Diff
Modified: trunk/LayoutTests/ChangeLog (137052 => 137053)
--- trunk/LayoutTests/ChangeLog 2012-12-09 00:03:40 UTC (rev 137052)
+++ trunk/LayoutTests/ChangeLog 2012-12-09 01:54:13 UTC (rev 137053)
@@ -1,3 +1,24 @@
+2012-12-08 Mike West <[email protected]>
+
+ Log to console when script is blocked by sandbox attributes.
+ https://bugs.webkit.org/show_bug.cgi?id=104365
+
+ Reviewed by Ojan Vafai.
+
+ * fast/frames/sandboxed-iframe-attribute-parsing-expected.txt:
+ * fast/frames/sandboxed-iframe-autofocus-denied-expected.txt:
+ * fast/frames/sandboxed-iframe-parsing-space-characters-expected.txt:
+ * fast/frames/sandboxed-iframe-scripting-expected.txt:
+ * http/tests/security/contentSecurityPolicy/sandbox-empty-expected.txt:
+ * http/tests/security/contentSecurityPolicy/sandbox-empty-subframe-expected.txt:
+ * http/tests/security/contentSecurityPolicy/sandbox-in-http-header-control-expected.txt:
+ * http/tests/security/contentSecurityPolicy/sandbox-in-http-header-expected.txt:
+ * http/tests/security/contentSecurityPolicy/sandbox-invalid-header-expected.txt:
+ * http/tests/security/isolatedWorld/sandboxed-iframe-expected.txt:
+ * http/tests/security/sandbox-inherit-to-initial-document-2-expected.txt:
+ * media/video-controls-no-scripting-expected.txt:
+ Rebaselining tests with new expectations.
+
2012-12-08 Kent Tamura <[email protected]>
Add appearance tests for input[type=datetime-local]
Modified: trunk/LayoutTests/fast/frames/sandboxed-iframe-attribute-parsing-expected.txt (137052 => 137053)
--- trunk/LayoutTests/fast/frames/sandboxed-iframe-attribute-parsing-expected.txt 2012-12-09 00:03:40 UTC (rev 137052)
+++ trunk/LayoutTests/fast/frames/sandboxed-iframe-attribute-parsing-expected.txt 2012-12-09 01:54:13 UTC (rev 137053)
@@ -11,6 +11,14 @@
CONSOLE MESSAGE: Blocked form submission to '_javascript_:top.disallowedFormSubmitted();' because the form's frame is sandboxed and the 'allow-forms' permission is not set.
CONSOLE MESSAGE: Blocked form submission to '_javascript_:top.disallowedFormSubmitted();' because the form's frame is sandboxed and the 'allow-forms' permission is not set.
CONSOLE MESSAGE: Blocked form submission to '_javascript_:top.disallowedFormSubmitted();' because the form's frame is sandboxed and the 'allow-forms' permission is not set.
+CONSOLE MESSAGE: Blocked script execution in 'sandboxed-iframe-attribute-parsing-disallowed.html' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
+CONSOLE MESSAGE: Blocked script execution in 'sandboxed-iframe-attribute-parsing-disallowed.html' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
+CONSOLE MESSAGE: Blocked script execution in 'sandboxed-iframe-attribute-parsing-disallowed.html' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
+CONSOLE MESSAGE: Blocked script execution in 'sandboxed-iframe-attribute-parsing-disallowed.html' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
+CONSOLE MESSAGE: Blocked script execution in 'sandboxed-iframe-attribute-parsing-disallowed.html' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
+CONSOLE MESSAGE: Blocked script execution in 'sandboxed-iframe-attribute-parsing-disallowed.html' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
+CONSOLE MESSAGE: Blocked script execution in 'sandboxed-iframe-attribute-parsing-disallowed.html' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
+CONSOLE MESSAGE: Blocked script execution in 'sandboxed-iframe-attribute-parsing-disallowed.html' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
This test case verifies the parsing of the iframe sandbox attribute. Two sets of iframes are used: one where scripting is allowed, and another one where it is disallowed. The test verifies that the allowed frames execute scripts (but other sandboxed properties still apply -- specifically, forms are disabled), and the disallowed ones do not. If successful the test prints "PASS".
Modified: trunk/LayoutTests/fast/frames/sandboxed-iframe-autofocus-denied-expected.txt (137052 => 137053)
--- trunk/LayoutTests/fast/frames/sandboxed-iframe-autofocus-denied-expected.txt 2012-12-09 00:03:40 UTC (rev 137052)
+++ trunk/LayoutTests/fast/frames/sandboxed-iframe-autofocus-denied-expected.txt 2012-12-09 01:54:13 UTC (rev 137053)
@@ -1,3 +1,4 @@
+CONSOLE MESSAGE: line 1: Blocked script execution in 'about:srcdoc' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
CONSOLE MESSAGE: line 1: Blocked autofocusing on a form control because the form's frame is sandboxed and the 'allow-scripts' permission is not set.
CONSOLE MESSAGE: line 13: PASS: The input element is not focused.
This test passes if the input element in the sandboxed frame is not automatically focused upon, as it should be blocked by the sandboxed scripts flag. A console warning to that effect should also be present.
Modified: trunk/LayoutTests/fast/frames/sandboxed-iframe-parsing-space-characters-expected.txt (137052 => 137053)
--- trunk/LayoutTests/fast/frames/sandboxed-iframe-parsing-space-characters-expected.txt 2012-12-09 00:03:40 UTC (rev 137052)
+++ trunk/LayoutTests/fast/frames/sandboxed-iframe-parsing-space-characters-expected.txt 2012-12-09 01:54:13 UTC (rev 137053)
@@ -1,8 +1,10 @@
ALERT: PASS: Form feed is a delimiter.
CONSOLE MESSAGE: Error while parsing the 'sandbox' attribute: 'allow-scripts�allow-forms' is an invalid sandbox flag.
+CONSOLE MESSAGE: Blocked script execution in 'data:text/html,<script>alert('FAIL: Vertical tab is not a delimiter.');</script>' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
ALERT: PASS: Newline is a delimiter.
ALERT: PASS: Return is a delimiter.
CONSOLE MESSAGE: Error while parsing the 'sandbox' attribute: 'allow-scriptsxallow-forms' is an invalid sandbox flag.
+CONSOLE MESSAGE: Blocked script execution in 'data:text/html,<script>alert('FAIL: x is not a delimiter.');</script>' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
ALERT: PASS: Tab is a delimiter.
ALERT: PASS: Space is a delimiter character.
This tests whether we correct parse various space characters in the sandbox attribute.
Modified: trunk/LayoutTests/fast/frames/sandboxed-iframe-scripting-expected.txt (137052 => 137053)
--- trunk/LayoutTests/fast/frames/sandboxed-iframe-scripting-expected.txt 2012-12-09 00:03:40 UTC (rev 137052)
+++ trunk/LayoutTests/fast/frames/sandboxed-iframe-scripting-expected.txt 2012-12-09 01:54:13 UTC (rev 137053)
@@ -1,4 +1,6 @@
+CONSOLE MESSAGE: Blocked script execution in 'about:blank' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
ALERT: PASS: Executed script in data URL
+CONSOLE MESSAGE: Blocked script execution in 'data:text/html,<script> alert('FAIL: Executed script without allow-scripts in data URL'); </script>' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
Verify that sandboxed frames with sandbox="allow-scripts" can execute scripts, but other sandboxed frames cannot. Also verify that adding a sandbox attribute at runtime does not effect the current state of the iframe.
On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/sandbox-empty-expected.txt (137052 => 137053)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/sandbox-empty-expected.txt 2012-12-09 00:03:40 UTC (rev 137052)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/sandbox-empty-expected.txt 2012-12-09 01:54:13 UTC (rev 137053)
@@ -1 +1,2 @@
+CONSOLE MESSAGE: Blocked script execution in 'http://127.0.0.1:8000/security/contentSecurityPolicy/sandbox-empty.html' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
This test passes if it doesn't alert fail.
Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/sandbox-empty-subframe-expected.txt (137052 => 137053)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/sandbox-empty-subframe-expected.txt 2012-12-09 00:03:40 UTC (rev 137052)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/sandbox-empty-subframe-expected.txt 2012-12-09 01:54:13 UTC (rev 137053)
@@ -1 +1,2 @@
+CONSOLE MESSAGE: Blocked script execution in 'data:text/html,<script>alert('FAIL');</script>' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
This test passes if it doesn't alert fail.
Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/sandbox-in-http-header-control-expected.txt (137052 => 137053)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/sandbox-in-http-header-control-expected.txt 2012-12-09 00:03:40 UTC (rev 137052)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/sandbox-in-http-header-control-expected.txt 2012-12-09 01:54:13 UTC (rev 137053)
@@ -1,2 +1,3 @@
+CONSOLE MESSAGE: Blocked script execution in 'http://127.0.0.1:8000/security/contentSecurityPolicy/resources/sandbox.php?sandbox=allow-top-navigation%20allow-same-origin' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
ALERT: PASS: Iframe was not in a unique origin
Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/sandbox-in-http-header-expected.txt (137052 => 137053)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/sandbox-in-http-header-expected.txt 2012-12-09 00:03:40 UTC (rev 137052)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/sandbox-in-http-header-expected.txt 2012-12-09 01:54:13 UTC (rev 137053)
@@ -1,3 +1,4 @@
+CONSOLE MESSAGE: Blocked script execution in 'http://127.0.0.1:8000/security/contentSecurityPolicy/resources/sandbox.php?sandbox=allow-top-navigation' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
CONSOLE MESSAGE: Sandbox access violation: Unsafe _javascript_ attempt to access frame with URL http://127.0.0.1:8000/security/contentSecurityPolicy/resources/sandbox.php?sandbox=allow-top-navigation from frame with URL http://127.0.0.1:8000/security/contentSecurityPolicy/sandbox-in-http-header.html. The frame being accessed is sandboxed into a unique origin.
ALERT: PASS: Iframe was in a unique origin
Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/sandbox-invalid-header-expected.txt (137052 => 137053)
--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/sandbox-invalid-header-expected.txt 2012-12-09 00:03:40 UTC (rev 137052)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/sandbox-invalid-header-expected.txt 2012-12-09 01:54:13 UTC (rev 137053)
@@ -1,2 +1,3 @@
CONSOLE MESSAGE: Error while parsing the 'sandbox' Content Security Policy directive: 'allowScript' is an invalid sandbox flag.
+CONSOLE MESSAGE: Blocked script execution in 'http://127.0.0.1:8000/security/contentSecurityPolicy/resources/sandbox.php?sandbox=allowScript' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
Modified: trunk/LayoutTests/http/tests/security/isolatedWorld/sandboxed-iframe-expected.txt (137052 => 137053)
--- trunk/LayoutTests/http/tests/security/isolatedWorld/sandboxed-iframe-expected.txt 2012-12-09 00:03:40 UTC (rev 137052)
+++ trunk/LayoutTests/http/tests/security/isolatedWorld/sandboxed-iframe-expected.txt 2012-12-09 01:54:13 UTC (rev 137053)
@@ -1,3 +1,4 @@
+CONSOLE MESSAGE: Blocked script execution in 'http://127.0.0.1:8000/security/isolatedWorld/resources/fail.html' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
ALERT: PASS
Test that executing scripts in an isolated world works even inside sandboxed iframes. The test passes, if an alert with the text "PASS" is shown.
Modified: trunk/LayoutTests/http/tests/security/sandbox-inherit-to-initial-document-2-expected.txt (137052 => 137053)
--- trunk/LayoutTests/http/tests/security/sandbox-inherit-to-initial-document-2-expected.txt 2012-12-09 00:03:40 UTC (rev 137052)
+++ trunk/LayoutTests/http/tests/security/sandbox-inherit-to-initial-document-2-expected.txt 2012-12-09 01:54:13 UTC (rev 137053)
@@ -1,3 +1,4 @@
+CONSOLE MESSAGE: Blocked script execution in 'about:blank' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
Test how sandbox flags get inherited to initial document in subframe.
PASS
Modified: trunk/LayoutTests/media/video-controls-no-scripting-expected.txt (137052 => 137053)
--- trunk/LayoutTests/media/video-controls-no-scripting-expected.txt 2012-12-09 00:03:40 UTC (rev 137052)
+++ trunk/LayoutTests/media/video-controls-no-scripting-expected.txt 2012-12-09 01:54:13 UTC (rev 137053)
@@ -1,3 +1,5 @@
+CONSOLE MESSAGE: Blocked script execution in 'video-controls-no-scripting-iframe.html' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
+CONSOLE MESSAGE: line 13: Blocked script execution in 'video-controls-no-scripting-iframe.html' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
Tests that the built-in controls are always enabled when _javascript_ is disabled.
Modified: trunk/Source/WebCore/ChangeLog (137052 => 137053)
--- trunk/Source/WebCore/ChangeLog 2012-12-09 00:03:40 UTC (rev 137052)
+++ trunk/Source/WebCore/ChangeLog 2012-12-09 01:54:13 UTC (rev 137053)
@@ -1,3 +1,17 @@
+2012-12-08 Mike West <[email protected]>
+
+ Log to console when script is blocked by sandbox attributes.
+ https://bugs.webkit.org/show_bug.cgi?id=104365
+
+ Reviewed by Ojan Vafai.
+
+ Adds a console message to cover script execution blocked within the
+ context of a sandboxed frame which lacks the 'allow-scripts' permission.
+
+ * bindings/ScriptControllerBase.cpp:
+ (WebCore::ScriptController::canExecuteScripts):
+ Log a warning when sandboxing flags block script execution.
+
2012-12-08 No'am Rosenthal <[email protected]>
Use background color for GraphicsLayers when applicable
Modified: trunk/Source/WebCore/bindings/ScriptControllerBase.cpp (137052 => 137053)
--- trunk/Source/WebCore/bindings/ScriptControllerBase.cpp 2012-12-09 00:03:40 UTC (rev 137052)
+++ trunk/Source/WebCore/bindings/ScriptControllerBase.cpp 2012-12-09 01:54:13 UTC (rev 137053)
@@ -38,8 +38,12 @@
bool ScriptController::canExecuteScripts(ReasonForCallingCanExecuteScripts reason)
{
- if (m_frame->document() && m_frame->document()->isSandboxed(SandboxScripts))
+ if (m_frame->document() && m_frame->document()->isSandboxed(SandboxScripts)) {
+ // FIXME: This message should be moved off the console once a solution to https://bugs.webkit.org/show_bug.cgi?id=103274 exists.
+ if (reason == AboutToExecuteScript)
+ m_frame->document()->addConsoleMessage(HTMLMessageSource, LogMessageType, ErrorMessageLevel, "Blocked script execution in '" + m_frame->document()->url().string() + "' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.");
return false;
+ }
if (m_frame->document() && m_frame->document()->isViewSource()) {
ASSERT(m_frame->document()->securityOrigin()->isUnique());
