Diff
Modified: branches/safari-612-branch/LayoutTests/ChangeLog (281899 => 281900)
--- branches/safari-612-branch/LayoutTests/ChangeLog 2021-09-02 01:05:09 UTC (rev 281899)
+++ branches/safari-612-branch/LayoutTests/ChangeLog 2021-09-02 01:05:13 UTC (rev 281900)
@@ -1,5 +1,56 @@
2021-09-01 Russell Epstein <[email protected]>
+ Cherry-pick r281848. rdar://problem/82652449
+
+ Regression(r272607) Removal of alert()/confirm() in third-party iframes breaks Salesforce
+ https://bugs.webkit.org/show_bug.cgi?id=229737
+ <rdar://82591122>
+
+ Source/WebCore:
+
+ Unreviewed, Revert behavior change made in r272607 as it broke Salesforce. My understanding is that
+ Chrome had to revert this too.
+
+ Tests: http/tests/security/cross-origin-js-prompt-allowed.html
+ http/tests/security/same-origin-different-domain-js-prompt-allowed.html
+
+ * page/DOMWindow.cpp:
+ (WebCore::DOMWindow::alert):
+ (WebCore::DOMWindow::confirmForBindings):
+ (WebCore::DOMWindow::prompt):
+
+ LayoutTests:
+
+ Unreviewed, Update existing tests to reflect behavior change.
+
+ * http/tests/security/cross-origin-js-prompt-allowed-expected.txt: Added.
+ * http/tests/security/cross-origin-js-prompt-allowed.html: Renamed from LayoutTests/http/tests/security/cross-origin-js-prompt-forbidden.html.
+ * http/tests/security/cross-origin-js-prompt-forbidden-expected.txt: Removed.
+ * http/tests/security/resources/cross-origin-js-prompt-allowed.html: Renamed from LayoutTests/http/tests/security/resources/cross-origin-js-prompt-forbidden.html.
+ * http/tests/security/same-origin-different-domain-js-prompt-allowed-expected.txt: Added.
+ * http/tests/security/same-origin-different-domain-js-prompt-allowed.html: Renamed from LayoutTests/http/tests/security/same-origin-different-domain-js-prompt-forbidden.html.
+ * http/tests/security/same-origin-different-domain-js-prompt-forbidden-expected.txt: Removed.
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@281848 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2021-09-01 Chris Dumez <[email protected]>
+
+ Regression(r272607) Removal of alert()/confirm() in third-party iframes breaks Salesforce
+ https://bugs.webkit.org/show_bug.cgi?id=229737
+ <rdar://82591122>
+
+ Unreviewed, Update existing tests to reflect behavior change.
+
+ * http/tests/security/cross-origin-js-prompt-allowed-expected.txt: Added.
+ * http/tests/security/cross-origin-js-prompt-allowed.html: Renamed from LayoutTests/http/tests/security/cross-origin-js-prompt-forbidden.html.
+ * http/tests/security/cross-origin-js-prompt-forbidden-expected.txt: Removed.
+ * http/tests/security/resources/cross-origin-js-prompt-allowed.html: Renamed from LayoutTests/http/tests/security/resources/cross-origin-js-prompt-forbidden.html.
+ * http/tests/security/same-origin-different-domain-js-prompt-allowed-expected.txt: Added.
+ * http/tests/security/same-origin-different-domain-js-prompt-allowed.html: Renamed from LayoutTests/http/tests/security/same-origin-different-domain-js-prompt-forbidden.html.
+ * http/tests/security/same-origin-different-domain-js-prompt-forbidden-expected.txt: Removed.
+
+2021-09-01 Russell Epstein <[email protected]>
+
Cherry-pick r281700. rdar://problem/82650954
REGRESSION (r276882): Shadow trees may use stale style information after inline stylesheet is mutated via CSSOM
Modified: branches/safari-612-branch/LayoutTests/http/tests/history/cross-origin-replace-history-object-child-expected.txt (281899 => 281900)
--- branches/safari-612-branch/LayoutTests/http/tests/history/cross-origin-replace-history-object-child-expected.txt 2021-09-02 01:05:09 UTC (rev 281899)
+++ branches/safari-612-branch/LayoutTests/http/tests/history/cross-origin-replace-history-object-child-expected.txt 2021-09-02 01:05:13 UTC (rev 281900)
@@ -1,6 +1,6 @@
CONSOLE MESSAGE: SecurityError: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a cross-origin frame. Protocols, domains, and ports must match.
ALERT: Child window's history object before attempt to clear: undefined
-CONSOLE MESSAGE: Use of window.alert is not allowed in different origin-domain iframes.
+ALERT: About to shadow child window's history object: [object History]
CONSOLE MESSAGE: PASS: Could not shadow child window's history object: [object History]
CONSOLE MESSAGE: SecurityError: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a cross-origin frame. Protocols, domains, and ports must match.
ALERT: Child window's history object after attempt to clear: undefined
Added: branches/safari-612-branch/LayoutTests/http/tests/security/cross-origin-js-prompt-allowed-expected.txt (0 => 281900)
--- branches/safari-612-branch/LayoutTests/http/tests/security/cross-origin-js-prompt-allowed-expected.txt (rev 0)
+++ branches/safari-612-branch/LayoutTests/http/tests/security/cross-origin-js-prompt-allowed-expected.txt 2021-09-02 01:05:13 UTC (rev 281900)
@@ -0,0 +1,12 @@
+PROMPT: PASS: This prompt dialog should show, default text:
+CONFIRM: PASS: This confirm dialog should show
+ALERT: PASS: This alert dialog should show
+Tests that JS prompts are allowed in cross-origin frames
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
Copied: branches/safari-612-branch/LayoutTests/http/tests/security/cross-origin-js-prompt-allowed.html (from rev 281899, branches/safari-612-branch/LayoutTests/http/tests/security/cross-origin-js-prompt-forbidden.html) (0 => 281900)
--- branches/safari-612-branch/LayoutTests/http/tests/security/cross-origin-js-prompt-allowed.html (rev 0)
+++ branches/safari-612-branch/LayoutTests/http/tests/security/cross-origin-js-prompt-allowed.html 2021-09-02 01:05:13 UTC (rev 281900)
@@ -0,0 +1,18 @@
+<!DOCTYPE html>
+<html>
+<body>
+<script src=""
+<script>
+description("Tests that JS prompts are allowed in cross-origin frames");
+jsTestIsAsync = true;
+
+_onmessage_ = (e) => {
+ if (e.data == "done")
+ finishJSTest();
+ else
+ debug(e.data);
+}
+</script>
+<iframe src=""
+</body>
+</html>
Deleted: branches/safari-612-branch/LayoutTests/http/tests/security/cross-origin-js-prompt-forbidden-expected.txt (281899 => 281900)
--- branches/safari-612-branch/LayoutTests/http/tests/security/cross-origin-js-prompt-forbidden-expected.txt 2021-09-02 01:05:09 UTC (rev 281899)
+++ branches/safari-612-branch/LayoutTests/http/tests/security/cross-origin-js-prompt-forbidden-expected.txt 2021-09-02 01:05:13 UTC (rev 281900)
@@ -1,14 +0,0 @@
-CONSOLE MESSAGE: Use of window.prompt is not allowed in different origin-domain iframes.
-CONSOLE MESSAGE: Use of window.confirm is not allowed in different origin-domain iframes.
-CONSOLE MESSAGE: Use of window.alert is not allowed in different origin-domain iframes.
-Tests that JS prompts are forbidden in cross-origin frames
-
-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
-
-
-PASS: window.prompt() returned null
-PASS: window.confirm() returned false
-PASS successfullyParsed is true
-
-TEST COMPLETE
-
Deleted: branches/safari-612-branch/LayoutTests/http/tests/security/cross-origin-js-prompt-forbidden.html (281899 => 281900)
--- branches/safari-612-branch/LayoutTests/http/tests/security/cross-origin-js-prompt-forbidden.html 2021-09-02 01:05:09 UTC (rev 281899)
+++ branches/safari-612-branch/LayoutTests/http/tests/security/cross-origin-js-prompt-forbidden.html 2021-09-02 01:05:13 UTC (rev 281900)
@@ -1,18 +0,0 @@
-<!DOCTYPE html>
-<html>
-<body>
-<script src=""
-<script>
-description("Tests that JS prompts are forbidden in cross-origin frames");
-jsTestIsAsync = true;
-
-_onmessage_ = (e) => {
- if (e.data == "done")
- finishJSTest();
- else
- debug(e.data);
-}
-</script>
-<iframe src=""
-</body>
-</html>
Added: branches/safari-612-branch/LayoutTests/http/tests/security/resources/cross-origin-js-prompt-allowed.html (0 => 281900)
--- branches/safari-612-branch/LayoutTests/http/tests/security/resources/cross-origin-js-prompt-allowed.html (rev 0)
+++ branches/safari-612-branch/LayoutTests/http/tests/security/resources/cross-origin-js-prompt-allowed.html 2021-09-02 01:05:13 UTC (rev 281900)
@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<html>
+<body>
+<script>
+_onload_ = () => {
+ setTimeout(() => {
+ window.prompt("PASS: This prompt dialog should show");
+ window.confirm("PASS: This confirm dialog should show");
+ window.alert("PASS: This alert dialog should show");
+ top.postMessage("done", "*");
+ }, 0);
+};
+</script>
+</body>
+</html>
Deleted: branches/safari-612-branch/LayoutTests/http/tests/security/resources/cross-origin-js-prompt-forbidden.html (281899 => 281900)
--- branches/safari-612-branch/LayoutTests/http/tests/security/resources/cross-origin-js-prompt-forbidden.html 2021-09-02 01:05:09 UTC (rev 281899)
+++ branches/safari-612-branch/LayoutTests/http/tests/security/resources/cross-origin-js-prompt-forbidden.html 2021-09-02 01:05:13 UTC (rev 281900)
@@ -1,23 +0,0 @@
-<!DOCTYPE html>
-<html>
-<body>
-<script>
-_onload_ = () => {
- setTimeout(() => {
- let ret = window.prompt("FAIL: This prompt dialog should not show");
- if (ret === null)
- top.postMessage("PASS: window.prompt() returned null", "*");
- else
- top.postMessage("FAIL: window.prompt() did not return null", "*");
- ret = window.confirm("FAIL: This confirm dialog should not show");
- if (!ret)
- top.postMessage("PASS: window.confirm() returned false", "*");
- else
- top.postMessage("FAIL: window.confirm() returned true", "*");
- window.alert("FAIL: This alert dialog should not show");
- top.postMessage("done", "*");
- }, 0);
-};
-</script>
-</body>
-</html>
Added: branches/safari-612-branch/LayoutTests/http/tests/security/same-origin-different-domain-js-prompt-allowed-expected.txt (0 => 281900)
--- branches/safari-612-branch/LayoutTests/http/tests/security/same-origin-different-domain-js-prompt-allowed-expected.txt (rev 0)
+++ branches/safari-612-branch/LayoutTests/http/tests/security/same-origin-different-domain-js-prompt-allowed-expected.txt 2021-09-02 01:05:13 UTC (rev 281900)
@@ -0,0 +1,12 @@
+PROMPT: PASS: This prompt dialog should show, default text:
+CONFIRM: PASS: This confirm dialog should show
+ALERT: PASS: This alert dialog should show
+Tests that JS prompts are allowed in same-origin but different-domain iframes
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
Copied: branches/safari-612-branch/LayoutTests/http/tests/security/same-origin-different-domain-js-prompt-allowed.html (from rev 281899, branches/safari-612-branch/LayoutTests/http/tests/security/same-origin-different-domain-js-prompt-forbidden.html) (0 => 281900)
--- branches/safari-612-branch/LayoutTests/http/tests/security/same-origin-different-domain-js-prompt-allowed.html (rev 0)
+++ branches/safari-612-branch/LayoutTests/http/tests/security/same-origin-different-domain-js-prompt-allowed.html 2021-09-02 01:05:13 UTC (rev 281900)
@@ -0,0 +1,22 @@
+<!DOCTYPE html>
+<html>
+<body>
+<script src=""
+<script>
+description("Tests that JS prompts are allowed in same-origin but different-domain iframes");
+jsTestIsAsync = true;
+
+if (window.internals)
+ window.internals.settings.setTreatIPAddressAsDomain(true);
+document.domain="0.0.1";
+
+_onmessage_ = (e) => {
+ if (e.data == "done")
+ finishJSTest();
+ else
+ debug(e.data);
+}
+</script>
+<iframe src=""
+</body>
+</html>
Deleted: branches/safari-612-branch/LayoutTests/http/tests/security/same-origin-different-domain-js-prompt-forbidden-expected.txt (281899 => 281900)
--- branches/safari-612-branch/LayoutTests/http/tests/security/same-origin-different-domain-js-prompt-forbidden-expected.txt 2021-09-02 01:05:09 UTC (rev 281899)
+++ branches/safari-612-branch/LayoutTests/http/tests/security/same-origin-different-domain-js-prompt-forbidden-expected.txt 2021-09-02 01:05:13 UTC (rev 281900)
@@ -1,14 +0,0 @@
-CONSOLE MESSAGE: Use of window.prompt is not allowed in different origin-domain iframes.
-CONSOLE MESSAGE: Use of window.confirm is not allowed in different origin-domain iframes.
-CONSOLE MESSAGE: Use of window.alert is not allowed in different origin-domain iframes.
-Tests that JS prompts are forbidden in same-origin but different-domain iframes
-
-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
-
-
-PASS: window.prompt() returned null
-PASS: window.confirm() returned false
-PASS successfullyParsed is true
-
-TEST COMPLETE
-
Deleted: branches/safari-612-branch/LayoutTests/http/tests/security/same-origin-different-domain-js-prompt-forbidden.html (281899 => 281900)
--- branches/safari-612-branch/LayoutTests/http/tests/security/same-origin-different-domain-js-prompt-forbidden.html 2021-09-02 01:05:09 UTC (rev 281899)
+++ branches/safari-612-branch/LayoutTests/http/tests/security/same-origin-different-domain-js-prompt-forbidden.html 2021-09-02 01:05:13 UTC (rev 281900)
@@ -1,22 +0,0 @@
-<!DOCTYPE html>
-<html>
-<body>
-<script src=""
-<script>
-description("Tests that JS prompts are forbidden in same-origin but different-domain iframes");
-jsTestIsAsync = true;
-
-if (window.internals)
- window.internals.settings.setTreatIPAddressAsDomain(true);
-document.domain="0.0.1";
-
-_onmessage_ = (e) => {
- if (e.data == "done")
- finishJSTest();
- else
- debug(e.data);
-}
-</script>
-<iframe src=""
-</body>
-</html>
Modified: branches/safari-612-branch/Source/WebCore/ChangeLog (281899 => 281900)
--- branches/safari-612-branch/Source/WebCore/ChangeLog 2021-09-02 01:05:09 UTC (rev 281899)
+++ branches/safari-612-branch/Source/WebCore/ChangeLog 2021-09-02 01:05:13 UTC (rev 281900)
@@ -1,5 +1,57 @@
2021-09-01 Russell Epstein <[email protected]>
+ Cherry-pick r281848. rdar://problem/82652449
+
+ Regression(r272607) Removal of alert()/confirm() in third-party iframes breaks Salesforce
+ https://bugs.webkit.org/show_bug.cgi?id=229737
+ <rdar://82591122>
+
+ Source/WebCore:
+
+ Unreviewed, Revert behavior change made in r272607 as it broke Salesforce. My understanding is that
+ Chrome had to revert this too.
+
+ Tests: http/tests/security/cross-origin-js-prompt-allowed.html
+ http/tests/security/same-origin-different-domain-js-prompt-allowed.html
+
+ * page/DOMWindow.cpp:
+ (WebCore::DOMWindow::alert):
+ (WebCore::DOMWindow::confirmForBindings):
+ (WebCore::DOMWindow::prompt):
+
+ LayoutTests:
+
+ Unreviewed, Update existing tests to reflect behavior change.
+
+ * http/tests/security/cross-origin-js-prompt-allowed-expected.txt: Added.
+ * http/tests/security/cross-origin-js-prompt-allowed.html: Renamed from LayoutTests/http/tests/security/cross-origin-js-prompt-forbidden.html.
+ * http/tests/security/cross-origin-js-prompt-forbidden-expected.txt: Removed.
+ * http/tests/security/resources/cross-origin-js-prompt-allowed.html: Renamed from LayoutTests/http/tests/security/resources/cross-origin-js-prompt-forbidden.html.
+ * http/tests/security/same-origin-different-domain-js-prompt-allowed-expected.txt: Added.
+ * http/tests/security/same-origin-different-domain-js-prompt-allowed.html: Renamed from LayoutTests/http/tests/security/same-origin-different-domain-js-prompt-forbidden.html.
+ * http/tests/security/same-origin-different-domain-js-prompt-forbidden-expected.txt: Removed.
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@281848 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2021-09-01 Chris Dumez <[email protected]>
+
+ Regression(r272607) Removal of alert()/confirm() in third-party iframes breaks Salesforce
+ https://bugs.webkit.org/show_bug.cgi?id=229737
+ <rdar://82591122>
+
+ Unreviewed, Revert behavior change made in r272607 as it broke Salesforce. My understanding is that
+ Chrome had to revert this too.
+
+ Tests: http/tests/security/cross-origin-js-prompt-allowed.html
+ http/tests/security/same-origin-different-domain-js-prompt-allowed.html
+
+ * page/DOMWindow.cpp:
+ (WebCore::DOMWindow::alert):
+ (WebCore::DOMWindow::confirmForBindings):
+ (WebCore::DOMWindow::prompt):
+
+2021-09-01 Russell Epstein <[email protected]>
+
Cherry-pick r281813. rdar://problem/82651722
REGRESSION (r272900): wpt.fyi loading performance is very slow (regressed, and slower than other browsers)
Modified: branches/safari-612-branch/Source/WebCore/page/DOMWindow.cpp (281899 => 281900)
--- branches/safari-612-branch/Source/WebCore/page/DOMWindow.cpp 2021-09-02 01:05:09 UTC (rev 281899)
+++ branches/safari-612-branch/Source/WebCore/page/DOMWindow.cpp 2021-09-02 01:05:13 UTC (rev 281900)
@@ -1116,11 +1116,6 @@
return;
}
- if (!document->securityOrigin().isSameOriginDomain(document->topDocument().securityOrigin())) {
- printErrorMessage("Use of window.alert is not allowed in different origin-domain iframes.");
- return;
- }
-
document->updateStyleIfNeeded();
#if ENABLE(POINTER_LOCK)
page->pointerLockController().requestPointerUnlock();
@@ -1150,11 +1145,6 @@
return false;
}
- if (!document->securityOrigin().isSameOriginDomain(document->topDocument().securityOrigin())) {
- printErrorMessage("Use of window.confirm is not allowed in different origin-domain iframes.");
- return false;
- }
-
document->updateStyleIfNeeded();
#if ENABLE(POINTER_LOCK)
page->pointerLockController().requestPointerUnlock();
@@ -1184,11 +1174,6 @@
return String();
}
- if (!document->securityOrigin().isSameOriginDomain(document->topDocument().securityOrigin())) {
- printErrorMessage("Use of window.prompt is not allowed in different origin-domain iframes.");
- return String();
- }
-
document->updateStyleIfNeeded();
#if ENABLE(POINTER_LOCK)
page->pointerLockController().requestPointerUnlock();
