Diff
Modified: trunk/LayoutTests/ChangeLog (100662 => 100663)
--- trunk/LayoutTests/ChangeLog 2011-11-17 21:15:55 UTC (rev 100662)
+++ trunk/LayoutTests/ChangeLog 2011-11-17 21:34:36 UTC (rev 100663)
@@ -1,3 +1,27 @@
+2011-11-17 Adam Barth <aba...@webkit.org>
+
+ Unique origins shouldn't remember their scheme, host, or port
+ https://bugs.webkit.org/show_bug.cgi?id=72308
+
+ Reviewed by Eric Seidel.
+
+ * fast/frames/resources/sandboxed-iframe-storage-disallowed.html:
+ - Inline script because the sandbox iframe isn't allowed to load
+ local resources.
+ * fast/frames/sandboxed-iframe-attribute-parsing.html:
+ * fast/frames/sandboxed-iframe-forms-dynamic.html:
+ * fast/frames/sandboxed-iframe-forms.html:
+ * fast/frames/sandboxed-iframe-navigation-top-by-constant-name.html:
+ * fast/frames/sandboxed-iframe-navigation-top-by-constant-name2.html:
+ * fast/frames/sandboxed-iframe-navigation-top-by-name.html:
+ * fast/frames/sandboxed-iframe-navigation-top.html:
+ * media/video-controls-no-scripting.html:
+ - Previously sandboxed local iframes still got universal access
+ when we're running with universal access for file URLs! Now that
+ they correctly get unique origins, we need to update these tests
+ to allow-same-origin access in order for them to function
+ properly.
+
2011-11-17 Julien Chaffraix <jchaffr...@webkit.org>
CSS table with 100% width can overflow their containing block
Modified: trunk/LayoutTests/fast/frames/resources/sandboxed-iframe-storage-disallowed.html (100662 => 100663)
--- trunk/LayoutTests/fast/frames/resources/sandboxed-iframe-storage-disallowed.html 2011-11-17 21:15:55 UTC (rev 100662)
+++ trunk/LayoutTests/fast/frames/resources/sandboxed-iframe-storage-disallowed.html 2011-11-17 21:34:36 UTC (rev 100663)
@@ -1,8 +1,58 @@
<html>
<head>
-<script src=""
<script>
+if (window.layoutTestController)
+ layoutTestController.dumpAsText();
+function debug(msg)
+{
+ var span = document.createElement("span");
+ document.getElementById("console").appendChild(span);
+ span.innerHTML = msg + '<br />';
+}
+
+function escapeHTML(text)
+{
+ return text.replace(/&/g, "&").replace(/</g, "<").replace(/\0/g, "\\0");
+}
+
+function testPassed(msg)
+{
+ debug('<span><span class="pass">PASS</span> ' + escapeHTML(msg) + '</span>');
+}
+
+function testFailed(msg)
+{
+ debug('<span><span class="fail">FAIL</span> ' + escapeHTML(msg) + '</span>');
+}
+
+function shouldThrow(_a, _e)
+{
+ var exception;
+ var _av;
+ try {
+ _av = eval(_a);
+ } catch (e) {
+ exception = e;
+ }
+
+ var _ev;
+ if (_e)
+ _ev = eval(_e);
+
+ if (exception) {
+ if (typeof _e == "undefined" || exception == _ev)
+ testPassed(_a + " threw exception " + exception + ".");
+ else
+ testFailed(_a + " should throw " + (typeof _e == "undefined" ? "an exception" : _ev) + ". Threw exception " + exception + ".");
+ } else if (typeof _av == "undefined")
+ testFailed(_a + " should throw " + (typeof _e == "undefined" ? "an exception" : _ev) + ". Was undefined.");
+ else
+ testFailed(_a + " should throw " + (typeof _e == "undefined" ? "an exception" : _ev) + ". Was " + _av + ".");
+}
+</script>
+<script>
+
window._onload_ = function() {
shouldThrow("window.openDatabase('SandboxedIframeStorageDisallowed', '1.0', '', 1)", "'Error: SECURITY_ERR: DOM Exception 18'");
shouldThrow("window.localStorage", "'Error: SECURITY_ERR: DOM Exception 18'");
Modified: trunk/LayoutTests/fast/frames/sandboxed-iframe-attribute-parsing.html (100662 => 100663)
--- trunk/LayoutTests/fast/frames/sandboxed-iframe-attribute-parsing.html 2011-11-17 21:15:55 UTC (rev 100662)
+++ trunk/LayoutTests/fast/frames/sandboxed-iframe-attribute-parsing.html 2011-11-17 21:34:36 UTC (rev 100663)
@@ -56,7 +56,7 @@
<!-- iframes where script execution is allowed, but origin is not shared -->
<!-- plain, proper attribute value -->
- <iframe sandbox="allow-scripts"
+ <iframe sandbox="allow-scripts allow-same-origin"
name="f1"
src=""
</iframe>
@@ -66,7 +66,7 @@
allow-scripts
-"
+allow-same-origin"
name="f2"
src=""
</iframe>
@@ -103,7 +103,7 @@
'Kyssarna' ('The kisses'), Esaias Tegnér, 1782-1846
- allow-scripts
+ allow-scripts allow-same-origin
int main(void)
{
@@ -114,44 +114,44 @@
</iframe>
<!-- tab characters before and after attribute value -->
- <iframe sandbox=" allow-scripts "
+ <iframe sandbox=" allow-scripts allow-same-origin"
name="f4"
src=""
</iframe>
<!-- mixed case -->
- <iframe sandbox="AlLoW-sCrIpTs"
+ <iframe sandbox="AlLoW-sCrIpTs allow-same-origin"
name="f5"
src=""
</iframe>
<!-- iframes where script execution is disallowed -->
- <iframe sandbox="allowscripts"
+ <iframe sandbox="allowscripts allow-same-origin"
src=""
</iframe>
- <iframe sandbox="allows-cripts"
+ <iframe sandbox="allows-cripts allow-same-origin"
src=""
</iframe>
- <iframe sandbox="-allow-scripts"
+ <iframe sandbox="-allow-scripts allow-same-origin"
src=""
</iframe>
- <iframe sandbox="allow_scripts"
+ <iframe sandbox="allow_scripts allow-same-origin"
src=""
</iframe>
- <iframe sandbox="allowScripts"
+ <iframe sandbox="allowScripts allow-same-origin"
src=""
</iframe>
- <iframe sandbox="aallow-scripts"
+ <iframe sandbox="aallow-scripts allow-same-origin"
src=""
</iframe>
- <iframe sandbox="allow-scriptss"
+ <iframe sandbox="allow-scriptss allow-same-origin"
src=""
</iframe>
Modified: trunk/LayoutTests/fast/frames/sandboxed-iframe-forms-dynamic.html (100662 => 100663)
--- trunk/LayoutTests/fast/frames/sandboxed-iframe-forms-dynamic.html 2011-11-17 21:15:55 UTC (rev 100662)
+++ trunk/LayoutTests/fast/frames/sandboxed-iframe-forms-dynamic.html 2011-11-17 21:34:36 UTC (rev 100663)
@@ -30,9 +30,9 @@
window._onload_ = function() {
frameElements = document.getElementsByTagName("iframe");
- frameElements[0].sandbox = "allow-scripts";
- frameElements[1].sandbox = "allow-scripts allow-forms";
- frameElements[2].sandbox = "allow-scripts";
+ frameElements[0].sandbox = "allow-scripts allow-same-origin";
+ frameElements[1].sandbox = "allow-scripts allow-forms allow-same-origin";
+ frameElements[2].sandbox = "allow-scripts allow-same-origin";
frames[0].postMessage("go", "*");
frames[1].postMessage("go", "*");
@@ -45,15 +45,15 @@
<body>
<iframe style="width: 60px; height: 60px;"
- sandbox="allow-scripts allow-forms"
+ sandbox="allow-scripts allow-forms allow-same-origin"
src=""
</iframe>
<iframe style="width: 60px; height: 60px;"
- sandbox="allow-scripts"
+ sandbox="allow-scripts allow-same-origin"
src=""
</iframe>
<iframe style="width: 60px; height: 60px;"
- sandbox="allow-scripts allow-forms"
+ sandbox="allow-scripts allow-forms allow-same-origin"
src=""
</iframe>
Modified: trunk/LayoutTests/fast/frames/sandboxed-iframe-forms.html (100662 => 100663)
--- trunk/LayoutTests/fast/frames/sandboxed-iframe-forms.html 2011-11-17 21:15:55 UTC (rev 100662)
+++ trunk/LayoutTests/fast/frames/sandboxed-iframe-forms.html 2011-11-17 21:34:36 UTC (rev 100663)
@@ -41,53 +41,53 @@
<!-- five IFrames with forms allowed -->
<iframe style="width: 60px; height: 60px;"
- sandbox="allow-scripts allow-forms"
+ sandbox="allow-scripts allow-forms allow-same-origin"
src=""
</iframe>
<iframe style="width: 60px; height: 60px;"
- sandbox="allow-scripts allow-forms"
+ sandbox="allow-scripts allow-forms allow-same-origin"
src=""
</iframe>
<iframe style="width: 60px; height: 60px;"
- sandbox="allow-scripts allow-forms"
+ sandbox="allow-scripts allow-forms allow-same-origin"
src=""
</iframe>
<iframe style="width: 60px; height: 60px;"
- sandbox="allow-scripts allow-forms"
+ sandbox="allow-scripts allow-forms allow-same-origin"
src=""
</iframe>
<iframe style="width: 60px; height: 60px;"
- sandbox="allow-scripts allow-forms"
+ sandbox="allow-scripts allow-forms allow-same-origin"
src=""
</iframe>
<!-- one IFrame with forms disallowed -->
<iframe style="width: 60px; height: 60px;"
- sandbox="allow-scripts"
+ sandbox="allow-scripts allow-same-origin"
src=""
</iframe>
<!-- five more IFrames with forms allowed -->
<iframe style="width: 60px; height: 60px;"
- sandbox="allow-scripts allow-forms"
+ sandbox="allow-scripts allow-forms allow-same-origin"
src=""
</iframe>
<iframe style="width: 60px; height: 60px;"
- sandbox="allow-scripts allow-forms"
+ sandbox="allow-scripts allow-forms allow-same-origin"
src=""
</iframe>
<iframe style="width: 60px; height: 60px;"
- sandbox="allow-scripts allow-forms"
+ sandbox="allow-scripts allow-forms allow-same-origin"
src=""
</iframe>
<iframe style="width: 60px; height: 60px;"
- sandbox="allow-scripts allow-forms"
+ sandbox="allow-scripts allow-forms allow-same-origin"
src=""
</iframe>
<iframe style="width: 60px; height: 60px;"
- sandbox="allow-scripts allow-forms"
+ sandbox="allow-scripts allow-forms allow-same-origin"
src=""
</iframe>
Modified: trunk/LayoutTests/fast/frames/sandboxed-iframe-navigation-top-by-constant-name.html (100662 => 100663)
--- trunk/LayoutTests/fast/frames/sandboxed-iframe-navigation-top-by-constant-name.html 2011-11-17 21:15:55 UTC (rev 100662)
+++ trunk/LayoutTests/fast/frames/sandboxed-iframe-navigation-top-by-constant-name.html 2011-11-17 21:34:36 UTC (rev 100663)
@@ -9,7 +9,7 @@
</head>
<body>
<p>This test verifies that a sandboxed IFrame can navigate the top-level frame with allow-top-navigation.</p>
-<iframe sandbox="allow-scripts allow-top-navigation"
+<iframe sandbox="allow-scripts allow-top-navigation allow-same-origin"
src=""
</body>
</html>
Modified: trunk/LayoutTests/fast/frames/sandboxed-iframe-navigation-top-by-constant-name2.html (100662 => 100663)
--- trunk/LayoutTests/fast/frames/sandboxed-iframe-navigation-top-by-constant-name2.html 2011-11-17 21:15:55 UTC (rev 100662)
+++ trunk/LayoutTests/fast/frames/sandboxed-iframe-navigation-top-by-constant-name2.html 2011-11-17 21:34:36 UTC (rev 100663)
@@ -9,7 +9,7 @@
</head>
<body>
<p>This test verifies that a sandboxed IFrame can navigate the top-level frame with allow-top-navigation.</p>
-<iframe sandbox="allow-scripts allow-top-navigation"
+<iframe sandbox="allow-scripts allow-top-navigation allow-same-origin"
src=""
</body>
</html>
Modified: trunk/LayoutTests/fast/frames/sandboxed-iframe-navigation-top-by-name.html (100662 => 100663)
--- trunk/LayoutTests/fast/frames/sandboxed-iframe-navigation-top-by-name.html 2011-11-17 21:15:55 UTC (rev 100662)
+++ trunk/LayoutTests/fast/frames/sandboxed-iframe-navigation-top-by-name.html 2011-11-17 21:34:36 UTC (rev 100663)
@@ -10,7 +10,7 @@
</head>
<body>
<p>This test verifies that a sandboxed IFrame can navigate the top-level frame with allow-top-navigation.</p>
-<iframe sandbox="allow-scripts allow-top-navigation"
+<iframe sandbox="allow-scripts allow-top-navigation allow-same-origin"
src=""
</body>
</html>
Modified: trunk/LayoutTests/fast/frames/sandboxed-iframe-navigation-top.html (100662 => 100663)
--- trunk/LayoutTests/fast/frames/sandboxed-iframe-navigation-top.html 2011-11-17 21:15:55 UTC (rev 100662)
+++ trunk/LayoutTests/fast/frames/sandboxed-iframe-navigation-top.html 2011-11-17 21:34:36 UTC (rev 100663)
@@ -9,7 +9,7 @@
</head>
<body>
<p>This test verifies that a sandboxed IFrame can navigate the top-level frame with allow-top-navigation.</p>
-<iframe sandbox="allow-scripts allow-top-navigation"
+<iframe sandbox="allow-scripts allow-top-navigation allow-same-origin"
src=""
</body>
</html>
Modified: trunk/LayoutTests/media/video-controls-no-scripting.html (100662 => 100663)
--- trunk/LayoutTests/media/video-controls-no-scripting.html 2011-11-17 21:15:55 UTC (rev 100662)
+++ trunk/LayoutTests/media/video-controls-no-scripting.html 2011-11-17 21:34:36 UTC (rev 100663)
@@ -27,7 +27,7 @@
<body>
- <iframe sandbox src="" id="fr" style="width: 400px; height: 320px; border: 1px solid black;"></iframe>
+ <iframe sandbox="allow-same-origin" src="" id="fr" style="width: 400px; height: 320px; border: 1px solid black;"></iframe>
<p>Tests that the built-in controls are always enabled when _javascript_ is disabled.</p>
<pre id="console"></pre>
Modified: trunk/Source/WebCore/ChangeLog (100662 => 100663)
--- trunk/Source/WebCore/ChangeLog 2011-11-17 21:15:55 UTC (rev 100662)
+++ trunk/Source/WebCore/ChangeLog 2011-11-17 21:34:36 UTC (rev 100663)
@@ -1,3 +1,25 @@
+2011-11-14 Adam Barth <aba...@webkit.org>
+
+ Unique origins shouldn't remember their scheme, host, or port
+ https://bugs.webkit.org/show_bug.cgi?id=72308
+
+ Reviewed by Eric Seidel.
+
+ This patch contains the bulk (all?) of the behavior differences in this
+ patch series. Unique origins shouldn't remember their schemes. Doing
+ so causes some privileges (e.g., local access) to leak into unique
+ origins.
+
+ * page/SecurityOrigin.cpp:
+ (WebCore::SecurityOrigin::SecurityOrigin):
+ - Explicitly clear out the protocol, host, and port for unique
+ origins. A future patch will refactor all this code to be more
+ elegant.
+ * platform/SchemeRegistry.cpp:
+ (WebCore::schemesWithUniqueOrigins):
+ - Merge "about" and "_javascript_" in with the general case now that
+ we don't have a separate notion of an empty origin.
+
2011-11-17 Chris Fleizach <cfleiz...@apple.com>
AX: cleanup style and naming and code in accessibility search mechanism
Modified: trunk/Source/WebCore/page/SecurityOrigin.cpp (100662 => 100663)
--- trunk/Source/WebCore/page/SecurityOrigin.cpp 2011-11-17 21:15:55 UTC (rev 100662)
+++ trunk/Source/WebCore/page/SecurityOrigin.cpp 2011-11-17 21:34:36 UTC (rev 100663)
@@ -41,6 +41,7 @@
namespace WebCore {
+const int InvalidPort = 0;
const int MaxAllowedPort = 65535;
static bool schemeRequiresAuthority(const String& scheme)
@@ -64,11 +65,8 @@
, m_universalAccess(false)
, m_domainWasSetInDOM(false)
, m_enforceFilePathSeparation(false)
+ , m_needsStorageIdentifierQuirkForFiles(false)
{
- // These protocols do not create security origins; the owner frame provides the origin
- if (m_protocol == "about" || m_protocol == "_javascript_")
- m_protocol = "";
-
#if ENABLE(BLOB) || ENABLE(FILE_SYSTEM)
bool isBlobOrFileSystemProtocol = false;
#if ENABLE(BLOB)
@@ -93,6 +91,7 @@
// For edge case URLs that were probably misparsed, make sure that the origin is unique.
if (schemeRequiresAuthority(m_protocol) && m_host.isEmpty())
m_isUnique = true;
+
if (m_protocol.isEmpty())
m_isUnique = true;
@@ -116,7 +115,17 @@
}
if (isDefaultPortForProtocol(m_port, m_protocol))
- m_port = 0;
+ m_port = InvalidPort;
+
+ if (m_protocol == "file")
+ m_needsStorageIdentifierQuirkForFiles = true;
+
+ // Don't leak details from URLs into unique origins.
+ if (m_isUnique) {
+ m_protocol = "";
+ m_host = "";
+ m_port = InvalidPort;
+ }
}
SecurityOrigin::SecurityOrigin(const SecurityOrigin* other)
@@ -131,6 +140,7 @@
, m_domainWasSetInDOM(other->m_domainWasSetInDOM)
, m_canLoadLocalResources(other->m_canLoadLocalResources)
, m_enforceFilePathSeparation(other->m_enforceFilePathSeparation)
+ , m_needsStorageIdentifierQuirkForFiles(other->m_needsStorageIdentifierQuirkForFiles)
{
}
@@ -409,6 +419,14 @@
String SecurityOrigin::databaseIdentifier() const
{
+ // Historically, we've used the following (somewhat non-sensical) string
+ // for the databaseIdentifier of local files. We used to compute this
+ // string because of a bug in how we handled the scheme for file URLs.
+ // Now that we've fixed that bug, we still need to produce this string
+ // to avoid breaking existing persistent state.
+ if (m_needsStorageIdentifierQuirkForFiles)
+ return "file__0";
+
String separatorString(&SeparatorCharacter, 1);
if (m_encodedHost.isEmpty())
Modified: trunk/Source/WebCore/page/SecurityOrigin.h (100662 => 100663)
--- trunk/Source/WebCore/page/SecurityOrigin.h 2011-11-17 21:15:55 UTC (rev 100662)
+++ trunk/Source/WebCore/page/SecurityOrigin.h 2011-11-17 21:34:36 UTC (rev 100663)
@@ -182,6 +182,7 @@
bool m_domainWasSetInDOM;
bool m_canLoadLocalResources;
bool m_enforceFilePathSeparation;
+ bool m_needsStorageIdentifierQuirkForFiles;
};
} // namespace WebCore
Modified: trunk/Source/WebCore/platform/SchemeRegistry.cpp (100662 => 100663)
--- trunk/Source/WebCore/platform/SchemeRegistry.cpp 2011-11-17 21:15:55 UTC (rev 100662)
+++ trunk/Source/WebCore/platform/SchemeRegistry.cpp 2011-11-17 21:34:36 UTC (rev 100663)
@@ -68,10 +68,13 @@
{
DEFINE_STATIC_LOCAL(URLSchemesMap, schemesWithUniqueOrigins, ());
- // This is a willful violation of HTML5.
- // See https://bugs.webkit.org/show_bug.cgi?id=11885
- if (schemesWithUniqueOrigins.isEmpty())
+ if (schemesWithUniqueOrigins.isEmpty()) {
+ schemesWithUniqueOrigins.add("about");
+ schemesWithUniqueOrigins.add("_javascript_");
+ // This is a willful violation of HTML5.
+ // See https://bugs.webkit.org/show_bug.cgi?id=11885
schemesWithUniqueOrigins.add("data");
+ }
return schemesWithUniqueOrigins;
}