[webkit-changes] [142734] trunk

Wed, 13 Feb 2013 03:17:12 -0800

Title: [142734] trunk
Revision
142734
Author
[email protected]
Date
2013-02-13 03:19:08 -0800 (Wed, 13 Feb 2013)

Log Message

location.href does not throw SECURITY_ERR when accessed across origins with JSC bindings
https://bugs.webkit.org/show_bug.cgi?id=43891

Reviewed by Adam Barth.

Source/WebCore:

Other browsers (IE, Firefox, and Opera) throw an exception when accessing
properties of a Location object across origins, as the spec suggests[1].
WebKit is currently the outlier.

This has a few negative effects: developers are forced to hack around
access violations in two ways rather than having a single code path, and
(more annoyingly) developers are unable to avoid generating the error
message. See every ad on the internet for the effect on the console. :)

This patch adds a SECURITY_ERR exception to these access violations,
which is the first step towards getting rid of the console spam. Getting
rid of the message entirely will require a solution to
http://wkbug.com/98050.

A fairly inconclusive thread[2] on webkit-dev popped up in 2010 and
trailed off without reaching conclusion. A more recent thread reached
agreement that this patch seems like a reasonable thing to do[3].

This is the JSC half of the patch. V8 is coming in http://wkbug.com/43892

[1]: http://www.whatwg.org/specs/web-apps/current-work/multipage/history.html#security-location
[2]: https://lists.webkit.org/pipermail/webkit-dev/2010-August/013880.html
[2]: https://lists.webkit.org/pipermail/webkit-dev/2012-February/023636.html

* bindings/js/JSLocationCustom.cpp:
(WebCore::JSLocation::getOwnPropertySlotDelegate):

LayoutTests:

* http/tests/plugins/resources/cross-frame-object-access.html:
* http/tests/security/cross-frame-access-callback-explicit-domain-DENY-expected.txt:
* http/tests/security/cross-frame-access-location-get-expected.txt:
* http/tests/security/cross-frame-access-location-get.html:
* http/tests/security/resources/cross-frame-access.js:
(accessThrowsException):
* http/tests/security/resources/cross-frame-iframe-callback-explicit-domain-DENY.html:
* http/tests/security/resources/cross-frame-iframe-for-location-get-test.html:
    Adjusting tests to check for exceptions, and adjusting expectations to match.
* platform/chromium/http/tests/security/cross-frame-access-callback-explicit-domain-DENY-expected.txt: Copied from LayoutTests/http/tests/security/cross-frame-access-callback-explicit-domain-DENY-expected.txt.
* platform/chromium/http/tests/security/cross-frame-access-location-get-expected.txt: Added.
* platform/chromium/http/tests/security/sandboxed-iframe-blocks-access-from-parent-expected.txt: Copied from LayoutTests/http/tests/security/sandboxed-iframe-blocks-access-from-parent-expected.txt.
    V8 fails at the moment: http://wkbug.com/43892

Modified Paths

Added Paths

Diff

Modified: trunk/LayoutTests/ChangeLog (142733 => 142734)


--- trunk/LayoutTests/ChangeLog	2013-02-13 10:59:18 UTC (rev 142733)
+++ trunk/LayoutTests/ChangeLog	2013-02-13 11:19:08 UTC (rev 142734)
@@ -1,3 +1,24 @@
+2013-02-13  Mike West  <[email protected]>
+
+        location.href does not throw SECURITY_ERR when accessed across origins with JSC bindings
+        https://bugs.webkit.org/show_bug.cgi?id=43891
+
+        Reviewed by Adam Barth.
+
+        * http/tests/plugins/resources/cross-frame-object-access.html:
+        * http/tests/security/cross-frame-access-callback-explicit-domain-DENY-expected.txt:
+        * http/tests/security/cross-frame-access-location-get-expected.txt:
+        * http/tests/security/cross-frame-access-location-get.html:
+        * http/tests/security/resources/cross-frame-access.js:
+        (accessThrowsException):
+        * http/tests/security/resources/cross-frame-iframe-callback-explicit-domain-DENY.html:
+        * http/tests/security/resources/cross-frame-iframe-for-location-get-test.html:
+            Adjusting tests to check for exceptions, and adjusting expectations to match.
+        * platform/chromium/http/tests/security/cross-frame-access-callback-explicit-domain-DENY-expected.txt: Copied from LayoutTests/http/tests/security/cross-frame-access-callback-explicit-domain-DENY-expected.txt.
+        * platform/chromium/http/tests/security/cross-frame-access-location-get-expected.txt: Added.
+        * platform/chromium/http/tests/security/sandboxed-iframe-blocks-access-from-parent-expected.txt: Copied from LayoutTests/http/tests/security/sandboxed-iframe-blocks-access-from-parent-expected.txt.
+            V8 fails at the moment: http://wkbug.com/43892
+
 2013-02-13  Vsevolod Vlasov  <[email protected]>
 
         Unreviewed test fix: removed redundant testRunnet.notifyDone() call that was causing other test failures.

Modified: trunk/LayoutTests/http/tests/plugins/resources/cross-frame-object-access.html (142733 => 142734)


--- trunk/LayoutTests/http/tests/plugins/resources/cross-frame-object-access.html	2013-02-13 10:59:18 UTC (rev 142733)
+++ trunk/LayoutTests/http/tests/plugins/resources/cross-frame-object-access.html	2013-02-13 11:19:08 UTC (rev 142734)
@@ -14,11 +14,14 @@
         return false;
     }
 
-    if (l.href) {
-        debug('could access top.location.href');
-        return false;
+    try {
+        if (l.href) {
+            debug('could access top.location.href');
+            return false;
+        }
+    } catch (e) {
+        return true;
     }
-    
     return true;
 }

Modified: trunk/LayoutTests/http/tests/security/cross-frame-access-callback-explicit-domain-DENY-expected.txt (142733 => 142734)


--- trunk/LayoutTests/http/tests/security/cross-frame-access-callback-explicit-domain-DENY-expected.txt	2013-02-13 10:59:18 UTC (rev 142733)
+++ trunk/LayoutTests/http/tests/security/cross-frame-access-callback-explicit-domain-DENY-expected.txt	2013-02-13 11:19:08 UTC (rev 142734)
@@ -1,5 +1,7 @@
 CONSOLE MESSAGE: Unsafe _javascript_ attempt to access frame with URL http://127.0.0.1:8000/security/cross-frame-access-callback-explicit-domain-DENY.html from frame with URL http://127.0.0.1:8000/security/resources/cross-frame-iframe-callback-explicit-domain-DENY.html. The frame requesting access set 'document.domain' to '127.0.0.1', but the frame being accessed did not. Both must set 'document.domain' to the same value to allow access.
 
+CONSOLE MESSAGE: Unsafe _javascript_ attempt to access frame with URL http://127.0.0.1:8000/security/cross-frame-access-callback-explicit-domain-DENY.html from frame with URL http://127.0.0.1:8000/security/resources/cross-frame-iframe-callback-explicit-domain-DENY.html. The frame requesting access set 'document.domain' to '127.0.0.1', but the frame being accessed did not. Both must set 'document.domain' to the same value to allow access.
+
 Test that a child frame can't define a function and the use it to access parent properties after document.domain write blocks the access.  
 
 
@@ -8,3 +10,5 @@
 Frame: '<!--framePath //<!--frame0-->-->'
 --------
 PASS: canGet('parentWindow.location.href') should be 'false' and is.
+PASS: accessThrowsException('parentWindow.location.href') should be 'true' and is.
+

Modified: trunk/LayoutTests/http/tests/security/cross-frame-access-location-get-expected.txt (142733 => 142734)


--- trunk/LayoutTests/http/tests/security/cross-frame-access-location-get-expected.txt	2013-02-13 10:59:18 UTC (rev 142733)
+++ trunk/LayoutTests/http/tests/security/cross-frame-access-location-get-expected.txt	2013-02-13 11:19:08 UTC (rev 142734)
@@ -22,14 +22,37 @@
 
 CONSOLE MESSAGE: Unsafe _javascript_ attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-location-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location-get.html. Domains, protocols and ports must match.
 
+CONSOLE MESSAGE: Unsafe _javascript_ attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-location-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location-get.html. Domains, protocols and ports must match.
 
+CONSOLE MESSAGE: Unsafe _javascript_ attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-location-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location-get.html. Domains, protocols and ports must match.
 
+CONSOLE MESSAGE: Unsafe _javascript_ attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-location-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location-get.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: Unsafe _javascript_ attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-location-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location-get.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: Unsafe _javascript_ attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-location-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location-get.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: Unsafe _javascript_ attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-location-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location-get.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: Unsafe _javascript_ attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-location-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location-get.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: Unsafe _javascript_ attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-location-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location-get.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: Unsafe _javascript_ attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-location-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location-get.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: Unsafe _javascript_ attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-location-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location-get.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: Unsafe _javascript_ attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-location-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location-get.html. Domains, protocols and ports must match.
+
+
+
 ----- tests for getting window.location's properties -----
 
 PASS: canGet('targetWindow.location') should be 'true' and is.
 PASS: toString('targetWindow.location', '') should be '' and is.
 Firefox allows access to 'location.toString' but throws an exception when you call it.
 PASS: canGet('targetWindow.location.toString') should be 'false' and is.
+PASS: accessThrowsException('targetWindow.location.toString') should be 'true' and is.
 PASS: canGet('targetWindow.location.href') should be 'false' and is.
 PASS: canGet('targetWindow.location.hash') should be 'false' and is.
 PASS: canGet('targetWindow.location.host') should be 'false' and is.
@@ -38,8 +61,19 @@
 PASS: canGet('targetWindow.location.port') should be 'false' and is.
 PASS: canGet('targetWindow.location.protocol') should be 'false' and is.
 PASS: canGet('targetWindow.location.search') should be 'false' and is.
+PASS: canGet('targetWindow.location.existingCustomProperty') should be 'false' and is.
+PASS: canGet('targetWindow.location[1]') should be 'false' and is.
+PASS: accessThrowsException('targetWindow.location.href') should be 'true' and is.
+PASS: accessThrowsException('targetWindow.location.hash') should be 'true' and is.
+PASS: accessThrowsException('targetWindow.location.host') should be 'true' and is.
+PASS: accessThrowsException('targetWindow.location.hostname') should be 'true' and is.
+PASS: accessThrowsException('targetWindow.location.pathname') should be 'true' and is.
+PASS: accessThrowsException('targetWindow.location.port') should be 'true' and is.
+PASS: accessThrowsException('targetWindow.location.protocol') should be 'true' and is.
+PASS: accessThrowsException('targetWindow.location.search') should be 'true' and is.
+PASS: accessThrowsException('targetWindow.location.existingCustomProperty') should be 'true' and is.
+PASS: accessThrowsException('targetWindow.location[1]') should be 'true' and is.
 PASS: canGet('targetWindow.location.assign') should be 'true' and is.
 PASS: canGet('targetWindow.location.reload') should be 'true' and is.
 PASS: canGet('targetWindow.location.replace') should be 'true' and is.
-PASS: canGet('targetWindow.location.existingCustomProperty') should be 'false' and is.

Modified: trunk/LayoutTests/http/tests/security/cross-frame-access-location-get.html (142733 => 142734)


--- trunk/LayoutTests/http/tests/security/cross-frame-access-location-get.html	2013-02-13 10:59:18 UTC (rev 142733)
+++ trunk/LayoutTests/http/tests/security/cross-frame-access-location-get.html	2013-02-13 11:19:08 UTC (rev 142734)
@@ -41,6 +41,7 @@
 
             log("Firefox allows access to 'location.toString' but throws an exception when you call it.");
             shouldBeFalse("canGet('targetWindow.location.toString')");
+            shouldBeTrue("accessThrowsException('targetWindow.location.toString')");
 
             shouldBeFalse("canGet('targetWindow.location.href')");
             shouldBeFalse("canGet('targetWindow.location.hash')");
@@ -50,12 +51,24 @@
             shouldBeFalse("canGet('targetWindow.location.port')");
             shouldBeFalse("canGet('targetWindow.location.protocol')");
             shouldBeFalse("canGet('targetWindow.location.search')");
+            shouldBeFalse("canGet('targetWindow.location.existingCustomProperty')");
+            shouldBeFalse("canGet('targetWindow.location[1]')");
 
+            shouldBeTrue("accessThrowsException('targetWindow.location.href')");
+            shouldBeTrue("accessThrowsException('targetWindow.location.hash')");
+            shouldBeTrue("accessThrowsException('targetWindow.location.host')");
+            shouldBeTrue("accessThrowsException('targetWindow.location.hostname')");
+            shouldBeTrue("accessThrowsException('targetWindow.location.pathname')");
+            shouldBeTrue("accessThrowsException('targetWindow.location.port')");
+            shouldBeTrue("accessThrowsException('targetWindow.location.protocol')");
+            shouldBeTrue("accessThrowsException('targetWindow.location.search')");
+            shouldBeTrue("accessThrowsException('targetWindow.location.existingCustomProperty')");
+            shouldBeTrue("accessThrowsException('targetWindow.location[1]')");
+
             shouldBeTrue("canGet('targetWindow.location.assign')");
             shouldBeTrue("canGet('targetWindow.location.reload')");
             shouldBeTrue("canGet('targetWindow.location.replace')");
 
-            shouldBeFalse("canGet('targetWindow.location.existingCustomProperty')");
         }
     </script>
 </head>

Modified: trunk/LayoutTests/http/tests/security/resources/cross-frame-access.js (142733 => 142734)


--- trunk/LayoutTests/http/tests/security/resources/cross-frame-access.js	2013-02-13 10:59:18 UTC (rev 142733)
+++ trunk/LayoutTests/http/tests/security/resources/cross-frame-access.js	2013-02-13 11:19:08 UTC (rev 142734)
@@ -58,6 +58,15 @@
     }
 }
 
+function accessThrowsException(keyPath) {
+    try {
+        eval("window." + keyPath);
+        return false;
+    } catch (e) {
+        return true;
+    }
+}
+
 function canGetDescriptor(target, property)
 {
     try {

Modified: trunk/LayoutTests/http/tests/security/resources/cross-frame-iframe-callback-explicit-domain-DENY.html (142733 => 142734)


--- trunk/LayoutTests/http/tests/security/resources/cross-frame-iframe-callback-explicit-domain-DENY.html	2013-02-13 10:59:18 UTC (rev 142733)
+++ trunk/LayoutTests/http/tests/security/resources/cross-frame-iframe-callback-explicit-domain-DENY.html	2013-02-13 11:19:08 UTC (rev 142734)
@@ -1,11 +1,12 @@
 <script src=""
 <body>
-<div id=console></div>
+<pre id=console></pre>
 <script>
 var parentWindow = window.parent;
 parentWindow.testFunction = function()
 {
     shouldBeFalse("canGet('parentWindow.location.href')");
+    shouldBeTrue("accessThrowsException('parentWindow.location.href')");
     if (window.testRunner)
         testRunner.notifyDone();
 }

Modified: trunk/LayoutTests/http/tests/security/resources/cross-frame-iframe-for-location-get-test.html (142733 => 142734)


--- trunk/LayoutTests/http/tests/security/resources/cross-frame-iframe-for-location-get-test.html	2013-02-13 10:59:18 UTC (rev 142733)
+++ trunk/LayoutTests/http/tests/security/resources/cross-frame-iframe-for-location-get-test.html	2013-02-13 11:19:08 UTC (rev 142734)
@@ -1,7 +1,8 @@
 <html>
 <head>
     <script>
-        window.location.existingCustomProperty = 1; 
+        window.location.existingCustomProperty = 1;
+        window.location[1] = 1;
 
         window._onload_ = function()
         {

Modified: trunk/LayoutTests/http/tests/security/sandboxed-iframe-blocks-access-from-parent-expected.txt (142733 => 142734)


--- trunk/LayoutTests/http/tests/security/sandboxed-iframe-blocks-access-from-parent-expected.txt	2013-02-13 10:59:18 UTC (rev 142733)
+++ trunk/LayoutTests/http/tests/security/sandboxed-iframe-blocks-access-from-parent-expected.txt	2013-02-13 11:19:08 UTC (rev 142734)
@@ -1,5 +1,6 @@
 CONSOLE MESSAGE: Sandbox access violation: Unsafe _javascript_ attempt to access frame with URL http://127.0.0.1:8000/security/resources/blank.html from frame with URL http://127.0.0.1:8000/security/sandboxed-iframe-blocks-access-from-parent.html. The frame being accessed is sandboxed into a unique origin.
 
+CONSOLE MESSAGE: line 12: SecurityError: DOM Exception 18: An attempt was made to break through the security policy of the user agent.
 Sandboxing a frame puts it into a unique origin by default, which the containing document shouldn't have script access to. This test passes if a console warning is generated, noting the access violation.

Added: trunk/LayoutTests/platform/chromium/http/tests/security/cross-frame-access-callback-explicit-domain-DENY-expected.txt (0 => 142734)


--- trunk/LayoutTests/platform/chromium/http/tests/security/cross-frame-access-callback-explicit-domain-DENY-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/platform/chromium/http/tests/security/cross-frame-access-callback-explicit-domain-DENY-expected.txt	2013-02-13 11:19:08 UTC (rev 142734)
@@ -0,0 +1,14 @@
+CONSOLE MESSAGE: Unsafe _javascript_ attempt to access frame with URL http://127.0.0.1:8000/security/cross-frame-access-callback-explicit-domain-DENY.html from frame with URL http://127.0.0.1:8000/security/resources/cross-frame-iframe-callback-explicit-domain-DENY.html. The frame requesting access set 'document.domain' to '127.0.0.1', but the frame being accessed did not. Both must set 'document.domain' to the same value to allow access.
+
+CONSOLE MESSAGE: Unsafe _javascript_ attempt to access frame with URL http://127.0.0.1:8000/security/cross-frame-access-callback-explicit-domain-DENY.html from frame with URL http://127.0.0.1:8000/security/resources/cross-frame-iframe-callback-explicit-domain-DENY.html. The frame requesting access set 'document.domain' to '127.0.0.1', but the frame being accessed did not. Both must set 'document.domain' to the same value to allow access.
+
+Test that a child frame can't define a function and the use it to access parent properties after document.domain write blocks the access.  
+
+
+
+--------
+Frame: '<!--framePath //<!--frame0-->-->'
+--------
+PASS: canGet('parentWindow.location.href') should be 'false' and is.
+*** FAIL: accessThrowsException('parentWindow.location.href') should be 'true' but instead is false. ***
+

Added: trunk/LayoutTests/platform/chromium/http/tests/security/cross-frame-access-location-get-expected.txt (0 => 142734)


--- trunk/LayoutTests/platform/chromium/http/tests/security/cross-frame-access-location-get-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/platform/chromium/http/tests/security/cross-frame-access-location-get-expected.txt	2013-02-13 11:19:08 UTC (rev 142734)
@@ -0,0 +1,81 @@
+CONSOLE MESSAGE: Unsafe _javascript_ attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-location-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location-get.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: Unsafe _javascript_ attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-location-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location-get.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: Unsafe _javascript_ attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-location-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location-get.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: Unsafe _javascript_ attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-location-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location-get.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: Unsafe _javascript_ attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-location-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location-get.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: Unsafe _javascript_ attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-location-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location-get.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: Unsafe _javascript_ attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-location-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location-get.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: Unsafe _javascript_ attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-location-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location-get.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: Unsafe _javascript_ attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-location-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location-get.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: Unsafe _javascript_ attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-location-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location-get.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: Unsafe _javascript_ attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-location-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location-get.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: Unsafe _javascript_ attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-location-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location-get.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: Unsafe _javascript_ attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-location-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location-get.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: Unsafe _javascript_ attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-location-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location-get.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: Unsafe _javascript_ attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-location-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location-get.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: Unsafe _javascript_ attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-location-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location-get.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: Unsafe _javascript_ attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-location-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location-get.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: Unsafe _javascript_ attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-location-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location-get.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: Unsafe _javascript_ attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-location-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location-get.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: Unsafe _javascript_ attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-location-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location-get.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: Unsafe _javascript_ attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-location-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location-get.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: Unsafe _javascript_ attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-location-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location-get.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: Unsafe _javascript_ attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-location-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location-get.html. Domains, protocols and ports must match.
+
+CONSOLE MESSAGE: Unsafe _javascript_ attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-location-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location-get.html. Domains, protocols and ports must match.
+
+
+
+----- tests for getting window.location's properties -----
+
+PASS: canGet('targetWindow.location') should be 'true' and is.
+PASS: toString('targetWindow.location', '') should be '' and is.
+Firefox allows access to 'location.toString' but throws an exception when you call it.
+PASS: canGet('targetWindow.location.toString') should be 'false' and is.
+*** FAIL: accessThrowsException('targetWindow.location.toString') should be 'true' but instead is false. ***
+PASS: canGet('targetWindow.location.href') should be 'false' and is.
+PASS: canGet('targetWindow.location.hash') should be 'false' and is.
+PASS: canGet('targetWindow.location.host') should be 'false' and is.
+PASS: canGet('targetWindow.location.hostname') should be 'false' and is.
+PASS: canGet('targetWindow.location.pathname') should be 'false' and is.
+PASS: canGet('targetWindow.location.port') should be 'false' and is.
+PASS: canGet('targetWindow.location.protocol') should be 'false' and is.
+PASS: canGet('targetWindow.location.search') should be 'false' and is.
+PASS: canGet('targetWindow.location.existingCustomProperty') should be 'false' and is.
+PASS: canGet('targetWindow.location[1]') should be 'false' and is.
+*** FAIL: accessThrowsException('targetWindow.location.href') should be 'true' but instead is false. ***
+*** FAIL: accessThrowsException('targetWindow.location.hash') should be 'true' but instead is false. ***
+*** FAIL: accessThrowsException('targetWindow.location.host') should be 'true' but instead is false. ***
+*** FAIL: accessThrowsException('targetWindow.location.hostname') should be 'true' but instead is false. ***
+*** FAIL: accessThrowsException('targetWindow.location.pathname') should be 'true' but instead is false. ***
+*** FAIL: accessThrowsException('targetWindow.location.port') should be 'true' but instead is false. ***
+*** FAIL: accessThrowsException('targetWindow.location.protocol') should be 'true' but instead is false. ***
+*** FAIL: accessThrowsException('targetWindow.location.search') should be 'true' but instead is false. ***
+*** FAIL: accessThrowsException('targetWindow.location.existingCustomProperty') should be 'true' but instead is false. ***
+*** FAIL: accessThrowsException('targetWindow.location[1]') should be 'true' but instead is false. ***
+PASS: canGet('targetWindow.location.assign') should be 'true' and is.
+PASS: canGet('targetWindow.location.reload') should be 'true' and is.
+PASS: canGet('targetWindow.location.replace') should be 'true' and is.
+

Copied: trunk/LayoutTests/platform/chromium/http/tests/security/sandboxed-iframe-blocks-access-from-parent-expected.txt (from rev 142733, trunk/LayoutTests/http/tests/security/sandboxed-iframe-blocks-access-from-parent-expected.txt) (0 => 142734)


--- trunk/LayoutTests/platform/chromium/http/tests/security/sandboxed-iframe-blocks-access-from-parent-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/platform/chromium/http/tests/security/sandboxed-iframe-blocks-access-from-parent-expected.txt	2013-02-13 11:19:08 UTC (rev 142734)
@@ -0,0 +1,10 @@
+CONSOLE MESSAGE: Sandbox access violation: Unsafe _javascript_ attempt to access frame with URL http://127.0.0.1:8000/security/resources/blank.html from frame with URL http://127.0.0.1:8000/security/sandboxed-iframe-blocks-access-from-parent.html. The frame being accessed is sandboxed into a unique origin.
+
+Sandboxing a frame puts it into a unique origin by default, which the containing document shouldn't have script access to. This test passes if a console warning is generated, noting the access violation.
+
+
+
+--------
+Frame: 'testframe'
+--------
+

Modified: trunk/Source/WebCore/ChangeLog (142733 => 142734)


--- trunk/Source/WebCore/ChangeLog	2013-02-13 10:59:18 UTC (rev 142733)
+++ trunk/Source/WebCore/ChangeLog	2013-02-13 11:19:08 UTC (rev 142734)
@@ -1,3 +1,37 @@
+2013-02-13  Mike West  <[email protected]>
+
+        location.href does not throw SECURITY_ERR when accessed across origins with JSC bindings
+        https://bugs.webkit.org/show_bug.cgi?id=43891
+
+        Reviewed by Adam Barth.
+
+        Other browsers (IE, Firefox, and Opera) throw an exception when accessing
+        properties of a Location object across origins, as the spec suggests[1].
+        WebKit is currently the outlier.
+
+        This has a few negative effects: developers are forced to hack around
+        access violations in two ways rather than having a single code path, and
+        (more annoyingly) developers are unable to avoid generating the error
+        message. See every ad on the internet for the effect on the console. :)
+
+        This patch adds a SECURITY_ERR exception to these access violations,
+        which is the first step towards getting rid of the console spam. Getting
+        rid of the message entirely will require a solution to
+        http://wkbug.com/98050.
+
+        A fairly inconclusive thread[2] on webkit-dev popped up in 2010 and
+        trailed off without reaching conclusion. A more recent thread reached
+        agreement that this patch seems like a reasonable thing to do[3].
+
+        This is the JSC half of the patch. V8 is coming in http://wkbug.com/43892
+
+        [1]: http://www.whatwg.org/specs/web-apps/current-work/multipage/history.html#security-location
+        [2]: https://lists.webkit.org/pipermail/webkit-dev/2010-August/013880.html
+        [2]: https://lists.webkit.org/pipermail/webkit-dev/2012-February/023636.html
+
+        * bindings/js/JSLocationCustom.cpp:
+        (WebCore::JSLocation::getOwnPropertySlotDelegate):
+
 2013-02-13  Andrew Wilson  <[email protected]>
 
         Unreviewed Chromium gyp-file cleanup after glib backend removal.

Modified: trunk/Source/WebCore/bindings/js/JSLocationCustom.cpp (142733 => 142734)


--- trunk/Source/WebCore/bindings/js/JSLocationCustom.cpp	2013-02-13 10:59:18 UTC (rev 142733)
+++ trunk/Source/WebCore/bindings/js/JSLocationCustom.cpp	2013-02-13 11:19:08 UTC (rev 142734)
@@ -81,7 +81,9 @@
     // but for now we have decided not to, partly because it seems silly to return "[Object Location]" in
     // such cases when normally the string form of Location would be the URL.
 
+    // FIXME: Move this message into the exception once http://wkbug.com/98050 is fixed.
     printErrorMessageForFrame(frame, message);
+    setDOMException(exec, SECURITY_ERR);
     slot.setUndefined();
     return true;
 }

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to