Diff
Modified: trunk/LayoutTests/ChangeLog (138516 => 138517)
--- trunk/LayoutTests/ChangeLog 2012-12-27 23:12:27 UTC (rev 138516)
+++ trunk/LayoutTests/ChangeLog 2012-12-28 00:39:48 UTC (rev 138517)
@@ -1,3 +1,25 @@
+2012-12-27 Mike West <[email protected]>
+
+ Add context to the console message generated by Document::printNavigationErrorMessage.
+ https://bugs.webkit.org/show_bug.cgi?id=105774
+
+ Reviewed by Darin Adler.
+
+ * fast/frames/sandboxed-iframe-close-top-noclose-expected.txt:
+ * fast/frames/sandboxed-iframe-history-denied-expected.txt:
+ * fast/frames/sandboxed-iframe-navigation-parent-expected.txt:
+ * fast/frames/sandboxed-iframe-navigation-targetlink-expected.txt:
+ * fast/frames/sandboxed-iframe-navigation-top-by-name-denied-expected.txt:
+ * fast/frames/sandboxed-iframe-navigation-top-denied-expected.txt:
+ * fast/frames/seamless/seamless-window-location-sandbox-expected.txt:
+ * http/tests/security/no-popup-from-sandbox-top-expected.txt:
+ * http/tests/security/frameNavigation/not-opener-expected.txt:
+ * http/tests/security/frameNavigation/xss-DENIED-plugin-navigation-expected.txt:
+ * http/tests/security/frameNavigation/xss-DENIED-targeted-link-navigation-expected.txt:
+ * platform/chromium/http/tests/security/frameNavigation/xss-DENIED-plugin-navigation-expected.txt:
+ * platform/chromium/http/tests/security/no-popup-from-sandbox-top-expected.txt:
+ Update test expectations with new error message.
+
2012-12-27 Vsevolod Vlasov <[email protected]>
Web Inspector: [Regression] Can not set breakpoints in scripts loaded with source map.
Modified: trunk/LayoutTests/fast/frames/sandboxed-iframe-close-top-noclose-expected.txt (138516 => 138517)
--- trunk/LayoutTests/fast/frames/sandboxed-iframe-close-top-noclose-expected.txt 2012-12-27 23:12:27 UTC (rev 138516)
+++ trunk/LayoutTests/fast/frames/sandboxed-iframe-close-top-noclose-expected.txt 2012-12-28 00:39:48 UTC (rev 138517)
@@ -1,4 +1,4 @@
-CONSOLE MESSAGE: Unsafe _javascript_ attempt to initiate a navigation change for frame with URL close-top.html.
+CONSOLE MESSAGE: Unsafe _javascript_ attempt to initiate navigation for frame with URL 'close-top.html'. The frame attempting navigation of the top-level window is sandboxed, but the 'allow-top-navigation' flag is not set.
This test verifies that a sandboxed IFrame can close a top-level frame with allow-top-navigation.
Modified: trunk/LayoutTests/fast/frames/sandboxed-iframe-history-denied-expected.txt (138516 => 138517)
--- trunk/LayoutTests/fast/frames/sandboxed-iframe-history-denied-expected.txt 2012-12-27 23:12:27 UTC (rev 138516)
+++ trunk/LayoutTests/fast/frames/sandboxed-iframe-history-denied-expected.txt 2012-12-28 00:39:48 UTC (rev 138517)
@@ -1,4 +1,4 @@
-CONSOLE MESSAGE: Unsafe _javascript_ attempt to initiate a navigation change for frame with URL script>.
+CONSOLE MESSAGE: Unsafe _javascript_ attempt to initiate navigation for frame with URL 'script>'. The frame attempting navigation of the top-level window is sandboxed, but the 'allow-top-navigation' flag is not set.
ALERT: PASS
This test verifies that a sandboxed IFrame cannot navigate the top-level frame using the history API.
Modified: trunk/LayoutTests/fast/frames/sandboxed-iframe-navigation-parent-expected.txt (138516 => 138517)
--- trunk/LayoutTests/fast/frames/sandboxed-iframe-navigation-parent-expected.txt 2012-12-27 23:12:27 UTC (rev 138516)
+++ trunk/LayoutTests/fast/frames/sandboxed-iframe-navigation-parent-expected.txt 2012-12-28 00:39:48 UTC (rev 138517)
@@ -1,4 +1,4 @@
-CONSOLE MESSAGE: Unsafe _javascript_ attempt to initiate a navigation change for frame with URL sandboxed-iframe-navigation-source.html.
+CONSOLE MESSAGE: Unsafe _javascript_ attempt to initiate navigation for frame with URL 'sandboxed-iframe-navigation-source.html'. The frame attempting navigation is sandboxed, and is therefore disallowed from navigating its ancestors.
This test verifies that a sandboxed IFrame cannot navigate an ancestor in the frame tree by assigning the location attribute.
Modified: trunk/LayoutTests/fast/frames/sandboxed-iframe-navigation-targetlink-expected.txt (138516 => 138517)
--- trunk/LayoutTests/fast/frames/sandboxed-iframe-navigation-targetlink-expected.txt 2012-12-27 23:12:27 UTC (rev 138516)
+++ trunk/LayoutTests/fast/frames/sandboxed-iframe-navigation-targetlink-expected.txt 2012-12-28 00:39:48 UTC (rev 138517)
@@ -1,6 +1,6 @@
-CONSOLE MESSAGE: Unsafe _javascript_ attempt to initiate a navigation change for frame with URL about:blank from frame with URL sandboxed-iframe-navigation-targetlink.html.
+CONSOLE MESSAGE: Unsafe _javascript_ attempt to initiate navigation for frame with URL 'about:blank' from frame with URL 'sandboxed-iframe-navigation-targetlink.html'. The frame attempting navigation is sandboxed, and is therefore disallowed from navigating its ancestors.
-CONSOLE MESSAGE: Unsafe _javascript_ attempt to initiate a navigation change for frame with URL about:blank from frame with URL sandboxed-iframe-navigation-targetlink.html.
+CONSOLE MESSAGE: Unsafe _javascript_ attempt to initiate navigation for frame with URL 'about:blank' from frame with URL 'sandboxed-iframe-navigation-targetlink.html'. The frame attempting navigation is sandboxed, and is therefore disallowed from navigating its ancestors.
This test verifies that a sandboxed IFrame cannot open a link in another frame using the target attribute of a link.
Modified: trunk/LayoutTests/fast/frames/sandboxed-iframe-navigation-top-by-name-denied-expected.txt (138516 => 138517)
--- trunk/LayoutTests/fast/frames/sandboxed-iframe-navigation-top-by-name-denied-expected.txt 2012-12-27 23:12:27 UTC (rev 138516)
+++ trunk/LayoutTests/fast/frames/sandboxed-iframe-navigation-top-by-name-denied-expected.txt 2012-12-28 00:39:48 UTC (rev 138517)
@@ -1,9 +1,9 @@
-CONSOLE MESSAGE: Unsafe _javascript_ attempt to initiate a navigation change for frame with URL navigate-top-by-name-to-fail.html.
+CONSOLE MESSAGE: Unsafe _javascript_ attempt to initiate navigation for frame with URL 'navigate-top-by-name-to-fail.html'. The frame attempting navigation of the top-level window is sandboxed, but the 'allow-top-navigation' flag is not set.
CONSOLE MESSAGE: Blocked opening 'fail-and-notify-done.html' in a new window because the request was made in a sandboxed frame whose 'allow-popups' permission is not set.
-CONSOLE MESSAGE: Unsafe _javascript_ attempt to initiate a navigation change for frame with URL navigate-top-by-name-to-fail.html.
+CONSOLE MESSAGE: Unsafe _javascript_ attempt to initiate navigation for frame with URL 'navigate-top-by-name-to-fail.html'. The frame attempting navigation of the top-level window is sandboxed, but the 'allow-top-navigation' flag is not set.
-CONSOLE MESSAGE: Unsafe _javascript_ attempt to initiate a navigation change for frame with URL navigate-top-by-name-to-fail.html.
+CONSOLE MESSAGE: Unsafe _javascript_ attempt to initiate navigation for frame with URL 'navigate-top-by-name-to-fail.html'. The frame attempting navigation of the top-level window is sandboxed, but the 'allow-top-navigation' flag is not set.
CONSOLE MESSAGE: Blocked opening 'fail-and-notify-done.html' in a new window because the request was made in a sandboxed frame whose 'allow-popups' permission is not set.
ALERT: PASS
Modified: trunk/LayoutTests/fast/frames/sandboxed-iframe-navigation-top-denied-expected.txt (138516 => 138517)
--- trunk/LayoutTests/fast/frames/sandboxed-iframe-navigation-top-denied-expected.txt 2012-12-27 23:12:27 UTC (rev 138516)
+++ trunk/LayoutTests/fast/frames/sandboxed-iframe-navigation-top-denied-expected.txt 2012-12-28 00:39:48 UTC (rev 138517)
@@ -1,4 +1,4 @@
-CONSOLE MESSAGE: Unsafe _javascript_ attempt to initiate a navigation change for frame with URL navigate-top-to-fail.html.
+CONSOLE MESSAGE: Unsafe _javascript_ attempt to initiate navigation for frame with URL 'navigate-top-to-fail.html'. The frame attempting navigation of the top-level window is sandboxed, but the 'allow-top-navigation' flag is not set.
This test verifies that a sandboxed IFrame cannot navigate the top-level frame without allow-top-navigation. This test passes if the navigation does not occur.
Modified: trunk/LayoutTests/fast/frames/seamless/seamless-window-location-sandbox-expected.txt (138516 => 138517)
--- trunk/LayoutTests/fast/frames/seamless/seamless-window-location-sandbox-expected.txt 2012-12-27 23:12:27 UTC (rev 138516)
+++ trunk/LayoutTests/fast/frames/seamless/seamless-window-location-sandbox-expected.txt 2012-12-28 00:39:48 UTC (rev 138517)
@@ -1,4 +1,4 @@
-CONSOLE MESSAGE: Unsafe _javascript_ attempt to initiate a navigation change for frame with URL about:srcdoc from frame with URL about:srcdoc.
+CONSOLE MESSAGE: Unsafe _javascript_ attempt to initiate navigation for frame with URL 'about:srcdoc' from frame with URL 'about:srcdoc'. The frame attempting navigation is sandboxed, and is therefore disallowed from navigating its ancestors.
This test should not cause any navigation.
Modified: trunk/LayoutTests/http/tests/security/frameNavigation/not-opener-expected.txt (138516 => 138517)
--- trunk/LayoutTests/http/tests/security/frameNavigation/not-opener-expected.txt 2012-12-27 23:12:27 UTC (rev 138516)
+++ trunk/LayoutTests/http/tests/security/frameNavigation/not-opener-expected.txt 2012-12-28 00:39:48 UTC (rev 138517)
@@ -1,3 +1,3 @@
-CONSOLE MESSAGE: Unsafe _javascript_ attempt to initiate a navigation change for frame with URL http://127.0.0.1:8000/security/frameNavigation/resources/ready.html from frame with URL http://localhost:8000/security/frameNavigation/resources/not-opener-helper.html.
+CONSOLE MESSAGE: Unsafe _javascript_ attempt to initiate navigation for frame with URL 'http://127.0.0.1:8000/security/frameNavigation/resources/ready.html' from frame with URL 'http://localhost:8000/security/frameNavigation/resources/not-opener-helper.html'. The frame attempting navigation is neither same-origin with the target, nor is it the target's parent or opener.
PASS
Modified: trunk/LayoutTests/http/tests/security/frameNavigation/xss-DENIED-plugin-navigation-expected.txt (138516 => 138517)
--- trunk/LayoutTests/http/tests/security/frameNavigation/xss-DENIED-plugin-navigation-expected.txt 2012-12-27 23:12:27 UTC (rev 138516)
+++ trunk/LayoutTests/http/tests/security/frameNavigation/xss-DENIED-plugin-navigation-expected.txt 2012-12-28 00:39:48 UTC (rev 138517)
@@ -1,4 +1,4 @@
-CONSOLE MESSAGE: Unsafe _javascript_ attempt to initiate a navigation change for frame with URL http://127.0.0.1:8000/security/resources/cross-frame-iframe.html from frame with URL http://localhost:8000/security/frameNavigation/resources/frame-with-plugin-to-navigate.html.
+CONSOLE MESSAGE: Unsafe _javascript_ attempt to initiate navigation for frame with URL 'http://127.0.0.1:8000/security/resources/cross-frame-iframe.html' from frame with URL 'http://localhost:8000/security/frameNavigation/resources/frame-with-plugin-to-navigate.html'. The frame attempting navigation is neither same-origin with the target, nor is it the target's parent or opener.
Modified: trunk/LayoutTests/http/tests/security/frameNavigation/xss-DENIED-targeted-link-navigation-expected.txt (138516 => 138517)
--- trunk/LayoutTests/http/tests/security/frameNavigation/xss-DENIED-targeted-link-navigation-expected.txt 2012-12-27 23:12:27 UTC (rev 138516)
+++ trunk/LayoutTests/http/tests/security/frameNavigation/xss-DENIED-targeted-link-navigation-expected.txt 2012-12-28 00:39:48 UTC (rev 138517)
@@ -1,6 +1,6 @@
-CONSOLE MESSAGE: Unsafe _javascript_ attempt to initiate a navigation change for frame with URL http://127.0.0.1:8000/security/resources/cross-frame-iframe.html from frame with URL http://localhost:8000/security/frameNavigation/resources/frame-with-link-to-navigate.html.
+CONSOLE MESSAGE: Unsafe _javascript_ attempt to initiate navigation for frame with URL 'http://127.0.0.1:8000/security/resources/cross-frame-iframe.html' from frame with URL 'http://localhost:8000/security/frameNavigation/resources/frame-with-link-to-navigate.html'. The frame attempting navigation is neither same-origin with the target, nor is it the target's parent or opener.
-CONSOLE MESSAGE: Unsafe _javascript_ attempt to initiate a navigation change for frame with URL http://127.0.0.1:8000/security/resources/cross-frame-iframe.html from frame with URL http://localhost:8000/security/frameNavigation/resources/frame-with-link-to-navigate.html.
+CONSOLE MESSAGE: Unsafe _javascript_ attempt to initiate navigation for frame with URL 'http://127.0.0.1:8000/security/resources/cross-frame-iframe.html' from frame with URL 'http://localhost:8000/security/frameNavigation/resources/frame-with-link-to-navigate.html'. The frame attempting navigation is neither same-origin with the target, nor is it the target's parent or opener.
Modified: trunk/LayoutTests/http/tests/security/no-popup-from-sandbox-top-expected.txt (138516 => 138517)
--- trunk/LayoutTests/http/tests/security/no-popup-from-sandbox-top-expected.txt 2012-12-27 23:12:27 UTC (rev 138516)
+++ trunk/LayoutTests/http/tests/security/no-popup-from-sandbox-top-expected.txt 2012-12-28 00:39:48 UTC (rev 138517)
@@ -1,4 +1,4 @@
-CONSOLE MESSAGE: Unsafe _javascript_ attempt to initiate a navigation change for frame with URL http://127.0.0.1:8000/security/no-popup-from-sandbox-top.html from frame with URL data:text/html, <script> var win = window.open('about:blank', '_top'); alert(win ?%20'FAIL'%20:%20'PASS');%20%20%20%20%20%20%20%3C/script%3E.
+CONSOLE MESSAGE: Unsafe _javascript_ attempt to initiate navigation for frame with URL 'http://127.0.0.1:8000/security/no-popup-from-sandbox-top.html' from frame with URL 'data:text/html, <script> var win = window.open('about:blank', '_top'); alert(win ?%20'FAIL'%20:%20'PASS');%20%20%20%20%20%20%20%3C/script%3E'. The frame attempting navigation of the top-level window is sandboxed, but the 'allow-top-navigation' flag is not set.
ALERT: PASS
To run this test outside of DumpRenderTree, please disable your popup blocker!
Modified: trunk/LayoutTests/platform/chromium/http/tests/security/frameNavigation/xss-DENIED-plugin-navigation-expected.txt (138516 => 138517)
--- trunk/LayoutTests/platform/chromium/http/tests/security/frameNavigation/xss-DENIED-plugin-navigation-expected.txt 2012-12-27 23:12:27 UTC (rev 138516)
+++ trunk/LayoutTests/platform/chromium/http/tests/security/frameNavigation/xss-DENIED-plugin-navigation-expected.txt 2012-12-28 00:39:48 UTC (rev 138517)
@@ -1,6 +1,6 @@
-CONSOLE MESSAGE: Unsafe _javascript_ attempt to initiate a navigation change for frame with URL http://127.0.0.1:8000/security/resources/cross-frame-iframe.html from frame with URL http://localhost:8000/security/frameNavigation/resources/frame-with-plugin-to-navigate.html.
+CONSOLE MESSAGE: Unsafe _javascript_ attempt to initiate navigation for frame with URL 'http://127.0.0.1:8000/security/resources/cross-frame-iframe.html' from frame with URL 'http://localhost:8000/security/frameNavigation/resources/frame-with-plugin-to-navigate.html'. The frame attempting navigation is neither same-origin with the target, nor is it the target's parent or opener.
-CONSOLE MESSAGE: Unsafe _javascript_ attempt to initiate a navigation change for frame with URL http://127.0.0.1:8000/security/resources/cross-frame-iframe.html from frame with URL http://localhost:8000/security/frameNavigation/resources/frame-with-plugin-to-navigate.html.
+CONSOLE MESSAGE: Unsafe _javascript_ attempt to initiate navigation for frame with URL 'http://127.0.0.1:8000/security/resources/cross-frame-iframe.html' from frame with URL 'http://localhost:8000/security/frameNavigation/resources/frame-with-plugin-to-navigate.html'. The frame attempting navigation is neither same-origin with the target, nor is it the target's parent or opener.
Modified: trunk/LayoutTests/platform/chromium/http/tests/security/no-popup-from-sandbox-top-expected.txt (138516 => 138517)
--- trunk/LayoutTests/platform/chromium/http/tests/security/no-popup-from-sandbox-top-expected.txt 2012-12-27 23:12:27 UTC (rev 138516)
+++ trunk/LayoutTests/platform/chromium/http/tests/security/no-popup-from-sandbox-top-expected.txt 2012-12-28 00:39:48 UTC (rev 138517)
@@ -1,4 +1,4 @@
-CONSOLE MESSAGE: Unsafe _javascript_ attempt to initiate a navigation change for frame with URL http://127.0.0.1:8000/security/no-popup-from-sandbox-top.html from frame with URL data:text/html, <script> var win = window.open('about:blank', '_top'); alert(win ? 'FAIL' : 'PASS'); </script>.
+CONSOLE MESSAGE: Unsafe _javascript_ attempt to initiate navigation for frame with URL 'http://127.0.0.1:8000/security/no-popup-from-sandbox-top.html' from frame with URL 'data:text/html, <script> var win = window.open('about:blank', '_top'); alert(win ? 'FAIL' : 'PASS'); </script>'. The frame attempting navigation of the top-level window is sandboxed, but the 'allow-top-navigation' flag is not set.
ALERT: PASS
To run this test outside of DumpRenderTree, please disable your popup blocker!
Modified: trunk/Source/WebCore/ChangeLog (138516 => 138517)
--- trunk/Source/WebCore/ChangeLog 2012-12-27 23:12:27 UTC (rev 138516)
+++ trunk/Source/WebCore/ChangeLog 2012-12-28 00:39:48 UTC (rev 138517)
@@ -1,3 +1,24 @@
+2012-12-27 Mike West <[email protected]>
+
+ Add context to the console message generated by Document::printNavigationErrorMessage.
+ https://bugs.webkit.org/show_bug.cgi?id=105774
+
+ Reviewed by Darin Adler.
+
+ When blocking frame navigations, we should give developers more
+ contextual detail about why the navigation has been blocked. This patch
+ adds context specifically for sandboxed frames', and gives a slightly
+ more detailed generic response for all other blockages.
+
+ No new tests; the changes to the error message are covered via
+ rebaselines to existing navigation tests.
+
+ * dom/Document.cpp:
+ (WebCore::printNavigationErrorMessage):
+ (WebCore::Document::canNavigate):
+ Pass in a 'reason' parameter when calling printNavigationErrorMessage
+ to report a blocked navigation.
+
2012-12-27 Dimitri Glazkov <[email protected]>
Move visited link-checking (and caching) code out of SelectorChecker.
Modified: trunk/Source/WebCore/dom/Document.cpp (138516 => 138517)
--- trunk/Source/WebCore/dom/Document.cpp 2012-12-27 23:12:27 UTC (rev 138516)
+++ trunk/Source/WebCore/dom/Document.cpp 2012-12-28 00:39:48 UTC (rev 138517)
@@ -393,11 +393,9 @@
return false;
}
-static void printNavigationErrorMessage(Frame* frame, const KURL& activeURL)
+static void printNavigationErrorMessage(Frame* frame, const KURL& activeURL, const char* reason)
{
- // FIXME: this error message should contain more specifics of why the navigation change is not allowed.
- String message = "Unsafe _javascript_ attempt to initiate a navigation change for frame with URL " +
- frame->document()->url().string() + " from frame with URL " + activeURL.string() + ".\n";
+ String message = "Unsafe _javascript_ attempt to initiate navigation for frame with URL '" + frame->document()->url().string() + "' from frame with URL '" + activeURL.string() + "'. " + reason + "\n";
// FIXME: should we print to the console of the document performing the navigation instead?
frame->document()->domWindow()->printErrorMessage(message);
@@ -2711,7 +2709,7 @@
if (!targetFrame)
return true;
- // Frame-busting is generally allowed (unless we're sandboxed and prevent from frame-busting).
+ // Frame-busting is generally allowed, but blocked for sandboxed frames lacking the 'allow-top-navigation' flag.
if (!isSandboxed(SandboxTopNavigation) && targetFrame == m_frame->tree()->top())
return true;
@@ -2719,7 +2717,11 @@
if (targetFrame->tree()->isDescendantOf(m_frame))
return true;
- printNavigationErrorMessage(targetFrame, url());
+ const char* reason = "The frame attempting navigation is sandboxed, and is therefore disallowed from navigating its ancestors.";
+ if (isSandboxed(SandboxTopNavigation) && targetFrame == m_frame->tree()->top())
+ reason = "The frame attempting navigation of the top-level window is sandboxed, but the 'allow-top-navigation' flag is not set.";
+
+ printNavigationErrorMessage(targetFrame, url(), reason);
return false;
}
@@ -2752,7 +2754,7 @@
return true;
}
- printNavigationErrorMessage(targetFrame, url());
+ printNavigationErrorMessage(targetFrame, url(), "The frame attempting navigation is neither same-origin with the target, nor is it the target's parent or opener.");
return false;
}
