Diff
Modified: branches/safari-608-branch/LayoutTests/ChangeLog (248575 => 248576)
--- branches/safari-608-branch/LayoutTests/ChangeLog 2019-08-12 23:42:36 UTC (rev 248575)
+++ branches/safari-608-branch/LayoutTests/ChangeLog 2019-08-12 23:42:43 UTC (rev 248576)
@@ -1,5 +1,90 @@
2019-08-12 Alan Coon <[email protected]>
+ Cherry-pick r248491. rdar://problem/54130636
+
+ Don't allow cross-origin iframes to autofocus
+ https://bugs.webkit.org/show_bug.cgi?id=200515
+ <rdar://problem/54092988>
+
+ Reviewed by Ryosuke Niwa.
+
+ Source/WebCore:
+
+ According to Step 6 in the WhatWG Spec (https://html.spec.whatwg.org/multipage/form-control-infrastructure.html#autofocusing-a-form-control:-the-autofocus-attribute),
+ the 'autofocus' attribute shouldn't work for cross-origin iframes.
+
+ This change is based on the Blink change (patch by <[email protected]>):
+ <https://chromium-review.googlesource.com/c/chromium/src/+/1593026>
+
+ Also disallow cross-origin iframes from focusing programmatically without ever having
+ had any user interaction.
+
+ * dom/Element.cpp: Check if an invalid frame is trying to grab the focus.
+ (WebCore::Element::focus):
+ * html/HTMLFormControlElement.cpp: Check if the focus is moving to an invalid frame.
+ (WebCore::shouldAutofocus):
+ * page/DOMWindow.cpp: Check if an invalid frame is trying to grab the focus.
+ (WebCore::DOMWindow::focus):
+
+ Tools:
+
+ Make WebKit.FocusedFrameAfterCrash use same-origin iframes instead
+ of cross-origin iframes, since it depends on focusing one of the
+ frames.
+
+ * TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
+ * TestWebKitAPI/Tests/WebKit/ReloadPageAfterCrash.cpp:
+ (TestWebKitAPI::TEST):
+ * TestWebKitAPI/Tests/WebKit/many-same-origin-iframes.html: Added.
+
+ LayoutTests:
+
+ Add test coverage, and simulate user interaction in existing tests
+ that require focusing a cross-origin frame.
+
+ * http/tests/security/clipboard/resources/copy-html.html:
+ * http/tests/security/clipboard/resources/copy-mso-list.html:
+ * http/tests/security/clipboard/resources/copy-url.html:
+ * http/wpt/html/interaction/focus/no-cross-origin-element-focus-expected.txt: Added.
+ * http/wpt/html/interaction/focus/no-cross-origin-element-focus.html: Added.
+ * http/wpt/html/interaction/focus/no-cross-origin-window-focus-expected.txt: Added.
+ * http/wpt/html/interaction/focus/no-cross-origin-window-focus.html: Added.
+ * http/wpt/html/interaction/focus/resources/child-focus-element.html: Added.
+ * http/wpt/html/interaction/focus/resources/child-focus-window.html: Added.
+ * http/wpt/html/semantics/forms/autofocus/no-cross-origin-autofocus.sub-expected.txt: Added.
+ * http/wpt/html/semantics/forms/autofocus/no-cross-origin-autofocus.sub.html: Added.
+ * http/wpt/html/semantics/forms/autofocus/resources/child-autofocus.html: Added.
+ * http/wpt/webauthn/resources/last-layer-frame.https.html:
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248491 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2019-08-09 Ali Juma <[email protected]>
+
+ Don't allow cross-origin iframes to autofocus
+ https://bugs.webkit.org/show_bug.cgi?id=200515
+ <rdar://problem/54092988>
+
+ Reviewed by Ryosuke Niwa.
+
+ Add test coverage, and simulate user interaction in existing tests
+ that require focusing a cross-origin frame.
+
+ * http/tests/security/clipboard/resources/copy-html.html:
+ * http/tests/security/clipboard/resources/copy-mso-list.html:
+ * http/tests/security/clipboard/resources/copy-url.html:
+ * http/wpt/html/interaction/focus/no-cross-origin-element-focus-expected.txt: Added.
+ * http/wpt/html/interaction/focus/no-cross-origin-element-focus.html: Added.
+ * http/wpt/html/interaction/focus/no-cross-origin-window-focus-expected.txt: Added.
+ * http/wpt/html/interaction/focus/no-cross-origin-window-focus.html: Added.
+ * http/wpt/html/interaction/focus/resources/child-focus-element.html: Added.
+ * http/wpt/html/interaction/focus/resources/child-focus-window.html: Added.
+ * http/wpt/html/semantics/forms/autofocus/no-cross-origin-autofocus.sub-expected.txt: Added.
+ * http/wpt/html/semantics/forms/autofocus/no-cross-origin-autofocus.sub.html: Added.
+ * http/wpt/html/semantics/forms/autofocus/resources/child-autofocus.html: Added.
+ * http/wpt/webauthn/resources/last-layer-frame.https.html:
+
+2019-08-12 Alan Coon <[email protected]>
+
Cherry-pick r248368. rdar://problem/54037153
Extra space inserted at start of line when inserting a newline in Mail compose
Modified: branches/safari-608-branch/LayoutTests/http/tests/security/clipboard/resources/copy-html.html (248575 => 248576)
--- branches/safari-608-branch/LayoutTests/http/tests/security/clipboard/resources/copy-html.html 2019-08-12 23:42:36 UTC (rev 248575)
+++ branches/safari-608-branch/LayoutTests/http/tests/security/clipboard/resources/copy-html.html 2019-08-12 23:42:43 UTC (rev 248576)
@@ -26,10 +26,12 @@
}
function runTest() {
- document.getElementById('source').focus();
+ if (window.internals)
+ internals.withUserGesture(() => { document.getElementById('source').focus(); });
document.execCommand('selectAll');
document.execCommand('copy');
- document.getElementById('destination').focus();
+ if (window.internals)
+ internals.withUserGesture(() => { document.getElementById('destination').focus(); });
if (window.testRunner)
document.execCommand('paste');
}
Modified: branches/safari-608-branch/LayoutTests/http/tests/security/clipboard/resources/copy-mso-list.html (248575 => 248576)
--- branches/safari-608-branch/LayoutTests/http/tests/security/clipboard/resources/copy-mso-list.html 2019-08-12 23:42:36 UTC (rev 248575)
+++ branches/safari-608-branch/LayoutTests/http/tests/security/clipboard/resources/copy-mso-list.html 2019-08-12 23:42:43 UTC (rev 248576)
@@ -52,10 +52,12 @@
}
function runTest() {
- document.getElementById('source').focus();
+ if (window.internals)
+ internals.withUserGesture(() => { document.getElementById('source').focus(); });
document.execCommand('selectAll');
document.execCommand('copy');
- document.getElementById('destination').focus();
+ if (window.internals)
+ internals.withUserGesture(() => { document.getElementById('destination').focus(); });
if (window.testRunner)
document.execCommand('paste');
}
Modified: branches/safari-608-branch/LayoutTests/http/tests/security/clipboard/resources/copy-url.html (248575 => 248576)
--- branches/safari-608-branch/LayoutTests/http/tests/security/clipboard/resources/copy-url.html 2019-08-12 23:42:36 UTC (rev 248575)
+++ branches/safari-608-branch/LayoutTests/http/tests/security/clipboard/resources/copy-url.html 2019-08-12 23:42:43 UTC (rev 248576)
@@ -23,10 +23,12 @@
}
function runTest() {
- document.getElementById('source').focus();
+ if (window.internals)
+ internals.withUserGesture(() => { document.getElementById('source').focus(); });
document.execCommand('selectAll');
document.execCommand('copy');
- document.getElementById('destination').focus();
+ if (window.internals)
+ internals.withUserGesture(() =>{ document.getElementById('destination').focus(); });
if (window.testRunner)
document.execCommand('paste');
}
Added: branches/safari-608-branch/LayoutTests/http/wpt/html/interaction/focus/no-cross-origin-element-focus-expected.txt (0 => 248576)
--- branches/safari-608-branch/LayoutTests/http/wpt/html/interaction/focus/no-cross-origin-element-focus-expected.txt (rev 0)
+++ branches/safari-608-branch/LayoutTests/http/wpt/html/interaction/focus/no-cross-origin-element-focus-expected.txt 2019-08-12 23:42:43 UTC (rev 248576)
@@ -0,0 +1,6 @@
+Element.focus() shouldn't work in cross-origin iframe without user interaction.
+
+
+
+PASS Element.focus() shouldn't work in cross-origin iframe without user interaction
+
Added: branches/safari-608-branch/LayoutTests/http/wpt/html/interaction/focus/no-cross-origin-element-focus.html (0 => 248576)
--- branches/safari-608-branch/LayoutTests/http/wpt/html/interaction/focus/no-cross-origin-element-focus.html (rev 0)
+++ branches/safari-608-branch/LayoutTests/http/wpt/html/interaction/focus/no-cross-origin-element-focus.html 2019-08-12 23:42:43 UTC (rev 248576)
@@ -0,0 +1,44 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script src=""
+<script src=""
+<script src=""
+<script src=""
+<script src=""
+</head>
+<body>
+ <h1>Element.focus() shouldn't work in cross-origin iframe without user interaction.</h1>
+ <iframe id="child" width="200" height="100"></iframe>
+
+ <script>
+ let parent_loaded = false;
+ let child_loaded = false;
+
+ async_test(function(t) {
+ function pingChildIfBothFramesLoaded() {
+ if (parent_loaded && child_loaded)
+ frames[0].postMessage("attempt_to_focus", "*");
+ }
+
+ window.addEventListener("load", t.step_func(event => {
+ parent_loaded = true;
+ pingChildIfBothFramesLoaded();
+ }));
+
+ window.addEventListener("message", t.step_func(event => {
+ if (event.data == "child_loaded") {
+ child_loaded = true;
+ pingChildIfBothFramesLoaded();
+ } else if (event.data == "child_is_focused") {
+ assert_unreached("The iframe shouldn't get focus");
+ } else if (event.data == "child_is_not_focused") {
+ t.done();
+ }
+ }));
+ document.getElementById("child").src =
+ get_host_info().HTTP_REMOTE_ORIGIN + "/WebKit/html/interaction/focus/resources/child-focus-element.html";
+ }, "Element.focus() shouldn't work in cross-origin iframe without user interaction");
+ </script>
+</body>
+</html>
Added: branches/safari-608-branch/LayoutTests/http/wpt/html/interaction/focus/no-cross-origin-window-focus-expected.txt (0 => 248576)
--- branches/safari-608-branch/LayoutTests/http/wpt/html/interaction/focus/no-cross-origin-window-focus-expected.txt (rev 0)
+++ branches/safari-608-branch/LayoutTests/http/wpt/html/interaction/focus/no-cross-origin-window-focus-expected.txt 2019-08-12 23:42:43 UTC (rev 248576)
@@ -0,0 +1,6 @@
+Window.focus() shouldn't work in cross-origin iframe without user interaction.
+
+
+
+PASS Window.focus() shouldn't work in cross-origin iframe without user interaction
+
Added: branches/safari-608-branch/LayoutTests/http/wpt/html/interaction/focus/no-cross-origin-window-focus.html (0 => 248576)
--- branches/safari-608-branch/LayoutTests/http/wpt/html/interaction/focus/no-cross-origin-window-focus.html (rev 0)
+++ branches/safari-608-branch/LayoutTests/http/wpt/html/interaction/focus/no-cross-origin-window-focus.html 2019-08-12 23:42:43 UTC (rev 248576)
@@ -0,0 +1,44 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script src=""
+<script src=""
+<script src=""
+<script src=""
+<script src=""
+</head>
+<body>
+ <h1>Window.focus() shouldn't work in cross-origin iframe without user interaction.</h1>
+ <iframe id="child" width="200" height="100"></iframe>
+
+ <script>
+ let parent_loaded = false;
+ let child_loaded = false;
+
+ async_test(function(t) {
+ function pingChildIfBothFramesLoaded() {
+ if (parent_loaded && child_loaded)
+ frames[0].postMessage("attempt_to_focus", "*");
+ }
+
+ window.addEventListener("load", t.step_func(event => {
+ parent_loaded = true;
+ pingChildIfBothFramesLoaded();
+ }));
+
+ window.addEventListener("message", t.step_func(event => {
+ if (event.data == "child_loaded") {
+ child_loaded = true;
+ pingChildIfBothFramesLoaded();
+ } else if (event.data == "child_is_focused") {
+ assert_unreached("The iframe shouldn't get focus");
+ } else if (event.data == "child_is_not_focused") {
+ t.done();
+ }
+ }));
+ document.getElementById("child").src =
+ get_host_info().HTTP_REMOTE_ORIGIN + "/WebKit/html/interaction/focus/resources/child-focus-window.html";
+ }, "Window.focus() shouldn't work in cross-origin iframe without user interaction");
+ </script>
+</body>
+</html>
Added: branches/safari-608-branch/LayoutTests/http/wpt/html/interaction/focus/resources/child-focus-element.html (0 => 248576)
--- branches/safari-608-branch/LayoutTests/http/wpt/html/interaction/focus/resources/child-focus-element.html (rev 0)
+++ branches/safari-608-branch/LayoutTests/http/wpt/html/interaction/focus/resources/child-focus-element.html 2019-08-12 23:42:43 UTC (rev 248576)
@@ -0,0 +1,21 @@
+<!DOCTYPE html>
+<input id="target" value="This should be unfocused!"></input>
+
+<script>
+ let got_focus = false;
+ document.getElementById("target").addEventListener("focus", () => {
+ got_focus = true;
+ });
+
+ window.addEventListener("load", () => {
+ parent.postMessage("child_loaded", "*");
+ });
+
+ window.addEventListener("message", event => {
+ if (event.data == "attempt_to_focus") {
+ document.getElementById("target").focus();
+ let msg = got_focus ? "child_is_focused" : "child_is_not_focused";
+ parent.postMessage(msg, "*");
+ }
+ });
+</script>
Added: branches/safari-608-branch/LayoutTests/http/wpt/html/interaction/focus/resources/child-focus-window.html (0 => 248576)
--- branches/safari-608-branch/LayoutTests/http/wpt/html/interaction/focus/resources/child-focus-window.html (rev 0)
+++ branches/safari-608-branch/LayoutTests/http/wpt/html/interaction/focus/resources/child-focus-window.html 2019-08-12 23:42:43 UTC (rev 248576)
@@ -0,0 +1,20 @@
+<!DOCTYPE html>
+<div>This frame should not be focused!</div>
+<script>
+ let got_focus = false;
+ window.addEventListener("focus", () => {
+ got_focus = true;
+ });
+
+ window.addEventListener("load", () => {
+ parent.postMessage("child_loaded", "*");
+ });
+
+ window.addEventListener("message", event => {
+ if (event.data == "attempt_to_focus") {
+ window.focus();
+ let msg = got_focus ? "child_is_focused" : "child_is_not_focused";
+ parent.postMessage(msg, "*");
+ }
+ });
+</script>
Added: branches/safari-608-branch/LayoutTests/http/wpt/html/semantics/forms/autofocus/no-cross-origin-autofocus.sub-expected.txt (0 => 248576)
--- branches/safari-608-branch/LayoutTests/http/wpt/html/semantics/forms/autofocus/no-cross-origin-autofocus.sub-expected.txt (rev 0)
+++ branches/safari-608-branch/LayoutTests/http/wpt/html/semantics/forms/autofocus/no-cross-origin-autofocus.sub-expected.txt 2019-08-12 23:42:43 UTC (rev 248576)
@@ -0,0 +1,7 @@
+CONSOLE MESSAGE: Blocked autofocusing on a form control in a cross-origin subframe.
+Autofocus shouldn't work in cross-origin iframe.
+
+
+
+PASS Autofocus shouldn't work in cross-origin iframe
+
Added: branches/safari-608-branch/LayoutTests/http/wpt/html/semantics/forms/autofocus/no-cross-origin-autofocus.sub.html (0 => 248576)
--- branches/safari-608-branch/LayoutTests/http/wpt/html/semantics/forms/autofocus/no-cross-origin-autofocus.sub.html (rev 0)
+++ branches/safari-608-branch/LayoutTests/http/wpt/html/semantics/forms/autofocus/no-cross-origin-autofocus.sub.html 2019-08-12 23:42:43 UTC (rev 248576)
@@ -0,0 +1,44 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script src=""
+<script src=""
+<script src=""
+<script src=""
+<script src=""
+</head>
+<body>
+ <h1>Autofocus shouldn't work in cross-origin iframe.</h1>
+ <iframe id="child" width="200" height="100"></iframe>
+
+ <script>
+ let parent_loaded = false;
+ let child_loaded = false;
+
+ async_test(function(t) {
+ function pingChildIfBothFramesLoaded() {
+ if (parent_loaded && child_loaded)
+ frames[0].postMessage("report_focus_state", "*");
+ }
+
+ window.addEventListener("load", t.step_func(event => {
+ parent_loaded = true;
+ pingChildIfBothFramesLoaded();
+ }));
+
+ window.addEventListener("message", t.step_func(event => {
+ if (event.data == "child_loaded") {
+ child_loaded = true;
+ pingChildIfBothFramesLoaded();
+ } else if (event.data == "child_is_focused") {
+ assert_unreached("The iframe shouldn't get focus");
+ } else if (event.data == "child_is_not_focused") {
+ t.done();
+ }
+ }));
+ document.getElementById("child").src =
+ get_host_info().HTTP_REMOTE_ORIGIN + "/WebKit/html/semantics/forms/autofocus/resources/child-autofocus.html";
+ }, "Autofocus shouldn't work in cross-origin iframe");
+ </script>
+</body>
+</html>
Added: branches/safari-608-branch/LayoutTests/http/wpt/html/semantics/forms/autofocus/resources/child-autofocus.html (0 => 248576)
--- branches/safari-608-branch/LayoutTests/http/wpt/html/semantics/forms/autofocus/resources/child-autofocus.html (rev 0)
+++ branches/safari-608-branch/LayoutTests/http/wpt/html/semantics/forms/autofocus/resources/child-autofocus.html 2019-08-12 23:42:43 UTC (rev 248576)
@@ -0,0 +1,20 @@
+<!DOCTYPE html>
+<input id="target" value="This should be unfocused!" autofocus></input>
+
+<script>
+ let got_focus = false;
+ document.getElementById("target").addEventListener("focus", () => {
+ got_focus = true;
+ });
+
+ window.addEventListener("load", () => {
+ parent.postMessage("child_loaded", "*");
+ });
+
+ window.addEventListener("message", event => {
+ if (event.data == "report_focus_state") {
+ let msg = got_focus ? "child_is_focused" : "child_is_not_focused";
+ parent.postMessage(msg, "*");
+ }
+ });
+</script>
Modified: branches/safari-608-branch/LayoutTests/http/wpt/webauthn/resources/last-layer-frame.https.html (248575 => 248576)
--- branches/safari-608-branch/LayoutTests/http/wpt/webauthn/resources/last-layer-frame.https.html 2019-08-12 23:42:36 UTC (rev 248575)
+++ branches/safari-608-branch/LayoutTests/http/wpt/webauthn/resources/last-layer-frame.https.html 2019-08-12 23:42:43 UTC (rev 248576)
@@ -34,8 +34,10 @@
}
};
- if (shouldFocus == "true")
- input.focus();
+ if (shouldFocus == "true") {
+ if (window.internals)
+ internals.withUserGesture(() => { input.focus(); });
+ }
navigator.credentials.create(makeOptions).then(
function(value) {
messageToTop("Access granted. " + value);
Modified: branches/safari-608-branch/Source/WebCore/ChangeLog (248575 => 248576)
--- branches/safari-608-branch/Source/WebCore/ChangeLog 2019-08-12 23:42:36 UTC (rev 248575)
+++ branches/safari-608-branch/Source/WebCore/ChangeLog 2019-08-12 23:42:43 UTC (rev 248576)
@@ -1,5 +1,89 @@
2019-08-12 Alan Coon <[email protected]>
+ Cherry-pick r248491. rdar://problem/54130636
+
+ Don't allow cross-origin iframes to autofocus
+ https://bugs.webkit.org/show_bug.cgi?id=200515
+ <rdar://problem/54092988>
+
+ Reviewed by Ryosuke Niwa.
+
+ Source/WebCore:
+
+ According to Step 6 in the WhatWG Spec (https://html.spec.whatwg.org/multipage/form-control-infrastructure.html#autofocusing-a-form-control:-the-autofocus-attribute),
+ the 'autofocus' attribute shouldn't work for cross-origin iframes.
+
+ This change is based on the Blink change (patch by <[email protected]>):
+ <https://chromium-review.googlesource.com/c/chromium/src/+/1593026>
+
+ Also disallow cross-origin iframes from focusing programmatically without ever having
+ had any user interaction.
+
+ * dom/Element.cpp: Check if an invalid frame is trying to grab the focus.
+ (WebCore::Element::focus):
+ * html/HTMLFormControlElement.cpp: Check if the focus is moving to an invalid frame.
+ (WebCore::shouldAutofocus):
+ * page/DOMWindow.cpp: Check if an invalid frame is trying to grab the focus.
+ (WebCore::DOMWindow::focus):
+
+ Tools:
+
+ Make WebKit.FocusedFrameAfterCrash use same-origin iframes instead
+ of cross-origin iframes, since it depends on focusing one of the
+ frames.
+
+ * TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
+ * TestWebKitAPI/Tests/WebKit/ReloadPageAfterCrash.cpp:
+ (TestWebKitAPI::TEST):
+ * TestWebKitAPI/Tests/WebKit/many-same-origin-iframes.html: Added.
+
+ LayoutTests:
+
+ Add test coverage, and simulate user interaction in existing tests
+ that require focusing a cross-origin frame.
+
+ * http/tests/security/clipboard/resources/copy-html.html:
+ * http/tests/security/clipboard/resources/copy-mso-list.html:
+ * http/tests/security/clipboard/resources/copy-url.html:
+ * http/wpt/html/interaction/focus/no-cross-origin-element-focus-expected.txt: Added.
+ * http/wpt/html/interaction/focus/no-cross-origin-element-focus.html: Added.
+ * http/wpt/html/interaction/focus/no-cross-origin-window-focus-expected.txt: Added.
+ * http/wpt/html/interaction/focus/no-cross-origin-window-focus.html: Added.
+ * http/wpt/html/interaction/focus/resources/child-focus-element.html: Added.
+ * http/wpt/html/interaction/focus/resources/child-focus-window.html: Added.
+ * http/wpt/html/semantics/forms/autofocus/no-cross-origin-autofocus.sub-expected.txt: Added.
+ * http/wpt/html/semantics/forms/autofocus/no-cross-origin-autofocus.sub.html: Added.
+ * http/wpt/html/semantics/forms/autofocus/resources/child-autofocus.html: Added.
+ * http/wpt/webauthn/resources/last-layer-frame.https.html:
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248491 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2019-08-09 Ali Juma <[email protected]>
+
+ Don't allow cross-origin iframes to autofocus
+ https://bugs.webkit.org/show_bug.cgi?id=200515
+ <rdar://problem/54092988>
+
+ Reviewed by Ryosuke Niwa.
+
+ According to Step 6 in the WhatWG Spec (https://html.spec.whatwg.org/multipage/form-control-infrastructure.html#autofocusing-a-form-control:-the-autofocus-attribute),
+ the 'autofocus' attribute shouldn't work for cross-origin iframes.
+
+ This change is based on the Blink change (patch by <[email protected]>):
+ <https://chromium-review.googlesource.com/c/chromium/src/+/1593026>
+
+ Also disallow cross-origin iframes from focusing programmatically without ever having
+ had any user interaction.
+
+ * dom/Element.cpp: Check if an invalid frame is trying to grab the focus.
+ (WebCore::Element::focus):
+ * html/HTMLFormControlElement.cpp: Check if the focus is moving to an invalid frame.
+ (WebCore::shouldAutofocus):
+ * page/DOMWindow.cpp: Check if an invalid frame is trying to grab the focus.
+ (WebCore::DOMWindow::focus):
+
+2019-08-12 Alan Coon <[email protected]>
+
Cherry-pick r248471. rdar://problem/54130624
Disable CSSOM View Scrolling API for IMDb iOS app
Modified: branches/safari-608-branch/Source/WebCore/dom/Element.cpp (248575 => 248576)
--- branches/safari-608-branch/Source/WebCore/dom/Element.cpp 2019-08-12 23:42:36 UTC (rev 248575)
+++ branches/safari-608-branch/Source/WebCore/dom/Element.cpp 2019-08-12 23:42:43 UTC (rev 248576)
@@ -2841,6 +2841,10 @@
RefPtr<Node> protect;
if (Page* page = document().page()) {
+ auto& frame = *document().frame();
+ if (!frame.hasHadUserInteraction() && !frame.isMainFrame() && !document().topDocument().securityOrigin().canAccess(document().securityOrigin()))
+ return;
+
// Focus and change event handlers can cause us to lose our last ref.
// If a focus event handler changes the focus to a different node it
// does not make sense to continue and update appearence.
Modified: branches/safari-608-branch/Source/WebCore/html/HTMLFormControlElement.cpp (248575 => 248576)
--- branches/safari-608-branch/Source/WebCore/html/HTMLFormControlElement.cpp 2019-08-12 23:42:36 UTC (rev 248575)
+++ branches/safari-608-branch/Source/WebCore/html/HTMLFormControlElement.cpp 2019-08-12 23:42:43 UTC (rev 248576)
@@ -212,6 +212,13 @@
element->document().addConsoleMessage(MessageSource::Security, MessageLevel::Error, "Blocked autofocusing on a form control because the form's frame is sandboxed and the 'allow-scripts' permission is not set."_s);
return false;
}
+
+ auto& document = element->document();
+ if (!document.frame()->isMainFrame() && !document.topDocument().securityOrigin().canAccess(document.securityOrigin())) {
+ document.addConsoleMessage(MessageSource::Security, MessageLevel::Error, "Blocked autofocusing on a form control in a cross-origin subframe."_s);
+ return false;
+ }
+
if (element->hasAutofocused())
return false;
Modified: branches/safari-608-branch/Source/WebCore/page/DOMWindow.cpp (248575 => 248576)
--- branches/safari-608-branch/Source/WebCore/page/DOMWindow.cpp 2019-08-12 23:42:36 UTC (rev 248575)
+++ branches/safari-608-branch/Source/WebCore/page/DOMWindow.cpp 2019-08-12 23:42:43 UTC (rev 248576)
@@ -998,6 +998,9 @@
if (!frame())
return;
+ if (!frame()->hasHadUserInteraction() && !isSameSecurityOriginAsMainFrame())
+ return;
+
// Clear the current frame's focused node if a new frame is about to be focused.
Frame* focusedFrame = page->focusController().focusedFrame();
if (focusedFrame && focusedFrame != frame())
Modified: branches/safari-608-branch/Tools/ChangeLog (248575 => 248576)
--- branches/safari-608-branch/Tools/ChangeLog 2019-08-12 23:42:36 UTC (rev 248575)
+++ branches/safari-608-branch/Tools/ChangeLog 2019-08-12 23:42:43 UTC (rev 248576)
@@ -1,5 +1,82 @@
2019-08-12 Alan Coon <[email protected]>
+ Cherry-pick r248491. rdar://problem/54130636
+
+ Don't allow cross-origin iframes to autofocus
+ https://bugs.webkit.org/show_bug.cgi?id=200515
+ <rdar://problem/54092988>
+
+ Reviewed by Ryosuke Niwa.
+
+ Source/WebCore:
+
+ According to Step 6 in the WhatWG Spec (https://html.spec.whatwg.org/multipage/form-control-infrastructure.html#autofocusing-a-form-control:-the-autofocus-attribute),
+ the 'autofocus' attribute shouldn't work for cross-origin iframes.
+
+ This change is based on the Blink change (patch by <[email protected]>):
+ <https://chromium-review.googlesource.com/c/chromium/src/+/1593026>
+
+ Also disallow cross-origin iframes from focusing programmatically without ever having
+ had any user interaction.
+
+ * dom/Element.cpp: Check if an invalid frame is trying to grab the focus.
+ (WebCore::Element::focus):
+ * html/HTMLFormControlElement.cpp: Check if the focus is moving to an invalid frame.
+ (WebCore::shouldAutofocus):
+ * page/DOMWindow.cpp: Check if an invalid frame is trying to grab the focus.
+ (WebCore::DOMWindow::focus):
+
+ Tools:
+
+ Make WebKit.FocusedFrameAfterCrash use same-origin iframes instead
+ of cross-origin iframes, since it depends on focusing one of the
+ frames.
+
+ * TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
+ * TestWebKitAPI/Tests/WebKit/ReloadPageAfterCrash.cpp:
+ (TestWebKitAPI::TEST):
+ * TestWebKitAPI/Tests/WebKit/many-same-origin-iframes.html: Added.
+
+ LayoutTests:
+
+ Add test coverage, and simulate user interaction in existing tests
+ that require focusing a cross-origin frame.
+
+ * http/tests/security/clipboard/resources/copy-html.html:
+ * http/tests/security/clipboard/resources/copy-mso-list.html:
+ * http/tests/security/clipboard/resources/copy-url.html:
+ * http/wpt/html/interaction/focus/no-cross-origin-element-focus-expected.txt: Added.
+ * http/wpt/html/interaction/focus/no-cross-origin-element-focus.html: Added.
+ * http/wpt/html/interaction/focus/no-cross-origin-window-focus-expected.txt: Added.
+ * http/wpt/html/interaction/focus/no-cross-origin-window-focus.html: Added.
+ * http/wpt/html/interaction/focus/resources/child-focus-element.html: Added.
+ * http/wpt/html/interaction/focus/resources/child-focus-window.html: Added.
+ * http/wpt/html/semantics/forms/autofocus/no-cross-origin-autofocus.sub-expected.txt: Added.
+ * http/wpt/html/semantics/forms/autofocus/no-cross-origin-autofocus.sub.html: Added.
+ * http/wpt/html/semantics/forms/autofocus/resources/child-autofocus.html: Added.
+ * http/wpt/webauthn/resources/last-layer-frame.https.html:
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248491 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2019-08-09 Ali Juma <[email protected]>
+
+ Don't allow cross-origin iframes to autofocus
+ https://bugs.webkit.org/show_bug.cgi?id=200515
+ <rdar://problem/54092988>
+
+ Reviewed by Ryosuke Niwa.
+
+ Make WebKit.FocusedFrameAfterCrash use same-origin iframes instead
+ of cross-origin iframes, since it depends on focusing one of the
+ frames.
+
+ * TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
+ * TestWebKitAPI/Tests/WebKit/ReloadPageAfterCrash.cpp:
+ (TestWebKitAPI::TEST):
+ * TestWebKitAPI/Tests/WebKit/many-same-origin-iframes.html: Added.
+
+2019-08-12 Alan Coon <[email protected]>
+
Cherry-pick r248438. rdar://problem/54093220
[iOS] Position image information should respect the image orientation
Modified: branches/safari-608-branch/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj (248575 => 248576)
--- branches/safari-608-branch/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj 2019-08-12 23:42:36 UTC (rev 248575)
+++ branches/safari-608-branch/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj 2019-08-12 23:42:43 UTC (rev 248576)
@@ -38,8 +38,8 @@
07492B3B1DF8B14C00633DE1 /* EnumerateMediaDevices.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 07492B3A1DF8AE2D00633DE1 /* EnumerateMediaDevices.cpp */; };
07492B3C1DF8B86600633DE1 /* enumerateMediaDevices.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 07492B391DF8ADA400633DE1 /* enumerateMediaDevices.html */; };
074994421EA5034B000DA44E /* getUserMedia.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 4A410F4D19AF7BEF002EBAB5 /* getUserMedia.html */; };
+ 074994421EA5034B000DA44F /* ondevicechange.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 4A410F4D19AF7BEF002EBAB6 /* ondevicechange.html */; };
074994421EA5034B000DA45E /* getUserMediaAudioVideoCapture.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 4A410F4D19AF7BEF002EBAC5 /* getUserMediaAudioVideoCapture.html */; };
- 074994421EA5034B000DA44F /* ondevicechange.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 4A410F4D19AF7BEF002EBAB6 /* ondevicechange.html */; };
076E507F1F4513D6006E9F5A /* Logging.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 076E507E1F45031E006E9F5A /* Logging.cpp */; };
0799C3491EBA2D7B003B7532 /* UserMediaDisabled.mm in Sources */ = {isa = PBXBuildFile; fileRef = 07EDEFAC1EB9400C00D43292 /* UserMediaDisabled.mm */; };
0799C34B1EBA3301003B7532 /* disableGetUserMedia.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 0799C34A1EBA32F4003B7532 /* disableGetUserMedia.html */; };
@@ -399,6 +399,7 @@
7673499D1930C5BB00E44DF9 /* StopLoadingDuringDidFailProvisionalLoad_bundle.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 7673499A1930182E00E44DF9 /* StopLoadingDuringDidFailProvisionalLoad_bundle.cpp */; };
76E182DD1547569100F1FADD /* WillSendSubmitEvent_Bundle.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 76E182DC1547569100F1FADD /* WillSendSubmitEvent_Bundle.cpp */; };
76E182DF154767E600F1FADD /* auto-submitting-form.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 76E182DE15475A8300F1FADD /* auto-submitting-form.html */; };
+ 7772ECE122FE06C60009A799 /* many-same-origin-iframes.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 7772ECE022FE05E10009A799 /* many-same-origin-iframes.html */; };
79C5D431209D768300F1E7CA /* InjectedBundleNodeHandleIsTextField.mm in Sources */ = {isa = PBXBuildFile; fileRef = 79C5D430209D768300F1E7CA /* InjectedBundleNodeHandleIsTextField.mm */; };
7A010BCB1D877C0500EDE72A /* CoreGraphics.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 7A010BCA1D877C0500EDE72A /* CoreGraphics.framework */; };
7A010BCD1D877C0D00EDE72A /* QuartzCore.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 7A010BCC1D877C0D00EDE72A /* QuartzCore.framework */; };
@@ -1299,6 +1300,7 @@
2DD7D3AF178227B30026E1E3 /* lots-of-text-vertical-lr.html in Copy Resources */,
930AD402150698D00067970F /* lots-of-text.html in Copy Resources */,
AD57AC221DA7466E00FF1BDE /* many-iframes.html in Copy Resources */,
+ 7772ECE122FE06C60009A799 /* many-same-origin-iframes.html in Copy Resources */,
CDA3159A1ED548F1009F60D3 /* MediaPlaybackSleepAssertion.html in Copy Resources */,
CDC9442F1EF205D60059C3C4 /* mediastreamtrack-detached.html in Copy Resources */,
E1220DCA155B28AA0013E2FC /* MemoryCacheDisableWithinResourceLoadDelegate.html in Copy Resources */,
@@ -1671,8 +1673,8 @@
46E816F71E79E29100375ADC /* RestoreStateAfterTermination.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = RestoreStateAfterTermination.mm; sourceTree = "<group>"; };
4A410F4B19AF7BD6002EBAB5 /* UserMedia.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = UserMedia.cpp; sourceTree = "<group>"; };
4A410F4D19AF7BEF002EBAB5 /* getUserMedia.html */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.html; path = getUserMedia.html; sourceTree = "<group>"; };
+ 4A410F4D19AF7BEF002EBAB6 /* ondevicechange.html */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.html; path = ondevicechange.html; sourceTree = "<group>"; };
4A410F4D19AF7BEF002EBAC5 /* getUserMediaAudioVideoCapture.html */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.html; path = getUserMediaAudioVideoCapture.html; sourceTree = "<group>"; };
- 4A410F4D19AF7BEF002EBAB6 /* ondevicechange.html */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.html; path = ondevicechange.html; sourceTree = "<group>"; };
4BB4160116815B2600824238 /* JSWrapperForNodeInWebFrame.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = JSWrapperForNodeInWebFrame.mm; sourceTree = "<group>"; };
4BB4160316815F9100824238 /* ElementAtPointInWebFrame.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = ElementAtPointInWebFrame.mm; sourceTree = "<group>"; };
4BFDFFA61314776C0061F24B /* HitTestResultNodeHandle_Bundle.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = HitTestResultNodeHandle_Bundle.cpp; sourceTree = "<group>"; };
@@ -1885,6 +1887,7 @@
76E182D91547550100F1FADD /* WillSendSubmitEvent.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = WillSendSubmitEvent.cpp; sourceTree = "<group>"; };
76E182DC1547569100F1FADD /* WillSendSubmitEvent_Bundle.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = WillSendSubmitEvent_Bundle.cpp; sourceTree = "<group>"; };
76E182DE15475A8300F1FADD /* auto-submitting-form.html */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.html; path = "auto-submitting-form.html"; sourceTree = "<group>"; };
+ 7772ECE022FE05E10009A799 /* many-same-origin-iframes.html */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.html; path = "many-same-origin-iframes.html"; sourceTree = "<group>"; };
79C5D430209D768300F1E7CA /* InjectedBundleNodeHandleIsTextField.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = InjectedBundleNodeHandleIsTextField.mm; sourceTree = "<group>"; };
7A010BCA1D877C0500EDE72A /* CoreGraphics.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = CoreGraphics.framework; path = System/Library/Frameworks/CoreGraphics.framework; sourceTree = SDKROOT; };
7A010BCC1D877C0D00EDE72A /* QuartzCore.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = QuartzCore.framework; path = System/Library/Frameworks/QuartzCore.framework; sourceTree = SDKROOT; };
@@ -3645,6 +3648,7 @@
2DD7D3AE178227AC0026E1E3 /* lots-of-text-vertical-lr.html */,
930AD401150698B30067970F /* lots-of-text.html */,
AD57AC1D1DA7463800FF1BDE /* many-iframes.html */,
+ 7772ECE022FE05E10009A799 /* many-same-origin-iframes.html */,
CDC9442B1EF1FBD20059C3C4 /* mediastreamtrack-detached.html */,
51CD1C711B38D48400142CA5 /* modal-alerts-in-new-about-blank-window.html */,
7A1458FB1AD5C03500E06772 /* mouse-button-listener.html */,
@@ -3761,8 +3765,8 @@
9B26FC6B159D061000CC3765 /* HTMLFormCollectionNamedItem.mm */,
C507E8A614C6545B005D6B3B /* InspectorBar.mm */,
57F10D921C7E7B3800ECDF30 /* IsNavigationActionTrusted.mm */,
+ 51820A4C22F4EE7700DF0A01 /* _javascript_URLNavigation.mm */,
4BB4160116815B2600824238 /* JSWrapperForNodeInWebFrame.mm */,
- 51820A4C22F4EE7700DF0A01 /* _javascript_URLNavigation.mm */,
F4BFA68C1E4AD08000154298 /* LegacyDragAndDropTests.mm */,
7A7B0E7E1EAFE454006AB8AE /* LimitTitleSize.mm */,
57901FAE1CAF137100ED64F9 /* LoadInvalidURLRequest.mm */,
@@ -4445,6 +4449,7 @@
CD5FF49F2162E943004BD86F /* ISOBox.cpp in Sources */,
5C69BDD51F82A7EF000F4F4B /* _javascript_DuringNavigation.mm in Sources */,
7CCE7EA51A411A0800447C4C /* _javascript_TestMac.mm in Sources */,
+ 51820A4D22F4EE7F00DF0A01 /* _javascript_URLNavigation.mm in Sources */,
5C0160C121A132460077FA32 /* JITEnabled.mm in Sources */,
E35FC7B222B82A7300F32F98 /* JSLockTakesWebThreadLock.mm in Sources */,
7CCE7EC41A411A7E00447C4C /* JSWrapperForNodeInWebFrame.mm in Sources */,
@@ -4652,7 +4657,6 @@
2EB242B821D4140B0055C1C0 /* UseSelectionAsFindString.mm in Sources */,
7C83E03A1D0A602700FEBCF3 /* UtilitiesCocoa.mm in Sources */,
7C83E0C61D0A654E00FEBCF3 /* VideoControlsManager.mm in Sources */,
- 51820A4D22F4EE7F00DF0A01 /* _javascript_URLNavigation.mm in Sources */,
CD3065E02165682E00E895DF /* VideoQualityDisplayCompositing.mm in Sources */,
115EB3431EE0BA03003C2C0A /* ViewportSizeForViewportUnits.mm in Sources */,
6356FB221EC4E0BA0044BF18 /* VisibleContentRect.mm in Sources */,
@@ -4743,6 +4747,7 @@
files = (
9BD4239A1E04BD9800200395 /* AttributedSubstringForProposedRangeWithImage.mm in Sources */,
5C9D923122D7E0EB008E9266 /* ClassMethodSwizzler.mm in Sources */,
+ CDA93DAD22F4F11E00490A69 /* FullscreenTouchSecheuristicTests.cpp in Sources */,
2E7765CD16C4D80A00BA2BB1 /* mainIOS.mm in Sources */,
CDCFFEC122E26A1500DF4223 /* NoPauseWhenSwitchingTabs.mm in Sources */,
2E7765CF16C4D81100BA2BB1 /* mainMac.mm in Sources */,
Modified: branches/safari-608-branch/Tools/TestWebKitAPI/Tests/WebKit/ReloadPageAfterCrash.cpp (248575 => 248576)
--- branches/safari-608-branch/Tools/TestWebKitAPI/Tests/WebKit/ReloadPageAfterCrash.cpp 2019-08-12 23:42:36 UTC (rev 248575)
+++ branches/safari-608-branch/Tools/TestWebKitAPI/Tests/WebKit/ReloadPageAfterCrash.cpp 2019-08-12 23:42:43 UTC (rev 248576)
@@ -123,7 +123,7 @@
WKPageSetPageNavigationClient(webView.page(), &loaderClient.base);
- WKRetainPtr<WKURLRef> url = "" "html"));
+ WKRetainPtr<WKURLRef> url = "" "html"));
WKPageLoadURL(webView.page(), url.get());
Util::run(&loadBeforeCrash);
Added: branches/safari-608-branch/Tools/TestWebKitAPI/Tests/WebKit/many-same-origin-iframes.html (0 => 248576)
--- branches/safari-608-branch/Tools/TestWebKitAPI/Tests/WebKit/many-same-origin-iframes.html (rev 0)
+++ branches/safari-608-branch/Tools/TestWebKitAPI/Tests/WebKit/many-same-origin-iframes.html 2019-08-12 23:42:43 UTC (rev 248576)
@@ -0,0 +1,14 @@
+<html>
+<body>
+ Simple HTML file with many same-origin iframes.
+ <iframe srcdoc="<html><body>Hello</body></html>"></iframe>
+ <iframe srcdoc="<html><body>Hello</body></html>"></iframe>
+ <iframe srcdoc="<html><body>Hello</body></html>"></iframe>
+ <iframe srcdoc="<html><body>Hello</body></html>"></iframe>
+ <iframe srcdoc="<html><body>Hello</body></html>"></iframe>
+ <iframe srcdoc="<html><body>Hello</body></html>"></iframe>
+ <iframe srcdoc="<html><body>Hello</body></html>"></iframe>
+ <iframe srcdoc="<html><body>Hello</body></html>"></iframe>
+ <iframe srcdoc="<html><body>Hello</body></html>"></iframe>
+</body>
+</html>
