[webkit-changes] [222099] trunk

Fri, 15 Sep 2017 10:55:16 -0700

Title: [222099] trunk
Revision
222099
Author
[email protected]
Date
2017-09-15 10:54:35 -0700 (Fri, 15 Sep 2017)

Log Message

Storage Access API: Deny access to nested iframes
https://bugs.webkit.org/show_bug.cgi?id=176939
<rdar://problem/34439609>

Reviewed by Brent Fulgham.

Source/WebCore:

Test: http/tests/storageAccess/request-and-grant-storage-access-cross-origin-sandboxed-nested-iframe.html

* dom/Document.cpp:
(WebCore::Document::requestStorageAccess):

LayoutTests:

* http/tests/storageAccess/request-and-grant-storage-access-cross-origin-sandboxed-nested-iframe-expected.txt: Added.
* http/tests/storageAccess/request-and-grant-storage-access-cross-origin-sandboxed-nested-iframe.html: Added.
* http/tests/storageAccess/resources/nesting-iframe.html: Added.
* platform/mac-wk2/TestExpectations:
    Added the new test as a [ Pass ].

Modified Paths

Added Paths

Diff

Modified: trunk/LayoutTests/ChangeLog (222098 => 222099)


--- trunk/LayoutTests/ChangeLog	2017-09-15 17:44:49 UTC (rev 222098)
+++ trunk/LayoutTests/ChangeLog	2017-09-15 17:54:35 UTC (rev 222099)
@@ -1,3 +1,17 @@
+2017-09-15  John Wilander  <[email protected]>
+
+        Storage Access API: Deny access to nested iframes
+        https://bugs.webkit.org/show_bug.cgi?id=176939
+        <rdar://problem/34439609>
+
+        Reviewed by Brent Fulgham.
+
+        * http/tests/storageAccess/request-and-grant-storage-access-cross-origin-sandboxed-nested-iframe-expected.txt: Added.
+        * http/tests/storageAccess/request-and-grant-storage-access-cross-origin-sandboxed-nested-iframe.html: Added.
+        * http/tests/storageAccess/resources/nesting-iframe.html: Added.
+        * platform/mac-wk2/TestExpectations:
+            Added the new test as a [ Pass ].
+
 2017-09-15  Brent Fulgham  <[email protected]>
 
         Make DocumentLoader a FrameDestructionObserver

Added: trunk/LayoutTests/http/tests/storageAccess/request-and-grant-storage-access-cross-origin-sandboxed-nested-iframe-expected.txt (0 => 222099)


--- trunk/LayoutTests/http/tests/storageAccess/request-and-grant-storage-access-cross-origin-sandboxed-nested-iframe-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/http/tests/storageAccess/request-and-grant-storage-access-cross-origin-sandboxed-nested-iframe-expected.txt	2017-09-15 17:54:35 UTC (rev 222099)
@@ -0,0 +1,10 @@
+CONSOLE MESSAGE: line 68: PASS document.hasStorageAccess was denied.
+Tests that cross-origin iframe storage access is denied if the iframe is sandboxed, has the allow token, but is nested.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS successfullyParsed is true
+
+TEST COMPLETE
+

Added: trunk/LayoutTests/http/tests/storageAccess/request-and-grant-storage-access-cross-origin-sandboxed-nested-iframe.html (0 => 222099)


--- trunk/LayoutTests/http/tests/storageAccess/request-and-grant-storage-access-cross-origin-sandboxed-nested-iframe.html	                        (rev 0)
+++ trunk/LayoutTests/http/tests/storageAccess/request-and-grant-storage-access-cross-origin-sandboxed-nested-iframe.html	2017-09-15 17:54:35 UTC (rev 222099)
@@ -0,0 +1,35 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <script src=""
+    <script src=""
+    <script>
+        description("Tests that cross-origin iframe storage access is denied if the iframe is sandboxed, has the allow token, but is nested.");
+        jsTestIsAsync = true;
+
+        function activateElement(elementId) {
+            var element = document.getElementById(elementId);
+            var centerX = element.offsetLeft + element.offsetWidth / 2;
+            var centerY = element.offsetTop + element.offsetHeight / 2;
+            UIHelper.activateAt(centerX, centerY).then(
+                function () {
+                    if (window.eventSender)
+                        eventSender.keyDown("escape");
+                    finishJSTest();
+                },
+                function () {
+                    testFailed("Promise rejected.");
+                    finishJSTest();
+                }
+            );
+        }
+
+        function runTest() {
+            setTimeout('activateElement("theIframe")', 500);
+        }
+    </script>
+</head>
+<body>
+<iframe sandbox="allow-storage-access-by-user-activation allow-scripts allow-same-origin allow-modals" _onload_="runTest()" id="theIframe" src=""
+</body>
+</html>
\ No newline at end of file

Added: trunk/LayoutTests/http/tests/storageAccess/resources/nesting-iframe.html (0 => 222099)


--- trunk/LayoutTests/http/tests/storageAccess/resources/nesting-iframe.html	                        (rev 0)
+++ trunk/LayoutTests/http/tests/storageAccess/resources/nesting-iframe.html	2017-09-15 17:54:35 UTC (rev 222099)
@@ -0,0 +1,8 @@
+<!DOCTYPE html>
+<html>
+<head>
+</head>
+<body>
+<iframe sandbox="allow-storage-access-by-user-activation allow-scripts allow-same-origin allow-modals" id="theIframe" src=""
+</body>
+</html>
\ No newline at end of file

Modified: trunk/LayoutTests/platform/mac-wk2/TestExpectations (222098 => 222099)


--- trunk/LayoutTests/platform/mac-wk2/TestExpectations	2017-09-15 17:44:49 UTC (rev 222098)
+++ trunk/LayoutTests/platform/mac-wk2/TestExpectations	2017-09-15 17:54:35 UTC (rev 222099)
@@ -755,6 +755,7 @@
 http/tests/storageAccess/request-storage-access-same-origin-iframe.html [ Pass ]
 http/tests/storageAccess/request-storage-access-same-origin-sandboxed-iframe-without-allow-token.html [ Pass ]
 http/tests/storageAccess/request-storage-access-same-origin-sandboxed-iframe.html [ Pass ]
+http/tests/storageAccess/request-and-grant-storage-access-cross-origin-sandboxed-nested-iframe.html [ Pass ]
 
 webkit.org/b/173861 [ Release ] http/tests/webrtc/filtering-ice-candidate-same-origin-frame.html [ Pass Timeout ]
 webkit.org/b/173861 [ Release ] http/tests/webrtc/filtering-ice-candidate-cross-origin-frame.html [ Pass Timeout ]

Modified: trunk/Source/WebCore/ChangeLog (222098 => 222099)


--- trunk/Source/WebCore/ChangeLog	2017-09-15 17:44:49 UTC (rev 222098)
+++ trunk/Source/WebCore/ChangeLog	2017-09-15 17:54:35 UTC (rev 222099)
@@ -1,3 +1,16 @@
+2017-09-15  John Wilander  <[email protected]>
+
+        Storage Access API: Deny access to nested iframes
+        https://bugs.webkit.org/show_bug.cgi?id=176939
+        <rdar://problem/34439609>
+
+        Reviewed by Brent Fulgham.
+
+        Test: http/tests/storageAccess/request-and-grant-storage-access-cross-origin-sandboxed-nested-iframe.html
+
+        * dom/Document.cpp:
+        (WebCore::Document::requestStorageAccess):
+
 2017-09-15  Antti Koivisto  <[email protected]>
 
         AnimationBase should ref the element

Modified: trunk/Source/WebCore/dom/Document.cpp (222098 => 222099)


--- trunk/Source/WebCore/dom/Document.cpp	2017-09-15 17:44:49 UTC (rev 222098)
+++ trunk/Source/WebCore/dom/Document.cpp	2017-09-15 17:54:35 UTC (rev 222099)
@@ -7314,9 +7314,16 @@
         promise->resolve<IDLBoolean>(false);
         return;
     }
-    
+
+    // The iframe has to be a direct child of the top document.
+    auto& topDocument = this->topDocument();
+    if (&topDocument != parentDocument()) {
+        promise->resolve<IDLBoolean>(false);
+        return;
+    }
+
     auto& securityOrigin = this->securityOrigin();
-    auto& topSecurityOrigin = topDocument().securityOrigin();
+    auto& topSecurityOrigin = topDocument.securityOrigin();
     if (securityOrigin.equal(&topSecurityOrigin)) {
         m_hasStorageAccess = true;
         promise->resolve<IDLBoolean>(true);

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to