document cases
+PASS framelessDocument1.cookie is ""
+PASS framelessDocument1.cookie = 'ppkcookie2=testcookie' did not throw exception.
+PASS framelessDocument1.cookie is ""
+PASS framelessDocument2.cookie is ""
+PASS framelessDocument2.cookie = 'ppkcookie3=testcookie' did not throw exception.
+PASS framelessDocument2.cookie is ""
+
+* Frame with about:blank URL
+PASS frameDocument.cookie.indexOf('ppkcookie1=testcookie') >= 0 is true
+PASS frameDocument.cookie = 'ppkcookie4=testcookie' did not throw exception.
+PASS frameDocument.cookie.indexOf('ppkcookie4=testcookie') >= 0 is true
+PASS frameDocument.cookie is ""
+PASS frameDocument.cookie = 'ppkcookie4=testcookie' did not throw exception.
+PASS frameDocument.cookie is ""
+
+* Frame using data: scheme
+PASS frameDocument.cookie is ""
+PASS frameDocument.cookie = 'ppkcookie5=testcookie' did not throw exception.
+PASS frameDocument.cookie is ""
+
+* Frame using file:// scheme
+PASS frameDocument.cookie = 'ppkcookie6=testcookie' did not throw exception.
+PASS frameDocument.cookie.indexOf('ppkcookie6=testcookie') >= 0 is true
+frame.remove()
+PASS frameDocument.cookie is ""
+PASS frameDocument.cookie = 'ppkcookie7=testcookie' did not throw exception.
+PASS frameDocument.cookie is ""
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
Added: trunk/LayoutTests/fast/cookies/cookie-averse-document.html (0 => 216341)
--- trunk/LayoutTests/fast/cookies/cookie-averse-document.html (rev 0)
+++ trunk/LayoutTests/fast/cookies/cookie-averse-document.html 2017-05-07 05:18:34 UTC (rev 216341)
@@ -0,0 +1,95 @@
+<!DOCTYPE html>
+<html>
+<body>
+<script src=""
+<script>
+description("Tests that cookie-averse documents cannot return or set cookies.");
+jsTestIsAsync = true;
+
+shouldBe("document.cookie.indexOf('ppkcookie1=testcookie')", "-1");
+shouldNotThrow("document.cookie = 'ppkcookie1=testcookie'");
+shouldBeTrue("document.cookie.indexOf('ppkcookie1=testcookie') >= 0");
+
+debug("");
+debug("* Frameless document cases");
+const framelessDocument1 = document.implementation.createHTMLDocument("test");
+shouldBeEqualToString("framelessDocument1.cookie", "");
+shouldNotThrow("framelessDocument1.cookie = 'ppkcookie2=testcookie'");
+shouldBeEqualToString("framelessDocument1.cookie", "");
+
+const framelessDocument2 = new DOMParser().parseFromString("<body></body>", "text/html");
+shouldBeEqualToString("framelessDocument2.cookie", "");
+shouldNotThrow("framelessDocument2.cookie = 'ppkcookie3=testcookie'");
+shouldBeEqualToString("framelessDocument2.cookie", "");
+
+debug("");
+debug("* Frame with about:blank URL");
+let frame = document.createElement("iframe");
+frame.src = ""
+document.body.appendChild(frame);
+let frameDocument = frame.contentDocument;
+shouldBeTrue("frameDocument.cookie.indexOf('ppkcookie1=testcookie') >= 0");
+shouldNotThrow("frameDocument.cookie = 'ppkcookie4=testcookie'");
+shouldBeTrue("frameDocument.cookie.indexOf('ppkcookie4=testcookie') >= 0");
+frame.remove();
+frame = null;
+gc();
+shouldBeEqualToString("frameDocument.cookie", "");
+shouldNotThrow("frameDocument.cookie = 'ppkcookie4=testcookie'");
+shouldBeEqualToString("frameDocument.cookie", "");
+
+function runDataURLTest()
+{
+ return new Promise((resolve) => {
+ debug("");
+ debug("* Frame using data: scheme");
+ frame = document.createElement("iframe");
+ frame.src = ""
+
+ frame._onload_ = function() {
+ frameDocument = frame.contentDocument;
+ shouldBeEqualToString("frameDocument.cookie", "");
+ shouldNotThrow("frameDocument.cookie = 'ppkcookie5=testcookie'");
+ shouldBeEqualToString("frameDocument.cookie", "");
+
+ frame.remove();
+ frame = null;
+ resolve();
+ }
+ document.body.appendChild(frame);
+ });
+}
+
+function runFileURLTest()
+{
+ return new Promise((resolve) => {
+ debug("");
+ debug("* Frame using file:// scheme");
+ frame = document.createElement("iframe");
+ frame.src = ""
+ frame._onload_ = function() {
+ frameDocument = frame.contentDocument;
+ shouldNotThrow("frameDocument.cookie = 'ppkcookie6=testcookie'");
+ shouldBeTrue("frameDocument.cookie.indexOf('ppkcookie6=testcookie') >= 0");
+ evalAndLog("frame.remove()");
+ frame = null;
+ gc();
+ shouldBeEqualToString("frameDocument.cookie", "");
+ shouldNotThrow("frameDocument.cookie = 'ppkcookie7=testcookie'");
+ shouldBeEqualToString("frameDocument.cookie", "");
+
+ resolve();
+ }
+ document.body.appendChild(frame);
+ });
+}
+
+runDataURLTest().then(() => {
+ runFileURLTest().then(() => {
+ finishJSTest();
+ })
+});
+</script>
+<script src=""
+</body>
+<html>
Modified: trunk/Source/WebCore/ChangeLog (216340 => 216341)
--- trunk/Source/WebCore/ChangeLog 2017-05-07 03:57:05 UTC (rev 216340)
+++ trunk/Source/WebCore/ChangeLog 2017-05-07 05:18:34 UTC (rev 216341)
@@ -1,5 +1,24 @@
2017-05-06 Chris Dumez <cdu...@apple.com>
+ Implement the concept of cookie-averse document
+ https://bugs.webkit.org/show_bug.cgi?id=171746
+ <rdar://problem/32004466>
+
+ Reviewed by Sam Weinig.
+
+ Implement the concept of cookie-averse document:
+ - https://html.spec.whatwg.org/#cookie-averse-document-object
+
+ Test: fast/cookies/cookie-averse-document.html
+
+ * dom/Document.cpp:
+ (WebCore::Document::isCookieAverse):
+ (WebCore::Document::cookie):
+ (WebCore::Document::setCookie):
+ * dom/Document.h:
+
+2017-05-06 Chris Dumez <cdu...@apple.com>
+
Unreviewed build fix after r216339.
* dom/Document.h:
Modified: trunk/Source/WebCore/dom/Document.cpp (216340 => 216341)
--- trunk/Source/WebCore/dom/Document.cpp 2017-05-07 03:57:05 UTC (rev 216340)
+++ trunk/Source/WebCore/dom/Document.cpp 2017-05-07 05:18:34 UTC (rev 216341)
@@ -4197,14 +4197,31 @@
return frame()->ownerElement();
}
+// https://html.spec.whatwg.org/#cookie-averse-document-object
+bool Document::isCookieAverse() const
+{
+ // A Document that has no browsing context is cookie-averse.
+ if (!frame())
+ return true;
+
+ URL cookieURL = this->cookieURL();
+
+ // This is not part of the specification but we have historically allowed cookies over file protocol
+ // and some developers rely on this for testing.
+ if (cookieURL.isLocalFile())
+ return false;
+
+ // A Document whose URL's scheme is not a network scheme is cookie-averse (https://fetch.spec.whatwg.org/#network-scheme).
+ return !cookieURL.protocolIsInHTTPFamily() && !cookieURL.protocolIs("ftp");
+}
+
ExceptionOr<String> Document::cookie()
{
if (page() && !page()->settings().cookieEnabled())
return String();
- // FIXME: The HTML5 DOM spec states that this attribute can raise an
- // INVALID_STATE_ERR exception on getting if the Document has no
- // browsing context.
+ if (isCookieAverse())
+ return String();
if (!securityOrigin().canAccessCookies())
return Exception { SECURITY_ERR };
@@ -4224,9 +4241,8 @@
if (page() && !page()->settings().cookieEnabled())
return { };
- // FIXME: The HTML5 DOM spec states that this attribute can raise an
- // INVALID_STATE_ERR exception on setting if the Document has no
- // browsing context.
+ if (isCookieAverse())
+ return { };
if (!securityOrigin().canAccessCookies())
return Exception { SECURITY_ERR };
Modified: trunk/Source/WebCore/dom/Document.h (216340 => 216341)
--- trunk/Source/WebCore/dom/Document.h 2017-05-07 03:57:05 UTC (rev 216340)
+++ trunk/Source/WebCore/dom/Document.h 2017-05-07 05:18:34 UTC (rev 216341)
@@ -1366,6 +1366,7 @@
void loadEventDelayTimerFired();
void pendingTasksTimerFired();
+ bool isCookieAverse() const;
template<CollectionType> Ref<HTMLCollection> ensureCachedCollection();
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
