Diff
Modified: trunk/LayoutTests/ChangeLog (219354 => 219355)
--- trunk/LayoutTests/ChangeLog 2017-07-11 19:31:26 UTC (rev 219354)
+++ trunk/LayoutTests/ChangeLog 2017-07-11 20:11:57 UTC (rev 219355)
@@ -1,3 +1,17 @@
+2017-07-11 Chris Dumez <[email protected]>
+
+ Window's [[OwnPropertyKeys]] is wrong for cross origin windows
+ https://bugs.webkit.org/show_bug.cgi?id=174364
+ <rdar://problem/33238056>
+
+ Reviewed by Brent Fulgham.
+
+ Update test to reflect behavior change. I verified that the test is passing in Firefox.
+ The test fails in Chrome because its does not expose frames indexes on the Window, and
+ it is incorrectly listing "assign" on Location.
+
+ * http/tests/security/cross-frame-access-enumeration.html:
+
2017-07-11 Charlie Turner <[email protected]>
[GTK] editing/input new passes since r211277
Modified: trunk/LayoutTests/http/tests/security/cross-frame-access-enumeration-expected.txt (219354 => 219355)
--- trunk/LayoutTests/http/tests/security/cross-frame-access-enumeration-expected.txt 2017-07-11 19:31:26 UTC (rev 219354)
+++ trunk/LayoutTests/http/tests/security/cross-frame-access-enumeration-expected.txt 2017-07-11 20:11:57 UTC (rev 219355)
@@ -11,10 +11,13 @@
PASS: Cross frame access by enumerating the Location object was denied.
PASS: Cross frame access by getting the keys of the Location object was denied.
PASS: Cross frame access by getting the property names of the Location object was denied.
-PASS: areArraysEqual(Object.getOwnPropertyNames(b_win), whitelistedWindowProperties) should be 'true' and is.
-PASS: areArraysEqual(Reflect.ownKeys(b_win), whitelistedWindowProperties.concat(whitelistedSymbols)) should be 'true' and is.
-PASS: areArraysEqual(Object.getOwnPropertyNames(b_win.location), whitelistedLocationProperties) should be 'true' and is.
-PASS: areArraysEqual(Reflect.ownKeys(b_win.location), whitelistedLocationProperties.concat(whitelistedSymbols)) should be 'true' and is.
+PASS: areArraysEqual(Object.getOwnPropertyNames(b_win).sort(), whitelistedWindowIndices.concat(whitelistedWindowPropNames).sort()) should be 'true' and is.
+PASS: areArraysEqual(indexedWindowProps, whitelistedWindowIndices) should be 'true' and is.
+PASS: areArraysEqual(stringWindowProps.sort(), whitelistedWindowPropNames) should be 'true' and is.
+PASS: areArraysEqual(symbolWindowProps, whitelistedSymbols) should be 'true' and is.
+PASS: areArraysEqual(Object.getOwnPropertyNames(b_win.location).sort(), whitelistedLocationPropNames.sort()) should be 'true' and is.
+PASS: areArraysEqual(stringLocationProps.sort(), whitelistedLocationPropNames) should be 'true' and is.
+PASS: areArraysEqual(symbolLocationProps, whitelistedSymbols) should be 'true' and is.
PASS: successfullyParsed should be 'true' and is.
TEST COMPLETE
Modified: trunk/LayoutTests/http/tests/security/cross-frame-access-enumeration.html (219354 => 219355)
--- trunk/LayoutTests/http/tests/security/cross-frame-access-enumeration.html 2017-07-11 19:31:26 UTC (rev 219354)
+++ trunk/LayoutTests/http/tests/security/cross-frame-access-enumeration.html 2017-07-11 20:11:57 UTC (rev 219355)
@@ -85,13 +85,29 @@
}
log("PASS: Cross frame access by getting the property names of the Location object was denied.");
- whitelistedWindowProperties = ['0', '1', '2', 'blur', 'close', 'closed', 'focus', 'frames', 'length', 'location', 'opener', 'parent', 'postMessage', 'self', 'top', 'window', 'frameA', 'frameC'];
+ // Window.
+ whitelistedWindowIndices = ['0', '1', '2'];
+ whitelistedWindowPropNames = ['blur', 'close', 'closed', 'focus', 'frames', 'length', 'location', 'opener', 'parent', 'postMessage', 'self', 'top', 'window'];
whitelistedLocationProperties = ['href', 'replace'];
whitelistedSymbols = [Symbol.toStringTag, Symbol.hasInstance, Symbol.isConcatSpreadable];
- shouldBeTrue("areArraysEqual(Object.getOwnPropertyNames(b_win), whitelistedWindowProperties)");
- shouldBeTrue("areArraysEqual(Reflect.ownKeys(b_win), whitelistedWindowProperties.concat(whitelistedSymbols))");
- shouldBeTrue("areArraysEqual(Object.getOwnPropertyNames(b_win.location), whitelistedLocationProperties)");
- shouldBeTrue("areArraysEqual(Reflect.ownKeys(b_win.location), whitelistedLocationProperties.concat(whitelistedSymbols))");
+ shouldBeTrue("areArraysEqual(Object.getOwnPropertyNames(b_win).sort(), whitelistedWindowIndices.concat(whitelistedWindowPropNames).sort())");
+ allWindowProps = Reflect.ownKeys(b_win);
+ indexedWindowProps = allWindowProps.slice(0, whitelistedWindowIndices.length);
+ stringWindowProps = allWindowProps.slice(whitelistedWindowIndices.length, -1 * whitelistedSymbols.length);
+ symbolWindowProps = allWindowProps.slice(-1 * whitelistedSymbols.length);
+ shouldBeTrue("areArraysEqual(indexedWindowProps, whitelistedWindowIndices)"); // Reflect.ownKeys should start with the indices exposed on the cross-origin window.
+ shouldBeTrue("areArraysEqual(stringWindowProps.sort(), whitelistedWindowPropNames)"); // Reflect.ownKeys should continue with the cross-origin window properties for a cross-origin Window.
+ shouldBeTrue("areArraysEqual(symbolWindowProps, whitelistedSymbols)"); // Reflect.ownKeys should end with the cross-origin symbols for a cross-origin Window.
+
+ // Location.
+ whitelistedLocationPropNames = ['href', 'replace'];
+ allLocationProps = Reflect.ownKeys(b_win.location);
+ stringLocationProps = allLocationProps.slice(0, -1 * whitelistedSymbols.length);
+ symbolLocationProps = allLocationProps.slice(-1 * whitelistedSymbols.length);
+
+ shouldBeTrue("areArraysEqual(Object.getOwnPropertyNames(b_win.location).sort(), whitelistedLocationPropNames.sort())");
+ shouldBeTrue("areArraysEqual(stringLocationProps.sort(), whitelistedLocationPropNames)"); // Reflect.ownKeys should start with the cross-origin window properties for a cross-origin Location.
+ shouldBeTrue("areArraysEqual(symbolLocationProps, whitelistedSymbols)"); // Reflect.ownKeys should end with the cross-origin symbols for a cross-origin Location.
}
</script>
</head>
Modified: trunk/Source/WebCore/ChangeLog (219354 => 219355)
--- trunk/Source/WebCore/ChangeLog 2017-07-11 19:31:26 UTC (rev 219354)
+++ trunk/Source/WebCore/ChangeLog 2017-07-11 20:11:57 UTC (rev 219355)
@@ -1,3 +1,24 @@
+2017-07-11 Chris Dumez <[email protected]>
+
+ Window's [[OwnPropertyKeys]] is wrong for cross origin windows
+ https://bugs.webkit.org/show_bug.cgi?id=174364
+ <rdar://problem/33238056>
+
+ Reviewed by Brent Fulgham.
+
+ Window's [[OwnPropertyKeys]] should not list descendant frame names
+ when the window is cross-origin:
+ - https://github.com/whatwg/html/pull/2777
+
+ This aligns our behavior with Firefox and Chrome.
+
+ No new tests, updated existing test.
+
+ * bindings/js/JSDOMWindowCustom.cpp:
+ (WebCore::addCrossOriginPropertyNames):
+ (WebCore::addCrossOriginOwnPropertyNames):
+ (WebCore::JSDOMWindow::getOwnPropertyNames):
+
2017-07-11 Timothy Hatcher <[email protected]>
Fix broken build when ENABLE_VIDEO is disabled.
Modified: trunk/Source/WebCore/bindings/js/JSDOMWindowCustom.cpp (219354 => 219355)
--- trunk/Source/WebCore/bindings/js/JSDOMWindowCustom.cpp 2017-07-11 19:31:26 UTC (rev 219354)
+++ trunk/Source/WebCore/bindings/js/JSDOMWindowCustom.cpp 2017-07-11 20:11:57 UTC (rev 219355)
@@ -331,35 +331,8 @@
Base::getPropertyNames(thisObject, exec, propertyNames, mode);
}
-static bool inScope(Frame& frame, TreeScope& scope)
-{
- auto* document = frame.document();
- if (!document)
- return false;
- auto* owner = document->ownerElement();
- return owner && &owner->treeScope() == &scope;
-}
-
-static void addScopedChildrenNames(ExecState& state, DOMWindow& window, PropertyNameArray& propertyNames)
-{
- auto* document = window.document();
- if (!document)
- return;
-
- auto* frame = document->frame();
- if (!frame)
- return;
-
- for (auto* child = frame->tree().firstChild(); child; child = child->tree().nextSibling()) {
- if (!inScope(*child, *document))
- continue;
- if (!child->tree().name().isEmpty())
- propertyNames.add(Identifier::fromString(&state, child->tree().name()));
- }
-}
-
// https://html.spec.whatwg.org/#crossoriginproperties-(-o-)
-static void addCrossOriginPropertyNames(ExecState& state, DOMWindow& window, PropertyNameArray& propertyNames)
+static void addCrossOriginPropertyNames(ExecState& state, PropertyNameArray& propertyNames)
{
static const Identifier* const properties[] = {
&state.propertyNames().blur, &state.propertyNames().close, &state.propertyNames().closed,
@@ -370,8 +343,6 @@
};
for (auto* property : properties)
propertyNames.add(*property);
-
- addScopedChildrenNames(state, window, propertyNames);
}
static void addScopedChildrenIndexes(ExecState& state, DOMWindow& window, PropertyNameArray& propertyNames)
@@ -390,9 +361,9 @@
}
// https://html.spec.whatwg.org/#crossoriginownpropertykeys-(-o-)
-static void addCrossOriginOwnPropertyNames(ExecState& state, DOMWindow& window, PropertyNameArray& propertyNames)
+static void addCrossOriginOwnPropertyNames(ExecState& state, PropertyNameArray& propertyNames)
{
- addCrossOriginPropertyNames(state, window, propertyNames);
+ addCrossOriginPropertyNames(state, propertyNames);
propertyNames.add(state.propertyNames().toStringTagSymbol);
propertyNames.add(state.propertyNames().hasInstanceSymbol);
@@ -409,7 +380,7 @@
if (!BindingSecurity::shouldAllowAccessToDOMWindow(exec, thisObject->wrapped(), DoNotReportSecurityError)) {
if (mode.includeDontEnumProperties())
- addCrossOriginOwnPropertyNames(*exec, thisObject->wrapped(), propertyNames);
+ addCrossOriginOwnPropertyNames(*exec, propertyNames);
return;
}
Base::getOwnPropertyNames(thisObject, exec, propertyNames, mode);
