Add better test coverage for scripting windows opened via window.open()
authorcdumez@apple.com <cdumez@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 31 Jan 2017 17:21:42 +0000 (17:21 +0000)
committercdumez@apple.com <cdumez@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 31 Jan 2017 17:21:42 +0000 (17:21 +0000)
https://bugs.webkit.org/show_bug.cgi?id=167531

Reviewed by Brent Fulgham.

Add better test coverage for scripting windows opened via window.open().

* http/tests/security/cross-origin-window-open-insert-script-expected.txt: Added.
* http/tests/security/cross-origin-window-open-insert-script.html: Added.
* http/tests/security/cross-origin-window-open-javascript-url-expected.txt: Added.
* http/tests/security/cross-origin-window-open-javascript-url.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@211435 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/ChangeLog
LayoutTests/http/tests/security/cross-origin-window-open-insert-script-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/cross-origin-window-open-insert-script.html [new file with mode: 0644]
LayoutTests/http/tests/security/cross-origin-window-open-javascript-url-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/cross-origin-window-open-javascript-url.html [new file with mode: 0644]

index 4a68621..7ebbb9d 100644 (file)
@@ -1,3 +1,17 @@
+2017-01-31  Chris Dumez  <cdumez@apple.com>
+
+        Add better test coverage for scripting windows opened via window.open()
+        https://bugs.webkit.org/show_bug.cgi?id=167531
+
+        Reviewed by Brent Fulgham.
+
+        Add better test coverage for scripting windows opened via window.open().
+
+        * http/tests/security/cross-origin-window-open-insert-script-expected.txt: Added.
+        * http/tests/security/cross-origin-window-open-insert-script.html: Added.
+        * http/tests/security/cross-origin-window-open-javascript-url-expected.txt: Added.
+        * http/tests/security/cross-origin-window-open-javascript-url.html: Added.
+
 2017-01-31  Simon Fraser  <simon.fraser@apple.com>
 
         REGRESSION (r209411): Scrolling to a fragment identifier in overflow:scroll inside position:fixed no longer works
diff --git a/LayoutTests/http/tests/security/cross-origin-window-open-insert-script-expected.txt b/LayoutTests/http/tests/security/cross-origin-window-open-insert-script-expected.txt
new file mode 100644 (file)
index 0000000..9784c51
--- /dev/null
@@ -0,0 +1,10 @@
+Tests that inserting a script into newly opened window does not bypass origin checks.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+This test passes unless you see FAIL messages below
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
diff --git a/LayoutTests/http/tests/security/cross-origin-window-open-insert-script.html b/LayoutTests/http/tests/security/cross-origin-window-open-insert-script.html
new file mode 100644 (file)
index 0000000..3209e77
--- /dev/null
@@ -0,0 +1,47 @@
+<!DOCTYPE html>
+<html>
+<body>
+<script src="/js-test-resources/js-test-pre.js"></script>
+<div id="resultDiv"></div>
+<script>
+description("Tests that inserting a script into newly opened window does not bypass origin checks.");
+debug("This test passes unless you see FAIL messages below");
+jsTestIsAsync = true;
+if (window.testRunner) {
+    testRunner.setCanOpenWindows();
+    testRunner.overridePreference("WebKitUsesPageCachePreferenceKey", 1);
+}
+
+let win = open("about:blank", "one");
+let otherDocument = win.document;
+win.resultDiv = document.getElementById("resultDiv");
+
+let a = otherDocument.createElement("a");
+a.href = "http://localhost:8000/security/resources/blank.html";
+a.click();
+
+window.addEventListener('message', function(e) {
+    testFailed("Script executed in cross origin iframe");
+    testFailed("Retrieved cross-origin window's URL: " + e.data);
+});
+
+it = setInterval(function() {
+    try {
+        win.location.href;
+    } catch (e) {
+        // Window has navigated to cross origin URL.
+        clearInterval(it);
+        try {
+            var script = otherDocument.createElement("script");
+            script.innerText = "opener.postMessage(location.href, '*');";
+            otherDocument.body.append(script);
+        } catch (e) {
+            debug(e);
+        }
+        setTimeout(finishJSTest, 0);
+    }
+}, 10);
+</script>
+<script src="/js-test-resources/js-test-post.js"></script>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/security/cross-origin-window-open-javascript-url-expected.txt b/LayoutTests/http/tests/security/cross-origin-window-open-javascript-url-expected.txt
new file mode 100644 (file)
index 0000000..9784c51
--- /dev/null
@@ -0,0 +1,10 @@
+Tests that inserting a script into newly opened window does not bypass origin checks.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+This test passes unless you see FAIL messages below
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
diff --git a/LayoutTests/http/tests/security/cross-origin-window-open-javascript-url.html b/LayoutTests/http/tests/security/cross-origin-window-open-javascript-url.html
new file mode 100644 (file)
index 0000000..7364cf8
--- /dev/null
@@ -0,0 +1,47 @@
+<!DOCTYPE html>
+<html>
+<body>
+<script src="/js-test-resources/js-test-pre.js"></script>
+<div id="resultDiv"></div>
+<script>
+description("Tests that inserting a script into newly opened window does not bypass origin checks.");
+debug("This test passes unless you see FAIL messages below");
+jsTestIsAsync = true;
+if (window.testRunner) {
+    testRunner.setCanOpenWindows();
+    testRunner.overridePreference("WebKitUsesPageCachePreferenceKey", 1);
+}
+
+let win = open("about:blank", "one");
+let otherDocument = win.document;
+win.resultDiv = document.getElementById("resultDiv");
+
+let a = otherDocument.createElement("a");
+a.href = "http://localhost:8000/security/resources/blank.html";
+a.click();
+
+window.addEventListener('message', function(e) {
+    testFailed("Script executed in cross origin iframe");
+    testFailed("Retrieved cross-origin window's URL: " + e.data);
+});
+
+it = setInterval(function() {
+    try {
+        win.location.href;
+    } catch (e) {
+        // Window has navigated to cross origin URL.
+        clearInterval(it);
+        try {
+            var frame = document.createElement("iframe");
+            frame.src = "javascript:parent.opener.postMessage(parent.location.href, '*')"
+            otherDocument.body.append(frame);
+        } catch (e) {
+            debug(e);
+        }
+        setTimeout(finishJSTest, 0);
+    }
+}, 10);
+</script>
+<script src="/js-test-resources/js-test-post.js"></script>
+</body>
+</html>