Diff
Modified: trunk/LayoutTests/ChangeLog (221192 => 221193)
--- trunk/LayoutTests/ChangeLog 2017-08-25 17:27:46 UTC (rev 221192)
+++ trunk/LayoutTests/ChangeLog 2017-08-25 17:28:53 UTC (rev 221193)
@@ -1,3 +1,45 @@
+2017-07-25 Frederic Wang <[email protected]>
+
+ Add flag allow-modals to iframe sandbox
+ https://bugs.webkit.org/show_bug.cgi?id=171321
+
+ Reviewed by Brent Fulgham.
+
+ The allow-modals flag is added to tests trying to open modal dialogs in sandboxed frames, now
+ that the default behavior has changed. New tests are also added to verify that the dialogs
+ are allowed or blocked according to the value of the allow-modals flag.
+
+ * fast/events/popup-blocked-from-sandboxed-frame-via-window-open-named-sibling-frame.html: Add allow-modals.
+ * fast/events/popup-blocked-from-sandboxed-frame-via-window-open-named-sibling-frame2.html: Ditto.
+ * fast/forms/autofocus-in-sandbox-with-allow-scripts.html: Ditto.
+ * fast/frames/sandboxed-iframe-navigation-top-by-name-denied.html: Ditto.
+ * fast/frames/sandboxed-iframe-parsing-space-characters.html: Ditto.
+ * fast/frames/sandboxed-iframe-scripting-02.html: Ditto.
+ * http/tests/security/contentSecurityPolicy/resources/sandboxed-eval.php: Ditto.
+ * http/tests/security/contentSecurityPolicy/sandbox-allow-scripts-in-http-header-control.html: Ditto.
+ * http/tests/security/contentSecurityPolicy/sandbox-allow-scripts-in-http-header.html: Ditto.
+ * http/tests/security/contentSecurityPolicy/sandbox-allow-scripts-in-http-header2.php: Ditto.
+ * http/tests/security/drag-drop-same-unique-origin.html: Ditto.
+ * http/tests/security/no-indexeddb-from-sandbox.html: Ditto.
+ * http/tests/security/no-popup-from-sandbox-top.html: Ditto.
+ * http/tests/security/no-popup-from-sandbox.html: Ditto.
+ * http/tests/security/popup-allowed-by-sandbox-is-sandboxed-control.html: Ditto.
+ * http/tests/security/popup-allowed-by-sandbox-when-allowed.html: Ditto.
+ * http/tests/security/xss-DENIED-window-name-alert.html: Ditto.
+ * http/tests/security/sandboxed-iframe-ALLOWED-modals.html: Added. Verify that alert,
+ confirm, prompt and print dialogs are allowed when the allow-modals flag is set.
+ * http/tests/security/sandboxed-iframe-ALLOWED-modals-expected.txt: Added.
+ * http/tests/security/sandboxed-iframe-DENIED-modals.html: Added. Verify that alert,
+ confirm, prompt and print dialogs are denied when the allow-modals flag not set. The returned
+ values are also verified.
+ * http/tests/security/sandboxed-iframe-DENIED-modals-expected.txt: Added.
+ * http/tests/misc/iframe-beforeunload-dialog-allow-modals.html: Added. Verify that the
+ confirm dialog for beforeunload is displayed when allow-modals is set.
+ * http/tests/misc/iframe-beforeunload-dialog-allow-modals-expected.txt: Added.
+ * http/tests/misc/iframe-beforeunload-dialog-block-modals.html: Added. Verify that the
+ confirm dialog for beforeunload is not displayed when allow-modals is unset.
+ * http/tests/misc/iframe-beforeunload-dialog-block-modals-expected.txt: Added.
+
2017-08-25 Jonathan Bedard <[email protected]>
Manage tests which require different device types better
Modified: trunk/LayoutTests/fast/events/popup-blocked-from-sandboxed-frame-via-window-open-named-sibling-frame.html (221192 => 221193)
--- trunk/LayoutTests/fast/events/popup-blocked-from-sandboxed-frame-via-window-open-named-sibling-frame.html 2017-08-25 17:27:46 UTC (rev 221192)
+++ trunk/LayoutTests/fast/events/popup-blocked-from-sandboxed-frame-via-window-open-named-sibling-frame.html 2017-08-25 17:28:53 UTC (rev 221193)
@@ -12,7 +12,7 @@
</head>
<body>
<iframe name="A"></iframe>
-<iframe id="B" sandbox="allow-scripts allow-same-origin allow-popups"></iframe>
+<iframe id="B" sandbox="allow-scripts allow-same-origin allow-popups allow-modals"></iframe>
<script>
document.getElementById("B").contentWindow.eval('alert(window.open("about:blank", "A") ? "FAIL" : "PASS");');
</script>
Modified: trunk/LayoutTests/fast/events/popup-blocked-from-sandboxed-frame-via-window-open-named-sibling-frame2.html (221192 => 221193)
--- trunk/LayoutTests/fast/events/popup-blocked-from-sandboxed-frame-via-window-open-named-sibling-frame2.html 2017-08-25 17:27:46 UTC (rev 221192)
+++ trunk/LayoutTests/fast/events/popup-blocked-from-sandboxed-frame-via-window-open-named-sibling-frame2.html 2017-08-25 17:28:53 UTC (rev 221193)
@@ -12,7 +12,7 @@
</head>
<body>
<iframe name="A"></iframe>
-<iframe id="B" sandbox="allow-scripts allow-same-origin allow-popups"></iframe>
+<iframe id="B" sandbox="allow-scripts allow-same-origin allow-popups allow-modals"></iframe>
<script>
document.getElementById("B").contentWindow.eval('alert(window.open.call(window.top, "about:blank", "A") ? "FAIL" : "PASS");');
</script>
Modified: trunk/LayoutTests/fast/forms/autofocus-in-sandbox-with-allow-scripts.html (221192 => 221193)
--- trunk/LayoutTests/fast/forms/autofocus-in-sandbox-with-allow-scripts.html 2017-08-25 17:27:46 UTC (rev 221192)
+++ trunk/LayoutTests/fast/forms/autofocus-in-sandbox-with-allow-scripts.html 2017-08-25 17:28:53 UTC (rev 221193)
@@ -4,5 +4,5 @@
</script>
This test passes if the activeElement is the input element rather than the body
(which it would be if the sandbox didn't allow autofocus although allow-scripts flag is set).
-<iframe sandbox="allow-scripts"
+<iframe sandbox="allow-scripts allow-modals"
src="" autofocus onfocus><script>window._onload_ = function() { alert(document.activeElement.tagName) }</script>"></iframe>
Modified: trunk/LayoutTests/fast/frames/sandboxed-iframe-navigation-top-by-name-denied.html (221192 => 221193)
--- trunk/LayoutTests/fast/frames/sandboxed-iframe-navigation-top-by-name-denied.html 2017-08-25 17:27:46 UTC (rev 221192)
+++ trunk/LayoutTests/fast/frames/sandboxed-iframe-navigation-top-by-name-denied.html 2017-08-25 17:28:53 UTC (rev 221193)
@@ -10,7 +10,7 @@
<p>This test verifies that a sandboxed IFrame cannot navigate the top-level
frame without allow-top-navigation. This test passes if the navigation does
not occur.</p>
-<iframe sandbox="allow-scripts"
+<iframe sandbox="allow-scripts allow-modals"
src=""
</body>
</html>
Modified: trunk/LayoutTests/fast/frames/sandboxed-iframe-parsing-space-characters.html (221192 => 221193)
--- trunk/LayoutTests/fast/frames/sandboxed-iframe-parsing-space-characters.html 2017-08-25 17:27:46 UTC (rev 221192)
+++ trunk/LayoutTests/fast/frames/sandboxed-iframe-parsing-space-characters.html 2017-08-25 17:28:53 UTC (rev 221193)
@@ -22,7 +22,7 @@
}
function testCharacter(possibleDelimiter, message) {
- var policy = "allow-scripts" + possibleDelimiter + "allow-forms";
+ var policy = "allow-modals allow-scripts" + possibleDelimiter + "allow-forms";
var iframe = document.createElement('iframe');
iframe.sandbox = policy;
iframe.src = "" + message + "');<\/script>";
Modified: trunk/LayoutTests/fast/frames/sandboxed-iframe-scripting-02.html (221192 => 221193)
--- trunk/LayoutTests/fast/frames/sandboxed-iframe-scripting-02.html 2017-08-25 17:27:46 UTC (rev 221192)
+++ trunk/LayoutTests/fast/frames/sandboxed-iframe-scripting-02.html 2017-08-25 17:28:53 UTC (rev 221193)
@@ -23,7 +23,7 @@
<script src=""
</head>
<body>
- <iframe sandbox="allow-same-origin allow-scripts"
+ <iframe sandbox="allow-same-origin allow-scripts allow-modals"
src="" Executed script in data URL');window.parent.postMessage({'pass': true}, '*');</script>">
</iframe>
<script>
Added: trunk/LayoutTests/http/tests/misc/iframe-beforeunload-dialog-allow-modals-expected.txt (0 => 221193)
--- trunk/LayoutTests/http/tests/misc/iframe-beforeunload-dialog-allow-modals-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/misc/iframe-beforeunload-dialog-allow-modals-expected.txt 2017-08-25 17:28:53 UTC (rev 221193)
@@ -0,0 +1,2 @@
+CONFIRM NAVIGATION: This is beforeunload from an iframe.
+
Property changes on: trunk/LayoutTests/http/tests/misc/iframe-beforeunload-dialog-allow-modals-expected.txt
___________________________________________________________________
Added: svn:eol-style
+LF
\ No newline at end of property
Added: trunk/LayoutTests/http/tests/misc/iframe-beforeunload-dialog-allow-modals.html (0 => 221193)
--- trunk/LayoutTests/http/tests/misc/iframe-beforeunload-dialog-allow-modals.html (rev 0)
+++ trunk/LayoutTests/http/tests/misc/iframe-beforeunload-dialog-allow-modals.html 2017-08-25 17:28:53 UTC (rev 221193)
@@ -0,0 +1,27 @@
+<script src=""
+<script>
+
+if (window.testRunner) {
+ testRunner.dumpAsText();
+ testRunner.waitUntilDone();
+}
+
+function navigateFrame()
+{
+ window.location.href = '';
+}
+
+window._onload_ = function()
+{
+ // Simulate a user interaction with the page so that the beforeunload alert shows.
+ const testButton = document.getElementById("testButton");
+ UIHelper.activateAt(testButton.offsetLeft + 5, testButton.offsetTop + 5);
+}
+
+</script>
+<body>
+When viewed using the host 127.0.0.1, this page has a sandboxed iframe whose security origin matches the main frame.<br>
+The iframe has a beforeunload handler, and that handler should result in the display of the page dismissal dialog since allow-modals is set.<br>
+<input id="testButton" type="button" value="Click to navigate" _onclick_="navigateFrame()">
+<iframe sandbox="allow-scripts allow-same-origin allow-modals" src=""
+</body>
Property changes on: trunk/LayoutTests/http/tests/misc/iframe-beforeunload-dialog-allow-modals.html
___________________________________________________________________
Added: svn:eol-style
+LF
\ No newline at end of property
Added: svn:mime-type
+text/html
\ No newline at end of property
Added: trunk/LayoutTests/http/tests/misc/iframe-beforeunload-dialog-block-modals-expected.txt (0 => 221193)
--- trunk/LayoutTests/http/tests/misc/iframe-beforeunload-dialog-block-modals-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/misc/iframe-beforeunload-dialog-block-modals-expected.txt 2017-08-25 17:28:53 UTC (rev 221193)
@@ -0,0 +1 @@
+
Property changes on: trunk/LayoutTests/http/tests/misc/iframe-beforeunload-dialog-block-modals-expected.txt
___________________________________________________________________
Added: svn:eol-style
+LF
\ No newline at end of property
Added: trunk/LayoutTests/http/tests/misc/iframe-beforeunload-dialog-block-modals.html (0 => 221193)
--- trunk/LayoutTests/http/tests/misc/iframe-beforeunload-dialog-block-modals.html (rev 0)
+++ trunk/LayoutTests/http/tests/misc/iframe-beforeunload-dialog-block-modals.html 2017-08-25 17:28:53 UTC (rev 221193)
@@ -0,0 +1,27 @@
+<script src=""
+<script>
+
+if (window.testRunner) {
+ testRunner.dumpAsText();
+ testRunner.waitUntilDone();
+}
+
+function navigateFrame()
+{
+ window.location.href = '';
+}
+
+window._onload_ = function()
+{
+ // Simulate a user interaction with the page so that the beforeunload alert shows.
+ const testButton = document.getElementById("testButton");
+ UIHelper.activateAt(testButton.offsetLeft + 5, testButton.offsetTop + 5);
+}
+
+</script>
+<body>
+When viewed using the host 127.0.0.1, this page has a sandboxed iframe whose security origin matches the main frame.<br>
+The iframe has a beforeunload handler, and that handler should not result in the display of the page dismissal dialog since allow-modals is not set.<br>
+<input id="testButton" type="button" value="Click to navigate" _onclick_="navigateFrame()">
+<iframe sandbox="allow-scripts allow-same-origin" src=""
+</body>
Property changes on: trunk/LayoutTests/http/tests/misc/iframe-beforeunload-dialog-block-modals.html
___________________________________________________________________
Added: svn:eol-style
+LF
\ No newline at end of property
Added: svn:mime-type
+text/html
\ No newline at end of property
Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/sandboxed-eval.php (221192 => 221193)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/sandboxed-eval.php 2017-08-25 17:27:46 UTC (rev 221192)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/resources/sandboxed-eval.php 2017-08-25 17:28:53 UTC (rev 221193)
@@ -1,5 +1,5 @@
<?php
-header("Content-Security-Policy: sandbox allow-scripts");
+header("Content-Security-Policy: sandbox allow-scripts allow-modals");
?>
<script>
alert('PASS (1/2): Script can execute');
Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/sandbox-allow-scripts-in-http-header-control.html (221192 => 221193)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/sandbox-allow-scripts-in-http-header-control.html 2017-08-25 17:27:46 UTC (rev 221192)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/sandbox-allow-scripts-in-http-header-control.html 2017-08-25 17:28:53 UTC (rev 221193)
@@ -1,5 +1,5 @@
<!DOCTYPE html>
-<iframe src=""
+<iframe src=""
<script>
if (window.testRunner)
testRunner.dumpAsText();
Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/sandbox-allow-scripts-in-http-header.html (221192 => 221193)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/sandbox-allow-scripts-in-http-header.html 2017-08-25 17:27:46 UTC (rev 221192)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/sandbox-allow-scripts-in-http-header.html 2017-08-25 17:28:53 UTC (rev 221193)
@@ -1,5 +1,5 @@
<!DOCTYPE html>
-<iframe src=""
+<iframe src=""
<script>
if (window.testRunner)
testRunner.dumpAsText();
Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/sandbox-allow-scripts-in-http-header2.php (221192 => 221193)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/sandbox-allow-scripts-in-http-header2.php 2017-08-25 17:27:46 UTC (rev 221192)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/sandbox-allow-scripts-in-http-header2.php 2017-08-25 17:28:53 UTC (rev 221193)
@@ -1,5 +1,5 @@
<?php
- header("Content-Security-Policy: sandbox allow-scripts");
+ header("Content-Security-Policy: sandbox allow-scripts allow-modals");
?>
<!DOCTYPE html>
<html>
Modified: trunk/LayoutTests/http/tests/security/drag-drop-same-unique-origin.html (221192 => 221193)
--- trunk/LayoutTests/http/tests/security/drag-drop-same-unique-origin.html 2017-08-25 17:27:46 UTC (rev 221192)
+++ trunk/LayoutTests/http/tests/security/drag-drop-same-unique-origin.html 2017-08-25 17:28:53 UTC (rev 221193)
@@ -8,6 +8,6 @@
</script>
</head>
<body>
-<iframe src="" sandbox="allow-scripts"></iframe>
+<iframe src="" sandbox="allow-scripts allow-modals"></iframe>
</body>
</html>
Modified: trunk/LayoutTests/http/tests/security/no-indexeddb-from-sandbox.html (221192 => 221193)
--- trunk/LayoutTests/http/tests/security/no-indexeddb-from-sandbox.html 2017-08-25 17:27:46 UTC (rev 221192)
+++ trunk/LayoutTests/http/tests/security/no-indexeddb-from-sandbox.html 2017-08-25 17:28:53 UTC (rev 221193)
@@ -2,7 +2,7 @@
if (window.testRunner)
testRunner.dumpAsText();
</script>
-<iframe sandbox="allow-scripts"
+<iframe sandbox="allow-scripts allow-modals"
src=""
<script>
var db = window.webkitIndexedDB;
Modified: trunk/LayoutTests/http/tests/security/no-popup-from-sandbox-top.html (221192 => 221193)
--- trunk/LayoutTests/http/tests/security/no-popup-from-sandbox-top.html 2017-08-25 17:27:46 UTC (rev 221192)
+++ trunk/LayoutTests/http/tests/security/no-popup-from-sandbox-top.html 2017-08-25 17:28:53 UTC (rev 221193)
@@ -5,7 +5,7 @@
}
</script>
<p>To run this test outside of DumpRenderTree, please disable your popup blocker!</p>
-<iframe sandbox="allow-scripts"
+<iframe sandbox="allow-scripts allow-modals"
src=""
<script>
var win = window.open('about:blank', '_top');
Modified: trunk/LayoutTests/http/tests/security/no-popup-from-sandbox.html (221192 => 221193)
--- trunk/LayoutTests/http/tests/security/no-popup-from-sandbox.html 2017-08-25 17:27:46 UTC (rev 221192)
+++ trunk/LayoutTests/http/tests/security/no-popup-from-sandbox.html 2017-08-25 17:28:53 UTC (rev 221193)
@@ -5,7 +5,7 @@
}
</script>
<p>To run this test outside of DumpRenderTree, please disable your popup blocker!</p>
-<iframe sandbox="allow-scripts"
+<iframe sandbox="allow-scripts allow-modals"
src=""
<script>
var win = window.open('about:blank', '_blank');
Modified: trunk/LayoutTests/http/tests/security/popup-allowed-by-sandbox-is-sandboxed-control.html (221192 => 221193)
--- trunk/LayoutTests/http/tests/security/popup-allowed-by-sandbox-is-sandboxed-control.html 2017-08-25 17:27:46 UTC (rev 221192)
+++ trunk/LayoutTests/http/tests/security/popup-allowed-by-sandbox-is-sandboxed-control.html 2017-08-25 17:28:53 UTC (rev 221193)
@@ -8,7 +8,7 @@
</script>
<p>To run this test outside of DumpRenderTree, please disable your popup blocker!</p>
<p>If you change this test, please be sure to change popup-allowed-by-sandbox-is-sandboxed.html as well!</p>
-<iframe sandbox="allow-scripts allow-popups allow-forms"
+<iframe sandbox="allow-scripts allow-modals allow-popups allow-forms"
src=""
<script>
var win = window.open('data:text/html,<form action="" ><input type=submit></form><script>document.forms[0].submit(); if (window.testRunner) testRunner.notifyDone();<\/script>', '_blank');
Modified: trunk/LayoutTests/http/tests/security/popup-allowed-by-sandbox-when-allowed.html (221192 => 221193)
--- trunk/LayoutTests/http/tests/security/popup-allowed-by-sandbox-when-allowed.html 2017-08-25 17:27:46 UTC (rev 221192)
+++ trunk/LayoutTests/http/tests/security/popup-allowed-by-sandbox-when-allowed.html 2017-08-25 17:28:53 UTC (rev 221193)
@@ -7,7 +7,7 @@
}
</script>
<p>To run this test outside of DumpRenderTree, please disable your popup blocker!</p>
-<iframe sandbox="allow-scripts allow-popups"
+<iframe sandbox="allow-scripts allow-modals allow-popups"
src=""
<script>
var win = window.open('data:text/html,<script>if (window.testRunner) testRunner.notifyDone();<\/script>', '_blank');
Added: trunk/LayoutTests/http/tests/security/sandboxed-iframe-ALLOWED-modals-expected.txt (0 => 221193)
--- trunk/LayoutTests/http/tests/security/sandboxed-iframe-ALLOWED-modals-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/security/sandboxed-iframe-ALLOWED-modals-expected.txt 2017-08-25 17:28:53 UTC (rev 221193)
@@ -0,0 +1,6 @@
+ALERT: MESSAGE
+CONFIRM: MESSAGE?
+PROMPT: MESSAGE:, default text: DEFAULT
+This test passes if opening modal dialogs is allowed and no error message is logged in the console.
+
+
Property changes on: trunk/LayoutTests/http/tests/security/sandboxed-iframe-ALLOWED-modals-expected.txt
___________________________________________________________________
Added: svn:eol-style
+LF
\ No newline at end of property
Added: trunk/LayoutTests/http/tests/security/sandboxed-iframe-ALLOWED-modals.html (0 => 221193)
--- trunk/LayoutTests/http/tests/security/sandboxed-iframe-ALLOWED-modals.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/sandboxed-iframe-ALLOWED-modals.html 2017-08-25 17:28:53 UTC (rev 221193)
@@ -0,0 +1,25 @@
+<script>
+if (window.testRunner)
+ testRunner.dumpAsText();
+</script>
+<p>This test passes if opening modal dialogs is allowed and no error message is logged in the console.</p>
+<iframe sandbox="allow-scripts allow-modals"
+ src=""
+ alert('MESSAGE');
+ </script>"></iframe>
+<iframe sandbox="allow-scripts allow-modals"
+ src=""
+ confirm('MESSAGE?');
+ </script>"></iframe>
+<iframe sandbox="allow-scripts allow-modals"
+ src=""
+ prompt('MESSAGE:', 'DEFAULT');
+ </script>"></iframe>
+<iframe sandbox="allow-scripts allow-modals"
+ src=""
+ print();
+ </script>"></iframe>
+<iframe sandbox="allow-scripts allow-modals"
+ src=""
+ document.execCommand('print', true, null);
+ </script>"></iframe>
Property changes on: trunk/LayoutTests/http/tests/security/sandboxed-iframe-ALLOWED-modals.html
___________________________________________________________________
Added: svn:eol-style
+LF
\ No newline at end of property
Added: svn:mime-type
+text/html
\ No newline at end of property
Added: trunk/LayoutTests/http/tests/security/sandboxed-iframe-DENIED-modals-expected.txt (0 => 221193)
--- trunk/LayoutTests/http/tests/security/sandboxed-iframe-DENIED-modals-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/security/sandboxed-iframe-DENIED-modals-expected.txt 2017-08-25 17:28:53 UTC (rev 221193)
@@ -0,0 +1,13 @@
+CONSOLE MESSAGE: line 1: Use of window.alert is not allowed in a sandboxed frame when the allow-modals flag is not set.
+CONSOLE MESSAGE: line 1: window.alert returned undefined
+CONSOLE MESSAGE: line 1: Use of window.confirm is not allowed in a sandboxed frame when the allow-modals flag is not set.
+CONSOLE MESSAGE: line 1: window.confirm returned false
+CONSOLE MESSAGE: line 1: Use of window.prompt is not allowed in a sandboxed frame when the allow-modals flag is not set.
+CONSOLE MESSAGE: line 1: window.prompt returned null
+CONSOLE MESSAGE: line 1: window.print returned undefined
+CONSOLE MESSAGE: Use of window.print is not allowed in a sandboxed frame when the allow-modals flag is not set.
+CONSOLE MESSAGE: line 1: Use of window.print is not allowed in a sandboxed frame when the allow-modals flag is not set.
+CONSOLE MESSAGE: line 1: document.execCommand returned false
+This test passes if opening modal dialogs is blocked and the corresponding calls return immediately with the expected values.
+
+
Property changes on: trunk/LayoutTests/http/tests/security/sandboxed-iframe-DENIED-modals-expected.txt
___________________________________________________________________
Added: svn:eol-style
+LF
\ No newline at end of property
Added: trunk/LayoutTests/http/tests/security/sandboxed-iframe-DENIED-modals.html (0 => 221193)
--- trunk/LayoutTests/http/tests/security/sandboxed-iframe-DENIED-modals.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/sandboxed-iframe-DENIED-modals.html 2017-08-25 17:28:53 UTC (rev 221193)
@@ -0,0 +1,25 @@
+<script>
+if (window.testRunner)
+ testRunner.dumpAsText();
+</script>
+<p>This test passes if opening modal dialogs is blocked and the corresponding calls return immediately with the expected values.</p>
+<iframe sandbox="allow-scripts"
+ src=""
+ console.log('window.alert returned ' + alert('MESSAGE'));
+ </script>"></iframe>
+<iframe sandbox="allow-scripts"
+ src=""
+ console.log('window.confirm returned ' + confirm('MESSAGE?'));
+ </script>"></iframe>
+<iframe sandbox="allow-scripts"
+ src=""
+ console.log('window.prompt returned ' + prompt('MESSAGE:', 'DEFAULT'));
+ </script>"></iframe>
+<iframe sandbox="allow-scripts"
+ src=""
+ console.log('window.print returned ' + print());
+ </script>"></iframe>
+<iframe sandbox="allow-scripts"
+ src=""
+ console.log('document.execCommand returned ' + document.execCommand('print', true, null));
+ </script>"></iframe>
Property changes on: trunk/LayoutTests/http/tests/security/sandboxed-iframe-DENIED-modals.html
___________________________________________________________________
Added: svn:eol-style
+LF
\ No newline at end of property
Added: svn:mime-type
+text/html
\ No newline at end of property
Modified: trunk/LayoutTests/http/tests/security/xss-DENIED-window-name-alert.html (221192 => 221193)
--- trunk/LayoutTests/http/tests/security/xss-DENIED-window-name-alert.html 2017-08-25 17:27:46 UTC (rev 221192)
+++ trunk/LayoutTests/http/tests/security/xss-DENIED-window-name-alert.html 2017-08-25 17:28:53 UTC (rev 221193)
@@ -2,7 +2,7 @@
if (window.testRunner)
testRunner.dumpAsText();
</script>
-<iframe sandbox="allow-scripts"
+<iframe sandbox="allow-scripts allow-modals"
src=""
window.name='alert2';
alert(top.alert2 === window ? 'PASS' : 'FAIL');
Modified: trunk/Source/WebCore/ChangeLog (221192 => 221193)
--- trunk/Source/WebCore/ChangeLog 2017-08-25 17:27:46 UTC (rev 221192)
+++ trunk/Source/WebCore/ChangeLog 2017-08-25 17:28:53 UTC (rev 221193)
@@ -1,3 +1,42 @@
+2017-07-25 Frederic Wang <[email protected]>
+
+ Add flag allow-modals to iframe sandbox
+ https://bugs.webkit.org/show_bug.cgi?id=171321
+
+ This patch implements the "allow-modals" value for the iframe sandbox attribute. It changes
+ the behavior for sandboxed document so that alert, confirm, prompt, print as well as dialogs
+ generated from a beforeunload event are blocked when allow-modals is not set, as defined in
+ the specification. For consistency, we do the same for document.execCommand('print', ...).
+ Users should use the allow-modals flag in order to explictly allow modal dialogs.
+
+ See https://html.spec.whatwg.org/multipage/origin.html#sandboxed-modals-flag
+
+ Reviewed by Brent Fulgham.
+
+ Tests: http/tests/security/sandboxed-iframe-ALLOWED-modals.html
+ http/tests/security/sandboxed-iframe-DENIED-modals.html
+
+ * dom/SecurityContext.cpp: Implement parsing for allow-modals
+ (WebCore::SecurityContext::isSupportedSandboxPolicy):
+ (WebCore::SecurityContext::parseSandboxPolicy):
+ * dom/SecurityContext.h: Introduce flag for allow-modals
+ * loader/FrameLoader.cpp:
+ (WebCore::shouldAskForNavigationConfirmation): Prevent confirm dialog from beforeunload when
+ allow-modals is not set.
+ * page/Chrome.h: Change the signature of print, so it may return a failure when the
+ allow-modals flag is not set.
+ * page/Chrome.cpp:
+ (WebCore::Chrome::print): Returns false and print a message error when the allow-modals flag
+ on the frame's document is not set. Otherwise, execute the command and returns true.
+ * editing/EditorCommand.cpp:
+ (WebCore::executePrint): Ensure that document.execCommand for 'print' returns false when the
+ allow-modals flag is not set.
+ * page/DOMWindow.cpp: Add early exit when alert, confirm or prompt when the allow-modals flag
+ for that document is not set. Note that print is handled in Chrome.cpp.
+ (WebCore::DOMWindow::alert): Add early exit.
+ (WebCore::DOMWindow::confirm): Add early exit with the return value indicated in the spec.
+ (WebCore::DOMWindow::prompt): Ditto.
+
2017-08-25 Brady Eidson <[email protected]>
Unreviewed, rolling out r221181.
Modified: trunk/Source/WebCore/dom/SecurityContext.cpp (221192 => 221193)
--- trunk/Source/WebCore/dom/SecurityContext.cpp 2017-08-25 17:27:46 UTC (rev 221192)
+++ trunk/Source/WebCore/dom/SecurityContext.cpp 2017-08-25 17:28:53 UTC (rev 221193)
@@ -85,7 +85,7 @@
bool SecurityContext::isSupportedSandboxPolicy(StringView policy)
{
static const char* const supportedPolicies[] = {
- "allow-forms", "allow-same-origin", "allow-scripts", "allow-top-navigation", "allow-pointer-lock", "allow-popups", "allow-popups-to-escape-sandbox", "allow-top-navigation-by-user-activation"
+ "allow-forms", "allow-same-origin", "allow-scripts", "allow-top-navigation", "allow-pointer-lock", "allow-popups", "allow-popups-to-escape-sandbox", "allow-top-navigation-by-user-activation", "allow-modals"
};
for (auto* supportedPolicy : supportedPolicies) {
@@ -134,6 +134,8 @@
flags &= ~SandboxPropagatesToAuxiliaryBrowsingContexts;
else if (equalLettersIgnoringASCIICase(sandboxToken, "allow-top-navigation-by-user-activation"))
flags &= ~SandboxTopNavigationByUserActivation;
+ else if (equalLettersIgnoringASCIICase(sandboxToken, "allow-modals"))
+ flags &= ~SandboxModals;
else {
if (numberOfTokenErrors)
tokenErrors.appendLiteral(", '");
Modified: trunk/Source/WebCore/dom/SecurityContext.h (221192 => 221193)
--- trunk/Source/WebCore/dom/SecurityContext.h 2017-08-25 17:27:46 UTC (rev 221192)
+++ trunk/Source/WebCore/dom/SecurityContext.h 2017-08-25 17:28:53 UTC (rev 221193)
@@ -53,6 +53,7 @@
SandboxPropagatesToAuxiliaryBrowsingContexts = 1 << 9,
SandboxTopNavigationByUserActivation = 1 << 10,
SandboxDocumentDomain = 1 << 11,
+ SandboxModals = 1 << 12,
SandboxAll = -1 // Mask with all bits set to 1.
};
Modified: trunk/Source/WebCore/editing/EditorCommand.cpp (221192 => 221193)
--- trunk/Source/WebCore/editing/EditorCommand.cpp 2017-08-25 17:27:46 UTC (rev 221192)
+++ trunk/Source/WebCore/editing/EditorCommand.cpp 2017-08-25 17:28:53 UTC (rev 221193)
@@ -930,8 +930,7 @@
Page* page = frame.page();
if (!page)
return false;
- page->chrome().print(frame);
- return true;
+ return page->chrome().print(frame);
}
static bool executeRedo(Frame& frame, Event*, EditorCommandSource, const String&)
Modified: trunk/Source/WebCore/loader/FrameLoader.cpp (221192 => 221193)
--- trunk/Source/WebCore/loader/FrameLoader.cpp 2017-08-25 17:27:46 UTC (rev 221192)
+++ trunk/Source/WebCore/loader/FrameLoader.cpp 2017-08-25 17:28:53 UTC (rev 221193)
@@ -3042,6 +3042,10 @@
static bool shouldAskForNavigationConfirmation(Document& document, const BeforeUnloadEvent& event)
{
+ // Confirmation dialog should not be displayed when the allow-modals flag is not set.
+ if (document.isSandboxed(SandboxModals))
+ return false;
+
bool userDidInteractWithPage = document.topDocument().userDidInteractWithPage();
// Web pages can request we ask for confirmation before navigating by:
// - Cancelling the BeforeUnloadEvent (modern way)
Modified: trunk/Source/WebCore/page/Chrome.cpp (221192 => 221193)
--- trunk/Source/WebCore/page/Chrome.cpp 2017-08-25 17:27:46 UTC (rev 221192)
+++ trunk/Source/WebCore/page/Chrome.cpp 2017-08-25 17:28:53 UTC (rev 221193)
@@ -23,6 +23,7 @@
#include "Chrome.h"
#include "ChromeClient.h"
+#include "DOMWindow.h"
#include "Document.h"
#include "DocumentType.h"
#include "FileIconLoader.h"
@@ -395,10 +396,17 @@
m_client.setToolTip(toolTip, toolTipDirection);
}
-void Chrome::print(Frame& frame)
+bool Chrome::print(Frame& frame)
{
// FIXME: This should have PageGroupLoadDeferrer, like runModal() or runJavaScriptAlert(), because it's no different from those.
+
+ if (frame.document()->isSandboxed(SandboxModals)) {
+ frame.document()->domWindow()->printErrorMessage("Use of window.print is not allowed in a sandboxed frame when the allow-modals flag is not set.");
+ return false;
+ }
+
m_client.print(frame);
+ return true;
}
void Chrome::enableSuddenTermination()
Modified: trunk/Source/WebCore/page/Chrome.h (221192 => 221193)
--- trunk/Source/WebCore/page/Chrome.h 2017-08-25 17:27:46 UTC (rev 221192)
+++ trunk/Source/WebCore/page/Chrome.h 2017-08-25 17:28:53 UTC (rev 221193)
@@ -144,7 +144,7 @@
void setToolTip(const HitTestResult&);
- WEBCORE_EXPORT void print(Frame&);
+ WEBCORE_EXPORT bool print(Frame&);
WEBCORE_EXPORT void enableSuddenTermination();
WEBCORE_EXPORT void disableSuddenTermination();
Modified: trunk/Source/WebCore/page/DOMWindow.cpp (221192 => 221193)
--- trunk/Source/WebCore/page/DOMWindow.cpp 2017-08-25 17:27:46 UTC (rev 221192)
+++ trunk/Source/WebCore/page/DOMWindow.cpp 2017-08-25 17:28:53 UTC (rev 221193)
@@ -1127,6 +1127,11 @@
if (!m_frame)
return;
+ if (document()->isSandboxed(SandboxModals)) {
+ printErrorMessage("Use of window.alert is not allowed in a sandboxed frame when the allow-modals flag is not set.");
+ return;
+ }
+
auto* page = m_frame->page();
if (!page)
return;
@@ -1149,6 +1154,11 @@
if (!m_frame)
return false;
+ if (document()->isSandboxed(SandboxModals)) {
+ printErrorMessage("Use of window.confirm is not allowed in a sandboxed frame when the allow-modals flag is not set.");
+ return false;
+ }
+
auto* page = m_frame->page();
if (!page)
return false;
@@ -1171,6 +1181,11 @@
if (!m_frame)
return String();
+ if (document()->isSandboxed(SandboxModals)) {
+ printErrorMessage("Use of window.prompt is not allowed in a sandboxed frame when the allow-modals flag is not set.");
+ return String();
+ }
+
auto* page = m_frame->page();
if (!page)
return String();
