Title: [220427] trunk
- Revision
- 220427
- Author
- bfulg...@apple.com
- Date
- 2017-08-08 16:27:08 -0700 (Tue, 08 Aug 2017)
Log Message
Sandbox flags do not support document.domain control
https://bugs.webkit.org/show_bug.cgi?id=175281
<rdar://problem/33778936>
Reviewed by Chris Dumez.
Source/WebCore:
Update the 'setDomain' logic to honor the sandbox properties as defined in the current
HTML5 specification. This brings us in line with how Chrome and other browsers have
worked for some time.
Test: fast/frames/sandboxed-iframe-domain.html
* dom/Document.cpp:
(WebCore::Document::setDomain): Add check for sandbox flag (with appropriate error message)
* dom/SecurityContext.h:
LayoutTests:
* fast/frames/resources/sandboxed-iframe-set-domain.html: Added.
* fast/frames/sandboxed-iframe-domain.html: Added.
* fast/frames/sandboxed-iframe-domain-expected.txt: Added.
Modified Paths
Added Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (220426 => 220427)
--- trunk/LayoutTests/ChangeLog 2017-08-08 23:24:08 UTC (rev 220426)
+++ trunk/LayoutTests/ChangeLog 2017-08-08 23:27:08 UTC (rev 220427)
@@ -1,3 +1,15 @@
+2017-08-08 Brent Fulgham <bfulg...@apple.com>
+
+ Sandbox flags do not support document.domain control
+ https://bugs.webkit.org/show_bug.cgi?id=175281
+ <rdar://problem/33778936>
+
+ Reviewed by Chris Dumez.
+
+ * fast/frames/resources/sandboxed-iframe-set-domain.html: Added.
+ * fast/frames/sandboxed-iframe-domain.html: Added.
+ * fast/frames/sandboxed-iframe-domain-expected.txt: Added.
+
2017-08-08 Matt Lewis <jlew...@apple.com>
Skipping imported/w3c/IndexedDB-private-browsing/idbfactory_open12.html
Added: trunk/LayoutTests/fast/frames/resources/sandboxed-iframe-set-domain.html (0 => 220427)
--- trunk/LayoutTests/fast/frames/resources/sandboxed-iframe-set-domain.html (rev 0)
+++ trunk/LayoutTests/fast/frames/resources/sandboxed-iframe-set-domain.html 2017-08-08 23:27:08 UTC (rev 220427)
@@ -0,0 +1,14 @@
+<script>
+function runTest()
+{
+ try {
+ document.domain = 'localhost';
+ window.top.performedDomainChange("Allowed to set document.domain", true);
+ } catch (e) {
+ window.top.performedDomainChange("Denied: " + e.message, false);
+ }
+}
+</script>
+<body _onload_="runTest();">
+ TEST CONTENT
+</body>
Added: trunk/LayoutTests/fast/frames/sandboxed-iframe-domain-expected.txt (0 => 220427)
--- trunk/LayoutTests/fast/frames/sandboxed-iframe-domain-expected.txt (rev 0)
+++ trunk/LayoutTests/fast/frames/sandboxed-iframe-domain-expected.txt 2017-08-08 23:27:08 UTC (rev 220427)
@@ -0,0 +1,11 @@
+This test verifies that a sandboxed iframe does not have permission to modify the document.domain property.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+Denied: Assignment is forbidden for sandboxed iframes.
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
+PASS
Added: trunk/LayoutTests/fast/frames/sandboxed-iframe-domain.html (0 => 220427)
--- trunk/LayoutTests/fast/frames/sandboxed-iframe-domain.html (rev 0)
+++ trunk/LayoutTests/fast/frames/sandboxed-iframe-domain.html 2017-08-08 23:27:08 UTC (rev 220427)
@@ -0,0 +1,19 @@
+<html>
+<head>
+<script src=""
+<script>
+description("This test verifies that a sandboxed iframe does not have permission to modify the document.domain property.");
+
+function performedDomainChange(message, allowed)
+{
+ debug(message);
+ document.getElementById("test_status").innerHTML = (allowed ? "FAIL" : "PASS");
+ finishJSTest();
+}
+</script>
+</head>
+<body>
+ <iframe sandbox="allow-scripts allow-same-origin" src=""
+ <p id='test_status'>FAIL: Script didn't run</p>
+</body>
+</html>
Modified: trunk/Source/WebCore/ChangeLog (220426 => 220427)
--- trunk/Source/WebCore/ChangeLog 2017-08-08 23:24:08 UTC (rev 220426)
+++ trunk/Source/WebCore/ChangeLog 2017-08-08 23:27:08 UTC (rev 220427)
@@ -1,3 +1,21 @@
+2017-08-08 Brent Fulgham <bfulg...@apple.com>
+
+ Sandbox flags do not support document.domain control
+ https://bugs.webkit.org/show_bug.cgi?id=175281
+ <rdar://problem/33778936>
+
+ Reviewed by Chris Dumez.
+
+ Update the 'setDomain' logic to honor the sandbox properties as defined in the current
+ HTML5 specification. This brings us in line with how Chrome and other browsers have
+ worked for some time.
+
+ Test: fast/frames/sandboxed-iframe-domain.html
+
+ * dom/Document.cpp:
+ (WebCore::Document::setDomain): Add check for sandbox flag (with appropriate error message)
+ * dom/SecurityContext.h:
+
2017-08-08 Jeremy Jones <jere...@apple.com>
Change fast seek logic to prevent ping-ponging.
Modified: trunk/Source/WebCore/dom/Document.cpp (220426 => 220427)
--- trunk/Source/WebCore/dom/Document.cpp 2017-08-08 23:24:08 UTC (rev 220426)
+++ trunk/Source/WebCore/dom/Document.cpp 2017-08-08 23:27:08 UTC (rev 220427)
@@ -4487,11 +4487,12 @@
if (!frame())
return Exception { SecurityError, "A browsing context is required to set a domain." };
+ if (isSandboxed(SandboxDocumentDomain))
+ return Exception { SecurityError, "Assignment is forbidden for sandboxed iframes." };
+
if (SchemeRegistry::isDomainRelaxationForbiddenForURLScheme(securityOrigin().protocol()))
return Exception { SecurityError };
- // FIXME(175281): Check for 'document.domain' sandbox flag and return an exception if present.
-
// FIXME: We should add logging indicating why a domain was not allowed.
const String& effectiveDomain = domain();
Modified: trunk/Source/WebCore/dom/SecurityContext.h (220426 => 220427)
--- trunk/Source/WebCore/dom/SecurityContext.h 2017-08-08 23:24:08 UTC (rev 220426)
+++ trunk/Source/WebCore/dom/SecurityContext.h 2017-08-08 23:27:08 UTC (rev 220427)
@@ -51,6 +51,7 @@
SandboxPointerLock = 1 << 8,
SandboxPropagatesToAuxiliaryBrowsingContexts = 1 << 9,
SandboxTopNavigationByUserActivation = 1 << 10,
+ SandboxDocumentDomain = 1 << 11,
SandboxAll = -1 // Mask with all bits set to 1.
};
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
