https://bugs.webkit.org/show_bug.cgi?id=175098
<rdar://problem/
31416763>
Reviewed by Daniel Bates.
Source/WebCore:
r207155 enabled sandboxing on the frame displaying a QuickLook preview. This restricted
frames within the sandbox from navigating their sandboxed siblings or ancestors, which
breaks the functionality of multi-sheet Numbers '09 spreadsheet previews. These previews
contain a frameset with a table of contents frame and a content frame, and the table of
contents frame needs to be able to navigate the content frame when the sheet selection
changes.
Fix this by disabling the SandboxNavigation flag in the QuickLook sandbox. Frames within the
sandbox will be able to navigate each other, but will not be able to navigate the top frame
(due to SandboxTopNavigation still being enabled), nor will they be able to navigate any
other ancestor frame outside the sandbox (due to QuickLook previews being in a different
origin than the hosting frame). These two cases are covered by existing tests.
Test: quicklook/multi-sheet-numbers-09.html
* dom/Document.cpp:
(WebCore::Document::applyQuickLookSandbox): Added a call to
disableSandboxFlags(SandboxNavigation) after applying the content security policy.
* dom/SecurityContext.h:
(WebCore::SecurityContext::disableSandboxFlags): Defined disableSandboxFlags().
LayoutTests:
* quicklook/multi-sheet-numbers-09-expected.txt: Added.
* quicklook/multi-sheet-numbers-09.html: Added.
* quicklook/resources/multi-sheet-numbers-09.numbers: Added.
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@220163
268f45cc-cd09-0410-ab3c-
d52691b4dbfc
+2017-08-02 Andy Estes <aestes@apple.com>
+
+ REGRESSION (r207155): Unable to switch sheets when previewing Numbers '09 spreadsheets
+ https://bugs.webkit.org/show_bug.cgi?id=175098
+ <rdar://problem/31416763>
+
+ Reviewed by Daniel Bates.
+
+ * quicklook/multi-sheet-numbers-09-expected.txt: Added.
+ * quicklook/multi-sheet-numbers-09.html: Added.
+ * quicklook/resources/multi-sheet-numbers-09.numbers: Added.
+
2017-08-02 Chris Dumez <cdumez@apple.com>
Unreviewed, skip newly imported WPT that is slow in Debug builds.
--- /dev/null
+
+
+--------
+Frame: '<!--framePath //<!--frame0-->-->'
+--------
+
+
+--------
+Frame: 'navPane'
+--------
+ First
+ Second
+ Third
+
+--------
+Frame: 'sheetPane'
+--------
+PASS
+This tests that different sheets can be selected by tapping on their names in the table of contents. The test passes if the second sheet is selected and “PASS” is displayed.
--- /dev/null
+<!DOCTYPE html>
+<script src="../resources/ui-helper.js"></script>
+<script>
+ if (window.testRunner) {
+ testRunner.dumpAsText();
+ testRunner.dumpChildFramesAsText();
+ testRunner.waitUntilDone();
+ }
+
+ function runTest()
+ {
+ UIHelper.activateAt(25, 35).then(() => {
+ window.setTimeout(() => {
+ testRunner.notifyDone();
+ }, 0);
+ });
+ }
+</script>
+<style>
+iframe {
+ width: 100vw;
+ height: 100vh;
+}
+</style>
+<iframe src="resources/multi-sheet-numbers-09.numbers" onload="runTest(this)"></iframe>
+
+2017-08-02 Andy Estes <aestes@apple.com>
+
+ REGRESSION (r207155): Unable to switch sheets when previewing Numbers '09 spreadsheets
+ https://bugs.webkit.org/show_bug.cgi?id=175098
+ <rdar://problem/31416763>
+
+ Reviewed by Daniel Bates.
+
+ r207155 enabled sandboxing on the frame displaying a QuickLook preview. This restricted
+ frames within the sandbox from navigating their sandboxed siblings or ancestors, which
+ breaks the functionality of multi-sheet Numbers '09 spreadsheet previews. These previews
+ contain a frameset with a table of contents frame and a content frame, and the table of
+ contents frame needs to be able to navigate the content frame when the sheet selection
+ changes.
+
+ Fix this by disabling the SandboxNavigation flag in the QuickLook sandbox. Frames within the
+ sandbox will be able to navigate each other, but will not be able to navigate the top frame
+ (due to SandboxTopNavigation still being enabled), nor will they be able to navigate any
+ other ancestor frame outside the sandbox (due to QuickLook previews being in a different
+ origin than the hosting frame). These two cases are covered by existing tests.
+
+ Test: quicklook/multi-sheet-numbers-09.html
+
+ * dom/Document.cpp:
+ (WebCore::Document::applyQuickLookSandbox): Added a call to
+ disableSandboxFlags(SandboxNavigation) after applying the content security policy.
+ * dom/SecurityContext.h:
+ (WebCore::SecurityContext::disableSandboxFlags): Defined disableSandboxFlags().
+
2017-08-02 Jer Noble <jer.noble@apple.com>
[MSE] Removing samples when presentation order does not match decode order can cause bad behavior.
// The sandbox directive is only allowed if the policy is from an HTTP header.
contentSecurityPolicy()->didReceiveHeader(quickLookCSP, ContentSecurityPolicyHeaderType::Enforce, ContentSecurityPolicy::PolicyFrom::HTTPHeader);
+ disableSandboxFlags(SandboxNavigation);
+
setReferrerPolicy(ReferrerPolicy::Never);
}
#endif
void setContentSecurityPolicy(std::unique_ptr<ContentSecurityPolicy>);
+ // It's only appropriate to call this during security context initialization; it's needed for
+ // flags that can't be disabled with allow-* attributes, such as SandboxNavigation.
+ void disableSandboxFlags(SandboxFlags mask) { m_sandboxFlags &= ~mask; }
+
void didFailToInitializeSecurityOrigin() { m_haveInitializedSecurityOrigin = false; }
bool haveInitializedSecurityOrigin() const { return m_haveInitializedSecurityOrigin; }