Prevent cross-site top-level navigations from third-party iframes
authorcdumez@apple.com <cdumez@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 8 Jan 2019 21:28:53 +0000 (21:28 +0000)
committercdumez@apple.com <cdumez@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 8 Jan 2019 21:28:53 +0000 (21:28 +0000)
commit20ce2d0dbe4a3baea18abc7389780569a93f2d8e
tree02a60df3fe66ca201c42df3c0e79b55eac3df854
parent00d257ff0b6ebf14588a5ec0cab3d94da0bca33a
Prevent cross-site top-level navigations from third-party iframes
https://bugs.webkit.org/show_bug.cgi?id=193076
<rdar://problem/36074736>

Reviewed by Alex Christensen.

Source/WebCore:

Prevent cross-site top-level navigations from third-party iframes if the following conditions are met:
1. Its tries to navigate the top-level page cross-site (different eTDL+1)
2. The user has never interacted with the third-party iframe or any of its subframes

This experiment's intent is to block suspicious main-frame navigations by third-party content. The feature
is behind a runtime experimental feature flag, on by default.

Tests: http/tests/security/allow-top-level-navigations-by-third-party-iframes-to-same-origin.html
       http/tests/security/allow-top-level-navigations-by-third-party-iframes-with-previous-user-activation.html
       http/tests/security/allow-top-level-navigations-by-third-party-iframes-with-user-activation.html
       http/tests/security/block-top-level-navigations-by-third-party-iframes.html

* dom/Document.cpp:
(WebCore::printNavigationErrorMessage):
(WebCore::Document::canNavigate):
(WebCore::Document::canNavigateInternal):
(WebCore::Document::isNavigationBlockedByThirdPartyIFrameRedirectBlocking):
* dom/Document.h:
* dom/UserGestureIndicator.cpp:
* page/DOMWindow.cpp:
(WebCore::DOMWindow::setLocation):
* page/DOMWindow.h:
* page/Frame.h:
* page/Location.cpp:
(WebCore::Location::replace):
(WebCore::Location::setLocation):
* page/Settings.yaml:

Source/WebKit:

Add experimental feature flag, on by default.

* Shared/WebPreferences.yaml:

LayoutTests:

Add layout test coverage.

* http/tests/security/allow-top-level-navigations-by-third-party-iframes-to-same-origin-expected.txt: Added.
* http/tests/security/allow-top-level-navigations-by-third-party-iframes-to-same-origin.html: Added.
* http/tests/security/allow-top-level-navigations-by-third-party-iframes-with-previous-user-activation-expected.txt: Added.
* http/tests/security/allow-top-level-navigations-by-third-party-iframes-with-previous-user-activation.html: Added.
* http/tests/security/allow-top-level-navigations-by-third-party-iframes-with-user-activation-expected.txt: Added.
* http/tests/security/allow-top-level-navigations-by-third-party-iframes-with-user-activation.html: Added.
* http/tests/security/block-top-level-navigations-by-third-party-iframes-expected.txt: Added.
* http/tests/security/block-top-level-navigations-by-third-party-iframes.html: Added.
* http/tests/security/resources/navigate-top-level-frame-to-failure-page.html: Added.
* http/tests/security/resources/navigate-top-level-frame-to-success-page-same-origin.html: Added.
* http/tests/security/resources/navigate-top-level-frame-to-success-page-with-previous-user-gesture.html: Added.
* http/tests/security/resources/navigate-top-level-frame-to-success-page-with-user-gesture.html: Added.
* http/tests/security/resources/should-have-loaded.html: Added.
* http/tests/security/resources/should-not-have-loaded.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@239742 268f45cc-cd09-0410-ab3c-d52691b4dbfc
31 files changed:
LayoutTests/ChangeLog
LayoutTests/http/tests/cookies/same-site/resources/click-hyperlink.php
LayoutTests/http/tests/security/allow-top-level-navigations-by-third-party-iframes-to-same-origin-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/allow-top-level-navigations-by-third-party-iframes-to-same-origin.html [new file with mode: 0644]
LayoutTests/http/tests/security/allow-top-level-navigations-by-third-party-iframes-with-previous-user-activation-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/allow-top-level-navigations-by-third-party-iframes-with-previous-user-activation.html [new file with mode: 0644]
LayoutTests/http/tests/security/allow-top-level-navigations-by-third-party-iframes-with-user-activation-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/allow-top-level-navigations-by-third-party-iframes-with-user-activation.html [new file with mode: 0644]
LayoutTests/http/tests/security/block-top-level-navigations-by-third-party-iframes-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/block-top-level-navigations-by-third-party-iframes.html [new file with mode: 0644]
LayoutTests/http/tests/security/frameNavigation/resources/iframe-that-performs-parent-navigation.html
LayoutTests/http/tests/security/resources/navigate-top-level-frame-to-failure-page.html [new file with mode: 0644]
LayoutTests/http/tests/security/resources/navigate-top-level-frame-to-success-page-same-origin.html [new file with mode: 0644]
LayoutTests/http/tests/security/resources/navigate-top-level-frame-to-success-page-with-previous-user-gesture.html [new file with mode: 0644]
LayoutTests/http/tests/security/resources/navigate-top-level-frame-to-success-page-with-user-gesture.html [new file with mode: 0644]
LayoutTests/http/tests/security/resources/should-have-loaded.html [new file with mode: 0644]
LayoutTests/http/tests/security/resources/should-not-have-loaded.html [new file with mode: 0644]
LayoutTests/http/tests/security/resources/xss-DENIED-window-open-parent-attacker.html
LayoutTests/http/tests/security/xss-DENIED-window-open-parent-expected.txt
Source/WebCore/ChangeLog
Source/WebCore/dom/Document.cpp
Source/WebCore/dom/Document.h
Source/WebCore/dom/UserGestureIndicator.cpp
Source/WebCore/page/DOMWindow.cpp
Source/WebCore/page/DOMWindow.h
Source/WebCore/page/Frame.h
Source/WebCore/page/Location.cpp
Source/WebCore/page/Settings.yaml
Source/WebCore/platform/network/ResourceRequestBase.h
Source/WebKit/ChangeLog
Source/WebKit/Shared/WebPreferences.yaml