Sandboxed iframes should not be granted notification permission of the parent frame...
authormkwst@chromium.org <mkwst@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 2 Jan 2013 19:15:46 +0000 (19:15 +0000)
committermkwst@chromium.org <mkwst@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 2 Jan 2013 19:15:46 +0000 (19:15 +0000)
https://bugs.webkit.org/show_bug.cgi?id=36732

Reviewed by Adam Barth.

The behavior was fixed in wkbug.com/79704, but there aren't currently
any tests ensuring that it doesn't regress for sandboxed frames. This
patch adds one.

* fast/notifications/notifications-sandbox-permission-expected.txt: Added.
* fast/notifications/notifications-sandbox-permission.html: Added.
* fast/notifications/resources/notifications-iframe.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@138624 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/ChangeLog
LayoutTests/fast/notifications/notifications-sandbox-permission-expected.txt [new file with mode: 0644]
LayoutTests/fast/notifications/notifications-sandbox-permission.html [new file with mode: 0644]
LayoutTests/fast/notifications/resources/notifications-iframe.html [new file with mode: 0644]

index 3e340da..45e9387 100644 (file)
@@ -1,3 +1,18 @@
+2013-01-02  Mike West  <mkwst@chromium.org>
+
+        Sandboxed iframes should not be granted notification permission of the parent frame unless allow-same-origin is specified
+        https://bugs.webkit.org/show_bug.cgi?id=36732
+
+        Reviewed by Adam Barth.
+
+        The behavior was fixed in wkbug.com/79704, but there aren't currently
+        any tests ensuring that it doesn't regress for sandboxed frames. This
+        patch adds one.
+
+        * fast/notifications/notifications-sandbox-permission-expected.txt: Added.
+        * fast/notifications/notifications-sandbox-permission.html: Added.
+        * fast/notifications/resources/notifications-iframe.html: Added.
+
 2013-01-02  Ryosuke Niwa  <rniwa@webkit.org>
 
         Update Mac test expectation per bug 105932.
diff --git a/LayoutTests/fast/notifications/notifications-sandbox-permission-expected.txt b/LayoutTests/fast/notifications/notifications-sandbox-permission-expected.txt
new file mode 100644 (file)
index 0000000..d41f56d
--- /dev/null
@@ -0,0 +1,24 @@
+Normal iframe. Should inherit permissions.
+
+
+Sandboxed iframe, with allow-same-origin. Should inherit permissions.
+
+
+Sandboxed iframe, without allow-same-origin. Should not inherit permissions.
+
+
+
+--------
+Frame: '<!--framePath //<!--frame0-->-->'
+--------
+Allowed
+
+--------
+Frame: '<!--framePath //<!--frame1-->-->'
+--------
+Allowed
+
+--------
+Frame: '<!--framePath //<!--frame2-->-->'
+--------
+Denied
diff --git a/LayoutTests/fast/notifications/notifications-sandbox-permission.html b/LayoutTests/fast/notifications/notifications-sandbox-permission.html
new file mode 100644 (file)
index 0000000..f298dff
--- /dev/null
@@ -0,0 +1,24 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <script>
+        if (window.testRunner) {
+            testRunner.dumpAsText();
+            testRunner.dumpChildFramesAsText();
+            testRunner.grantWebNotificationPermission("file://");
+        }
+    </script>
+</head>
+<body>
+    <p>Normal iframe. Should inherit permissions.</p>
+    <iframe src="resources/notifications-iframe.html"></iframe>
+
+    <p>Sandboxed iframe, with allow-same-origin. Should inherit permissions.</p>
+    <iframe sandbox="allow-scripts allow-same-origin"
+            src="resources/notifications-iframe.html"></iframe>
+
+    <p>Sandboxed iframe, without allow-same-origin. Should not inherit permissions.</p>
+    <iframe sandbox="allow-scripts"
+            src="resources/notifications-iframe.html"></iframe>
+</body>
+</html>
diff --git a/LayoutTests/fast/notifications/resources/notifications-iframe.html b/LayoutTests/fast/notifications/resources/notifications-iframe.html
new file mode 100644 (file)
index 0000000..31969c1
--- /dev/null
@@ -0,0 +1,13 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <title>Notifications: Iframe test.</title>
+</head>
+<body>
+    <p id="hasPermission"></p>
+    <script>
+        document.getElementById("hasPermission").innerText =
+            !webkitNotifications.checkPermission() ? "Allowed" : "Denied";
+    </script>
+</body>
+</html>