A Document / Window should lose its browsing context as soon as its iframe is removed...
authorcdumez@apple.com <cdumez@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 5 Oct 2018 00:19:46 +0000 (00:19 +0000)
committercdumez@apple.com <cdumez@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 5 Oct 2018 00:19:46 +0000 (00:19 +0000)
commitb5d861562d3cb5f06f097d6d25bfe0d6ab199c69
treeaf215b8eb7dd9ab1bb84679e0699725b4350a912
parente13b2dba5bb761387afbfe181f8872d58196f3e5
A Document / Window should lose its browsing context as soon as its iframe is removed from the document
https://bugs.webkit.org/show_bug.cgi?id=190282

Reviewed by Ryosuke Niwa.

LayoutTests/imported/w3c:

Rebaseline several WPT tests that are now passing. I have verified that those tests are also passing in
Firefox and Chrome.

* web-platform-tests/html/browsers/windows/nested-browsing-contexts/window-parent-null-expected.txt:
* web-platform-tests/html/semantics/embedded-content/the-iframe-element/iframe-synchronously-discard-expected.txt:

Source/WebCore:

A Document / Window should lose its browsing context (aka Frame) as soon as its iframe is removed from
the document. In WebKit, a Document / Window's Frame was only getting nulled out when the frame gets
destroyed, which happens later usually after a GC happens.

Specification:
- https://html.spec.whatwg.org/#the-iframe-element
"""
When an iframe element is removed from a document, the user agent must discard the element's nested browsing
context, if it is not null, and then set the element's nested browsing context to null.
"""

This was not consistent with the specification or other browsers (tested Chrome and Firefox) so this
patch is aligning our behavior.

In a follow-up, I am planning to look into making the Window not be a FrameDestructionObserver, and instead
get its frame from the Document. This should make the code simpler.

No new tests, rebaselined existing tests.

* Modules/mediastream/MediaDevices.cpp:
(WebCore::MediaDevices::getUserMedia const):
* Modules/mediastream/MediaDevices.h:
Update getUserMedia() to reject a the Promise with an InvalidStateError when calling after the
document has been detached, instead of throwing an InvalidStateError. This behavior is as per
specification:
- https://w3c.github.io/mediacapture-main/#dom-mediadevices-getusermedia (Step 4)
I needed to make this change to keep one of our layout tests passing.

* dom/Document.cpp:
(WebCore::Document::attachToCachedFrame):
(WebCore::Document::detachFromFrame):
* dom/Document.h:
* page/DOMWindow.cpp:
(WebCore::DOMWindow::didSecureTransitionTo):
(WebCore::DOMWindow::willDetachDocumentFromFrame):
(WebCore::DOMWindow::setStatus):
(WebCore::DOMWindow::detachFromFrame):
(WebCore::DOMWindow::attachToFrame):
* page/DOMWindow.h:
* page/DOMWindowProperty.cpp:
(WebCore::DOMWindowProperty::disconnectFrameForDocumentSuspension):
(WebCore::DOMWindowProperty::willDestroyGlobalObjectInCachedFrame):
(WebCore::DOMWindowProperty::willDestroyGlobalObjectInFrame):
* page/Frame.cpp:
(WebCore::Frame::disconnectOwnerElement):

* platform/mock/MockRealtimeVideoSource.cpp:
(WebCore::MockRealtimeVideoSource::drawText):
Calling drawText() with a null String hits an assertion in debug. This was triggered by one of
our layout tests so I made sure we only call drawText when the String is not null.

LayoutTests:

Update existing layout test to reflect behavior change.

* fast/dom/Window/BarInfo-after-frame-removed.html:
* fast/dom/Window/dom-access-from-closure-iframe-expected.txt:
* fast/dom/Window/dom-access-from-closure-window-expected.txt:
* fast/dom/Window/dom-access-from-closure-window-with-gc-expected.txt:
* fast/dom/Window/resources/dom-access-from-closure-iframe-child.html:
* fast/dom/Window/resources/dom-access-from-closure-window-child.html:
* fast/events/resources/before-unload-return-string-conversion-frame.html:
* fast/parser/resources/set-parent-to-javascript-url.html:
* http/tests/media/media-stream/disconnected-frame.html:
* http/tests/security/contentSecurityPolicy/resources/checkDidSameOriginChildWindowLoad.js:
(checkDidLoad):
* http/tests/security/named-window-property-from-same-origin-inactive-document-expected.txt:
* http/tests/security/named-window-property-from-same-origin-inactive-document.html:
* http/tests/security/xss-DENIED-contentWindow-eval-expected.txt:
* http/tests/security/xss-DENIED-named-window-property-from-cross-origin-inactive-document-expected.txt:
* http/tests/security/xss-DENIED-named-window-property-from-cross-origin-inactive-document.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@236862 268f45cc-cd09-0410-ab3c-d52691b4dbfc
29 files changed:
LayoutTests/ChangeLog
LayoutTests/fast/dom/Window/BarInfo-after-frame-removed.html
LayoutTests/fast/dom/Window/dom-access-from-closure-iframe-expected.txt
LayoutTests/fast/dom/Window/dom-access-from-closure-window-expected.txt
LayoutTests/fast/dom/Window/dom-access-from-closure-window-with-gc-expected.txt
LayoutTests/fast/dom/Window/resources/dom-access-from-closure-iframe-child.html
LayoutTests/fast/dom/Window/resources/dom-access-from-closure-window-child.html
LayoutTests/fast/events/resources/before-unload-return-string-conversion-frame.html
LayoutTests/fast/parser/resources/set-parent-to-javascript-url.html
LayoutTests/http/tests/media/media-stream/disconnected-frame.html
LayoutTests/http/tests/security/contentSecurityPolicy/resources/checkDidSameOriginChildWindowLoad.js
LayoutTests/http/tests/security/named-window-property-from-same-origin-inactive-document-expected.txt
LayoutTests/http/tests/security/named-window-property-from-same-origin-inactive-document.html
LayoutTests/http/tests/security/xss-DENIED-contentWindow-eval-expected.txt
LayoutTests/http/tests/security/xss-DENIED-named-window-property-from-cross-origin-inactive-document-expected.txt
LayoutTests/http/tests/security/xss-DENIED-named-window-property-from-cross-origin-inactive-document.html
LayoutTests/imported/w3c/ChangeLog
LayoutTests/imported/w3c/web-platform-tests/html/browsers/windows/nested-browsing-contexts/window-parent-null-expected.txt
LayoutTests/imported/w3c/web-platform-tests/html/semantics/embedded-content/the-iframe-element/iframe-synchronously-discard-expected.txt
Source/WebCore/ChangeLog
Source/WebCore/Modules/mediastream/MediaDevices.cpp
Source/WebCore/Modules/mediastream/MediaDevices.h
Source/WebCore/dom/Document.cpp
Source/WebCore/dom/Document.h
Source/WebCore/page/DOMWindow.cpp
Source/WebCore/page/DOMWindow.h
Source/WebCore/page/DOMWindowProperty.cpp
Source/WebCore/page/Frame.cpp
Source/WebCore/platform/mock/MockRealtimeVideoSource.cpp