- Revision
- 262887
- Author
- alanc...@apple.com
- Date
- 2020-06-10 18:05:06 -0700 (Wed, 10 Jun 2020)
Log Message
Cherry-pick r262870. rdar://problem/64232759
Improve CSP compliance under PSON
https://bugs.webkit.org/show_bug.cgi?id=212995
<rdar://problem/62996186>
Reviewed by Chris Dumez.
LayoutTests/imported/w3c:
Rebaseline an existing test, since CSP is now checked before any navigations performed by a form action.
* web-platform-tests/content-security-policy/form-action/form-action-src-blocked.sub-expected.txt:
Source/WebCore:
Tests: http/tests/security/contentSecurityPolicy/1.1/form-action-src-self-blocked.html
The form submission logic was only considering CSP if the form
action was a _javascript_ URL. This is incorrect, as CSP might
apply to any URL.
This is also covered by the existing form-action CSP tests.
* loader/FrameLoader.cpp:
(WebCore::FrameLoader::submitForm): All URLs should be evaluted for
compliance with CSP.
LayoutTests:
Add a new test to confirm that CSP rules are honored for form-action operations during process swap.
This also rebaselines an existing test, since CSP is now checked before any navigations performed by
a form action.
* http/tests/security/contentSecurityPolicy/1.1/form-action-src-get-blocked-expected.txt: Rebaselined.
* http/tests/security/contentSecurityPolicy/1.1/form-action-src-self-blocked-expected.txt: Copied from LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-get-blocked-expected.txt.
* http/tests/security/contentSecurityPolicy/1.1/form-action-src-self-blocked.html: Added.
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@262870 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Modified Paths
Added Paths
Diff
Modified: branches/safari-609-branch/LayoutTests/ChangeLog (262886 => 262887)
--- branches/safari-609-branch/LayoutTests/ChangeLog 2020-06-11 00:46:54 UTC (rev 262886)
+++ branches/safari-609-branch/LayoutTests/ChangeLog 2020-06-11 01:05:06 UTC (rev 262887)
@@ -1,5 +1,63 @@
2020-06-10 Alan Coon <alanc...@apple.com>
+ Cherry-pick r262870. rdar://problem/64232759
+
+ Improve CSP compliance under PSON
+ https://bugs.webkit.org/show_bug.cgi?id=212995
+ <rdar://problem/62996186>
+
+ Reviewed by Chris Dumez.
+
+ LayoutTests/imported/w3c:
+
+ Rebaseline an existing test, since CSP is now checked before any navigations performed by a form action.
+
+ * web-platform-tests/content-security-policy/form-action/form-action-src-blocked.sub-expected.txt:
+
+ Source/WebCore:
+
+ Tests: http/tests/security/contentSecurityPolicy/1.1/form-action-src-self-blocked.html
+
+ The form submission logic was only considering CSP if the form
+ action was a _javascript_ URL. This is incorrect, as CSP might
+ apply to any URL.
+
+ This is also covered by the existing form-action CSP tests.
+
+ * loader/FrameLoader.cpp:
+ (WebCore::FrameLoader::submitForm): All URLs should be evaluted for
+ compliance with CSP.
+
+ LayoutTests:
+
+ Add a new test to confirm that CSP rules are honored for form-action operations during process swap.
+ This also rebaselines an existing test, since CSP is now checked before any navigations performed by
+ a form action.
+
+ * http/tests/security/contentSecurityPolicy/1.1/form-action-src-get-blocked-expected.txt: Rebaselined.
+ * http/tests/security/contentSecurityPolicy/1.1/form-action-src-self-blocked-expected.txt: Copied from LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-get-blocked-expected.txt.
+ * http/tests/security/contentSecurityPolicy/1.1/form-action-src-self-blocked.html: Added.
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@262870 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2020-06-10 Brent Fulgham <bfulg...@apple.com>
+
+ Improve CSP compliance under PSON
+ https://bugs.webkit.org/show_bug.cgi?id=212995
+ <rdar://problem/62996186>
+
+ Reviewed by Chris Dumez.
+
+ Add a new test to confirm that CSP rules are honored for form-action operations during process swap.
+ This also rebaselines an existing test, since CSP is now checked before any navigations performed by
+ a form action.
+
+ * http/tests/security/contentSecurityPolicy/1.1/form-action-src-get-blocked-expected.txt: Rebaselined.
+ * http/tests/security/contentSecurityPolicy/1.1/form-action-src-self-blocked-expected.txt: Copied from LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-get-blocked-expected.txt.
+ * http/tests/security/contentSecurityPolicy/1.1/form-action-src-self-blocked.html: Added.
+
+2020-06-10 Alan Coon <alanc...@apple.com>
+
Cherry-pick r262841. rdar://problem/64226920
REGRESSION(r262798): fast/mediastream/media-stream-track-interrupted.html is failing
Modified: branches/safari-609-branch/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-get-blocked-expected.txt (262886 => 262887)
--- branches/safari-609-branch/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-get-blocked-expected.txt 2020-06-11 00:46:54 UTC (rev 262886)
+++ branches/safari-609-branch/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-get-blocked-expected.txt 2020-06-11 01:05:06 UTC (rev 262887)
@@ -1,4 +1,4 @@
-CONSOLE MESSAGE: Refused to load http://127.0.0.1:8000/navigation/resources/form-target.pl?fieldname=fieldvalue because it does not appear in the form-action directive of the Content Security Policy.
+CONSOLE MESSAGE: Refused to load http://127.0.0.1:8000/navigation/resources/form-target.pl because it does not appear in the form-action directive of the Content Security Policy.
Tests that blocking form actions works correctly. If this test passes, you will see a console error, and will not see a page indicating a form was POSTed.
Copied: branches/safari-609-branch/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-self-blocked-expected.txt (from rev 262883, branches/safari-609-branch/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-get-blocked-expected.txt) (0 => 262887)
--- branches/safari-609-branch/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-self-blocked-expected.txt (rev 0)
+++ branches/safari-609-branch/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-self-blocked-expected.txt 2020-06-11 01:05:06 UTC (rev 262887)
@@ -0,0 +1,7 @@
+CONSOLE MESSAGE: Refused to load http://localhost:8000/navigation/resources/form-target.pl because it does not appear in the form-action directive of the Content Security Policy.
+
+Tests that blocking form actions works correctly. If this test passes, you will see a console error, and will not see a page indicating a form was POSTed.
+
+============== Back Forward List ==============
+curr-> http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/form-action-src-self-blocked.html **nav target**
+===============================================
Added: branches/safari-609-branch/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-self-blocked.html (0 => 262887)
--- branches/safari-609-branch/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-self-blocked.html (rev 0)
+++ branches/safari-609-branch/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-self-blocked.html 2020-06-11 01:05:06 UTC (rev 262887)
@@ -0,0 +1,30 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Security-Policy" content="form-action 'self'">
+<script>
+ if (window.testRunner) {
+ testRunner.dumpAsText();
+ testRunner.waitUntilDone();
+ testRunner.clearBackForwardList();
+ testRunner.dumpBackForwardList();
+ }
+ window.addEventListener('load', function() {
+ setTimeout(function() {
+ document.getElementById('submit').click();
+ setTimeout(function () {
+ testRunner.notifyDone();
+ }, 0);
+ }, 0);
+ });
+</script>
+</head>
+<body>
+ <form action='' id='theform' method='post'>
+ <input type='text' name='fieldname' value='fieldvalue'>
+ <input type='submit' id='submit' value='submit'>
+ </form>
+
+ <p>Tests that blocking form actions works correctly. If this test passes, you will see a console error, and will not see a page indicating a form was POSTed.</p>
+</body>
+</html>
Modified: branches/safari-609-branch/LayoutTests/imported/w3c/ChangeLog (262886 => 262887)
--- branches/safari-609-branch/LayoutTests/imported/w3c/ChangeLog 2020-06-11 00:46:54 UTC (rev 262886)
+++ branches/safari-609-branch/LayoutTests/imported/w3c/ChangeLog 2020-06-11 01:05:06 UTC (rev 262887)
@@ -1,3 +1,57 @@
+2020-06-10 Alan Coon <alanc...@apple.com>
+
+ Cherry-pick r262870. rdar://problem/64232759
+
+ Improve CSP compliance under PSON
+ https://bugs.webkit.org/show_bug.cgi?id=212995
+ <rdar://problem/62996186>
+
+ Reviewed by Chris Dumez.
+
+ LayoutTests/imported/w3c:
+
+ Rebaseline an existing test, since CSP is now checked before any navigations performed by a form action.
+
+ * web-platform-tests/content-security-policy/form-action/form-action-src-blocked.sub-expected.txt:
+
+ Source/WebCore:
+
+ Tests: http/tests/security/contentSecurityPolicy/1.1/form-action-src-self-blocked.html
+
+ The form submission logic was only considering CSP if the form
+ action was a _javascript_ URL. This is incorrect, as CSP might
+ apply to any URL.
+
+ This is also covered by the existing form-action CSP tests.
+
+ * loader/FrameLoader.cpp:
+ (WebCore::FrameLoader::submitForm): All URLs should be evaluted for
+ compliance with CSP.
+
+ LayoutTests:
+
+ Add a new test to confirm that CSP rules are honored for form-action operations during process swap.
+ This also rebaselines an existing test, since CSP is now checked before any navigations performed by
+ a form action.
+
+ * http/tests/security/contentSecurityPolicy/1.1/form-action-src-get-blocked-expected.txt: Rebaselined.
+ * http/tests/security/contentSecurityPolicy/1.1/form-action-src-self-blocked-expected.txt: Copied from LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-get-blocked-expected.txt.
+ * http/tests/security/contentSecurityPolicy/1.1/form-action-src-self-blocked.html: Added.
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@262870 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2020-06-10 Brent Fulgham <bfulg...@apple.com>
+
+ Improve CSP compliance under PSON
+ https://bugs.webkit.org/show_bug.cgi?id=212995
+ <rdar://problem/62996186>
+
+ Reviewed by Chris Dumez.
+
+ Rebaseline an existing test, since CSP is now checked before any navigations performed by a form action.
+
+ * web-platform-tests/content-security-policy/form-action/form-action-src-blocked.sub-expected.txt:
+
2020-04-10 Ryan Haddad <ryanhad...@apple.com>
Cherry-pick r258411. rdar://problem/61410180
Modified: branches/safari-609-branch/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/form-action/form-action-src-blocked.sub-expected.txt (262886 => 262887)
--- branches/safari-609-branch/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/form-action/form-action-src-blocked.sub-expected.txt 2020-06-11 00:46:54 UTC (rev 262886)
+++ branches/safari-609-branch/LayoutTests/imported/w3c/web-platform-tests/content-security-policy/form-action/form-action-src-blocked.sub-expected.txt 2020-06-11 01:05:06 UTC (rev 262887)
@@ -4,5 +4,4 @@
FAIL Expecting logs: ["violated-directive=form-action","TEST COMPLETE"] assert_unreached: Logging timeout, expected logs violated-directive=form-action not sent. Reached unreachable code
-FAIL form-action-src-blocked assert_unreached: FAIL Reached unreachable code
Modified: branches/safari-609-branch/Source/WebCore/ChangeLog (262886 => 262887)
--- branches/safari-609-branch/Source/WebCore/ChangeLog 2020-06-11 00:46:54 UTC (rev 262886)
+++ branches/safari-609-branch/Source/WebCore/ChangeLog 2020-06-11 01:05:06 UTC (rev 262887)
@@ -1,5 +1,67 @@
2020-06-10 Alan Coon <alanc...@apple.com>
+ Cherry-pick r262870. rdar://problem/64232759
+
+ Improve CSP compliance under PSON
+ https://bugs.webkit.org/show_bug.cgi?id=212995
+ <rdar://problem/62996186>
+
+ Reviewed by Chris Dumez.
+
+ LayoutTests/imported/w3c:
+
+ Rebaseline an existing test, since CSP is now checked before any navigations performed by a form action.
+
+ * web-platform-tests/content-security-policy/form-action/form-action-src-blocked.sub-expected.txt:
+
+ Source/WebCore:
+
+ Tests: http/tests/security/contentSecurityPolicy/1.1/form-action-src-self-blocked.html
+
+ The form submission logic was only considering CSP if the form
+ action was a _javascript_ URL. This is incorrect, as CSP might
+ apply to any URL.
+
+ This is also covered by the existing form-action CSP tests.
+
+ * loader/FrameLoader.cpp:
+ (WebCore::FrameLoader::submitForm): All URLs should be evaluted for
+ compliance with CSP.
+
+ LayoutTests:
+
+ Add a new test to confirm that CSP rules are honored for form-action operations during process swap.
+ This also rebaselines an existing test, since CSP is now checked before any navigations performed by
+ a form action.
+
+ * http/tests/security/contentSecurityPolicy/1.1/form-action-src-get-blocked-expected.txt: Rebaselined.
+ * http/tests/security/contentSecurityPolicy/1.1/form-action-src-self-blocked-expected.txt: Copied from LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-get-blocked-expected.txt.
+ * http/tests/security/contentSecurityPolicy/1.1/form-action-src-self-blocked.html: Added.
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@262870 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2020-06-10 Brent Fulgham <bfulg...@apple.com>
+
+ Improve CSP compliance under PSON
+ https://bugs.webkit.org/show_bug.cgi?id=212995
+ <rdar://problem/62996186>
+
+ Reviewed by Chris Dumez.
+
+ Tests: http/tests/security/contentSecurityPolicy/1.1/form-action-src-self-blocked.html
+
+ The form submission logic was only considering CSP if the form
+ action was a _javascript_ URL. This is incorrect, as CSP might
+ apply to any URL.
+
+ This is also covered by the existing form-action CSP tests.
+
+ * loader/FrameLoader.cpp:
+ (WebCore::FrameLoader::submitForm): All URLs should be evaluted for
+ compliance with CSP.
+
+2020-06-10 Alan Coon <alanc...@apple.com>
+
Cherry-pick r262841. rdar://problem/64226920
REGRESSION(r262798): fast/mediastream/media-stream-track-interrupted.html is failing
Modified: branches/safari-609-branch/Source/WebCore/loader/FrameLoader.cpp (262886 => 262887)
--- branches/safari-609-branch/Source/WebCore/loader/FrameLoader.cpp 2020-06-11 00:46:54 UTC (rev 262886)
+++ branches/safari-609-branch/Source/WebCore/loader/FrameLoader.cpp 2020-06-11 01:05:06 UTC (rev 262887)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2006-2018 Apple Inc. All rights reserved.
+ * Copyright (C) 2006-2020 Apple Inc. All rights reserved.
* Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies)
* Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. (http://www.torchmobile.com/)
* Copyright (C) 2008 Alp Toker <a...@atoker.com>
@@ -461,9 +461,11 @@
return;
}
- if (WTF::protocolIsJavaScript(submission->action())) {
- if (!m_frame.document()->contentSecurityPolicy()->allowFormAction(URL(submission->action())))
- return;
+ URL formAction = submission->action();
+ if (!m_frame.document()->contentSecurityPolicy()->allowFormAction(formAction))
+ return;
+
+ if (formAction.protocolIsJavaScript()) {
m_isExecutingJavaScriptFormAction = true;
Ref<Frame> protect(m_frame);
m_frame.script().executeIfJavaScriptURL(submission->action(), nullptr, DoNotReplaceDocumentIfJavaScriptURL);