WebKitTools:
authorweinig@apple.com <weinig@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sun, 11 Nov 2007 00:30:06 +0000 (00:30 +0000)
committerweinig@apple.com <weinig@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sun, 11 Nov 2007 00:30:06 +0000 (00:30 +0000)
        Reviewed by Tim Hatcher.

        Follow up to <rdar://problem/5394877> Safari should not log unsafe JavaScript
        attempts when in private browsing mode (only an issue if Log JavaScript Exceptions
        is turned on)

        - Add LayoutTestController.setPrivateBrowsingEnabled(bool) (stub out implementation for windows)

        Added test: http/tests/security/cross-frame-access-private-browsing.html

        * DumpRenderTree/LayoutTestController.cpp:
        (setPrivateBrowsingEnabledCallback):
        (LayoutTestController::staticFunctions):
        * DumpRenderTree/LayoutTestController.h:
        * DumpRenderTree/mac/DumpRenderTree.mm:
        (runTest): Default to private browsing disabled.
        * DumpRenderTree/mac/LayoutTestControllerMac.mm:
        (LayoutTestController::setPrivateBrowsingEnabled):
        * DumpRenderTree/win/LayoutTestControllerWin.cpp:
        (LayoutTestController::setPrivateBrowsingEnabled):

LayoutTests:

        Reviewed by Tim Hatcher.

        Follow up to <rdar://problem/5394877> Safari should not log unsafe JavaScript
        attempts when in private browsing mode (only an issue if Log JavaScript Exceptions
        is turned on)

        Test using the new LayoutTestController.setPrivateBrowsingEnabled(bool)

        * http/tests/security/cross-frame-access-private-browsing-expected.txt: Added.
        * http/tests/security/cross-frame-access-private-browsing.html: Added.
        * platform/win/Skipped: Add new test to windows skip list until we have an
        implementation of LayoutTestController.setPrivateBrowsingEnabled(bool) for it.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@27676 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/ChangeLog
LayoutTests/http/tests/security/cross-frame-access-private-browsing-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/cross-frame-access-private-browsing.html [new file with mode: 0644]
LayoutTests/platform/win/Skipped
WebKitTools/ChangeLog
WebKitTools/DumpRenderTree/LayoutTestController.cpp
WebKitTools/DumpRenderTree/LayoutTestController.h
WebKitTools/DumpRenderTree/mac/DumpRenderTree.mm
WebKitTools/DumpRenderTree/mac/LayoutTestControllerMac.mm
WebKitTools/DumpRenderTree/win/LayoutTestControllerWin.cpp

index a86f699985208908fbd31cceed4d7b477b608694..61ddbf6c6139b4808910e1add0b264c6a7a149df 100644 (file)
@@ -1,3 +1,18 @@
+2007-11-10  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Tim Hatcher.
+
+        Follow up to <rdar://problem/5394877> Safari should not log unsafe JavaScript 
+        attempts when in private browsing mode (only an issue if Log JavaScript Exceptions 
+        is turned on)
+
+        Test using the new LayoutTestController.setPrivateBrowsingEnabled(bool)
+
+        * http/tests/security/cross-frame-access-private-browsing-expected.txt: Added.
+        * http/tests/security/cross-frame-access-private-browsing.html: Added.
+        * platform/win/Skipped: Add new test to windows skip list until we have an
+        implementation of LayoutTestController.setPrivateBrowsingEnabled(bool) for it.
+
 2007-11-10  Alexey Proskuryakov  <ap@webkit.org>
 
         Reviewed by Darin.
diff --git a/LayoutTests/http/tests/security/cross-frame-access-private-browsing-expected.txt b/LayoutTests/http/tests/security/cross-frame-access-private-browsing-expected.txt
new file mode 100644 (file)
index 0000000..1b82a4a
--- /dev/null
@@ -0,0 +1,17 @@
+This test checks cross-frame access security checks don't log when private browsing is enabled (rdar://problem/5394877).
+
+
+Attempting to violate the same-origin policy with private browsing enabled.  If this succeeds the console should not log the violation.
+
+
+--------
+Frame: '<!--framePath //<!--frame0-->-->'
+--------
+Inner iframe.
+
+
+
+--------
+Frame: 'flag'
+--------
+
diff --git a/LayoutTests/http/tests/security/cross-frame-access-private-browsing.html b/LayoutTests/http/tests/security/cross-frame-access-private-browsing.html
new file mode 100644 (file)
index 0000000..fc07749
--- /dev/null
@@ -0,0 +1,46 @@
+<html>
+<head>
+    <script src="resources/cross-frame-access.js"></script>
+    <script>
+        function loaded() {
+            if (!window.layoutTestController) {
+                log("This test must be run in the DumpRenderTree to work.");
+                return;
+            }
+
+            layoutTestController.dumpAsText();
+            layoutTestController.dumpChildFramesAsText();
+            layoutTestController.waitUntilDone();
+
+            // Poll until the subframe has finished loading.
+            setTimeout(waitForFlag, 1);
+            function waitForFlag() {
+                if (!layoutTestController.globalFlag) {
+                    setTimeout(waitForFlag, 1);
+                    return;
+                }
+                runTest();
+            }
+        }
+
+        function runTest() {
+            var subFrame = window.frames[0];
+            layoutTestController.setPrivateBrowsingEnabled(true);
+
+            try {
+                log("Attempting to violate the same-origin policy with private browsing enabled.  If this succeeds the console should not log the violation.");
+                // Access the document to violate the same-origin policy.
+                var doc = subFrame.document;
+            } catch(e) {
+            }
+
+            layoutTestController.notifyDone();
+        }
+    </script>
+</head>
+<body onload="loaded();">
+    <p>This test checks cross-frame access security checks don't log when private browsing is enabled (rdar://problem/5394877).</p>
+    <iframe src="http://localhost:8000/security/resources/cross-frame-iframe.html"></iframe>
+    <pre id="console"></pre>
+</body>
+</html>
index 94efba90a2a88357d62d995e80ed364ad42e8537..07c406e3501f5628d026180e934059481989baa1 100644 (file)
@@ -613,3 +613,6 @@ svg/custom/gradient-stop-style-change.svg
 
 # <video> support
 media
+
+# add support for layoutTestController.setPrivateBrowsingEnabled(bool)
+http/tests/security/cross-frame-access-private-browsing.html
index e6f1003e09a01631c4b1ca8c7473b146f5293ea6..cee0a64a330d7ba9ab18d504fd6224d2eda5db9c 100644 (file)
@@ -1,3 +1,26 @@
+2007-11-10  Sam Weinig  <sam@webkit.org>
+
+        Reviewed by Tim Hatcher.
+
+        Follow up to <rdar://problem/5394877> Safari should not log unsafe JavaScript 
+        attempts when in private browsing mode (only an issue if Log JavaScript Exceptions 
+        is turned on)
+
+        - Add LayoutTestController.setPrivateBrowsingEnabled(bool) (stub out implementation for windows)
+
+        Added test: http/tests/security/cross-frame-access-private-browsing.html
+
+        * DumpRenderTree/LayoutTestController.cpp:
+        (setPrivateBrowsingEnabledCallback):
+        (LayoutTestController::staticFunctions):
+        * DumpRenderTree/LayoutTestController.h:
+        * DumpRenderTree/mac/DumpRenderTree.mm:
+        (runTest): Default to private browsing disabled.
+        * DumpRenderTree/mac/LayoutTestControllerMac.mm:
+        (LayoutTestController::setPrivateBrowsingEnabled):
+        * DumpRenderTree/win/LayoutTestControllerWin.cpp:
+        (LayoutTestController::setPrivateBrowsingEnabled):
+
 2007-11-08  Kevin McCullough  <kmccullough@apple.com>
 
         Reviewed by Adam.
index 88827261a4ce72928b50c962041a505b110b746d..9c056c73257dcb0c790db195ece4deaca4a0111a 100644 (file)
@@ -382,6 +382,18 @@ static JSValueRef setMainFrameIsFirstResponderCallback(JSContextRef context, JSO
     return JSValueMakeUndefined(context);
 }
 
+static JSValueRef setPrivateBrowsingEnabledCallback(JSContextRef context, JSObjectRef function, JSObjectRef thisObject, size_t argumentCount, const JSValueRef arguments[], JSValueRef* exception)
+{
+    // Has mac & windows implementation
+    if (argumentCount < 1)
+        return JSValueMakeUndefined(context);
+
+    LayoutTestController* controller = reinterpret_cast<LayoutTestController*>(JSObjectGetPrivate(thisObject));
+    controller->setPrivateBrowsingEnabled(JSValueToBoolean(context, arguments[0]));
+
+    return JSValueMakeUndefined(context);
+}
+
 static JSValueRef setTabKeyCyclesThroughElementsCallback(JSContextRef context, JSObjectRef function, JSObjectRef thisObject, size_t argumentCount, const JSValueRef arguments[], JSValueRef* exception)
 {
     // Has mac & windows implementation
@@ -548,6 +560,7 @@ JSStaticFunction* LayoutTestController::staticFunctions()
         { "setCloseRemainingWindowsWhenComplete", setCloseRemainingWindowsWhenCompleteCallback, kJSPropertyAttributeReadOnly | kJSPropertyAttributeDontDelete },
         { "setCustomPolicyDelegate", setCustomPolicyDelegateCallback, kJSPropertyAttributeReadOnly | kJSPropertyAttributeDontDelete },
         { "setMainFrameIsFirstResponder", setMainFrameIsFirstResponderCallback, kJSPropertyAttributeReadOnly | kJSPropertyAttributeDontDelete },
+        { "setPrivateBrowsingEnabled", setPrivateBrowsingEnabledCallback, kJSPropertyAttributeReadOnly | kJSPropertyAttributeDontDelete },
         { "setTabKeyCyclesThroughElements", setTabKeyCyclesThroughElementsCallback, kJSPropertyAttributeReadOnly | kJSPropertyAttributeDontDelete },
         { "setUseDashboardCompatibilityMode", setUseDashboardCompatibilityModeCallback, kJSPropertyAttributeReadOnly | kJSPropertyAttributeDontDelete },
         { "setUserStyleSheetEnabled", setUserStyleSheetEnabledCallback, kJSPropertyAttributeReadOnly | kJSPropertyAttributeDontDelete },
index 21ebe315e2af8f7950a9534d31353925a6691dfb..9b8cc5f1136695185b043d4e18bbddaf9e8f3c76 100644 (file)
@@ -54,6 +54,7 @@ public:
     void setAcceptsEditing(bool acceptsEditing);
     void setCustomPolicyDelegate(bool setDelegate);
     void setMainFrameIsFirstResponder(bool flag);
+    void setPrivateBrowsingEnabled(bool flag);
     void setTabKeyCyclesThroughElements(bool cycles);
     void setUseDashboardCompatibilityMode(bool flag);
     void setUserStyleSheetEnabled(bool flag);
index e117519db35f6e29ac161ca8db82edd4b9e1ee1f..77b7582f465a2297ae227f8c44d969ecb952a3cc 100644 (file)
@@ -1017,6 +1017,7 @@ static void runTest(const char *pathOrURL)
     [[mainFrame webView] setTabKeyCyclesThroughElements: YES];
     [[mainFrame webView] setPolicyDelegate:nil];
     [[mainFrame webView] _setDashboardBehavior:WebDashboardBehaviorUseBackwardCompatibilityMode to:NO];
+    [[[mainFrame webView] preferences] setPrivateBrowsingEnabled:NO];
     [WebView _setUsesTestModeFocusRingColor:YES];
 
     topLoadingFrame = nil;
index 033d08e1805a64f057678cd72461b232695452d4..b54eb03c4fb30e90388d8dab0991883a3533dae8 100644 (file)
@@ -170,6 +170,11 @@ void LayoutTestController::setMainFrameIsFirstResponder(bool flag)
         [(WebHTMLView *)documentView _updateActiveState];
 }
 
+void LayoutTestController::setPrivateBrowsingEnabled(bool privateBrowsingEnabled)
+{
+    [[[mainFrame webView] preferences] setPrivateBrowsingEnabled:privateBrowsingEnabled];
+}
+
 void LayoutTestController::setTabKeyCyclesThroughElements(bool cycles)
 {
     [[mainFrame webView] setTabKeyCyclesThroughElements:cycles];
index 05a80813cfc5c1eaf12800bd140f75d928182180..79e37279c73391ca6089bf470339c2941e3454c8 100644 (file)
@@ -226,6 +226,11 @@ void LayoutTestController::setMainFrameIsFirstResponder(bool flag)
     // FIXME: Implement!
 }
 
+void LayoutTestController::setPrivateBrowsingEnabled(bool /*privateBrowsingEnabled*/)
+{
+    // FIXME: Implement!
+}
+
 void LayoutTestController::setTabKeyCyclesThroughElements(bool shouldCycle)
 {
     COMPtr<IWebView> webView;