We should throw a SecurityError when denying access to cross-origin Window properties
authorcdumez@apple.com <cdumez@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 29 Aug 2016 19:37:01 +0000 (19:37 +0000)
committercdumez@apple.com <cdumez@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 29 Aug 2016 19:37:01 +0000 (19:37 +0000)
commit8b66ed238ec255460ebd3f4bc91eefc3ab577f17
tree7dc33cb88e4f7685b76fe176b12c12655a643113
parent39829f8146cad3feee9d74e6040114ea34e40d4a
We should throw a SecurityError when denying access to cross-origin Window properties
https://bugs.webkit.org/show_bug.cgi?id=161316

Reviewed by Darin Adler.

LayoutTests/imported/w3c:

Rebaseline existing tests to reflect behavior change.

* web-platform-tests/domparsing/innerhtml-05-expected.txt:
* web-platform-tests/html/semantics/forms/form-submission-0/getactionurl-expected.txt:

Source/WebCore:

We should throw a SecurityError when denying access to cross-origin Window properties:
- https://html.spec.whatwg.org/#crossorigingetownpropertyhelper-(-o,-p-)
- https://html.spec.whatwg.org/#crossoriginproperties-(-o-)

Firefox and Chrome already throw.

No new tests, updated existing tests.

* bindings/js/JSDOMWindowCustom.cpp:
(WebCore::jsDOMWindowGetOwnPropertySlotRestrictedAccess):

LayoutTests:

Update / rebaselined existing tests to reflect behavior change.

* fast/frames/sandboxed-iframe-history-denied-expected.txt:
* fast/xmlhttprequest/xmlhttprequest-no-file-access-expected.txt:
* fast/xmlhttprequest/xmlhttprequest-no-file-access.html:
* http/tests/dom/window-open-about-webkit-org-and-access-document-expected.txt:
* http/tests/dom/window-open-about-webkit-org-and-access-document.html:
* http/tests/history/cross-origin-replace-history-object-child-expected.txt:
* http/tests/history/cross-origin-replace-history-object-child.html:
* http/tests/plugins/cross-frame-object-access-expected.txt:
* http/tests/security/aboutBlank/xss-DENIED-navigate-opener-document-write-expected.txt:
* http/tests/security/aboutBlank/xss-DENIED-navigate-opener-javascript-url-expected.txt:
* http/tests/security/aboutBlank/xss-DENIED-set-opener-expected.txt:
* http/tests/security/contentSecurityPolicy/sandbox-allow-scripts-in-http-header-expected.txt:
* http/tests/security/contentSecurityPolicy/sandbox-allow-scripts-in-http-header.html:
* http/tests/security/cross-frame-access-call-expected.txt:
* http/tests/security/cross-frame-access-call.html:
* http/tests/security/cross-frame-access-child-explicit-domain-expected.txt:
* http/tests/security/cross-frame-access-custom-expected.txt:
* http/tests/security/cross-frame-access-first-time-expected.txt:
* http/tests/security/cross-frame-access-first-time.html:
* http/tests/security/cross-frame-access-get-custom-property-cached-expected.txt:
* http/tests/security/cross-frame-access-get-custom-property-cached.html:
* http/tests/security/cross-frame-access-get-expected.txt:
* http/tests/security/cross-frame-access-getOwnPropertyDescriptor-expected.txt:
* http/tests/security/cross-frame-access-getOwnPropertyDescriptor.html:
* http/tests/security/cross-frame-access-history-get-expected.txt:
* http/tests/security/cross-frame-access-history-get-override-expected.txt:
* http/tests/security/cross-frame-access-history-prototype-expected.txt:
* http/tests/security/cross-frame-access-name-getter-expected.txt:
* http/tests/security/cross-frame-access-object-getPrototypeOf-expected.txt:
* http/tests/security/cross-frame-access-object-getPrototypeOf.html:
* http/tests/security/cross-frame-access-object-prototype-expected.txt:
* http/tests/security/cross-frame-access-object-prototype.html:
* http/tests/security/cross-frame-access-parent-explicit-domain-expected.txt:
* http/tests/security/cross-frame-access-port-expected.txt:
* http/tests/security/cross-frame-access-protocol-expected.txt:
* http/tests/security/cross-frame-access-protocol-explicit-domain-expected.txt:
* http/tests/security/cross-frame-access-selection-expected.txt:
* http/tests/security/cross-frame-access-selection.html:
* http/tests/security/cross-origin-reified-window-property-access-expected.txt:
* http/tests/security/cross-origin-window-property-access-expected.txt:
* http/tests/security/dataURL/resources/foreign-domain-data-url-accessor-iframe.html:
* http/tests/security/dataURL/resources/foreign-domain-data-url-accessor-opened-frame.html:
* http/tests/security/dataURL/xss-DENIED-from-data-url-in-foreign-domain-subframe-expected.txt:
* http/tests/security/dataURL/xss-DENIED-from-data-url-in-foreign-domain-window-open-expected.txt:
* http/tests/security/dataURL/xss-DENIED-from-data-url-sub-frame-2-level-expected.txt:
* http/tests/security/dataURL/xss-DENIED-from-data-url-sub-frame-2-level.html:
* http/tests/security/dataURL/xss-DENIED-from-data-url-sub-frame-expected.txt:
* http/tests/security/dataURL/xss-DENIED-from-data-url-sub-frame-to-data-url-sub-frame-expected.txt:
* http/tests/security/dataURL/xss-DENIED-from-data-url-sub-frame-to-data-url-sub-frame.html:
* http/tests/security/dataURL/xss-DENIED-from-data-url-sub-frame.html:
* http/tests/security/dataURL/xss-DENIED-from-data-url-to-data-url-expected.txt:
* http/tests/security/dataURL/xss-DENIED-from-data-url-to-data-url.html:
* http/tests/security/dataURL/xss-DENIED-from-javascript-url-window-open-expected.txt:
* http/tests/security/dataURL/xss-DENIED-from-javascript-url-window-open.html:
* http/tests/security/dataURL/xss-DENIED-to-data-url-from-data-url-expected.txt:
* http/tests/security/dataURL/xss-DENIED-to-data-url-from-data-url.html:
* http/tests/security/dataURL/xss-DENIED-to-data-url-in-foreign-domain-subframe-expected.txt:
* http/tests/security/dataURL/xss-DENIED-to-data-url-in-foreign-domain-subframe-location-change-expected.txt:
* http/tests/security/dataURL/xss-DENIED-to-data-url-in-foreign-domain-subframe-location-change.html:
* http/tests/security/dataURL/xss-DENIED-to-data-url-in-foreign-domain-subframe.html:
* http/tests/security/dataURL/xss-DENIED-to-data-url-in-foreign-domain-window-open-expected.txt:
* http/tests/security/dataURL/xss-DENIED-to-data-url-in-foreign-domain-window-open.html:
* http/tests/security/dataURL/xss-DENIED-to-data-url-sub-frame-2-level-expected.txt:
* http/tests/security/dataURL/xss-DENIED-to-data-url-sub-frame-2-level.html:
* http/tests/security/dataURL/xss-DENIED-to-data-url-sub-frame-expected.txt:
* http/tests/security/dataURL/xss-DENIED-to-data-url-sub-frame-uppercase-expected.txt:
* http/tests/security/dataURL/xss-DENIED-to-data-url-window-open-expected.txt:
* http/tests/security/dataURL/xss-DENIED-to-data-url-window-open.html:
* http/tests/security/document-all-expected.txt:
* http/tests/security/document-all.html:
* http/tests/security/javascriptURL/resources/foreign-domain-javascript-url-accessor-iframe.html:
* http/tests/security/javascriptURL/resources/foreign-domain-javascript-url-accessor-opened-frame.html:
* http/tests/security/javascriptURL/xss-DENIED-from-javascript-url-in-foreign-domain-subframe-expected.txt:
* http/tests/security/javascriptURL/xss-DENIED-from-javascript-url-in-foreign-domain-window-open-expected.txt:
* http/tests/security/javascriptURL/xss-DENIED-to-javascript-url-in-foreign-domain-subframe-expected.txt:
* http/tests/security/javascriptURL/xss-DENIED-to-javascript-url-in-foreign-domain-subframe.html:
* http/tests/security/javascriptURL/xss-DENIED-to-javascript-url-in-foreign-domain-window-open-expected.txt:
* http/tests/security/javascriptURL/xss-DENIED-to-javascript-url-in-foreign-domain-window-open.html:
* http/tests/security/listener/resources/targetChild-JSTargetNode-onclick-addEventListener.html:
* http/tests/security/listener/resources/targetChild-JSTargetNode-onclick-shortcut.html:
* http/tests/security/listener/resources/targetChild-XMLHttpRequest-addEventListener.html:
* http/tests/security/listener/resources/targetChild-XMLHttpRequest-shortcut.html:
* http/tests/security/listener/resources/targetChild-window-onclick-addEventListener.html:
* http/tests/security/listener/resources/targetChild-window-onclick-shortcut.html:
* http/tests/security/listener/xss-JSTargetNode-onclick-addEventListener-expected.txt:
* http/tests/security/listener/xss-JSTargetNode-onclick-shortcut-expected.txt:
* http/tests/security/listener/xss-XMLHttpRequest-addEventListener-expected.txt:
* http/tests/security/listener/xss-XMLHttpRequest-shortcut-expected.txt:
* http/tests/security/listener/xss-window-onclick-addEventListener-expected.txt:
* http/tests/security/listener/xss-window-onclick-shortcut-expected.txt:
* http/tests/security/resources/cross-frame-access.js:
(test):
(cannotAccessFrame):
* http/tests/security/resources/cross-frame-history-prototype-iframe.html:
* http/tests/security/resources/iframe-for-synchronous-form.html:
* http/tests/security/resources/sandboxed-iframe-origin-add-step1.html:
* http/tests/security/resources/sandboxed-iframe-origin-remove-step2.html:
* http/tests/security/sandboxed-iframe-modify-self-expected.txt:
* http/tests/security/sandboxed-iframe-origin-add-expected.txt:
* http/tests/security/sandboxed-iframe-origin-remove-expected.txt:
* http/tests/security/srcdoc-in-sandbox-cannot-access-parent-expected.txt:
* http/tests/security/xss-DENIED-defineProperty-expected.txt:
* http/tests/security/xss-DENIED-frame-name-expected.txt:
* http/tests/security/xss-DENIED-htmlelelment-with-iframe-proto-expected.txt:
* http/tests/security/xss-DENIED-htmlelelment-with-iframe-proto.html:
* http/tests/security/xss-DENIED-invalid-domain-change-expected.txt:
* http/tests/security/xss-DENIED-invalid-domain-change.html:
* http/tests/security/xss-DENIED-method-with-iframe-proto-expected.txt:
* http/tests/security/xss-DENIED-sandboxed-iframe-expected.txt:
* http/tests/security/xss-DENIED-synchronous-form-expected.txt:
* http/tests/security/xss-DENIED-window-name-navigator-expected.txt:
* http/tests/security/xss-DENIED-xsl-document-securityOrigin-expected.txt:
* http/tests/security/xss-DENIED-xsl-document-securityOrigin.xml:
* http/tests/security/xss-eval-expected.txt:
* http/tests/security/xss-eval.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@205136 268f45cc-cd09-0410-ab3c-d52691b4dbfc
119 files changed:
LayoutTests/ChangeLog
LayoutTests/fast/frames/sandboxed-iframe-history-denied-expected.txt
LayoutTests/fast/xmlhttprequest/xmlhttprequest-no-file-access-expected.txt
LayoutTests/fast/xmlhttprequest/xmlhttprequest-no-file-access.html
LayoutTests/http/tests/dom/window-open-about-webkit-org-and-access-document-expected.txt
LayoutTests/http/tests/dom/window-open-about-webkit-org-and-access-document.html
LayoutTests/http/tests/history/cross-origin-replace-history-object-child-expected.txt
LayoutTests/http/tests/history/cross-origin-replace-history-object-child.html
LayoutTests/http/tests/plugins/cross-frame-object-access-expected.txt
LayoutTests/http/tests/security/aboutBlank/xss-DENIED-navigate-opener-document-write-expected.txt
LayoutTests/http/tests/security/aboutBlank/xss-DENIED-navigate-opener-javascript-url-expected.txt
LayoutTests/http/tests/security/aboutBlank/xss-DENIED-set-opener-expected.txt
LayoutTests/http/tests/security/contentSecurityPolicy/sandbox-allow-scripts-in-http-header-expected.txt
LayoutTests/http/tests/security/contentSecurityPolicy/sandbox-allow-scripts-in-http-header.html
LayoutTests/http/tests/security/cross-frame-access-call-expected.txt
LayoutTests/http/tests/security/cross-frame-access-call.html
LayoutTests/http/tests/security/cross-frame-access-child-explicit-domain-expected.txt
LayoutTests/http/tests/security/cross-frame-access-custom-expected.txt
LayoutTests/http/tests/security/cross-frame-access-first-time-expected.txt
LayoutTests/http/tests/security/cross-frame-access-first-time.html
LayoutTests/http/tests/security/cross-frame-access-get-custom-property-cached-expected.txt
LayoutTests/http/tests/security/cross-frame-access-get-custom-property-cached.html
LayoutTests/http/tests/security/cross-frame-access-get-expected.txt
LayoutTests/http/tests/security/cross-frame-access-getOwnPropertyDescriptor-expected.txt
LayoutTests/http/tests/security/cross-frame-access-getOwnPropertyDescriptor.html
LayoutTests/http/tests/security/cross-frame-access-history-get-expected.txt
LayoutTests/http/tests/security/cross-frame-access-history-get-override-expected.txt
LayoutTests/http/tests/security/cross-frame-access-history-prototype-expected.txt
LayoutTests/http/tests/security/cross-frame-access-name-getter-expected.txt
LayoutTests/http/tests/security/cross-frame-access-object-getPrototypeOf-expected.txt
LayoutTests/http/tests/security/cross-frame-access-object-getPrototypeOf.html
LayoutTests/http/tests/security/cross-frame-access-object-prototype-expected.txt
LayoutTests/http/tests/security/cross-frame-access-object-prototype.html
LayoutTests/http/tests/security/cross-frame-access-parent-explicit-domain-expected.txt
LayoutTests/http/tests/security/cross-frame-access-port-expected.txt
LayoutTests/http/tests/security/cross-frame-access-protocol-expected.txt
LayoutTests/http/tests/security/cross-frame-access-protocol-explicit-domain-expected.txt
LayoutTests/http/tests/security/cross-frame-access-selection-expected.txt
LayoutTests/http/tests/security/cross-frame-access-selection.html
LayoutTests/http/tests/security/cross-origin-reified-window-property-access-expected.txt
LayoutTests/http/tests/security/cross-origin-window-property-access-expected.txt
LayoutTests/http/tests/security/dataURL/resources/foreign-domain-data-url-accessor-iframe.html
LayoutTests/http/tests/security/dataURL/resources/foreign-domain-data-url-accessor-opened-frame.html
LayoutTests/http/tests/security/dataURL/xss-DENIED-from-data-url-in-foreign-domain-subframe-expected.txt
LayoutTests/http/tests/security/dataURL/xss-DENIED-from-data-url-in-foreign-domain-window-open-expected.txt
LayoutTests/http/tests/security/dataURL/xss-DENIED-from-data-url-sub-frame-2-level-expected.txt
LayoutTests/http/tests/security/dataURL/xss-DENIED-from-data-url-sub-frame-2-level.html
LayoutTests/http/tests/security/dataURL/xss-DENIED-from-data-url-sub-frame-expected.txt
LayoutTests/http/tests/security/dataURL/xss-DENIED-from-data-url-sub-frame-to-data-url-sub-frame-expected.txt
LayoutTests/http/tests/security/dataURL/xss-DENIED-from-data-url-sub-frame-to-data-url-sub-frame.html
LayoutTests/http/tests/security/dataURL/xss-DENIED-from-data-url-sub-frame.html
LayoutTests/http/tests/security/dataURL/xss-DENIED-from-data-url-to-data-url-expected.txt
LayoutTests/http/tests/security/dataURL/xss-DENIED-from-data-url-to-data-url.html
LayoutTests/http/tests/security/dataURL/xss-DENIED-from-javascript-url-window-open-expected.txt
LayoutTests/http/tests/security/dataURL/xss-DENIED-from-javascript-url-window-open.html
LayoutTests/http/tests/security/dataURL/xss-DENIED-to-data-url-from-data-url-expected.txt
LayoutTests/http/tests/security/dataURL/xss-DENIED-to-data-url-from-data-url.html
LayoutTests/http/tests/security/dataURL/xss-DENIED-to-data-url-in-foreign-domain-subframe-expected.txt
LayoutTests/http/tests/security/dataURL/xss-DENIED-to-data-url-in-foreign-domain-subframe-location-change-expected.txt
LayoutTests/http/tests/security/dataURL/xss-DENIED-to-data-url-in-foreign-domain-subframe-location-change.html
LayoutTests/http/tests/security/dataURL/xss-DENIED-to-data-url-in-foreign-domain-subframe.html
LayoutTests/http/tests/security/dataURL/xss-DENIED-to-data-url-in-foreign-domain-window-open-expected.txt
LayoutTests/http/tests/security/dataURL/xss-DENIED-to-data-url-in-foreign-domain-window-open.html
LayoutTests/http/tests/security/dataURL/xss-DENIED-to-data-url-sub-frame-2-level-expected.txt
LayoutTests/http/tests/security/dataURL/xss-DENIED-to-data-url-sub-frame-2-level.html
LayoutTests/http/tests/security/dataURL/xss-DENIED-to-data-url-sub-frame-expected.txt
LayoutTests/http/tests/security/dataURL/xss-DENIED-to-data-url-sub-frame-uppercase-expected.txt
LayoutTests/http/tests/security/dataURL/xss-DENIED-to-data-url-window-open-expected.txt
LayoutTests/http/tests/security/dataURL/xss-DENIED-to-data-url-window-open.html
LayoutTests/http/tests/security/document-all-expected.txt
LayoutTests/http/tests/security/document-all.html
LayoutTests/http/tests/security/javascriptURL/resources/foreign-domain-javascript-url-accessor-iframe.html
LayoutTests/http/tests/security/javascriptURL/resources/foreign-domain-javascript-url-accessor-opened-frame.html
LayoutTests/http/tests/security/javascriptURL/xss-DENIED-from-javascript-url-in-foreign-domain-subframe-expected.txt
LayoutTests/http/tests/security/javascriptURL/xss-DENIED-from-javascript-url-in-foreign-domain-window-open-expected.txt
LayoutTests/http/tests/security/javascriptURL/xss-DENIED-to-javascript-url-in-foreign-domain-subframe-expected.txt
LayoutTests/http/tests/security/javascriptURL/xss-DENIED-to-javascript-url-in-foreign-domain-subframe.html
LayoutTests/http/tests/security/javascriptURL/xss-DENIED-to-javascript-url-in-foreign-domain-window-open-expected.txt
LayoutTests/http/tests/security/javascriptURL/xss-DENIED-to-javascript-url-in-foreign-domain-window-open.html
LayoutTests/http/tests/security/listener/resources/targetChild-JSTargetNode-onclick-addEventListener.html
LayoutTests/http/tests/security/listener/resources/targetChild-JSTargetNode-onclick-shortcut.html
LayoutTests/http/tests/security/listener/resources/targetChild-XMLHttpRequest-addEventListener.html
LayoutTests/http/tests/security/listener/resources/targetChild-XMLHttpRequest-shortcut.html
LayoutTests/http/tests/security/listener/resources/targetChild-window-onclick-addEventListener.html
LayoutTests/http/tests/security/listener/resources/targetChild-window-onclick-shortcut.html
LayoutTests/http/tests/security/listener/xss-JSTargetNode-onclick-addEventListener-expected.txt
LayoutTests/http/tests/security/listener/xss-JSTargetNode-onclick-shortcut-expected.txt
LayoutTests/http/tests/security/listener/xss-XMLHttpRequest-addEventListener-expected.txt
LayoutTests/http/tests/security/listener/xss-XMLHttpRequest-shortcut-expected.txt
LayoutTests/http/tests/security/listener/xss-window-onclick-addEventListener-expected.txt
LayoutTests/http/tests/security/listener/xss-window-onclick-shortcut-expected.txt
LayoutTests/http/tests/security/resources/cross-frame-access.js
LayoutTests/http/tests/security/resources/cross-frame-history-prototype-iframe.html
LayoutTests/http/tests/security/resources/iframe-for-synchronous-form.html
LayoutTests/http/tests/security/resources/sandboxed-iframe-origin-add-step1.html
LayoutTests/http/tests/security/resources/sandboxed-iframe-origin-remove-step2.html
LayoutTests/http/tests/security/sandboxed-iframe-modify-self-expected.txt
LayoutTests/http/tests/security/sandboxed-iframe-origin-add-expected.txt
LayoutTests/http/tests/security/sandboxed-iframe-origin-remove-expected.txt
LayoutTests/http/tests/security/srcdoc-in-sandbox-cannot-access-parent-expected.txt
LayoutTests/http/tests/security/xss-DENIED-defineProperty-expected.txt
LayoutTests/http/tests/security/xss-DENIED-frame-name-expected.txt
LayoutTests/http/tests/security/xss-DENIED-htmlelelment-with-iframe-proto-expected.txt
LayoutTests/http/tests/security/xss-DENIED-htmlelelment-with-iframe-proto.html
LayoutTests/http/tests/security/xss-DENIED-invalid-domain-change-expected.txt
LayoutTests/http/tests/security/xss-DENIED-invalid-domain-change.html
LayoutTests/http/tests/security/xss-DENIED-method-with-iframe-proto-expected.txt
LayoutTests/http/tests/security/xss-DENIED-sandboxed-iframe-expected.txt
LayoutTests/http/tests/security/xss-DENIED-synchronous-form-expected.txt
LayoutTests/http/tests/security/xss-DENIED-window-name-navigator-expected.txt
LayoutTests/http/tests/security/xss-DENIED-xsl-document-securityOrigin-expected.txt
LayoutTests/http/tests/security/xss-DENIED-xsl-document-securityOrigin.xml
LayoutTests/http/tests/security/xss-eval-expected.txt
LayoutTests/http/tests/security/xss-eval.html
LayoutTests/imported/w3c/ChangeLog
LayoutTests/imported/w3c/web-platform-tests/domparsing/innerhtml-05-expected.txt
LayoutTests/imported/w3c/web-platform-tests/html/semantics/forms/form-submission-0/getactionurl-expected.txt
Source/WebCore/ChangeLog
Source/WebCore/bindings/js/JSDOMWindowCustom.cpp