[webkit-changes] [199696] trunk

Mon, 18 Apr 2016 16:08:23 -0700

Title: [199696] trunk
Revision
199696
Author
[email protected]
Date
2016-04-18 16:07:54 -0700 (Mon, 18 Apr 2016)

Log Message

Source/WebCore:
Remove support for X-Frame-Options in `<meta>`
https://bugs.webkit.org/show_bug.cgi?id=156625
<rdar://problem/25748714>

Rubberstamped by Darin Adler.

* dom/Document.cpp:
(WebCore::Document::processHttpEquiv): Revise messaging based on Darin's comments.

LayoutTests:
Crash in ElementDescendantIterator::operator--() when calling m_ancestorSiblingStack.last()
https://bugs.webkit.org/show_bug.cgi?id=156715
<rdar://problem/25750864>

Patch by Chris Dumez <[email protected]> on 2016-04-18
Reviewed by Antti Koivisto.

Add regression test that reproduced the crash.

* fast/dom/collection-backward-traversal-crash-expected.txt: Added.
* fast/dom/collection-backward-traversal-crash.html: Added.

Modified Paths

Diff

Modified: trunk/LayoutTests/ChangeLog (199695 => 199696)


--- trunk/LayoutTests/ChangeLog	2016-04-18 23:00:29 UTC (rev 199695)
+++ trunk/LayoutTests/ChangeLog	2016-04-18 23:07:54 UTC (rev 199696)
@@ -13,6 +13,20 @@
 
 2016-04-18  Brent Fulgham  <[email protected]>
 
+        Remove support for X-Frame-Options in `<meta>`
+        https://bugs.webkit.org/show_bug.cgi?id=156625
+        <rdar://problem/25748714>
+
+        Rubberstamped by Darin Adler.
+
+        * http/tests/security/XFrameOptions/x-frame-options-ignore-deny-meta-tag-expected.txt:
+        * http/tests/security/XFrameOptions/x-frame-options-ignore-deny-meta-tag-in-body-expected.txt:
+        * http/tests/security/XFrameOptions/x-frame-options-ignore-deny-meta-tag-parent-same-origin-allow-expected.txt:
+        * http/tests/security/XFrameOptions/x-frame-options-ignore-deny-meta-tag-parent-same-origin-deny-expected.txt:
+        * http/tests/security/xssAuditor/meta-tag-http-refresh-x-frame-options-ignored-expected.txt:
+
+2016-04-18  Brent Fulgham  <[email protected]>
+
         CSP: Remove stubs for dynamically-added favicons (via link rel="icon")
         https://bugs.webkit.org/show_bug.cgi?id=153151
         <rdar://problem/24383176>

Modified: trunk/LayoutTests/http/tests/security/XFrameOptions/x-frame-options-ignore-deny-meta-tag-expected.txt (199695 => 199696)


--- trunk/LayoutTests/http/tests/security/XFrameOptions/x-frame-options-ignore-deny-meta-tag-expected.txt	2016-04-18 23:00:29 UTC (rev 199695)
+++ trunk/LayoutTests/http/tests/security/XFrameOptions/x-frame-options-ignore-deny-meta-tag-expected.txt	2016-04-18 23:07:54 UTC (rev 199696)
@@ -1,7 +1,7 @@
 http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-deny-meta-tag-subframe.html - willSendRequest <NSURLRequest URL http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-deny-meta-tag-subframe.html, main document URL http://127.0.0.1:8000/security/XFrameOptions/x-frame-options-ignore-deny-meta-tag.html, http method GET> redirectResponse (null)
 http://127.0.0.1:8000/security/XFrameOptions/x-frame-options-ignore-deny-meta-tag.html - didFinishLoading
 http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-deny-meta-tag-subframe.html - didReceiveResponse <NSURLResponse http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-deny-meta-tag-subframe.html, http status code 200>
-CONSOLE MESSAGE: line 3: X-Frame-Options may only be set via an HTTP header sent along with a document. It may not be set inside <meta>.
+CONSOLE MESSAGE: line 3: The X-Frame-Option 'deny' supplied in a <meta> element was ignored. X-Frame-Options may only be provided by an HTTP header sent with the document.
 CONSOLE MESSAGE: line 15: PASS: Could read contentWindow.location.href
 There should be content in the iframe below

Modified: trunk/LayoutTests/http/tests/security/XFrameOptions/x-frame-options-ignore-deny-meta-tag-in-body-expected.txt (199695 => 199696)


--- trunk/LayoutTests/http/tests/security/XFrameOptions/x-frame-options-ignore-deny-meta-tag-in-body-expected.txt	2016-04-18 23:00:29 UTC (rev 199695)
+++ trunk/LayoutTests/http/tests/security/XFrameOptions/x-frame-options-ignore-deny-meta-tag-in-body-expected.txt	2016-04-18 23:07:54 UTC (rev 199696)
@@ -1,7 +1,7 @@
 http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-deny-meta-tag-subframe-in-body.html - willSendRequest <NSURLRequest URL http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-deny-meta-tag-subframe-in-body.html, main document URL http://127.0.0.1:8000/security/XFrameOptions/x-frame-options-ignore-deny-meta-tag-in-body.html, http method GET> redirectResponse (null)
 http://127.0.0.1:8000/security/XFrameOptions/x-frame-options-ignore-deny-meta-tag-in-body.html - didFinishLoading
 http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-deny-meta-tag-subframe-in-body.html - didReceiveResponse <NSURLResponse http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-deny-meta-tag-subframe-in-body.html, http status code 200>
-CONSOLE MESSAGE: line 6: X-Frame-Options may only be set via an HTTP header sent along with a document. It may not be set inside <meta>.
+CONSOLE MESSAGE: line 6: The X-Frame-Option 'deny' supplied in a <meta> element was ignored. X-Frame-Options may only be provided by an HTTP header sent with the document.
 CONSOLE MESSAGE: line 15: PASS: Could read contentWindow.location.href
 There should be content in the iframe below

Modified: trunk/LayoutTests/http/tests/security/XFrameOptions/x-frame-options-ignore-deny-meta-tag-parent-same-origin-allow-expected.txt (199695 => 199696)


--- trunk/LayoutTests/http/tests/security/XFrameOptions/x-frame-options-ignore-deny-meta-tag-parent-same-origin-allow-expected.txt	2016-04-18 23:00:29 UTC (rev 199695)
+++ trunk/LayoutTests/http/tests/security/XFrameOptions/x-frame-options-ignore-deny-meta-tag-parent-same-origin-allow-expected.txt	2016-04-18 23:07:54 UTC (rev 199696)
@@ -1,7 +1,7 @@
 http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-deny-meta-tag-subframe-parent-same-origin-allow.html - willSendRequest <NSURLRequest URL http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-deny-meta-tag-subframe-parent-same-origin-allow.html, main document URL http://127.0.0.1:8000/security/XFrameOptions/x-frame-options-ignore-deny-meta-tag-parent-same-origin-allow.html, http method GET> redirectResponse (null)
 http://127.0.0.1:8000/security/XFrameOptions/x-frame-options-ignore-deny-meta-tag-parent-same-origin-allow.html - didFinishLoading
 http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-deny-meta-tag-subframe-parent-same-origin-allow.html - didReceiveResponse <NSURLResponse http://127.0.0.1:8000/security/XFrameOptions/resources/x-frame-options-deny-meta-tag-subframe-parent-same-origin-allow.html, http status code 200>
-CONSOLE MESSAGE: line 3: X-Frame-Options may only be set via an HTTP header sent along with a document. It may not be set inside <meta>.
+CONSOLE MESSAGE: line 3: The X-Frame-Option 'sameorigin' supplied in a <meta> element was ignored. X-Frame-Options may only be provided by an HTTP header sent with the document.
 ALERT: PASS: onload fired.
 There should be content in the iframe below

Modified: trunk/LayoutTests/http/tests/security/XFrameOptions/x-frame-options-ignore-deny-meta-tag-parent-same-origin-deny-expected.txt (199695 => 199696)


--- trunk/LayoutTests/http/tests/security/XFrameOptions/x-frame-options-ignore-deny-meta-tag-parent-same-origin-deny-expected.txt	2016-04-18 23:00:29 UTC (rev 199695)
+++ trunk/LayoutTests/http/tests/security/XFrameOptions/x-frame-options-ignore-deny-meta-tag-parent-same-origin-deny-expected.txt	2016-04-18 23:07:54 UTC (rev 199696)
@@ -1,7 +1,7 @@
 http://localhost:8000/security/XFrameOptions/resources/x-frame-options-deny-meta-tag-subframe-parent-same-origin-deny.html - willSendRequest <NSURLRequest URL http://localhost:8000/security/XFrameOptions/resources/x-frame-options-deny-meta-tag-subframe-parent-same-origin-deny.html, main document URL http://127.0.0.1:8000/security/XFrameOptions/x-frame-options-ignore-deny-meta-tag-parent-same-origin-deny.html, http method GET> redirectResponse (null)
 http://127.0.0.1:8000/security/XFrameOptions/x-frame-options-ignore-deny-meta-tag-parent-same-origin-deny.html - didFinishLoading
 http://localhost:8000/security/XFrameOptions/resources/x-frame-options-deny-meta-tag-subframe-parent-same-origin-deny.html - didReceiveResponse <NSURLResponse http://localhost:8000/security/XFrameOptions/resources/x-frame-options-deny-meta-tag-subframe-parent-same-origin-deny.html, http status code 200>
-CONSOLE MESSAGE: line 3: X-Frame-Options may only be set via an HTTP header sent along with a document. It may not be set inside <meta>.
+CONSOLE MESSAGE: line 3: The X-Frame-Option 'sameorigin' supplied in a <meta> element was ignored. X-Frame-Options may only be provided by an HTTP header sent with the document.
 CONSOLE MESSAGE: line 21: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
 CONSOLE MESSAGE: line 13: FAIL: Could not read contentWindow.location.href
 There should be content in the iframe below

Modified: trunk/LayoutTests/http/tests/security/xssAuditor/meta-tag-http-refresh-x-frame-options-ignored-expected.txt (199695 => 199696)


--- trunk/LayoutTests/http/tests/security/xssAuditor/meta-tag-http-refresh-x-frame-options-ignored-expected.txt	2016-04-18 23:00:29 UTC (rev 199695)
+++ trunk/LayoutTests/http/tests/security/xssAuditor/meta-tag-http-refresh-x-frame-options-ignored-expected.txt	2016-04-18 23:07:54 UTC (rev 199696)
@@ -1,2 +1,2 @@
-CONSOLE MESSAGE: line 4: X-Frame-Options may only be set via an HTTP header sent along with a document. It may not be set inside <meta>.
+CONSOLE MESSAGE: line 4: The X-Frame-Option 'deny' supplied in a <meta> element was ignored. X-Frame-Options may only be provided by an HTTP header sent with the document.

Modified: trunk/Source/WebCore/ChangeLog (199695 => 199696)


--- trunk/Source/WebCore/ChangeLog	2016-04-18 23:00:29 UTC (rev 199695)
+++ trunk/Source/WebCore/ChangeLog	2016-04-18 23:07:54 UTC (rev 199696)
@@ -1,3 +1,14 @@
+2016-04-18  Brent Fulgham  <[email protected]>
+
+        Remove support for X-Frame-Options in `<meta>`
+        https://bugs.webkit.org/show_bug.cgi?id=156625
+        <rdar://problem/25748714>
+
+        Rubberstamped by Darin Adler.
+
+        * dom/Document.cpp:
+        (WebCore::Document::processHttpEquiv): Revise messaging based on Darin's comments.
+
 2016-04-18  Chris Dumez  <[email protected]>
 
         Crash in ElementDescendantIterator::operator--() when calling m_ancestorSiblingStack.last()

Modified: trunk/Source/WebCore/dom/Document.cpp (199695 => 199696)


--- trunk/Source/WebCore/dom/Document.cpp	2016-04-18 23:00:29 UTC (rev 199695)
+++ trunk/Source/WebCore/dom/Document.cpp	2016-04-18 23:07:54 UTC (rev 199696)
@@ -3305,7 +3305,8 @@
             if (frameLoader.activeDocumentLoader() && frameLoader.activeDocumentLoader()->mainResourceLoader())
                 requestIdentifier = frameLoader.activeDocumentLoader()->mainResourceLoader()->identifier();
 
-            addConsoleMessage(MessageSource::Security, MessageLevel::Error, "X-Frame-Options may only be set via an HTTP header sent along with a document. It may not be set inside <meta>.", requestIdentifier);
+            String message = "The X-Frame-Option '" + content + "' supplied in a <meta> element was ignored. X-Frame-Options may only be provided by an HTTP header sent with the document.";
+            addConsoleMessage(MessageSource::Security, MessageLevel::Error, message, requestIdentifier);
         }
         break;
 

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to