[webkit-changes] [227658] branches/safari-605-branch

Thu, 25 Jan 2018 21:03:35 -0800

Title: [227658] branches/safari-605-branch

Diff

Modified: branches/safari-605-branch/LayoutTests/ChangeLog (227657 => 227658)


--- branches/safari-605-branch/LayoutTests/ChangeLog	2018-01-26 05:03:09 UTC (rev 227657)
+++ branches/safari-605-branch/LayoutTests/ChangeLog	2018-01-26 05:03:12 UTC (rev 227658)
@@ -1,5 +1,23 @@
 2018-01-25  Jason Marcell  <[email protected]>
 
+        Cherry-pick r227567. rdar://problem/36873353
+
+    2018-01-24  Daniel Bates  <[email protected]>
+
+            [CSP] Check policy for targeted windows when navigating to a _javascript_ URL
+            https://bugs.webkit.org/show_bug.cgi?id=182018
+            <rdar://problem/36795781>
+
+            Reviewed by Brent Fulgham.
+
+            * http/tests/security/contentSecurityPolicy/resources/window-open-_javascript_-url-with-target-blocked.html: Added.
+            * http/tests/security/contentSecurityPolicy/resources/window-open-_javascript_-url-with-target-blocked.js: Added.
+            (done):
+            * http/tests/security/contentSecurityPolicy/window-open-_javascript_-url-with-target-blocked-expected.txt: Added.
+            * http/tests/security/contentSecurityPolicy/window-open-_javascript_-url-with-target-blocked.html: Added.
+
+2018-01-25  Jason Marcell  <[email protected]>
+
         Cherry-pick r227566. rdar://problem/36722508
 
     2018-01-24  Chris Dumez  <[email protected]>

Added: branches/safari-605-branch/LayoutTests/http/tests/security/contentSecurityPolicy/resources/window-open-_javascript_-url-with-target-blocked.html (0 => 227658)


--- branches/safari-605-branch/LayoutTests/http/tests/security/contentSecurityPolicy/resources/window-open-_javascript_-url-with-target-blocked.html	                        (rev 0)
+++ branches/safari-605-branch/LayoutTests/http/tests/security/contentSecurityPolicy/resources/window-open-_javascript_-url-with-target-blocked.html	2018-01-26 05:03:12 UTC (rev 227658)
@@ -0,0 +1,7 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="script-src 'self'">
+<script src=""
+</head>
+</html>

Added: branches/safari-605-branch/LayoutTests/http/tests/security/contentSecurityPolicy/resources/window-open-_javascript_-url-with-target-blocked.js (0 => 227658)


--- branches/safari-605-branch/LayoutTests/http/tests/security/contentSecurityPolicy/resources/window-open-_javascript_-url-with-target-blocked.js	                        (rev 0)
+++ branches/safari-605-branch/LayoutTests/http/tests/security/contentSecurityPolicy/resources/window-open-_javascript_-url-with-target-blocked.js	2018-01-26 05:03:12 UTC (rev 227658)
@@ -0,0 +1,8 @@
+function done()
+{
+    if (window.testRunner)
+        testRunner.notifyDone();
+}
+
+window.open("_javascript_:window.opener.document.writeln('FAIL')", "child");
+window.setTimeout(done, 0);

Added: branches/safari-605-branch/LayoutTests/http/tests/security/contentSecurityPolicy/window-open-_javascript_-url-with-target-blocked-expected.txt (0 => 227658)


--- branches/safari-605-branch/LayoutTests/http/tests/security/contentSecurityPolicy/window-open-_javascript_-url-with-target-blocked-expected.txt	                        (rev 0)
+++ branches/safari-605-branch/LayoutTests/http/tests/security/contentSecurityPolicy/window-open-_javascript_-url-with-target-blocked-expected.txt	2018-01-26 05:03:12 UTC (rev 227658)
@@ -0,0 +1,2 @@
+CONSOLE MESSAGE: line 1: Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy.
+

Added: branches/safari-605-branch/LayoutTests/http/tests/security/contentSecurityPolicy/window-open-_javascript_-url-with-target-blocked.html (0 => 227658)


--- branches/safari-605-branch/LayoutTests/http/tests/security/contentSecurityPolicy/window-open-_javascript_-url-with-target-blocked.html	                        (rev 0)
+++ branches/safari-605-branch/LayoutTests/http/tests/security/contentSecurityPolicy/window-open-_javascript_-url-with-target-blocked.html	2018-01-26 05:03:12 UTC (rev 227658)
@@ -0,0 +1,17 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script>
+if (window.testRunner) {
+    testRunner.dumpAsText();
+    testRunner.waitUntilDone();
+    testRunner.setCanOpenWindows();
+    testRunner.setCloseRemainingWindowsWhenComplete(true);
+}
+var child = window.open("about:blank", "child");
+child.name = "child";
+child.location.href = ""
+location.replace("resources/window-open-_javascript_-url-with-target-blocked.html");
+</script>
+</head>
+</html>

Modified: branches/safari-605-branch/Source/WebCore/ChangeLog (227657 => 227658)


--- branches/safari-605-branch/Source/WebCore/ChangeLog	2018-01-26 05:03:09 UTC (rev 227657)
+++ branches/safari-605-branch/Source/WebCore/ChangeLog	2018-01-26 05:03:12 UTC (rev 227658)
@@ -1,5 +1,24 @@
 2018-01-25  Jason Marcell  <[email protected]>
 
+        Cherry-pick r227567. rdar://problem/36873353
+
+    2018-01-24  Daniel Bates  <[email protected]>
+
+            [CSP] Check policy for targeted windows when navigating to a _javascript_ URL
+            https://bugs.webkit.org/show_bug.cgi?id=182018
+            <rdar://problem/36795781>
+
+            Reviewed by Brent Fulgham.
+
+            Move the CSP check to be earlier in the function.
+
+            Test: http/tests/security/contentSecurityPolicy/window-open-_javascript_-url-with-target-blocked.html
+
+            * loader/FrameLoader.cpp:
+            (WebCore::createWindow):
+
+2018-01-25  Jason Marcell  <[email protected]>
+
         Cherry-pick r227566. rdar://problem/36722508
 
     2018-01-24  Chris Dumez  <[email protected]>

Modified: branches/safari-605-branch/Source/WebCore/loader/FrameLoader.cpp (227657 => 227658)


--- branches/safari-605-branch/Source/WebCore/loader/FrameLoader.cpp	2018-01-26 05:03:09 UTC (rev 227657)
+++ branches/safari-605-branch/Source/WebCore/loader/FrameLoader.cpp	2018-01-26 05:03:12 UTC (rev 227658)
@@ -3743,6 +3743,10 @@
 
     created = false;
 
+    // FIXME: Provide line number information with respect to the opener's document.
+    if (protocolIsJavaScript(request.resourceRequest().url()) && !openerFrame.document()->contentSecurityPolicy()->allowJavaScriptURLs(openerFrame.document()->url(), { }))
+        return nullptr;
+
     if (!request.frameName().isEmpty() && !equalIgnoringASCIICase(request.frameName(), "_blank")) {
         if (RefPtr<Frame> frame = lookupFrame.loader().findFrameForNavigation(request.frameName(), openerFrame.document())) {
             if (!equalIgnoringASCIICase(request.frameName(), "_self")) {
@@ -3760,10 +3764,6 @@
         return nullptr;
     }
 
-    // FIXME: Provide line number information with respect to the opener's document.
-    if (protocolIsJavaScript(request.resourceRequest().url()) && !openerFrame.document()->contentSecurityPolicy()->allowJavaScriptURLs(openerFrame.document()->url(), { }))
-        return nullptr;
-
     // FIXME: Setting the referrer should be the caller's responsibility.
     String referrer = SecurityPolicy::generateReferrerHeader(openerFrame.document()->referrerPolicy(), request.resourceRequest().url(), openerFrame.loader().outgoingReferrer());
     if (!referrer.isEmpty())

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to