Popups opened from a sandboxed iframe should themselves be sandboxed
authorwilander@apple.com <wilander@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 5 Aug 2016 16:51:05 +0000 (16:51 +0000)
committerwilander@apple.com <wilander@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 5 Aug 2016 16:51:05 +0000 (16:51 +0000)
commit68646e9f442ad07a7751e8e912af7324dcfb360a
tree57b42c59589b2a4dac9264b33f19b4a308ad69c9
parentba5443de405e8a0b4d817a357a7e9ce289c6bbff
Popups opened from a sandboxed iframe should themselves be sandboxed
https://bugs.webkit.org/show_bug.cgi?id=134850
<rdar://problem/27375388>

Reviewed by Brent Fulgham.

Source/WebCore:

This replicates the behavior in Chrome, Firefox, and according to the reporter
also in Internet Explorer. See the Mozilla bug report:
https://bugzilla.mozilla.org/show_bug.cgi?id=1037381#c1

Test: http/tests/security/window-opened-from-sandboxed-iframe-should-inherit-sandbox.html

* page/Chrome.cpp:
(WebCore::Chrome::createWindow):
    Now copies the opener's frame loader effective sandbox flags to the new
    frame loader.

LayoutTests:

* http/tests/security/resources/anchor-tag-with-blank-target.html: Added.
* http/tests/security/resources/page-executing-javascript.html: Added.
* http/tests/security/window-opened-from-sandboxed-iframe-should-inherit-sandbox-expected.txt: Added.
* http/tests/security/window-opened-from-sandboxed-iframe-should-inherit-sandbox.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@204174 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog
LayoutTests/http/tests/security/resources/anchor-tag-with-blank-target.html [new file with mode: 0644]
LayoutTests/http/tests/security/resources/page-executing-javascript.html [new file with mode: 0644]
LayoutTests/http/tests/security/window-opened-from-sandboxed-iframe-should-inherit-sandbox-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/window-opened-from-sandboxed-iframe-should-inherit-sandbox.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/page/Chrome.cpp