Reviewed by Geoff.
Fix for <rdar://problem/
5499125>
REGRESSION (r21367): After launching Kidzui beta, a webview frame fails to appear in its main window
If window object properties were modified when it had initial empty document (synchronously after
window.open() for example) those modifications were lost when the real document was switched in.
Match Firefox behavior where window properties are not cleared if the inital document and the loaded one
have matching security domains.
Tests: fast/dom/Window/window-early-properties.html
http/tests/security/window-properties-clear-domain.html
http/tests/security/window-properties-clear-port.html
http/tests/security/window-properties-pass.html
* WebCore.exp:
* loader/FrameLoader.cpp:
(WebCore::FrameLoader::FrameLoader):
(WebCore::FrameLoader::init):
(WebCore::FrameLoader::clear):
(WebCore::FrameLoader::isSecureTransition):
(WebCore::FrameLoader::begin):
* loader/FrameLoader.h:
If we are transitioning from initial empty document to the final one, do a domain security check
between old security policy URL and new URL. If that passes don't clear script proxy and script objects.
* bindings/js/kjs_proxy.cpp:
(WebCore::KJSProxy::updateDocumentWrapper):
* bindings/js/kjs_proxy.h:
* page/Frame.cpp:
(WebCore::Frame::setDocument):
Since we don't always clear window properties anymore, we need to update the document property to point to
the newly created one.
LayoutTests:
Reviewed by Geoff.
Tests for <rdar://problem/
5499125>
REGRESSION (r21359-21368): After launching Kidzui beta, a webview frame fails to appear in its main window
* fast/dom/Window/window-early-properties-expected.txt: Added.
* fast/dom/Window/window-early-properties.html: Added.
* http/tests/security/resources/has-custom-property.html: Added.
* http/tests/security/resources/no-custom-property.html: Added.
* http/tests/security/window-properties-clear-domain-expected.txt: Added.
* http/tests/security/window-properties-clear-domain.html: Added.
* http/tests/security/window-properties-clear-port-expected.txt: Added.
* http/tests/security/window-properties-clear-port.html: Added.
* http/tests/security/window-properties-pass-expected.txt: Added.
* http/tests/security/window-properties-pass.html: Added.
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@25783
268f45cc-cd09-0410-ab3c-
d52691b4dbfc
+2007-09-27 Antti Koivisto <antti@apple.com>
+
+ Reviewed by Geoff.
+
+ Tests for <rdar://problem/5499125>
+ REGRESSION (r21359-21368): After launching Kidzui beta, a webview frame fails to appear in its main window
+
+ * fast/dom/Window/window-early-properties-expected.txt: Added.
+ * fast/dom/Window/window-early-properties.html: Added.
+ * http/tests/security/resources/has-custom-property.html: Added.
+ * http/tests/security/resources/no-custom-property.html: Added.
+ * http/tests/security/window-properties-clear-domain-expected.txt: Added.
+ * http/tests/security/window-properties-clear-domain.html: Added.
+ * http/tests/security/window-properties-clear-port-expected.txt: Added.
+ * http/tests/security/window-properties-clear-port.html: Added.
+ * http/tests/security/window-properties-pass-expected.txt: Added.
+ * http/tests/security/window-properties-pass.html: Added.
+
2007-09-26 Adam Roben <aroben@apple.com>
Remove a test that was probably only intermittently failing
--- /dev/null
+Test setting window properties right after window.open()
+window retains early properties: PASS
+document does not retain early properties: PASS
+
--- /dev/null
+<html>
+<head>
+<script>
+if (window.layoutTestController) {
+ layoutTestController.dumpAsText();
+ layoutTestController.setCanOpenWindows();
+ layoutTestController.waitUntilDone();
+}
+var w;
+function test()
+{
+ w = window.open("data:text/html,HelloWorld!");
+ w.myProp = "1";
+ w.document.myProp = "2";
+ setTimeout(test2, 10);
+}
+
+function test2()
+{
+ var c = document.getElementById('console');
+ c.innerHTML = "window retains early properties: " + ((w.myProp && w.myProp=='1') ? "PASS" : "FAIL") + "<br>";
+ c.innerHTML +="document does not retain early properties: " + ((w.document.myProp) ? "FAIL" : "PASS") + "<br>";
+ w.close();
+ if (window.layoutTestController)
+ layoutTestController.notifyDone();
+}
+</script>
+<body onload='test()'>
+Test setting window properties right after window.open()
+<div id=console>FAIL, test did not run</div>
+
--- /dev/null
+<script>
+if (window.myProp)
+ alert("PASS");
+else
+ alert("FAIL, no myProp found");
+window.close();
+if (window.layoutTestController)
+ layoutTestController.notifyDone();
+</script>
--- /dev/null
+<script>
+if (window.myProp)
+ alert("FAIL, myProp found");
+else
+ alert("PASS");
+window.close();
+if (window.layoutTestController)
+ layoutTestController.notifyDone();
+</script>
--- /dev/null
+ALERT: PASS
+Test that window properties set for initial document are reset if domain security check fails
--- /dev/null
+<html>
+<head>
+<script>
+if (window.layoutTestController) {
+ layoutTestController.dumpAsText();
+ layoutTestController.setCanOpenWindows();
+ layoutTestController.waitUntilDone();
+}
+function test()
+{
+ var w = window.open("http://localhost:8000/security/resources/no-custom-property.html");
+ w.myProp = 1;
+}
+
+</script>
+<body onload='test()'>
+Test that window properties set for initial document are reset if domain security check fails
+
+
--- /dev/null
+ALERT: PASS
+Test that window properties set for initial document are reset if port security check fails
--- /dev/null
+<html>
+<head>
+<script>
+if (window.layoutTestController) {
+ layoutTestController.dumpAsText();
+ layoutTestController.setCanOpenWindows();
+ layoutTestController.waitUntilDone();
+}
+function test()
+{
+ var w = window.open("http://localhost:8080/security/resources/no-custom-property.html");
+ w.myProp = 1;
+}
+
+</script>
+<body onload='test()'>
+Test that window properties set for initial document are reset if port security check fails
+
+
--- /dev/null
+ALERT: PASS
+Test that window properties set for initial document are kept if security check passes
--- /dev/null
+<html>
+<head>
+<script src='resources/cross-frame-access.js'></script>
+<script>
+if (window.layoutTestController) {
+ layoutTestController.dumpAsText();
+ layoutTestController.setCanOpenWindows();
+ layoutTestController.waitUntilDone();
+}
+function test()
+{
+ var w = window.open("http://127.0.0.1:8000/security/resources/has-custom-property.html");
+ w.myProp = 1;
+}
+
+</script>
+<body onload='test()'>
+Test that window properties set for initial document are kept if security check passes
+
+2007-09-27 Antti Koivisto <antti@apple.com>
+
+ Reviewed by Geoff.
+
+ Fix for <rdar://problem/5499125>
+ REGRESSION (r21367): After launching Kidzui beta, a webview frame fails to appear in its main window
+
+ If window object properties were modified when it had initial empty document (synchronously after
+ window.open() for example) those modifications were lost when the real document was switched in.
+
+ Match Firefox behavior where window properties are not cleared if the inital document and the loaded one
+ have matching security domains.
+
+ Tests: fast/dom/Window/window-early-properties.html
+ http/tests/security/window-properties-clear-domain.html
+ http/tests/security/window-properties-clear-port.html
+ http/tests/security/window-properties-pass.html
+
+ * WebCore.exp:
+ * loader/FrameLoader.cpp:
+ (WebCore::FrameLoader::FrameLoader):
+ (WebCore::FrameLoader::init):
+ (WebCore::FrameLoader::clear):
+ (WebCore::FrameLoader::isSecureTransition):
+ (WebCore::FrameLoader::begin):
+ * loader/FrameLoader.h:
+ If we are transitioning from initial empty document to the final one, do a domain security check
+ between old security policy URL and new URL. If that passes don't clear script proxy and script objects.
+
+ * bindings/js/kjs_proxy.cpp:
+ (WebCore::KJSProxy::updateDocumentWrapper):
+ * bindings/js/kjs_proxy.h:
+ * page/Frame.cpp:
+ (WebCore::Frame::setDocument):
+ Since we don't always clear window properties anymore, we need to update the document property to point to
+ the newly created one.
+
2007-09-27 Kevin Decker <kdecker@apple.com>
Reviewed by Darin.
__ZN7WebCore11FrameLoader4loadERKNS_15ResourceRequestERKNS_6StringE
__ZN7WebCore11FrameLoader4loadERKNS_4KURLEPNS_5EventE
__ZN7WebCore11FrameLoader4loadERKNS_4KURLERKNS_6StringENS_13FrameLoadTypeES6_PNS_5EventEN3WTF10PassRefPtrINS_9FormStateEEE
-__ZN7WebCore11FrameLoader5clearEb
+__ZN7WebCore11FrameLoader5clearEbb
__ZN7WebCore11FrameLoader6reloadEv
__ZN7WebCore11FrameLoader7canLoadERKNS_4KURLEPKNS_8DocumentE
__ZN7WebCore11HistoryItem12addChildItemEN3WTF10PassRefPtrIS0_EE
#include "Frame.h"
#include "FrameLoader.h"
#include "GCController.h"
+#include "JSDocument.h"
#include "JSDOMWindow.h"
#include "Page.h"
#include "kjs_events.h"
m_frame->loader()->dispatchWindowObjectAvailable();
}
+
+void KJSProxy::updateDocumentWrapper()
+{
+ if (!m_script || !m_frame->document())
+ return;
+ JSLock lock;
+ // this will update 'document' property to point to the current document
+ toJS(m_script->globalExec(), m_frame->document());
+}
}
void initScriptIfNeeded();
bool haveInterpreter() const { return m_script; }
+
+ void updateDocumentWrapper();
private:
RefPtr<KJS::ScriptInterpreter> m_script;
, m_opener(0)
, m_openedByDOM(false)
, m_creatingInitialEmptyDocument(false)
+ , m_isDisplayingInitialEmptyDocument(false)
, m_committedFirstRealDocumentLoad(false)
, m_didPerformFirstNavigation(false)
#if USE(LOW_BANDWIDTH_DISPLAY)
void FrameLoader::init()
{
// this somewhat odd set of steps is needed to give the frame an initial empty document
+ m_isDisplayingInitialEmptyDocument = false;
m_creatingInitialEmptyDocument = true;
setPolicyDocumentLoader(m_client->createDocumentLoader(ResourceRequest(String("")), SubstituteData()).get());
setProvisionalDocumentLoader(m_policyDocumentLoader.get());
clear(false);
}
-void FrameLoader::clear(bool clearWindowProperties)
+void FrameLoader::clear(bool clearWindowProperties, bool clearScriptObjects)
{
// FIXME: Commenting out the below line causes <http://bugs.webkit.org/show_bug.cgi?id=11212>, but putting it
// back causes a measurable performance regression which we will need to fix to restore the correct behavior
m_decoder = 0;
m_containsPlugIns = false;
- m_frame->clearScriptObjects();
+
+ if (clearScriptObjects)
+ m_frame->clearScriptObjects();
m_redirectionTimer.stop();
m_scheduledRedirection.clear();
m_checkLoadCompleteTimer.stop();
m_receivedData = false;
+ m_isDisplayingInitialEmptyDocument = false;
if (!m_encodingWasChosenByUser)
m_encoding = String();
{
m_responseMIMEType = type;
}
+
+bool FrameLoader::isSecureTransition(const KURL& fromURL, const KURL& toURL)
+{
+ // new window created by the application
+ if (fromURL.isEmpty())
+ return true;
+
+ if (fromURL.isLocalFile())
+ return true;
+
+ if (equalIgnoringCase(fromURL.host(), toURL.host()) && equalIgnoringCase(fromURL.protocol(), toURL.protocol()) && fromURL.port() == toURL.port())
+ return true;
+
+ return false;
+}
void FrameLoader::begin()
{
void FrameLoader::begin(const KURL& url, bool dispatch)
{
- clear();
+ bool resetScripting = !(m_isDisplayingInitialEmptyDocument && m_frame->document()
+ && isSecureTransition(m_frame->document()->securityPolicyURL(), url));
+ clear(resetScripting, resetScripting);
if (dispatch)
dispatchWindowObjectAvailable();
m_isComplete = false;
m_didCallImplicitClose = false;
m_isLoadingMainResource = true;
+ m_isDisplayingInitialEmptyDocument = m_creatingInitialEmptyDocument;
KURL ref(url);
ref.setUser(DeprecatedString());
void opened();
void updateHistoryAfterClientRedirect();
- void clear(bool clearWindowProperties = true);
+ void clear(bool clearWindowProperties = true, bool clearScriptObjects = true);
bool shouldReloadToHandleUnreachableURL(DocumentLoader*);
void handleUnimplementablePolicy(const ResourceError&);
void stopRedirectionTimer();
void startIconLoader();
+
+ bool isSecureTransition(const KURL& fromURL, const KURL& toURL);
#if USE(LOW_BANDWIDTH_DISPLAY)
// implementation of CachedResourceClient
bool m_openedByDOM;
bool m_creatingInitialEmptyDocument;
+ bool m_isDisplayingInitialEmptyDocument;
bool m_committedFirstRealDocumentLoad;
RefPtr<HistoryItem> m_currentHistoryItem;
if (d->m_doc && !d->m_doc->attached())
d->m_doc->attach();
+
+ if (d->m_jscript && d->m_doc)
+ d->m_jscript->updateDocumentWrapper();
}
Settings* Frame::settings() const
git://git.webkit.org / WebKit-https.git / commitdiff