+2013-02-16 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r142734.
+ http://trac.webkit.org/changeset/142734
+ https://bugs.webkit.org/show_bug.cgi?id=110018
+
+ "Triggered crashes on lots of websites" (Requested by ggaren
+ on #webkit).
+
+ * http/tests/plugins/resources/cross-frame-object-access.html:
+ * http/tests/security/cross-frame-access-callback-explicit-domain-DENY-expected.txt:
+ * http/tests/security/cross-frame-access-location-get-expected.txt:
+ * http/tests/security/cross-frame-access-location-get.html:
+ * http/tests/security/resources/cross-frame-access.js:
+ * http/tests/security/resources/cross-frame-iframe-callback-explicit-domain-DENY.html:
+ * http/tests/security/resources/cross-frame-iframe-for-location-get-test.html:
+ * http/tests/security/sandboxed-iframe-blocks-access-from-parent-expected.txt:
+ * platform/chromium/http/tests/security/cross-frame-access-callback-explicit-domain-DENY-expected.txt: Removed.
+ * platform/chromium/http/tests/security/cross-frame-access-location-get-expected.txt: Removed.
+ * platform/chromium/http/tests/security/sandboxed-iframe-blocks-access-from-parent-expected.txt: Removed.
+
2013-02-16 Takashi Toyoshima <toyoshim@chromium.org>
Rebaseline for Win7.
return false;
}
- try {
- if (l.href) {
- debug('could access top.location.href');
- return false;
- }
- } catch (e) {
- return true;
+ if (l.href) {
+ debug('could access top.location.href');
+ return false;
}
+
return true;
}
CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/cross-frame-access-callback-explicit-domain-DENY.html from frame with URL http://127.0.0.1:8000/security/resources/cross-frame-iframe-callback-explicit-domain-DENY.html. The frame requesting access set 'document.domain' to '127.0.0.1', but the frame being accessed did not. Both must set 'document.domain' to the same value to allow access.
-CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/cross-frame-access-callback-explicit-domain-DENY.html from frame with URL http://127.0.0.1:8000/security/resources/cross-frame-iframe-callback-explicit-domain-DENY.html. The frame requesting access set 'document.domain' to '127.0.0.1', but the frame being accessed did not. Both must set 'document.domain' to the same value to allow access.
-
Test that a child frame can't define a function and the use it to access parent properties after document.domain write blocks the access.
Frame: '<!--framePath //<!--frame0-->-->'
--------
PASS: canGet('parentWindow.location.href') should be 'false' and is.
-PASS: accessThrowsException('parentWindow.location.href') should be 'true' and is.
-
CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-location-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location-get.html. Domains, protocols and ports must match.
-CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-location-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location-get.html. Domains, protocols and ports must match.
-
-CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-location-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location-get.html. Domains, protocols and ports must match.
-
-CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-location-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location-get.html. Domains, protocols and ports must match.
-
-CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-location-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location-get.html. Domains, protocols and ports must match.
-
-CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-location-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location-get.html. Domains, protocols and ports must match.
-
-CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-location-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location-get.html. Domains, protocols and ports must match.
-
-CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-location-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location-get.html. Domains, protocols and ports must match.
-
-CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-location-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location-get.html. Domains, protocols and ports must match.
-
-CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-location-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location-get.html. Domains, protocols and ports must match.
-
-CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-location-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location-get.html. Domains, protocols and ports must match.
-
-CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-location-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location-get.html. Domains, protocols and ports must match.
-
----- tests for getting window.location's properties -----
PASS: toString('targetWindow.location', '') should be '' and is.
Firefox allows access to 'location.toString' but throws an exception when you call it.
PASS: canGet('targetWindow.location.toString') should be 'false' and is.
-PASS: accessThrowsException('targetWindow.location.toString') should be 'true' and is.
PASS: canGet('targetWindow.location.href') should be 'false' and is.
PASS: canGet('targetWindow.location.hash') should be 'false' and is.
PASS: canGet('targetWindow.location.host') should be 'false' and is.
PASS: canGet('targetWindow.location.port') should be 'false' and is.
PASS: canGet('targetWindow.location.protocol') should be 'false' and is.
PASS: canGet('targetWindow.location.search') should be 'false' and is.
-PASS: canGet('targetWindow.location.existingCustomProperty') should be 'false' and is.
-PASS: canGet('targetWindow.location[1]') should be 'false' and is.
-PASS: accessThrowsException('targetWindow.location.href') should be 'true' and is.
-PASS: accessThrowsException('targetWindow.location.hash') should be 'true' and is.
-PASS: accessThrowsException('targetWindow.location.host') should be 'true' and is.
-PASS: accessThrowsException('targetWindow.location.hostname') should be 'true' and is.
-PASS: accessThrowsException('targetWindow.location.pathname') should be 'true' and is.
-PASS: accessThrowsException('targetWindow.location.port') should be 'true' and is.
-PASS: accessThrowsException('targetWindow.location.protocol') should be 'true' and is.
-PASS: accessThrowsException('targetWindow.location.search') should be 'true' and is.
-PASS: accessThrowsException('targetWindow.location.existingCustomProperty') should be 'true' and is.
-PASS: accessThrowsException('targetWindow.location[1]') should be 'true' and is.
PASS: canGet('targetWindow.location.assign') should be 'true' and is.
PASS: canGet('targetWindow.location.reload') should be 'true' and is.
PASS: canGet('targetWindow.location.replace') should be 'true' and is.
+PASS: canGet('targetWindow.location.existingCustomProperty') should be 'false' and is.
log("Firefox allows access to 'location.toString' but throws an exception when you call it.");
shouldBeFalse("canGet('targetWindow.location.toString')");
- shouldBeTrue("accessThrowsException('targetWindow.location.toString')");
shouldBeFalse("canGet('targetWindow.location.href')");
shouldBeFalse("canGet('targetWindow.location.hash')");
shouldBeFalse("canGet('targetWindow.location.port')");
shouldBeFalse("canGet('targetWindow.location.protocol')");
shouldBeFalse("canGet('targetWindow.location.search')");
- shouldBeFalse("canGet('targetWindow.location.existingCustomProperty')");
- shouldBeFalse("canGet('targetWindow.location[1]')");
-
- shouldBeTrue("accessThrowsException('targetWindow.location.href')");
- shouldBeTrue("accessThrowsException('targetWindow.location.hash')");
- shouldBeTrue("accessThrowsException('targetWindow.location.host')");
- shouldBeTrue("accessThrowsException('targetWindow.location.hostname')");
- shouldBeTrue("accessThrowsException('targetWindow.location.pathname')");
- shouldBeTrue("accessThrowsException('targetWindow.location.port')");
- shouldBeTrue("accessThrowsException('targetWindow.location.protocol')");
- shouldBeTrue("accessThrowsException('targetWindow.location.search')");
- shouldBeTrue("accessThrowsException('targetWindow.location.existingCustomProperty')");
- shouldBeTrue("accessThrowsException('targetWindow.location[1]')");
shouldBeTrue("canGet('targetWindow.location.assign')");
shouldBeTrue("canGet('targetWindow.location.reload')");
shouldBeTrue("canGet('targetWindow.location.replace')");
+ shouldBeFalse("canGet('targetWindow.location.existingCustomProperty')");
}
</script>
</head>
}
}
-function accessThrowsException(keyPath) {
- try {
- eval("window." + keyPath);
- return false;
- } catch (e) {
- return true;
- }
-}
-
function canGetDescriptor(target, property)
{
try {
<script src="cross-frame-access.js"></script>
<body>
-<pre id=console></pre>
+<div id=console></div>
<script>
var parentWindow = window.parent;
parentWindow.testFunction = function()
{
shouldBeFalse("canGet('parentWindow.location.href')");
- shouldBeTrue("accessThrowsException('parentWindow.location.href')");
if (window.testRunner)
testRunner.notifyDone();
}
<html>
<head>
<script>
- window.location.existingCustomProperty = 1;
- window.location[1] = 1;
+ window.location.existingCustomProperty = 1;
window.onload = function()
{
CONSOLE MESSAGE: Sandbox access violation: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/resources/blank.html from frame with URL http://127.0.0.1:8000/security/sandboxed-iframe-blocks-access-from-parent.html. The frame being accessed is sandboxed into a unique origin.
-CONSOLE MESSAGE: line 12: SecurityError: DOM Exception 18: An attempt was made to break through the security policy of the user agent.
Sandboxing a frame puts it into a unique origin by default, which the containing document shouldn't have script access to. This test passes if a console warning is generated, noting the access violation.
+++ /dev/null
-CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/cross-frame-access-callback-explicit-domain-DENY.html from frame with URL http://127.0.0.1:8000/security/resources/cross-frame-iframe-callback-explicit-domain-DENY.html. The frame requesting access set 'document.domain' to '127.0.0.1', but the frame being accessed did not. Both must set 'document.domain' to the same value to allow access.
-
-CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/cross-frame-access-callback-explicit-domain-DENY.html from frame with URL http://127.0.0.1:8000/security/resources/cross-frame-iframe-callback-explicit-domain-DENY.html. The frame requesting access set 'document.domain' to '127.0.0.1', but the frame being accessed did not. Both must set 'document.domain' to the same value to allow access.
-
-Test that a child frame can't define a function and the use it to access parent properties after document.domain write blocks the access.
-
-
-
---------
-Frame: '<!--framePath //<!--frame0-->-->'
---------
-PASS: canGet('parentWindow.location.href') should be 'false' and is.
-*** FAIL: accessThrowsException('parentWindow.location.href') should be 'true' but instead is false. ***
-
+++ /dev/null
-CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-location-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location-get.html. Domains, protocols and ports must match.
-
-CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-location-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location-get.html. Domains, protocols and ports must match.
-
-CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-location-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location-get.html. Domains, protocols and ports must match.
-
-CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-location-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location-get.html. Domains, protocols and ports must match.
-
-CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-location-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location-get.html. Domains, protocols and ports must match.
-
-CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-location-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location-get.html. Domains, protocols and ports must match.
-
-CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-location-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location-get.html. Domains, protocols and ports must match.
-
-CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-location-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location-get.html. Domains, protocols and ports must match.
-
-CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-location-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location-get.html. Domains, protocols and ports must match.
-
-CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-location-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location-get.html. Domains, protocols and ports must match.
-
-CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-location-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location-get.html. Domains, protocols and ports must match.
-
-CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-location-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location-get.html. Domains, protocols and ports must match.
-
-CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-location-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location-get.html. Domains, protocols and ports must match.
-
-CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-location-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location-get.html. Domains, protocols and ports must match.
-
-CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-location-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location-get.html. Domains, protocols and ports must match.
-
-CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-location-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location-get.html. Domains, protocols and ports must match.
-
-CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-location-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location-get.html. Domains, protocols and ports must match.
-
-CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-location-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location-get.html. Domains, protocols and ports must match.
-
-CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-location-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location-get.html. Domains, protocols and ports must match.
-
-CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-location-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location-get.html. Domains, protocols and ports must match.
-
-CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-location-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location-get.html. Domains, protocols and ports must match.
-
-CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-location-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location-get.html. Domains, protocols and ports must match.
-
-CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-location-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location-get.html. Domains, protocols and ports must match.
-
-CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-location-get-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-location-get.html. Domains, protocols and ports must match.
-
-
-
------ tests for getting window.location's properties -----
-
-PASS: canGet('targetWindow.location') should be 'true' and is.
-PASS: toString('targetWindow.location', '') should be '' and is.
-Firefox allows access to 'location.toString' but throws an exception when you call it.
-PASS: canGet('targetWindow.location.toString') should be 'false' and is.
-*** FAIL: accessThrowsException('targetWindow.location.toString') should be 'true' but instead is false. ***
-PASS: canGet('targetWindow.location.href') should be 'false' and is.
-PASS: canGet('targetWindow.location.hash') should be 'false' and is.
-PASS: canGet('targetWindow.location.host') should be 'false' and is.
-PASS: canGet('targetWindow.location.hostname') should be 'false' and is.
-PASS: canGet('targetWindow.location.pathname') should be 'false' and is.
-PASS: canGet('targetWindow.location.port') should be 'false' and is.
-PASS: canGet('targetWindow.location.protocol') should be 'false' and is.
-PASS: canGet('targetWindow.location.search') should be 'false' and is.
-PASS: canGet('targetWindow.location.existingCustomProperty') should be 'false' and is.
-PASS: canGet('targetWindow.location[1]') should be 'false' and is.
-*** FAIL: accessThrowsException('targetWindow.location.href') should be 'true' but instead is false. ***
-*** FAIL: accessThrowsException('targetWindow.location.hash') should be 'true' but instead is false. ***
-*** FAIL: accessThrowsException('targetWindow.location.host') should be 'true' but instead is false. ***
-*** FAIL: accessThrowsException('targetWindow.location.hostname') should be 'true' but instead is false. ***
-*** FAIL: accessThrowsException('targetWindow.location.pathname') should be 'true' but instead is false. ***
-*** FAIL: accessThrowsException('targetWindow.location.port') should be 'true' but instead is false. ***
-*** FAIL: accessThrowsException('targetWindow.location.protocol') should be 'true' but instead is false. ***
-*** FAIL: accessThrowsException('targetWindow.location.search') should be 'true' but instead is false. ***
-*** FAIL: accessThrowsException('targetWindow.location.existingCustomProperty') should be 'true' but instead is false. ***
-*** FAIL: accessThrowsException('targetWindow.location[1]') should be 'true' but instead is false. ***
-PASS: canGet('targetWindow.location.assign') should be 'true' and is.
-PASS: canGet('targetWindow.location.reload') should be 'true' and is.
-PASS: canGet('targetWindow.location.replace') should be 'true' and is.
-
+++ /dev/null
-CONSOLE MESSAGE: Sandbox access violation: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/resources/blank.html from frame with URL http://127.0.0.1:8000/security/sandboxed-iframe-blocks-access-from-parent.html. The frame being accessed is sandboxed into a unique origin.
-
-Sandboxing a frame puts it into a unique origin by default, which the containing document shouldn't have script access to. This test passes if a console warning is generated, noting the access violation.
-
-
-
---------
-Frame: 'testframe'
---------
-
+2013-02-16 Sheriff Bot <webkit.review.bot@gmail.com>
+
+ Unreviewed, rolling out r142734.
+ http://trac.webkit.org/changeset/142734
+ https://bugs.webkit.org/show_bug.cgi?id=110018
+
+ "Triggered crashes on lots of websites" (Requested by ggaren
+ on #webkit).
+
+ * bindings/js/JSLocationCustom.cpp:
+ (WebCore::JSLocation::getOwnPropertySlotDelegate):
+
2013-02-16 Robert Hogan <robert@webkit.org>
percentage top value of position:relative element not calculated using parent's min-height unless height set
// but for now we have decided not to, partly because it seems silly to return "[Object Location]" in
// such cases when normally the string form of Location would be the URL.
- // FIXME: Move this message into the exception once http://wkbug.com/98050 is fixed.
printErrorMessageForFrame(frame, message);
- setDOMException(exec, SECURITY_ERR);
slot.setUndefined();
return true;
}
git://git.webkit.org / WebKit-https.git / commitdiff