Title: [281900] branches/safari-612-branch
Revision
281900
Author
[email protected]
Date
2021-09-01 18:05:13 -0700 (Wed, 01 Sep 2021)

Log Message

Cherry-pick r281848. rdar://problem/82652449

    Regression(r272607) Removal of alert()/confirm() in third-party iframes breaks Salesforce
    https://bugs.webkit.org/show_bug.cgi?id=229737
    <rdar://82591122>

    Source/WebCore:

    Unreviewed, Revert behavior change made in r272607 as it broke Salesforce. My understanding is that
    Chrome had to revert this too.

    Tests: http/tests/security/cross-origin-js-prompt-allowed.html
           http/tests/security/same-origin-different-domain-js-prompt-allowed.html

    * page/DOMWindow.cpp:
    (WebCore::DOMWindow::alert):
    (WebCore::DOMWindow::confirmForBindings):
    (WebCore::DOMWindow::prompt):

    LayoutTests:

    Unreviewed, Update existing tests to reflect behavior change.

    * http/tests/security/cross-origin-js-prompt-allowed-expected.txt: Added.
    * http/tests/security/cross-origin-js-prompt-allowed.html: Renamed from LayoutTests/http/tests/security/cross-origin-js-prompt-forbidden.html.
    * http/tests/security/cross-origin-js-prompt-forbidden-expected.txt: Removed.
    * http/tests/security/resources/cross-origin-js-prompt-allowed.html: Renamed from LayoutTests/http/tests/security/resources/cross-origin-js-prompt-forbidden.html.
    * http/tests/security/same-origin-different-domain-js-prompt-allowed-expected.txt: Added.
    * http/tests/security/same-origin-different-domain-js-prompt-allowed.html: Renamed from LayoutTests/http/tests/security/same-origin-different-domain-js-prompt-forbidden.html.
    * http/tests/security/same-origin-different-domain-js-prompt-forbidden-expected.txt: Removed.

    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@281848 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Modified Paths

Added Paths

Removed Paths

Diff

Modified: branches/safari-612-branch/LayoutTests/ChangeLog (281899 => 281900)


--- branches/safari-612-branch/LayoutTests/ChangeLog	2021-09-02 01:05:09 UTC (rev 281899)
+++ branches/safari-612-branch/LayoutTests/ChangeLog	2021-09-02 01:05:13 UTC (rev 281900)
@@ -1,5 +1,56 @@
 2021-09-01  Russell Epstein  <[email protected]>
 
+        Cherry-pick r281848. rdar://problem/82652449
+
+    Regression(r272607) Removal of alert()/confirm() in third-party iframes breaks Salesforce
+    https://bugs.webkit.org/show_bug.cgi?id=229737
+    <rdar://82591122>
+    
+    Source/WebCore:
+    
+    Unreviewed, Revert behavior change made in r272607 as it broke Salesforce. My understanding is that
+    Chrome had to revert this too.
+    
+    Tests: http/tests/security/cross-origin-js-prompt-allowed.html
+           http/tests/security/same-origin-different-domain-js-prompt-allowed.html
+    
+    * page/DOMWindow.cpp:
+    (WebCore::DOMWindow::alert):
+    (WebCore::DOMWindow::confirmForBindings):
+    (WebCore::DOMWindow::prompt):
+    
+    LayoutTests:
+    
+    Unreviewed, Update existing tests to reflect behavior change.
+    
+    * http/tests/security/cross-origin-js-prompt-allowed-expected.txt: Added.
+    * http/tests/security/cross-origin-js-prompt-allowed.html: Renamed from LayoutTests/http/tests/security/cross-origin-js-prompt-forbidden.html.
+    * http/tests/security/cross-origin-js-prompt-forbidden-expected.txt: Removed.
+    * http/tests/security/resources/cross-origin-js-prompt-allowed.html: Renamed from LayoutTests/http/tests/security/resources/cross-origin-js-prompt-forbidden.html.
+    * http/tests/security/same-origin-different-domain-js-prompt-allowed-expected.txt: Added.
+    * http/tests/security/same-origin-different-domain-js-prompt-allowed.html: Renamed from LayoutTests/http/tests/security/same-origin-different-domain-js-prompt-forbidden.html.
+    * http/tests/security/same-origin-different-domain-js-prompt-forbidden-expected.txt: Removed.
+    
+    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@281848 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+    2021-09-01  Chris Dumez  <[email protected]>
+
+            Regression(r272607) Removal of alert()/confirm() in third-party iframes breaks Salesforce
+            https://bugs.webkit.org/show_bug.cgi?id=229737
+            <rdar://82591122>
+
+            Unreviewed, Update existing tests to reflect behavior change.
+
+            * http/tests/security/cross-origin-js-prompt-allowed-expected.txt: Added.
+            * http/tests/security/cross-origin-js-prompt-allowed.html: Renamed from LayoutTests/http/tests/security/cross-origin-js-prompt-forbidden.html.
+            * http/tests/security/cross-origin-js-prompt-forbidden-expected.txt: Removed.
+            * http/tests/security/resources/cross-origin-js-prompt-allowed.html: Renamed from LayoutTests/http/tests/security/resources/cross-origin-js-prompt-forbidden.html.
+            * http/tests/security/same-origin-different-domain-js-prompt-allowed-expected.txt: Added.
+            * http/tests/security/same-origin-different-domain-js-prompt-allowed.html: Renamed from LayoutTests/http/tests/security/same-origin-different-domain-js-prompt-forbidden.html.
+            * http/tests/security/same-origin-different-domain-js-prompt-forbidden-expected.txt: Removed.
+
+2021-09-01  Russell Epstein  <[email protected]>
+
         Cherry-pick r281700. rdar://problem/82650954
 
     REGRESSION (r276882): Shadow trees may use stale style information after inline stylesheet is mutated via CSSOM

Modified: branches/safari-612-branch/LayoutTests/http/tests/history/cross-origin-replace-history-object-child-expected.txt (281899 => 281900)


--- branches/safari-612-branch/LayoutTests/http/tests/history/cross-origin-replace-history-object-child-expected.txt	2021-09-02 01:05:09 UTC (rev 281899)
+++ branches/safari-612-branch/LayoutTests/http/tests/history/cross-origin-replace-history-object-child-expected.txt	2021-09-02 01:05:13 UTC (rev 281900)
@@ -1,6 +1,6 @@
 CONSOLE MESSAGE: SecurityError: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a cross-origin frame. Protocols, domains, and ports must match.
 ALERT: Child window's history object before attempt to clear: undefined
-CONSOLE MESSAGE: Use of window.alert is not allowed in different origin-domain iframes.
+ALERT: About to shadow child window's history object: [object History]
 CONSOLE MESSAGE: PASS: Could not shadow child window's history object: [object History]
 CONSOLE MESSAGE: SecurityError: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a cross-origin frame. Protocols, domains, and ports must match.
 ALERT: Child window's history object after attempt to clear: undefined

Added: branches/safari-612-branch/LayoutTests/http/tests/security/cross-origin-js-prompt-allowed-expected.txt (0 => 281900)


--- branches/safari-612-branch/LayoutTests/http/tests/security/cross-origin-js-prompt-allowed-expected.txt	                        (rev 0)
+++ branches/safari-612-branch/LayoutTests/http/tests/security/cross-origin-js-prompt-allowed-expected.txt	2021-09-02 01:05:13 UTC (rev 281900)
@@ -0,0 +1,12 @@
+PROMPT: PASS: This prompt dialog should show, default text:
+CONFIRM: PASS: This confirm dialog should show
+ALERT: PASS: This alert dialog should show
+Tests that JS prompts are allowed in cross-origin frames
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS successfullyParsed is true
+
+TEST COMPLETE
+

Copied: branches/safari-612-branch/LayoutTests/http/tests/security/cross-origin-js-prompt-allowed.html (from rev 281899, branches/safari-612-branch/LayoutTests/http/tests/security/cross-origin-js-prompt-forbidden.html) (0 => 281900)


--- branches/safari-612-branch/LayoutTests/http/tests/security/cross-origin-js-prompt-allowed.html	                        (rev 0)
+++ branches/safari-612-branch/LayoutTests/http/tests/security/cross-origin-js-prompt-allowed.html	2021-09-02 01:05:13 UTC (rev 281900)
@@ -0,0 +1,18 @@
+<!DOCTYPE html>
+<html>
+<body>
+<script src=""
+<script>
+description("Tests that JS prompts are allowed in cross-origin frames");
+jsTestIsAsync = true;
+
+_onmessage_ = (e) => {
+  if (e.data == "done")
+    finishJSTest();
+  else
+    debug(e.data);
+}
+</script>
+<iframe src=""
+</body>
+</html>

Deleted: branches/safari-612-branch/LayoutTests/http/tests/security/cross-origin-js-prompt-forbidden-expected.txt (281899 => 281900)


--- branches/safari-612-branch/LayoutTests/http/tests/security/cross-origin-js-prompt-forbidden-expected.txt	2021-09-02 01:05:09 UTC (rev 281899)
+++ branches/safari-612-branch/LayoutTests/http/tests/security/cross-origin-js-prompt-forbidden-expected.txt	2021-09-02 01:05:13 UTC (rev 281900)
@@ -1,14 +0,0 @@
-CONSOLE MESSAGE: Use of window.prompt is not allowed in different origin-domain iframes.
-CONSOLE MESSAGE: Use of window.confirm is not allowed in different origin-domain iframes.
-CONSOLE MESSAGE: Use of window.alert is not allowed in different origin-domain iframes.
-Tests that JS prompts are forbidden in cross-origin frames
-
-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
-
-
-PASS: window.prompt() returned null
-PASS: window.confirm() returned false
-PASS successfullyParsed is true
-
-TEST COMPLETE
-

Deleted: branches/safari-612-branch/LayoutTests/http/tests/security/cross-origin-js-prompt-forbidden.html (281899 => 281900)


--- branches/safari-612-branch/LayoutTests/http/tests/security/cross-origin-js-prompt-forbidden.html	2021-09-02 01:05:09 UTC (rev 281899)
+++ branches/safari-612-branch/LayoutTests/http/tests/security/cross-origin-js-prompt-forbidden.html	2021-09-02 01:05:13 UTC (rev 281900)
@@ -1,18 +0,0 @@
-<!DOCTYPE html>
-<html>
-<body>
-<script src=""
-<script>
-description("Tests that JS prompts are forbidden in cross-origin frames");
-jsTestIsAsync = true;
-
-_onmessage_ = (e) => {
-  if (e.data == "done")
-    finishJSTest();
-  else
-    debug(e.data);
-}
-</script>
-<iframe src=""
-</body>
-</html>

Added: branches/safari-612-branch/LayoutTests/http/tests/security/resources/cross-origin-js-prompt-allowed.html (0 => 281900)


--- branches/safari-612-branch/LayoutTests/http/tests/security/resources/cross-origin-js-prompt-allowed.html	                        (rev 0)
+++ branches/safari-612-branch/LayoutTests/http/tests/security/resources/cross-origin-js-prompt-allowed.html	2021-09-02 01:05:13 UTC (rev 281900)
@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<html>
+<body>
+<script>
+_onload_ = () => {
+    setTimeout(() => {
+        window.prompt("PASS: This prompt dialog should show");
+        window.confirm("PASS: This confirm dialog should show");
+        window.alert("PASS: This alert dialog should show");
+        top.postMessage("done", "*");
+    }, 0);
+};
+</script>
+</body>
+</html>

Deleted: branches/safari-612-branch/LayoutTests/http/tests/security/resources/cross-origin-js-prompt-forbidden.html (281899 => 281900)


--- branches/safari-612-branch/LayoutTests/http/tests/security/resources/cross-origin-js-prompt-forbidden.html	2021-09-02 01:05:09 UTC (rev 281899)
+++ branches/safari-612-branch/LayoutTests/http/tests/security/resources/cross-origin-js-prompt-forbidden.html	2021-09-02 01:05:13 UTC (rev 281900)
@@ -1,23 +0,0 @@
-<!DOCTYPE html>
-<html>
-<body>
-<script>
-_onload_ = () => {
-    setTimeout(() => {
-        let ret = window.prompt("FAIL: This prompt dialog should not show");
-        if (ret === null)
-            top.postMessage("PASS: window.prompt() returned null", "*");
-        else
-            top.postMessage("FAIL: window.prompt() did not return null", "*");
-        ret = window.confirm("FAIL: This confirm dialog should not show");
-        if (!ret)
-            top.postMessage("PASS: window.confirm() returned false", "*");
-        else
-            top.postMessage("FAIL: window.confirm() returned true", "*");
-        window.alert("FAIL: This alert dialog should not show");
-        top.postMessage("done", "*");
-    }, 0);
-};
-</script>
-</body>
-</html>

Added: branches/safari-612-branch/LayoutTests/http/tests/security/same-origin-different-domain-js-prompt-allowed-expected.txt (0 => 281900)


--- branches/safari-612-branch/LayoutTests/http/tests/security/same-origin-different-domain-js-prompt-allowed-expected.txt	                        (rev 0)
+++ branches/safari-612-branch/LayoutTests/http/tests/security/same-origin-different-domain-js-prompt-allowed-expected.txt	2021-09-02 01:05:13 UTC (rev 281900)
@@ -0,0 +1,12 @@
+PROMPT: PASS: This prompt dialog should show, default text:
+CONFIRM: PASS: This confirm dialog should show
+ALERT: PASS: This alert dialog should show
+Tests that JS prompts are allowed in same-origin but different-domain iframes
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS successfullyParsed is true
+
+TEST COMPLETE
+

Copied: branches/safari-612-branch/LayoutTests/http/tests/security/same-origin-different-domain-js-prompt-allowed.html (from rev 281899, branches/safari-612-branch/LayoutTests/http/tests/security/same-origin-different-domain-js-prompt-forbidden.html) (0 => 281900)


--- branches/safari-612-branch/LayoutTests/http/tests/security/same-origin-different-domain-js-prompt-allowed.html	                        (rev 0)
+++ branches/safari-612-branch/LayoutTests/http/tests/security/same-origin-different-domain-js-prompt-allowed.html	2021-09-02 01:05:13 UTC (rev 281900)
@@ -0,0 +1,22 @@
+<!DOCTYPE html>
+<html>
+<body>
+<script src=""
+<script>
+description("Tests that JS prompts are allowed in same-origin but different-domain iframes");
+jsTestIsAsync = true;
+
+if (window.internals)
+    window.internals.settings.setTreatIPAddressAsDomain(true);
+document.domain="0.0.1";
+
+_onmessage_ = (e) => {
+  if (e.data == "done")
+    finishJSTest();
+  else
+    debug(e.data);
+}
+</script>
+<iframe src=""
+</body>
+</html>

Deleted: branches/safari-612-branch/LayoutTests/http/tests/security/same-origin-different-domain-js-prompt-forbidden-expected.txt (281899 => 281900)


--- branches/safari-612-branch/LayoutTests/http/tests/security/same-origin-different-domain-js-prompt-forbidden-expected.txt	2021-09-02 01:05:09 UTC (rev 281899)
+++ branches/safari-612-branch/LayoutTests/http/tests/security/same-origin-different-domain-js-prompt-forbidden-expected.txt	2021-09-02 01:05:13 UTC (rev 281900)
@@ -1,14 +0,0 @@
-CONSOLE MESSAGE: Use of window.prompt is not allowed in different origin-domain iframes.
-CONSOLE MESSAGE: Use of window.confirm is not allowed in different origin-domain iframes.
-CONSOLE MESSAGE: Use of window.alert is not allowed in different origin-domain iframes.
-Tests that JS prompts are forbidden in same-origin but different-domain iframes
-
-On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
-
-
-PASS: window.prompt() returned null
-PASS: window.confirm() returned false
-PASS successfullyParsed is true
-
-TEST COMPLETE
-

Deleted: branches/safari-612-branch/LayoutTests/http/tests/security/same-origin-different-domain-js-prompt-forbidden.html (281899 => 281900)


--- branches/safari-612-branch/LayoutTests/http/tests/security/same-origin-different-domain-js-prompt-forbidden.html	2021-09-02 01:05:09 UTC (rev 281899)
+++ branches/safari-612-branch/LayoutTests/http/tests/security/same-origin-different-domain-js-prompt-forbidden.html	2021-09-02 01:05:13 UTC (rev 281900)
@@ -1,22 +0,0 @@
-<!DOCTYPE html>
-<html>
-<body>
-<script src=""
-<script>
-description("Tests that JS prompts are forbidden in same-origin but different-domain iframes");
-jsTestIsAsync = true;
-
-if (window.internals)
-    window.internals.settings.setTreatIPAddressAsDomain(true);
-document.domain="0.0.1";
-
-_onmessage_ = (e) => {
-  if (e.data == "done")
-    finishJSTest();
-  else
-    debug(e.data);
-}
-</script>
-<iframe src=""
-</body>
-</html>

Modified: branches/safari-612-branch/Source/WebCore/ChangeLog (281899 => 281900)


--- branches/safari-612-branch/Source/WebCore/ChangeLog	2021-09-02 01:05:09 UTC (rev 281899)
+++ branches/safari-612-branch/Source/WebCore/ChangeLog	2021-09-02 01:05:13 UTC (rev 281900)
@@ -1,5 +1,57 @@
 2021-09-01  Russell Epstein  <[email protected]>
 
+        Cherry-pick r281848. rdar://problem/82652449
+
+    Regression(r272607) Removal of alert()/confirm() in third-party iframes breaks Salesforce
+    https://bugs.webkit.org/show_bug.cgi?id=229737
+    <rdar://82591122>
+    
+    Source/WebCore:
+    
+    Unreviewed, Revert behavior change made in r272607 as it broke Salesforce. My understanding is that
+    Chrome had to revert this too.
+    
+    Tests: http/tests/security/cross-origin-js-prompt-allowed.html
+           http/tests/security/same-origin-different-domain-js-prompt-allowed.html
+    
+    * page/DOMWindow.cpp:
+    (WebCore::DOMWindow::alert):
+    (WebCore::DOMWindow::confirmForBindings):
+    (WebCore::DOMWindow::prompt):
+    
+    LayoutTests:
+    
+    Unreviewed, Update existing tests to reflect behavior change.
+    
+    * http/tests/security/cross-origin-js-prompt-allowed-expected.txt: Added.
+    * http/tests/security/cross-origin-js-prompt-allowed.html: Renamed from LayoutTests/http/tests/security/cross-origin-js-prompt-forbidden.html.
+    * http/tests/security/cross-origin-js-prompt-forbidden-expected.txt: Removed.
+    * http/tests/security/resources/cross-origin-js-prompt-allowed.html: Renamed from LayoutTests/http/tests/security/resources/cross-origin-js-prompt-forbidden.html.
+    * http/tests/security/same-origin-different-domain-js-prompt-allowed-expected.txt: Added.
+    * http/tests/security/same-origin-different-domain-js-prompt-allowed.html: Renamed from LayoutTests/http/tests/security/same-origin-different-domain-js-prompt-forbidden.html.
+    * http/tests/security/same-origin-different-domain-js-prompt-forbidden-expected.txt: Removed.
+    
+    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@281848 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+    2021-09-01  Chris Dumez  <[email protected]>
+
+            Regression(r272607) Removal of alert()/confirm() in third-party iframes breaks Salesforce
+            https://bugs.webkit.org/show_bug.cgi?id=229737
+            <rdar://82591122>
+
+            Unreviewed, Revert behavior change made in r272607 as it broke Salesforce. My understanding is that
+            Chrome had to revert this too.
+
+            Tests: http/tests/security/cross-origin-js-prompt-allowed.html
+                   http/tests/security/same-origin-different-domain-js-prompt-allowed.html
+
+            * page/DOMWindow.cpp:
+            (WebCore::DOMWindow::alert):
+            (WebCore::DOMWindow::confirmForBindings):
+            (WebCore::DOMWindow::prompt):
+
+2021-09-01  Russell Epstein  <[email protected]>
+
         Cherry-pick r281813. rdar://problem/82651722
 
     REGRESSION (r272900): wpt.fyi loading performance is very slow (regressed, and slower than other browsers)

Modified: branches/safari-612-branch/Source/WebCore/page/DOMWindow.cpp (281899 => 281900)


--- branches/safari-612-branch/Source/WebCore/page/DOMWindow.cpp	2021-09-02 01:05:09 UTC (rev 281899)
+++ branches/safari-612-branch/Source/WebCore/page/DOMWindow.cpp	2021-09-02 01:05:13 UTC (rev 281900)
@@ -1116,11 +1116,6 @@
         return;
     }
 
-    if (!document->securityOrigin().isSameOriginDomain(document->topDocument().securityOrigin())) {
-        printErrorMessage("Use of window.alert is not allowed in different origin-domain iframes.");
-        return;
-    }
-
     document->updateStyleIfNeeded();
 #if ENABLE(POINTER_LOCK)
     page->pointerLockController().requestPointerUnlock();
@@ -1150,11 +1145,6 @@
         return false;
     }
 
-    if (!document->securityOrigin().isSameOriginDomain(document->topDocument().securityOrigin())) {
-        printErrorMessage("Use of window.confirm is not allowed in different origin-domain iframes.");
-        return false;
-    }
-
     document->updateStyleIfNeeded();
 #if ENABLE(POINTER_LOCK)
     page->pointerLockController().requestPointerUnlock();
@@ -1184,11 +1174,6 @@
         return String();
     }
 
-    if (!document->securityOrigin().isSameOriginDomain(document->topDocument().securityOrigin())) {
-        printErrorMessage("Use of window.prompt is not allowed in different origin-domain iframes.");
-        return String();
-    }
-
     document->updateStyleIfNeeded();
 #if ENABLE(POINTER_LOCK)
     page->pointerLockController().requestPointerUnlock();
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to