Event handlers should not be called in frameless documents
authorcdumez@apple.com <cdumez@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 14 Jun 2017 03:48:23 +0000 (03:48 +0000)
committercdumez@apple.com <cdumez@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 14 Jun 2017 03:48:23 +0000 (03:48 +0000)
commit07871c558fec06816c6f49618798ffbe88dbfe69
tree7faca4d0ace4be1e8a14f761192fe63bd5369f73
parentbedce87e55120a23356b61152e87a4f64f20008a
Event handlers should not be called in frameless documents
https://bugs.webkit.org/show_bug.cgi?id=173233

Reviewed by Sam Weinig.

LayoutTests/imported/w3c:

Rebaseline W3C test now that it is passing.

* web-platform-tests/html/webappapis/scripting/events/uncompiled_event_handler_with_scripting_disabled-expected.txt:

Source/WebCore:

As per the HTML specification [1], for event handlers on elements, we should use the
element's document to check if scripting is disabled [2]. Scripting is considered to
be disabled if the document has no browsing context (i.e. a frame in WebKit terms).

In JSLazyEventListener::initializeJSFunction(), instead of using the element's
document to do the checks, we would use the script execution context. In most cases,
a node's document and its script execution context are the same so this is not an
issue. However, if the node's document is a document created via JS, its nodes'
script execution context will be the document's context document (i.e the one that
created the document, see implementation of Node::scriptExecutionContext()). In those
cases, using the wrong document is an issue because the document's context document
(aka script execution context) may allow scripting but we still do not want to call
the event handler because its document is frameless.

This impacts documents created by JS, using the following APIs:
- DOMParser.parseFromHTML
- new Document()
- DOMImplementation.createDocument / createHTMLDocument
- XHRs whose responseType is Document.

[1] https://html.spec.whatwg.org/multipage/webappapis.html#getting-the-current-value-of-the-event-handler (step 1.1.)
[2] https://html.spec.whatwg.org/multipage/webappapis.html#concept-n-noscript

Tests: fast/events/event-handler-detached-document-dispatchEvent.html
       fast/events/event-handler-detached-document.html

* bindings/js/JSLazyEventListener.cpp:
(WebCore::JSLazyEventListener::initializeJSFunction):

LayoutTests:

Extend layout test coverage.

* fast/events/event-handler-detached-document-dispatchEvent-expected.txt: Added.
* fast/events/event-handler-detached-document-dispatchEvent.html: Added.
* fast/events/event-handler-detached-document-expected.txt: Added.
* fast/events/event-handler-detached-document.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@218242 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog
LayoutTests/fast/events/event-handler-detached-document-dispatchEvent-expected.txt [new file with mode: 0644]
LayoutTests/fast/events/event-handler-detached-document-dispatchEvent.html [new file with mode: 0644]
LayoutTests/fast/events/event-handler-detached-document-expected.txt [new file with mode: 0644]
LayoutTests/fast/events/event-handler-detached-document.html [new file with mode: 0644]
LayoutTests/imported/w3c/ChangeLog
LayoutTests/imported/w3c/web-platform-tests/html/webappapis/scripting/events/uncompiled_event_handler_with_scripting_disabled-expected.txt
Source/WebCore/ChangeLog
Source/WebCore/bindings/js/JSLazyEventListener.cpp