The beforeload event allows tracking URI changes in a frame
authorabarth@webkit.org <abarth@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 15 Jul 2011 02:16:09 +0000 (02:16 +0000)
committerabarth@webkit.org <abarth@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 15 Jul 2011 02:16:09 +0000 (02:16 +0000)
https://bugs.webkit.org/show_bug.cgi?id=64482

Reviewed by Nate Chapin.

Source/WebCore:

Tests: http/tests/security/beforeload-iframe-client-redirect.html
       http/tests/security/beforeload-iframe-server-redirect.html

Only dispatch the beforeload event for a frame if we haven't yet
committed our first real load.  The URL that we send to our parent will
be the same URL the parent seens in the src attribute.

* loader/FrameLoader.cpp:
(WebCore::FrameLoader::loadWithDocumentLoader):

LayoutTests:

Test whether the beforeload event is fired for various kinds of redirects.

* http/tests/security/beforeload-iframe-client-redirect-expected.txt: Added.
* http/tests/security/beforeload-iframe-client-redirect.html: Added.
* http/tests/security/beforeload-iframe-server-redirect-expected.txt: Added.
* http/tests/security/beforeload-iframe-server-redirect.html: Added.
* http/tests/security/resources/post-done.html: Added.
* http/tests/security/resources/client-redir.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@91044 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/ChangeLog
LayoutTests/http/tests/security/beforeload-iframe-client-redirect-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/beforeload-iframe-client-redirect.html [new file with mode: 0644]
LayoutTests/http/tests/security/beforeload-iframe-server-redirect-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/beforeload-iframe-server-redirect.html [new file with mode: 0644]
LayoutTests/http/tests/security/resources/client-redir.html [new file with mode: 0644]
LayoutTests/http/tests/security/resources/post-done.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/loader/FrameLoader.cpp

index 38be199..6a94757 100644 (file)
@@ -1,3 +1,19 @@
+2011-07-14  Adam Barth  <abarth@webkit.org>
+
+        The beforeload event allows tracking URI changes in a frame
+        https://bugs.webkit.org/show_bug.cgi?id=64482
+
+        Reviewed by Nate Chapin.
+
+        Test whether the beforeload event is fired for various kinds of redirects.
+
+        * http/tests/security/beforeload-iframe-client-redirect-expected.txt: Added.
+        * http/tests/security/beforeload-iframe-client-redirect.html: Added.
+        * http/tests/security/beforeload-iframe-server-redirect-expected.txt: Added.
+        * http/tests/security/beforeload-iframe-server-redirect.html: Added.
+        * http/tests/security/resources/post-done.html: Added.
+        * http/tests/security/resources/client-redir.html: Added.
+
 2011-07-14  Vincent Scheib  <scheib@chromium.org>
 
         [chromium] updated test expectations.
diff --git a/LayoutTests/http/tests/security/beforeload-iframe-client-redirect-expected.txt b/LayoutTests/http/tests/security/beforeload-iframe-client-redirect-expected.txt
new file mode 100644 (file)
index 0000000..54822c1
--- /dev/null
@@ -0,0 +1,2 @@
+CONSOLE MESSAGE: line 15: http://127.0.0.1:8000/security/resources/client-redir.html?url=http://localhost:8000/security/resources/post-done.html
+This test produces output in the console. Only the initial URL should be logged. 
diff --git a/LayoutTests/http/tests/security/beforeload-iframe-client-redirect.html b/LayoutTests/http/tests/security/beforeload-iframe-client-redirect.html
new file mode 100644 (file)
index 0000000..13fc370
--- /dev/null
@@ -0,0 +1,16 @@
+<script>
+if (window.layoutTestController) {
+    layoutTestController.dumpAsText();
+    layoutTestController.waitUntilDone();
+}
+
+window.addEventListener('message', function(evt) {
+    if (window.layoutTestController)
+        layoutTestController.notifyDone();
+}, false);
+</script>
+This test produces output in the console.  Only the initial URL should be logged.
+<iframe
+  src="http://127.0.0.1:8000/security/resources/client-redir.html?url=http://localhost:8000/security/resources/post-done.html"
+  onbeforeload="console.log(event.url)">
+</iframe>
diff --git a/LayoutTests/http/tests/security/beforeload-iframe-server-redirect-expected.txt b/LayoutTests/http/tests/security/beforeload-iframe-server-redirect-expected.txt
new file mode 100644 (file)
index 0000000..472844f
--- /dev/null
@@ -0,0 +1,2 @@
+CONSOLE MESSAGE: line 15: http://127.0.0.1:8000/security/resources/redir.php?url=http://localhost:8000/security/resources/post-done.html
+This test produces output in the console. Only the initial URL should be logged. 
diff --git a/LayoutTests/http/tests/security/beforeload-iframe-server-redirect.html b/LayoutTests/http/tests/security/beforeload-iframe-server-redirect.html
new file mode 100644 (file)
index 0000000..04bc87d
--- /dev/null
@@ -0,0 +1,16 @@
+<script>
+if (window.layoutTestController) {
+    layoutTestController.dumpAsText();
+    layoutTestController.waitUntilDone();
+}
+
+window.addEventListener('message', function(evt) {
+    if (window.layoutTestController)
+        layoutTestController.notifyDone();
+}, false);
+</script>
+This test produces output in the console.  Only the initial URL should be logged.
+<iframe
+  src="http://127.0.0.1:8000/security/resources/redir.php?url=http://localhost:8000/security/resources/post-done.html"
+  onbeforeload="console.log(event.url)">
+</iframe>
diff --git a/LayoutTests/http/tests/security/resources/client-redir.html b/LayoutTests/http/tests/security/resources/client-redir.html
new file mode 100644 (file)
index 0000000..be95a82
--- /dev/null
@@ -0,0 +1,3 @@
+<script>
+location.href = location.search.split('=')[1];
+</script>
diff --git a/LayoutTests/http/tests/security/resources/post-done.html b/LayoutTests/http/tests/security/resources/post-done.html
new file mode 100644 (file)
index 0000000..5f7477b
--- /dev/null
@@ -0,0 +1,4 @@
+<script>
+top.postMessage('done', '*');
+</script>
+This frame sends a 'done' message to the top window.
index b02a186..d0edaf6 100644 (file)
@@ -1,3 +1,20 @@
+2011-07-14  Adam Barth  <abarth@webkit.org>
+
+        The beforeload event allows tracking URI changes in a frame
+        https://bugs.webkit.org/show_bug.cgi?id=64482
+
+        Reviewed by Nate Chapin.
+
+        Tests: http/tests/security/beforeload-iframe-client-redirect.html
+               http/tests/security/beforeload-iframe-server-redirect.html
+
+        Only dispatch the beforeload event for a frame if we haven't yet
+        committed our first real load.  The URL that we send to our parent will
+        be the same URL the parent seens in the src attribute.
+
+        * loader/FrameLoader.cpp:
+        (WebCore::FrameLoader::loadWithDocumentLoader):
+
 2011-07-14  Dan Bernstein  <mitz@apple.com>
 
         LLVM Compiler build fix.
index ac8df6c..032e682 100644 (file)
@@ -1353,7 +1353,13 @@ void FrameLoader::loadWithDocumentLoader(DocumentLoader* loader, FrameLoadType t
             loader->setTriggeringAction(NavigationAction(newURL, policyChecker()->loadType(), isFormSubmission));
 
         if (Element* ownerElement = m_frame->ownerElement()) {
-            if (!ownerElement->dispatchBeforeLoadEvent(loader->request().url().string())) {
+            // We skip dispatching the beforeload event if we've already
+            // committed a real document load because the event would leak
+            // subsequent activity by the frame which the parent frame isn't
+            // supposed to learn. For example, if the child frame navigated to
+            // a new URL, the parent frame shouldn't learn the URL.
+            if (!m_stateMachine.committedFirstRealDocumentLoad()
+                && !ownerElement->dispatchBeforeLoadEvent(loader->request().url().string())) {
                 continueLoadAfterNavigationPolicy(loader->request(), formState, false);
                 return;
             }