Reviewed by Geoff Garen.
authorweinig <weinig@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 27 Jul 2007 21:49:37 +0000 (21:49 +0000)
committerweinig <weinig@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 27 Jul 2007 21:49:37 +0000 (21:49 +0000)
        - Test that cross frame access to a window on a different port is denied.
        - Adds test for out behavior of the above if document.domain is explicitly
          set to the same domain for both frames. We currently fail this test and
          a radar has been filed.
        - Clean up cross-frame-access-protocol.html to work in FireFox as well.

        * http/conf/apache2-httpd.conf: Listen on port 8080 now as well
        * http/conf/cygwin-httpd.conf: Listen on port 8080 now as well
        * http/conf/httpd.conf: Listen on port 8080 now as well
        * http/tests/security/cross-frame-access-port-domain-expected.txt: Added.
        * http/tests/security/cross-frame-access-port-domain.html: Added.
        * http/tests/security/cross-frame-access-port-expected.txt: Added.
        * http/tests/security/cross-frame-access-port.html: Added.
        * http/tests/security/cross-frame-access-protocol.html:
        * http/tests/security/resources/cross-frame-iframe-for-port-domain-test.html: Added.
        * http/tests/security/resources/cross-frame-iframe-for-port-test.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@24746 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/ChangeLog
LayoutTests/http/conf/apache2-httpd.conf
LayoutTests/http/conf/cygwin-httpd.conf
LayoutTests/http/conf/httpd.conf
LayoutTests/http/tests/security/cross-frame-access-port-domain-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/cross-frame-access-port-domain.html [new file with mode: 0644]
LayoutTests/http/tests/security/cross-frame-access-port-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/cross-frame-access-port.html [new file with mode: 0644]
LayoutTests/http/tests/security/cross-frame-access-protocol.html
LayoutTests/http/tests/security/resources/cross-frame-iframe-for-port-domain-test.html [new file with mode: 0644]
LayoutTests/http/tests/security/resources/cross-frame-iframe-for-port-test.html [new file with mode: 0644]

index 33dd33b..4dbbba8 100644 (file)
@@ -1,5 +1,26 @@
 2007-07-27  Sam Weinig  <sam@webkit.org>
 
+        Reviewed by Geoff Garen.
+
+        - Test that cross frame access to a window on a different port is denied.
+        - Adds test for out behavior of the above if document.domain is explicitly
+          set to the same domain for both frames. We currently fail this test and
+          a radar has been filed.
+        - Clean up cross-frame-access-protocol.html to work in FireFox as well.
+
+        * http/conf/apache2-httpd.conf: Listen on port 8080 now as well
+        * http/conf/cygwin-httpd.conf: Listen on port 8080 now as well
+        * http/conf/httpd.conf: Listen on port 8080 now as well
+        * http/tests/security/cross-frame-access-port-domain-expected.txt: Added.
+        * http/tests/security/cross-frame-access-port-domain.html: Added.
+        * http/tests/security/cross-frame-access-port-expected.txt: Added.
+        * http/tests/security/cross-frame-access-port.html: Added.
+        * http/tests/security/cross-frame-access-protocol.html:
+        * http/tests/security/resources/cross-frame-iframe-for-port-domain-test.html: Added.
+        * http/tests/security/resources/cross-frame-iframe-for-port-test.html: Added.
+
+2007-07-27  Sam Weinig  <sam@webkit.org>
+
         Reviewed by Adam Roben.
 
         Don't display the expected and resulting values for screenTop and screenY
index be6e726..41947ac 100644 (file)
@@ -161,7 +161,7 @@ MaxRequestsPerChild 100000
 # Port 8443 is hard-coded as it is needed for the HTTPS configuration later on.
 #
 #Listen 3000
-#Listen 127.0.0.1:8000
+Listen 127.0.0.1:8080
 Listen 127.0.0.1:8443
 
 #
index b7bfd3c..2b6f9e5 100644 (file)
@@ -178,7 +178,7 @@ MaxRequestsPerChild 100000
 # Configured from the httpd command line for WebKit layout tests.
 #
 #Listen 3000
-#Listen 127.0.0.1:8000
+Listen 127.0.0.1:8080
 
 #
 # Dynamic Shared Object (DSO) Support
index f66a042..da687ea 100644 (file)
@@ -179,7 +179,7 @@ MaxRequestsPerChild 100000
 # Port 8443 is hard-coded as it is needed for the HTTPS configuration later on.
 #
 #Listen 3000
-#Listen 127.0.0.1:8000
+Listen 127.0.0.1:8080
 Listen 127.0.0.1:8443
 
 #
diff --git a/LayoutTests/http/tests/security/cross-frame-access-port-domain-expected.txt b/LayoutTests/http/tests/security/cross-frame-access-port-domain-expected.txt
new file mode 100644 (file)
index 0000000..5148fc4
--- /dev/null
@@ -0,0 +1,7 @@
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8080/security/resources/cross-frame-iframe-for-port-domain-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-port-domain.html. Domains, protocols and ports must match.
+
+This test currently fails because we check the port and protocol even if document.domain is explicitly set (rdar://problem/5366437).
+
+
+Fail: Cross frame access to different port after after explicitly setting document.domain was denied!
+
diff --git a/LayoutTests/http/tests/security/cross-frame-access-port-domain.html b/LayoutTests/http/tests/security/cross-frame-access-port-domain.html
new file mode 100644 (file)
index 0000000..e8cfa32
--- /dev/null
@@ -0,0 +1,53 @@
+<html>
+<p>This test currently fails because we check the port and protocol even if document.domain is explicitly set (rdar://problem/5366437).</p> 
+<iframe id="aFrame"></iframe>
+<pre id="console"></pre>
+<script>
+    function log(s)
+    {
+        document.getElementById("console").appendChild(document.createTextNode(s + "\n"));
+    }
+
+    if (window.layoutTestController) {
+        layoutTestController.dumpAsText();
+        layoutTestController.waitUntilDone();
+    }
+
+    document.domain = "127.0.0.1";
+
+    var targetWindow = frames[0];
+    if (!targetWindow.document.body)
+        log("FAIL: targetWindow started with no document, we won't know if the test passed or failed.");
+
+    var iframe = document.getElementById('aFrame');
+    iframe.src = "http://127.0.0.1:8080/security/resources/cross-frame-iframe-for-port-domain-test.html";
+
+    var testDone = false;
+
+    setTimeout(test, 1);
+
+    setTimeout(function() {
+        targetWindow.document.getElementById('accessMe').innerHTML = "PASS: Access allowed from frame with different port after explicitly setting document.domain.";
+        if (!testDone) {
+            log("Pass: Cross frame access to a different port was allowed.");
+            if (window.layoutTestController)
+                layoutTestController.notifyDone();
+        }
+    }, 5000);
+
+    function test() {
+        try {
+            if (targetWindow.document.body) {
+                setTimeout(test, 1);
+                return;
+            }
+        } catch (e) {
+        }
+
+        log("Fail: Cross frame access to different port after after explicitly setting document.domain was denied!");
+        testDone = true;
+        if (window.layoutTestController)
+            layoutTestController.notifyDone();
+    }
+</script>
+</html>
diff --git a/LayoutTests/http/tests/security/cross-frame-access-port-expected.txt b/LayoutTests/http/tests/security/cross-frame-access-port-expected.txt
new file mode 100644 (file)
index 0000000..d84a0ee
--- /dev/null
@@ -0,0 +1,5 @@
+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8080/security/resources/cross-frame-iframe-for-port-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-port.html. Domains, protocols and ports must match.
+
+
+PASS: Cross frame access to different port was denied!
+
diff --git a/LayoutTests/http/tests/security/cross-frame-access-port.html b/LayoutTests/http/tests/security/cross-frame-access-port.html
new file mode 100644 (file)
index 0000000..d91cd9f
--- /dev/null
@@ -0,0 +1,49 @@
+<html>
+<iframe id="aFrame"></iframe>
+<pre id="console"></pre>
+<script>
+    function log(s)
+    {
+        document.getElementById("console").appendChild(document.createTextNode(s + "\n"));
+    }
+
+    if (window.layoutTestController) {
+        layoutTestController.dumpAsText();
+        layoutTestController.waitUntilDone();
+    }
+
+    var targetWindow = frames[0];
+    if (!targetWindow.document.body)
+        log("FAIL: targetWindow started with no document, we won't know if the test passed or failed.");
+
+    var iframe = document.getElementById('aFrame');
+    iframe.src = "http://127.0.0.1:8080/security/resources/cross-frame-iframe-for-port-test.html";
+
+    var testDone = false;
+
+    setTimeout(test, 1);
+
+    setTimeout(function() {
+        if (!testDone) {
+            log("FAIL: Cross frame access to a different port was allowed.");
+            if (window.layoutTestController)
+                layoutTestController.notifyDone();
+        }
+    }, 5000);
+
+    function test() {
+        try {
+            if (targetWindow.document.body) {
+                setTimeout(test, 1);
+                return;
+            }
+        } catch (e) {
+        }
+
+        log("PASS: Cross frame access to different port was denied!");
+        testDone = true;
+        if (window.layoutTestController)
+            layoutTestController.notifyDone();
+    }
+</script>
+</html>
index e7ed07e..d4594ec 100644 (file)
     }
 
     var targetWindow = frames[0];
-    if (!targetWindow.document)
+    if (!targetWindow.document.body)
         log("FAIL: targetWindow started with no document, we won't know if the test passed or failed.");
 
     var iframe = document.getElementById('aFrame');
     iframe.src = "https://127.0.0.1:8443/ssl/resources/cross-frame-access-protocol-iframe.html";
 
+    var testDone = false;
+
     setTimeout(test, 1);
 
     setTimeout(function() {
-        log("FAIL: Cross frame access to https from http was allowed.");
-        if (window.layoutTestController)
-            layoutTestController.notifyDone();
+        if (!testDone) {
+            log("FAIL: Cross frame access to https from http was allowed.");
+            if (window.layoutTestController)
+                layoutTestController.notifyDone();
+        }
     }, 5000);
 
     function test() {
-        if (targetWindow.document) {
-            setTimeout(test, 1);
-            return;
+        try {
+            if (targetWindow.document.body) {
+                setTimeout(test, 1);
+                return;
+            }
+        } catch (e) {
         }
 
         log("PASS: Cross frame access to https from http was denied!");
+        testDone = true;
         if (window.layoutTestController)
             layoutTestController.notifyDone();
     }
diff --git a/LayoutTests/http/tests/security/resources/cross-frame-iframe-for-port-domain-test.html b/LayoutTests/http/tests/security/resources/cross-frame-iframe-for-port-domain-test.html
new file mode 100644 (file)
index 0000000..23a76ce
--- /dev/null
@@ -0,0 +1,10 @@
+<html>
+<head>
+    <script>
+        document.domain = "127.0.0.1";
+    </script>
+</head>
+<body>
+    <p>This document (cross-frame-iframe-for-port-domain-test.html) was load over on port 8080.</p>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/security/resources/cross-frame-iframe-for-port-test.html b/LayoutTests/http/tests/security/resources/cross-frame-iframe-for-port-test.html
new file mode 100644 (file)
index 0000000..364bbe6
--- /dev/null
@@ -0,0 +1,5 @@
+<html>
+<body>
+    <p>This document (cross-frame-iframe-for-port-test.html) was load over on port 8080.</p>
+</body>
+</html>