[webkit-changes] [198439] trunk

Sat, 19 Mar 2016 23:05:10 -0700

Title: [198439] trunk
Revision
198439
Author
[email protected]
Date
2016-03-18 12:46:38 -0700 (Fri, 18 Mar 2016)

Log Message

Local file restrictions should not block sessionStorage access
https://bugs.webkit.org/show_bug.cgi?id=155609
<rdar://problem/25229461>

Reviewed by Andy Estes.

Source/WebCore:

Use of 'sesssionStorage' is governed by SecurityOrigin with third party access
set to 'ShouldAllowFromThirdParty::AlwaysAllowFromThirdParty'. We should not
reject local files for this combination of arguments.

Test: storage/domstorage/sessionstorage/blocked-file-access.html

* page/SecurityOrigin.cpp:
(WebCore::SecurityOrigin::canAccessStorage): For the case of sessionStorage,
allow local file access.

LayoutTests:

* storage/domstorage/sessionstorage/blocked-file-access-expected.txt: Added.
* storage/domstorage/sessionstorage/blocked-file-access.html: Added.
* storage/domstorage/sessionstorage/resources/blocked-example.html: Added.

Modified Paths

Added Paths

Diff

Modified: trunk/LayoutTests/ChangeLog (198438 => 198439)


--- trunk/LayoutTests/ChangeLog	2016-03-18 19:44:25 UTC (rev 198438)
+++ trunk/LayoutTests/ChangeLog	2016-03-18 19:46:38 UTC (rev 198439)
@@ -1,3 +1,15 @@
+2016-03-18  Brent Fulgham  <[email protected]>
+
+        Local file restrictions should not block sessionStorage access
+        https://bugs.webkit.org/show_bug.cgi?id=155609
+        <rdar://problem/25229461>
+
+        Reviewed by Andy Estes.
+
+        * storage/domstorage/sessionstorage/blocked-file-access-expected.txt: Added.
+        * storage/domstorage/sessionstorage/blocked-file-access.html: Added.
+        * storage/domstorage/sessionstorage/resources/blocked-example.html: Added.
+
 2016-03-18  Ryan Haddad  <[email protected]>
 
         Rebaseline inspector/model/remote-object.html for mac after r198435

Added: trunk/LayoutTests/storage/domstorage/sessionstorage/blocked-file-access-expected.txt (0 => 198439)


--- trunk/LayoutTests/storage/domstorage/sessionstorage/blocked-file-access-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/storage/domstorage/sessionstorage/blocked-file-access-expected.txt	2016-03-18 19:46:38 UTC (rev 198439)
@@ -0,0 +1,3 @@
+CONSOLE MESSAGE: line 10: PASS: window.sessionStorage was accessible
+
+Test that we are permitted access to sessionStorage from a file URL if universal access is turned off.

Added: trunk/LayoutTests/storage/domstorage/sessionstorage/blocked-file-access.html (0 => 198439)


--- trunk/LayoutTests/storage/domstorage/sessionstorage/blocked-file-access.html	                        (rev 0)
+++ trunk/LayoutTests/storage/domstorage/sessionstorage/blocked-file-access.html	2016-03-18 19:46:38 UTC (rev 198439)
@@ -0,0 +1,17 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script>
+if (window.testRunner) {
+    testRunner.setAllowUniversalAccessFromFileURLs(false);
+    testRunner.dumpAsText();
+    testRunner.waitUntilDone();
+}
+</script>
+</head>
+<body>
+<iframe src=""
+<div id="results"></div>
+Test that we are permitted access to sessionStorage from a file URL if universal access is turned off.
+</body>
+</html>

Added: trunk/LayoutTests/storage/domstorage/sessionstorage/resources/blocked-example.html (0 => 198439)


--- trunk/LayoutTests/storage/domstorage/sessionstorage/resources/blocked-example.html	                        (rev 0)
+++ trunk/LayoutTests/storage/domstorage/sessionstorage/resources/blocked-example.html	2016-03-18 19:46:38 UTC (rev 198439)
@@ -0,0 +1,22 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script src=""
+<script>
+function runTest()
+{
+    try {
+        if (window.sessionStorage)
+            console.log("PASS: window.sessionStorage was accessible");
+    } catch (e) {
+        console.log("FAIL: window.sessionStorage was not accessible");
+        console.log("Exception: " + e.message);
+    }
+    if (window.testRunner)
+        testRunner.notifyDone();
+}
+</script>
+</head>
+<body _onload_="runTest();">
+</body>
+</html>

Modified: trunk/Source/WebCore/ChangeLog (198438 => 198439)


--- trunk/Source/WebCore/ChangeLog	2016-03-18 19:44:25 UTC (rev 198438)
+++ trunk/Source/WebCore/ChangeLog	2016-03-18 19:46:38 UTC (rev 198439)
@@ -1,3 +1,21 @@
+2016-03-18  Brent Fulgham  <[email protected]>
+
+        Local file restrictions should not block sessionStorage access
+        https://bugs.webkit.org/show_bug.cgi?id=155609
+        <rdar://problem/25229461>
+
+        Reviewed by Andy Estes.
+
+        Use of 'sesssionStorage' is governed by SecurityOrigin with third party access
+        set to 'ShouldAllowFromThirdParty::AlwaysAllowFromThirdParty'. We should not
+        reject local files for this combination of arguments.
+
+        Test: storage/domstorage/sessionstorage/blocked-file-access.html
+
+        * page/SecurityOrigin.cpp:
+        (WebCore::SecurityOrigin::canAccessStorage): For the case of sessionStorage,
+        allow local file access.
+
 2016-03-18  Jer Noble  <[email protected]>
 
         CachedResource::MediaResource types shouldn't be blocked due to mixed-content.

Modified: trunk/Source/WebCore/page/SecurityOrigin.cpp (198438 => 198439)


--- trunk/Source/WebCore/page/SecurityOrigin.cpp	2016-03-18 19:44:25 UTC (rev 198438)
+++ trunk/Source/WebCore/page/SecurityOrigin.cpp	2016-03-18 19:46:38 UTC (rev 198439)
@@ -375,7 +375,7 @@
     if (m_storageBlockingPolicy == BlockAllStorage)
         return false;
 
-    if (isLocal() && !m_universalAccess)
+    if (isLocal() && !m_universalAccess && shouldAllowFromThirdParty != AlwaysAllowFromThirdParty)
         return false;
 
     // FIXME: This check should be replaced with an ASSERT once we can guarantee that topOrigin is not null.

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to