Popups opened from a sandboxed iframe should themselves be sandboxed
authorwilander@apple.com <wilander@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 8 Aug 2016 21:43:36 +0000 (21:43 +0000)
committerwilander@apple.com <wilander@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 8 Aug 2016 21:43:36 +0000 (21:43 +0000)
commitf2dc3d1ca8a5fea9ca915ee47e24c85070647ee4
tree92a1ac9ad83bdb103e72e4b24292defde3296548
parent6aa5f624c5b49991eddb82c1f51ab3438a6255c8
Popups opened from a sandboxed iframe should themselves be sandboxed
https://bugs.webkit.org/show_bug.cgi?id=134850
<rdar://problem/27375388>

Reviewed by Brent Fulgham.

Source/WebCore:

Test: http/tests/security/window-opened-from-sandboxed-iframe-should-inherit-sandbox.html

* loader/FrameLoader.cpp:
(WebCore::FrameLoader::continueLoadAfterNewWindowPolicy):
    Now copies the opener's frame loader effective sandbox flags to the
    new frame loader.

LayoutTests:

* http/tests/security/resources/anchor-tag-with-blank-target.html: Added.
* http/tests/security/resources/page-executing-javascript.html: Added.
* http/tests/security/window-opened-from-sandboxed-iframe-should-inherit-sandbox-expected.txt: Added.
* http/tests/security/window-opened-from-sandboxed-iframe-should-inherit-sandbox.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@204266 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog
LayoutTests/http/tests/security/resources/anchor-tag-with-blank-target.html [new file with mode: 0644]
LayoutTests/http/tests/security/resources/page-executing-javascript.html [new file with mode: 0644]
LayoutTests/http/tests/security/window-opened-from-sandboxed-iframe-should-inherit-sandbox-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/window-opened-from-sandboxed-iframe-should-inherit-sandbox.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/loader/FrameLoader.cpp