Diff
Modified: trunk/LayoutTests/ChangeLog (258493 => 258494)
--- trunk/LayoutTests/ChangeLog 2020-03-16 13:15:08 UTC (rev 258493)
+++ trunk/LayoutTests/ChangeLog 2020-03-16 13:15:52 UTC (rev 258494)
@@ -1,3 +1,16 @@
+2020-03-16 youenn fablet <[email protected]>
+
+ Unique origins should not be Potentially Trustworthy
+ https://bugs.webkit.org/show_bug.cgi?id=209049
+
+ Reviewed by Darin Adler.
+
+ * editing/async-clipboard/resources/sanitize-when-reading-markup-iframe.html: Added.
+ * editing/async-clipboard/sanitize-when-reading-markup.html:
+ Updating test to use HTTP instead of data URL for iFrame since clipboard is SecureContext.
+ * http/tests/security/iframe-unique-origin.https-expected.txt: Added.
+ * http/tests/security/iframe-unique-origin.https.html: Added.
+
2020-03-16 Carlos Garcia Campos <[email protected]>
[Cairo][SVG] marker-mid isn't shown on a joint of rectilinearly connected line-to path segments
Added: trunk/LayoutTests/editing/async-clipboard/resources/sanitize-when-reading-markup-iframe.html (0 => 258494)
--- trunk/LayoutTests/editing/async-clipboard/resources/sanitize-when-reading-markup-iframe.html (rev 0)
+++ trunk/LayoutTests/editing/async-clipboard/resources/sanitize-when-reading-markup-iframe.html 2020-03-16 13:15:52 UTC (rev 258494)
@@ -0,0 +1,12 @@
+<button id='copy' style='font-size: 40px; text-align: center;'>Click to copy</button>
+<script>
+ const markup1 = `<script>console.log('This script tag should be sanitized out.')</${'script'}><p _onclick_='_javascript_:void()'>Hello world 1</p>`;
+ const markup2 = `<p style='display: none;'>You should not see this text.</p><span>Hello world 2</span>`;
+ copy.addEventListener('click', async () => {
+ await navigator.clipboard.write([
+ new ClipboardItem({ 'text/html' : markup1 }),
+ new ClipboardItem({ 'text/html' : markup2 })
+ ]);
+ parent.postMessage('finished-copying', '*');
+ });
+</script>
Modified: trunk/LayoutTests/editing/async-clipboard/sanitize-when-reading-markup.html (258493 => 258494)
--- trunk/LayoutTests/editing/async-clipboard/sanitize-when-reading-markup.html 2020-03-16 13:15:08 UTC (rev 258493)
+++ trunk/LayoutTests/editing/async-clipboard/sanitize-when-reading-markup.html 2020-03-16 13:15:52 UTC (rev 258494)
@@ -70,19 +70,7 @@
addEventListener("load", runTest);
</script>
<body>
- <iframe src=""
- <button id='copy' style='font-size: 40px; text-align: center;'>Click to copy</button>
- <script>
- const markup1 = `<script>console.log('This script tag should be sanitized out.')</${'script'}><p _onclick_='_javascript_:void()'>Hello world 1</p>`;
- const markup2 = `<p style='display: none;'>You should not see this text.</p><span>Hello world 2</span>`;
- copy.addEventListener('click', async () => {
- await navigator.clipboard.write([
- new ClipboardItem({ 'text/html' : markup1 }),
- new ClipboardItem({ 'text/html' : markup2 })
- ]);
- parent.postMessage('finished-copying', '*');
- });
- </script>"></iframe>
+ <iframe src=""
<button>Click to paste</button>
<p id="description"></p>
<p id="console"></p>
Added: trunk/LayoutTests/http/tests/security/iframe-unique-origin.https-expected.txt (0 => 258494)
--- trunk/LayoutTests/http/tests/security/iframe-unique-origin.https-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/security/iframe-unique-origin.https-expected.txt 2020-03-16 13:15:52 UTC (rev 258494)
@@ -0,0 +1 @@
+PASS
Added: trunk/LayoutTests/http/tests/security/iframe-unique-origin.https.html (0 => 258494)
--- trunk/LayoutTests/http/tests/security/iframe-unique-origin.https.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/iframe-unique-origin.https.html 2020-03-16 13:15:52 UTC (rev 258494)
@@ -0,0 +1,18 @@
+<!DOCTYPE html>
+<script>
+ if (window.testRunner) {
+ testRunner.waitUntilDone();
+ testRunner.dumpAsText();
+ }
+
+ window._onmessage_ = (event) => {
+ document.body.innerHTML = event.data ="" false ? "PASS" : "FAIL";
+ if (window.testRunner)
+ testRunner.notifyDone();
+ }
+
+ window._onload_ = () => {
+ var url = '' + 'pt>parent.postMessage(window.isSecureContext, "*");</scri' + 'pt>';
+ document.body.innerHTML = "<iframe src=''></iframe>";
+ };
+</script>
Modified: trunk/LayoutTests/imported/w3c/ChangeLog (258493 => 258494)
--- trunk/LayoutTests/imported/w3c/ChangeLog 2020-03-16 13:15:08 UTC (rev 258493)
+++ trunk/LayoutTests/imported/w3c/ChangeLog 2020-03-16 13:15:52 UTC (rev 258494)
@@ -1,5 +1,14 @@
2020-03-16 youenn fablet <[email protected]>
+ Unique origins should not be Potentially Trustworthy
+ https://bugs.webkit.org/show_bug.cgi?id=209049
+
+ Reviewed by Darin Adler.
+
+ * web-platform-tests/service-workers/service-worker/interfaces-window.https-expected.txt:
+
+2020-03-16 youenn fablet <[email protected]>
+
Remove the use of empty WebRTC sources for receiver tracks
https://bugs.webkit.org/show_bug.cgi?id=209061
Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/interfaces-window.https-expected.txt (258493 => 258494)
--- trunk/LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/interfaces-window.https-expected.txt 2020-03-16 13:15:08 UTC (rev 258493)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/interfaces-window.https-expected.txt 2020-03-16 13:15:52 UTC (rev 258494)
@@ -1,7 +1,7 @@
PASS test setup (worker registration)
-FAIL navigator.serviceWorker is not available in a data: iframe assert_false: navigator.serviceWorker should not be defined in iframe expected false got true
+PASS navigator.serviceWorker is not available in a data: iframe
PASS ServiceWorker includes AbstractWorker: member names are unique
PASS WorkerGlobalScope includes WindowOrWorkerGlobalScope: member names are unique
PASS ServiceWorker interface: existence and properties of interface object
Modified: trunk/Source/WebCore/ChangeLog (258493 => 258494)
--- trunk/Source/WebCore/ChangeLog 2020-03-16 13:15:08 UTC (rev 258493)
+++ trunk/Source/WebCore/ChangeLog 2020-03-16 13:15:52 UTC (rev 258494)
@@ -1,5 +1,21 @@
2020-03-16 youenn fablet <[email protected]>
+ Unique origins should not be Potentially Trustworthy
+ https://bugs.webkit.org/show_bug.cgi?id=209049
+
+ Reviewed by Darin Adler.
+
+ Unique origins should not be considered trustworthy as per https://w3c.github.io/webappsec-secure-contexts/#is-origin-trustworthy.
+
+ Test: http/tests/security/iframe-unique-origin.https.html
+
+ * dom/Document.cpp:
+ (WebCore::Document::isSecureContext const):
+ Removed check for top level origins as we make all unique origins not trusted.
+ * page/SecurityOrigin.cpp:
+
+2020-03-16 youenn fablet <[email protected]>
+
Remove the use of empty WebRTC sources for receiver tracks
https://bugs.webkit.org/show_bug.cgi?id=209061
Modified: trunk/Source/WebCore/dom/Document.cpp (258493 => 258494)
--- trunk/Source/WebCore/dom/Document.cpp 2020-03-16 13:15:08 UTC (rev 258493)
+++ trunk/Source/WebCore/dom/Document.cpp 2020-03-16 13:15:52 UTC (rev 258494)
@@ -89,10 +89,12 @@
#include "HTMLDocument.h"
#include "HTMLElementFactory.h"
#include "HTMLFormControlElement.h"
+#include "HTMLFrameElement.h"
#include "HTMLFrameOwnerElement.h"
#include "HTMLFrameSetElement.h"
#include "HTMLHeadElement.h"
#include "HTMLHtmlElement.h"
+#include "HTMLIFrameElement.h"
#include "HTMLImageElement.h"
#include "HTMLInputElement.h"
#include "HTMLLinkElement.h"
@@ -6035,6 +6037,25 @@
return isMainThread();
}
+// https://w3c.github.io/webappsec-secure-contexts/#is-url-trustworthy
+static bool isURLPotentiallyTrustworthy(const URL& url)
+{
+ if (url.protocolIsAbout())
+ return equalIgnoringASCIICase(url.string(), WTF::blankURL()) || equalLettersIgnoringASCIICase(url.string(), "about:srcdoc");
+ if (url.protocolIsData())
+ return true;
+ return SecurityOrigin::create(url)->isPotentiallyTrustworthy();
+}
+
+// https://w3c.github.io/webappsec-secure-contexts/#is-settings-object-contextually-secure step 5.3 and 5.4
+static inline bool isDocumentSecure(const Document& document)
+{
+ if (document.isSandboxed(SandboxOrigin))
+ return isURLPotentiallyTrustworthy(document.url());
+ return document.securityOrigin().isPotentiallyTrustworthy();
+}
+
+// https://w3c.github.io/webappsec-secure-contexts/#is-settings-object-contextually-secure
bool Document::isSecureContext() const
{
if (!m_frame)
@@ -6041,15 +6062,13 @@
return true;
if (!RuntimeEnabledFeatures::sharedFeatures().secureContextChecksEnabled())
return true;
- if (!securityOrigin().isPotentiallyTrustworthy())
- return false;
+
for (auto* frame = m_frame->tree().parent(); frame; frame = frame->tree().parent()) {
- if (!frame->document()->securityOrigin().isPotentiallyTrustworthy())
+ if (!isDocumentSecure(*frame->document()))
return false;
}
- if (topOrigin().isUnique())
- return false;
- return true;
+
+ return isDocumentSecure(*this);
}
void Document::updateURLForPushOrReplaceState(const URL& url)
Modified: trunk/Source/WebCore/page/SecurityOrigin.cpp (258493 => 258494)
--- trunk/Source/WebCore/page/SecurityOrigin.cpp 2020-03-16 13:15:08 UTC (rev 258493)
+++ trunk/Source/WebCore/page/SecurityOrigin.cpp 2020-03-16 13:15:52 UTC (rev 258494)
@@ -174,7 +174,7 @@
: m_data { emptyString(), emptyString(), WTF::nullopt }
, m_domain { emptyString() }
, m_isUnique { true }
- , m_isPotentiallyTrustworthy { true }
+ , m_isPotentiallyTrustworthy { false }
{
}
Modified: trunk/Source/WebKit/ChangeLog (258493 => 258494)
--- trunk/Source/WebKit/ChangeLog 2020-03-16 13:15:08 UTC (rev 258493)
+++ trunk/Source/WebKit/ChangeLog 2020-03-16 13:15:52 UTC (rev 258494)
@@ -1,3 +1,14 @@
+2020-03-16 youenn fablet <[email protected]>
+
+ Unique origins should not be Potentially Trustworthy
+ https://bugs.webkit.org/show_bug.cgi?id=209049
+
+ Reviewed by Darin Adler.
+
+ * WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp:
+ (WebKit::WebFrameLoaderClient::hasNavigatedAwayFromAppBoundDomain):
+ We should only check this for the main frame since this is tied to the page.
+
2020-03-16 Rob Buis <[email protected]>
Simplify ChromeClient.createWindow
Modified: trunk/Source/WebKit/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp (258493 => 258494)
--- trunk/Source/WebKit/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp 2020-03-16 13:15:08 UTC (rev 258493)
+++ trunk/Source/WebKit/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp 2020-03-16 13:15:52 UTC (rev 258494)
@@ -1925,6 +1925,9 @@
bool WebFrameLoaderClient::hasNavigatedAwayFromAppBoundDomain()
{
+ if (!m_frame->isMainFrame())
+ return false;
+
auto* webPage = m_frame->page();
if (!webPage)
return false;
Modified: trunk/Tools/ChangeLog (258493 => 258494)
--- trunk/Tools/ChangeLog 2020-03-16 13:15:08 UTC (rev 258493)
+++ trunk/Tools/ChangeLog 2020-03-16 13:15:52 UTC (rev 258494)
@@ -1,3 +1,13 @@
+2020-03-16 youenn fablet <[email protected]>
+
+ Unique origins should not be Potentially Trustworthy
+ https://bugs.webkit.org/show_bug.cgi?id=209049
+
+ Reviewed by Darin Adler.
+
+ * TestWebKitAPI/Tests/WebCore/SecurityOrigin.cpp:
+ (TestWebKitAPI::TEST_F):
+
2020-03-15 Fujii Hironori <[email protected]>
KeyedDecoderGeneric fails to allocate Vector while decoding broken data
Modified: trunk/Tools/TestWebKitAPI/Tests/WebCore/SecurityOrigin.cpp (258493 => 258494)
--- trunk/Tools/TestWebKitAPI/Tests/WebCore/SecurityOrigin.cpp 2020-03-16 13:15:08 UTC (rev 258493)
+++ trunk/Tools/TestWebKitAPI/Tests/WebCore/SecurityOrigin.cpp 2020-03-16 13:15:52 UTC (rev 258494)
@@ -152,10 +152,6 @@
EXPECT_TRUE(SecurityOrigin::createFromString("blob:http://localhost/3D45F36F-C126-493A-A8AA-457FA495247B")->isPotentiallyTrustworthy());
EXPECT_TRUE(SecurityOrigin::createFromString("blob:http://[::1]/3D45F36F-C126-493A-A8AA-457FA495247B")->isPotentiallyTrustworthy());
EXPECT_TRUE(SecurityOrigin::createFromString("blob:https://example.com/3D45F36F-C126-493A-A8AA-457FA495247B")->isPotentiallyTrustworthy());
- EXPECT_TRUE(SecurityOrigin::createFromString("data:,a")->isPotentiallyTrustworthy());
- EXPECT_TRUE(SecurityOrigin::createFromString("about:")->isPotentiallyTrustworthy());
- EXPECT_TRUE(SecurityOrigin::createFromString("about:blank")->isPotentiallyTrustworthy());
- EXPECT_TRUE(SecurityOrigin::createFromString("about:srcdoc")->isPotentiallyTrustworthy());
EXPECT_TRUE(SecurityOrigin::createFromString("wss://example.com")->isPotentiallyTrustworthy());
EXPECT_TRUE(SecurityOrigin::createFromString("https://example.com")->isPotentiallyTrustworthy());
EXPECT_TRUE(SecurityOrigin::createFromString("http://127.0.0.0")->isPotentiallyTrustworthy());
@@ -181,6 +177,12 @@
EXPECT_FALSE(SecurityOrigin::createFromString("ws://example.com")->isPotentiallyTrustworthy());
EXPECT_FALSE(SecurityOrigin::createFromString("blob:http://example.com/3D45F36F-C126-493A-A8AA-457FA495247B")->isPotentiallyTrustworthy());
EXPECT_FALSE(SecurityOrigin::createFromString("dummy:a")->isPotentiallyTrustworthy());
+ EXPECT_FALSE(SecurityOrigin::createFromString("blob:null/3D45F36F-C126-493A-A8AA-457FA495247B")->isPotentiallyTrustworthy());
+ EXPECT_FALSE(SecurityOrigin::createFromString("data:,a")->isPotentiallyTrustworthy());
+ EXPECT_FALSE(SecurityOrigin::createFromString("about:")->isPotentiallyTrustworthy());
+ EXPECT_FALSE(SecurityOrigin::createFromString("about:blank")->isPotentiallyTrustworthy());
+ EXPECT_FALSE(SecurityOrigin::createFromString("about:srcdoc")->isPotentiallyTrustworthy());
+ EXPECT_FALSE(SecurityOrigin::createFromString("_javascript_:srcdoc")->isPotentiallyTrustworthy());
}
TEST_F(SecurityOriginTest, IsRegistrableDomainSuffix)
