[webkit-changes] [197091] releases/WebKitGTK/webkit-2.12

Thu, 25 Feb 2016 02:51:07 -0800

Title: [197091] releases/WebKitGTK/webkit-2.12
Revision
197091
Author
carlo...@webkit.org
Date
2016-02-25 02:51:03 -0800 (Thu, 25 Feb 2016)

Log Message

Merge r196889 - iframe/frame/object.contentDocument should be on the prototype
https://bugs.webkit.org/show_bug.cgi?id=154409

Reviewed by Sam Weinig.

LayoutTests/imported/w3c:

Rebaseline now that more checks are passing.

* web-platform-tests/html/dom/interfaces-expected.txt:

Source/WebCore:

Move iframe/frame/object.contentDocument to the prototype. They used
to be on the instance due to the [CheckSecurityForNode] IDL extended
attribute. This patch updates the bindings generator so that such
attributes are now on the prototype. While they are now on the
prototype, the security checks are still generated in the
corresponding getters and setters so cross origin access is still
prevented.

Test: http/tests/security/cross-origin-iframe-contentDocument.html

* bindings/scripts/CodeGeneratorJS.pm:
(AttributeShouldBeOnInstance): Deleted.

LayoutTests:

Add test coverage for trying to access iframe.contentDocument cross origin
to make sure it still fails and logs a security error.

* http/tests/security/cross-origin-iframe-contentDocument-expected.txt: Added.
* http/tests/security/cross-origin-iframe-contentDocument.html: Added.

Modified Paths

Added Paths

Diff

Modified: releases/WebKitGTK/webkit-2.12/LayoutTests/ChangeLog (197090 => 197091)


--- releases/WebKitGTK/webkit-2.12/LayoutTests/ChangeLog	2016-02-25 10:35:50 UTC (rev 197090)
+++ releases/WebKitGTK/webkit-2.12/LayoutTests/ChangeLog	2016-02-25 10:51:03 UTC (rev 197091)
@@ -1,3 +1,16 @@
+2016-02-21  Chris Dumez  <cdu...@apple.com>
+
+        iframe/frame/object.contentDocument should be on the prototype
+        https://bugs.webkit.org/show_bug.cgi?id=154409
+
+        Reviewed by Sam Weinig.
+
+        Add test coverage for trying to access iframe.contentDocument cross origin
+        to make sure it still fails and logs a security error.
+
+        * http/tests/security/cross-origin-iframe-contentDocument-expected.txt: Added.
+        * http/tests/security/cross-origin-iframe-contentDocument.html: Added.
+
 2016-02-24  Daniel Bates  <daba...@apple.com>
 
         CSP: Enable plugin-types directive by default

Added: releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/security/cross-origin-iframe-contentDocument-expected.txt (0 => 197091)


--- releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/security/cross-origin-iframe-contentDocument-expected.txt	                        (rev 0)
+++ releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/security/cross-origin-iframe-contentDocument-expected.txt	2016-02-25 10:51:03 UTC (rev 197091)
@@ -0,0 +1,16 @@
+CONSOLE MESSAGE: line 16: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
+CONSOLE MESSAGE: line 1: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
+CONSOLE MESSAGE: line 1: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match.
+Tests that iframe.contentDocument is not accessible cross-origin.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS crossOriginFrame.contentDocument returned null.
+PASS Object.getOwnPropertyDescriptor(sameOriginFrame.__proto__, "contentDocument").get.call(crossOriginFrame) returned null.
+PASS Object.getOwnPropertyDescriptor(crossOriginFrame.__proto__, "contentDocument").get.call(crossOriginFrame) returned null.
+PASS Object.getOwnPropertyDescriptor(crossOriginFrame, "contentDocument") returned undefined.
+PASS successfullyParsed is true
+
+TEST COMPLETE
+

Added: releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/security/cross-origin-iframe-contentDocument.html (0 => 197091)


--- releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/security/cross-origin-iframe-contentDocument.html	                        (rev 0)
+++ releases/WebKitGTK/webkit-2.12/LayoutTests/http/tests/security/cross-origin-iframe-contentDocument.html	2016-02-25 10:51:03 UTC (rev 197091)
@@ -0,0 +1,43 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script src=""
+</head>
+<body _onload_="runTest()">
+<iframe id="crossOriginFrame" src=""
+<iframe id="sameOriginFrame" src=""
+<script>
+description("Tests that iframe.contentDocument is not accessible cross-origin.");
+jsTestIsAsync = true;
+
+function shouldThrowOrReturnUndefinedOrNull(_expression_)
+{
+    try {
+        result = eval(_expression_);
+    } catch (e) {
+        testPassed(_expression_ + " threw exception " + e + ".");
+        return;
+    }
+    if (result === undefined)
+        testPassed(_expression_ + " returned undefined.");
+    else if (result === null)
+        testPassed(_expression_ + " returned null.");
+    else
+        testFailed(_expression_ + " returned " + result);
+}
+
+function runTest()
+{
+    crossOriginFrame = document.getElementById("crossOriginFrame");
+    sameOriginFrame = document.getElementById("sameOriginFrame");
+
+    shouldThrowOrReturnUndefinedOrNull('crossOriginFrame.contentDocument');
+    shouldThrowOrReturnUndefinedOrNull('Object.getOwnPropertyDescriptor(sameOriginFrame.__proto__, "contentDocument").get.call(crossOriginFrame)');
+    shouldThrowOrReturnUndefinedOrNull('Object.getOwnPropertyDescriptor(crossOriginFrame.__proto__, "contentDocument").get.call(crossOriginFrame)');
+    shouldThrowOrReturnUndefinedOrNull('Object.getOwnPropertyDescriptor(crossOriginFrame, "contentDocument")');
+    finishJSTest();
+}
+</script>
+</body>
+<script src=""
+</html>

Modified: releases/WebKitGTK/webkit-2.12/LayoutTests/imported/w3c/ChangeLog (197090 => 197091)


--- releases/WebKitGTK/webkit-2.12/LayoutTests/imported/w3c/ChangeLog	2016-02-25 10:35:50 UTC (rev 197090)
+++ releases/WebKitGTK/webkit-2.12/LayoutTests/imported/w3c/ChangeLog	2016-02-25 10:51:03 UTC (rev 197091)
@@ -1,3 +1,14 @@
+2016-02-21  Chris Dumez  <cdu...@apple.com>
+
+        iframe/frame/object.contentDocument should be on the prototype
+        https://bugs.webkit.org/show_bug.cgi?id=154409
+
+        Reviewed by Sam Weinig.
+
+        Rebaseline now that more checks are passing.
+
+        * web-platform-tests/html/dom/interfaces-expected.txt:
+
 2016-02-18  Chris Dumez  <cdu...@apple.com>
 
         window.history / window.navigator should not be replaceable

Modified: releases/WebKitGTK/webkit-2.12/LayoutTests/imported/w3c/web-platform-tests/html/dom/interfaces-expected.txt (197090 => 197091)


--- releases/WebKitGTK/webkit-2.12/LayoutTests/imported/w3c/web-platform-tests/html/dom/interfaces-expected.txt	2016-02-25 10:35:50 UTC (rev 197090)
+++ releases/WebKitGTK/webkit-2.12/LayoutTests/imported/w3c/web-platform-tests/html/dom/interfaces-expected.txt	2016-02-25 10:51:03 UTC (rev 197091)
@@ -1786,7 +1786,7 @@
 FAIL HTMLIFrameElement interface: attribute allowFullscreen assert_true: The prototype object must have a property "allowFullscreen" expected true got false
 PASS HTMLIFrameElement interface: attribute width 
 PASS HTMLIFrameElement interface: attribute height 
-FAIL HTMLIFrameElement interface: attribute contentDocument assert_true: The prototype object must have a property "contentDocument" expected true got false
+PASS HTMLIFrameElement interface: attribute contentDocument 
 PASS HTMLIFrameElement interface: attribute contentWindow 
 PASS HTMLIFrameElement interface: attribute align 
 PASS HTMLIFrameElement interface: attribute scrolling 
@@ -1828,7 +1828,7 @@
 PASS HTMLObjectElement interface: attribute form 
 PASS HTMLObjectElement interface: attribute width 
 PASS HTMLObjectElement interface: attribute height 
-FAIL HTMLObjectElement interface: attribute contentDocument assert_true: The prototype object must have a property "contentDocument" expected true got false
+PASS HTMLObjectElement interface: attribute contentDocument 
 FAIL HTMLObjectElement interface: attribute contentWindow assert_true: The prototype object must have a property "contentWindow" expected true got false
 PASS HTMLObjectElement interface: attribute willValidate 
 PASS HTMLObjectElement interface: attribute validity 
@@ -4759,7 +4759,7 @@
 PASS HTMLFrameElement interface: attribute frameBorder 
 PASS HTMLFrameElement interface: attribute longDesc 
 PASS HTMLFrameElement interface: attribute noResize 
-FAIL HTMLFrameElement interface: attribute contentDocument assert_true: The prototype object must have a property "contentDocument" expected true got false
+PASS HTMLFrameElement interface: attribute contentDocument 
 PASS HTMLFrameElement interface: attribute contentWindow 
 PASS HTMLFrameElement interface: attribute marginHeight 
 PASS HTMLFrameElement interface: attribute marginWidth 
@@ -4771,7 +4771,7 @@
 PASS HTMLFrameElement interface: document.createElement("frame") must inherit property "frameBorder" with the proper type (3) 
 PASS HTMLFrameElement interface: document.createElement("frame") must inherit property "longDesc" with the proper type (4) 
 PASS HTMLFrameElement interface: document.createElement("frame") must inherit property "noResize" with the proper type (5) 
-FAIL HTMLFrameElement interface: document.createElement("frame") must inherit property "contentDocument" with the proper type (6) assert_inherits: property "contentDocument" found on object expected in prototype chain
+PASS HTMLFrameElement interface: document.createElement("frame") must inherit property "contentDocument" with the proper type (6) 
 PASS HTMLFrameElement interface: document.createElement("frame") must inherit property "contentWindow" with the proper type (7) 
 PASS HTMLFrameElement interface: document.createElement("frame") must inherit property "marginHeight" with the proper type (8) 
 PASS HTMLFrameElement interface: document.createElement("frame") must inherit property "marginWidth" with the proper type (9)

Modified: releases/WebKitGTK/webkit-2.12/Source/WebCore/ChangeLog (197090 => 197091)


--- releases/WebKitGTK/webkit-2.12/Source/WebCore/ChangeLog	2016-02-25 10:35:50 UTC (rev 197090)
+++ releases/WebKitGTK/webkit-2.12/Source/WebCore/ChangeLog	2016-02-25 10:51:03 UTC (rev 197091)
@@ -1,3 +1,23 @@
+2016-02-21  Chris Dumez  <cdu...@apple.com>
+
+        iframe/frame/object.contentDocument should be on the prototype
+        https://bugs.webkit.org/show_bug.cgi?id=154409
+
+        Reviewed by Sam Weinig.
+
+        Move iframe/frame/object.contentDocument to the prototype. They used
+        to be on the instance due to the [CheckSecurityForNode] IDL extended
+        attribute. This patch updates the bindings generator so that such
+        attributes are now on the prototype. While they are now on the
+        prototype, the security checks are still generated in the
+        corresponding getters and setters so cross origin access is still
+        prevented.
+
+        Test: http/tests/security/cross-origin-iframe-contentDocument.html
+
+        * bindings/scripts/CodeGeneratorJS.pm:
+        (AttributeShouldBeOnInstance): Deleted.
+
 2016-02-24  Daniel Bates  <daba...@apple.com>
 
         CSP: Enable plugin-types directive by default

Modified: releases/WebKitGTK/webkit-2.12/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm (197090 => 197091)


--- releases/WebKitGTK/webkit-2.12/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm	2016-02-25 10:35:50 UTC (rev 197090)
+++ releases/WebKitGTK/webkit-2.12/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm	2016-02-25 10:51:03 UTC (rev 197091)
@@ -701,11 +701,6 @@
     # https://heycam.github.io/webidl/#Unforgeable
     return 1 if IsUnforgeable($interface, $attribute);
 
-    # It becomes hard to reason about attributes that require security checks if we push
-    # them down the prototype chain, so before we do these we'll need to carefully consider
-    # the possible pitfalls.
-    return 1 if $attribute->signature->extendedAttributes->{"CheckSecurityForNode"};
-
     return 1 if AttributeShouldBeOnInstanceForCompatibility($interface, $attribute);
 
     if ($interface->extendedAttributes->{"CheckSecurity"}) {

Modified: releases/WebKitGTK/webkit-2.12/Source/WebCore/bindings/scripts/test/JS/JSTestObj.cpp (197090 => 197091)


--- releases/WebKitGTK/webkit-2.12/Source/WebCore/bindings/scripts/test/JS/JSTestObj.cpp	2016-02-25 10:35:50 UTC (rev 197090)
+++ releases/WebKitGTK/webkit-2.12/Source/WebCore/bindings/scripts/test/JS/JSTestObj.cpp	2016-02-25 10:51:03 UTC (rev 197091)
@@ -367,12 +367,12 @@
 /* Hash table */
 
 static const struct CompactHashIndex JSTestObjTableIndex[17] = {
+    { -1, -1 },
+    { -1, -1 },
     { 5, -1 },
     { -1, -1 },
-    { 6, -1 },
     { -1, -1 },
     { -1, -1 },
-    { -1, -1 },
     { 4, -1 },
     { -1, -1 },
     { 1, -1 },
@@ -406,11 +406,10 @@
 #else
     { 0, 0, NoIntrinsic, { 0, 0 } },
 #endif
-    { "contentDocument", ReadOnly | CustomAccessor, NoIntrinsic, { (intptr_t)static_cast<PropertySlot::GetValueFunc>(jsTestObjContentDocument), (intptr_t) static_cast<PutPropertySlot::PutValueFunc>(0) } },
     { "unforgeableMethod", DontDelete | ReadOnly | JSC::Function, NoIntrinsic, { (intptr_t)static_cast<NativeFunction>(jsTestObjInstanceFunctionUnforgeableMethod), (intptr_t) (0) } },
 };
 
-static const HashTable JSTestObjTable = { 7, 15, true, JSTestObjTableValues, JSTestObjTableIndex };
+static const HashTable JSTestObjTable = { 6, 15, true, JSTestObjTableValues, JSTestObjTableIndex };
 /* Hash table for constructor */
 
 static const HashTableValue JSTestObjConstructorTableValues[] =
@@ -574,6 +573,7 @@
     { "cachedAttribute1", ReadOnly | CustomAccessor, NoIntrinsic, { (intptr_t)static_cast<PropertySlot::GetValueFunc>(jsTestObjCachedAttribute1), (intptr_t) static_cast<PutPropertySlot::PutValueFunc>(0) } },
     { "cachedAttribute2", ReadOnly | CustomAccessor, NoIntrinsic, { (intptr_t)static_cast<PropertySlot::GetValueFunc>(jsTestObjCachedAttribute2), (intptr_t) static_cast<PutPropertySlot::PutValueFunc>(0) } },
     { "anyAttribute", CustomAccessor, NoIntrinsic, { (intptr_t)static_cast<PropertySlot::GetValueFunc>(jsTestObjAnyAttribute), (intptr_t) static_cast<PutPropertySlot::PutValueFunc>(setJSTestObjAnyAttribute) } },
+    { "contentDocument", ReadOnly | CustomAccessor, NoIntrinsic, { (intptr_t)static_cast<PropertySlot::GetValueFunc>(jsTestObjContentDocument), (intptr_t) static_cast<PutPropertySlot::PutValueFunc>(0) } },
     { "mutablePoint", CustomAccessor, NoIntrinsic, { (intptr_t)static_cast<PropertySlot::GetValueFunc>(jsTestObjMutablePoint), (intptr_t) static_cast<PutPropertySlot::PutValueFunc>(setJSTestObjMutablePoint) } },
     { "immutablePoint", CustomAccessor, NoIntrinsic, { (intptr_t)static_cast<PropertySlot::GetValueFunc>(jsTestObjImmutablePoint), (intptr_t) static_cast<PutPropertySlot::PutValueFunc>(setJSTestObjImmutablePoint) } },
     { "strawberry", CustomAccessor, NoIntrinsic, { (intptr_t)static_cast<PropertySlot::GetValueFunc>(jsTestObjStrawberry), (intptr_t) static_cast<PutPropertySlot::PutValueFunc>(setJSTestObjStrawberry) } },

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to