2011-01-28 Johnny Ding <jnd@chromium.org>
authorjnd@chromium.org <jnd@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sat, 29 Jan 2011 07:06:57 +0000 (07:06 +0000)
committerjnd@chromium.org <jnd@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sat, 29 Jan 2011 07:06:57 +0000 (07:06 +0000)
        Reviewed by Adam Barth.

        Gesture API, disallow popup bypass with using iframe src.
        https://bugs.webkit.org/show_bug.cgi?id=53244

        * fast/events/popup-blocked-from-iframe-src-expected.txt: Added.
        * fast/events/popup-blocked-from-iframe-src.html: Added.
2011-01-28  Johnny Ding  <jnd@chromium.org>

        Reviewed by Adam Barth.

        Gesture API: Don't use current gesture status to set "forceUserGesture" parameter when calling ScriptController::executeScript.
        The "forceUserGesture" parameter should be only set when you are definitely sure that the running script is from a hyper-link.
        https://bugs.webkit.org/show_bug.cgi?id=53244

        Test: fast/events/popup-blocked-from-iframe-src.html

        * bindings/ScriptControllerBase.cpp:
        (WebCore::ScriptController::executeIfJavaScriptURL):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@77049 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/ChangeLog
LayoutTests/fast/events/popup-blocked-from-iframe-src-expected.txt [new file with mode: 0644]
LayoutTests/fast/events/popup-blocked-from-iframe-src.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/bindings/ScriptControllerBase.cpp

index b62bea56850a40d620aa16df16e0b6c67ed5cb98..0a5213169f0b0f00d0343a0e3109e08a8042bffb 100644 (file)
@@ -1,3 +1,13 @@
+2011-01-28  Johnny Ding  <jnd@chromium.org>
+
+        Reviewed by Adam Barth.
+
+        Gesture API, disallow popup bypass with using iframe src. 
+        https://bugs.webkit.org/show_bug.cgi?id=53244
+
+        * fast/events/popup-blocked-from-iframe-src-expected.txt: Added.
+        * fast/events/popup-blocked-from-iframe-src.html: Added.
+
 2011-01-28  Ryosuke Niwa  <rniwa@webkit.org>
 
         Unreviewed; removed Chromium test expectations for tests that have been steadily passing.
diff --git a/LayoutTests/fast/events/popup-blocked-from-iframe-src-expected.txt b/LayoutTests/fast/events/popup-blocked-from-iframe-src-expected.txt
new file mode 100644 (file)
index 0000000..b83d900
--- /dev/null
@@ -0,0 +1,3 @@
+
+When running script to open a window without user gesture from SRC of the enclosing iframe, webkit should test out that the opening is not initiated by user. This is a test case for bug https://bugs.webkit.org/show_bug.cgi?id=53244.
+PASSED
diff --git a/LayoutTests/fast/events/popup-blocked-from-iframe-src.html b/LayoutTests/fast/events/popup-blocked-from-iframe-src.html
new file mode 100644 (file)
index 0000000..2913408
--- /dev/null
@@ -0,0 +1,29 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html>
+<head>
+<script>
+if (window.layoutTestController) {
+    layoutTestController.dumpAsText();
+    layoutTestController.setCanOpenWindows();
+    layoutTestController.setPopupBlockingEnabled(true);
+    layoutTestController.setCloseRemainingWindowsWhenComplete(true);
+    layoutTestController.waitUntilDone();
+    // Record current window count.
+    window.windowCount = window.layoutTestController.windowCount();
+}
+function test() {
+    if (!window.layoutTestController)
+        return;
+    if (layoutTestController.windowCount() == window.windowCount)
+        document.getElementById("console").innerText = "PASSED";
+    layoutTestController.notifyDone();
+}
+</script>
+</head>
+<body onload="test();">
+<iframe src="javascript:window.open('about:blank','_blank', 'height=600,width=720')">popup</iframe><br>
+When running script to open a window without user gesture from SRC of the enclosing iframe, webkit should test out that the opening is not initiated by user. This is a test case for bug https://bugs.webkit.org/show_bug.cgi?id=53244.
+<div id="console">FAILED</div>
+</body>
+</html>
+
index 3ad8fabd22f62977b381e2b70dbeeee364f84927..0876d22f9ccb5448f56602bef30639f80737c21f 100644 (file)
@@ -1,3 +1,16 @@
+2011-01-28  Johnny Ding  <jnd@chromium.org>
+
+        Reviewed by Adam Barth.
+
+        Gesture API: Don't use current gesture status to set "forceUserGesture" parameter when calling ScriptController::executeScript.
+        The "forceUserGesture" parameter should be only set when you are definitely sure that the running script is from a hyper-link.
+        https://bugs.webkit.org/show_bug.cgi?id=53244
+
+        Test: fast/events/popup-blocked-from-iframe-src.html
+
+        * bindings/ScriptControllerBase.cpp:
+        (WebCore::ScriptController::executeIfJavaScriptURL):
+
 2011-01-28  Simon Fraser  <simon.fraser@apple.com>
 
         Reviewed by Gavin Barraclough.
index a77ff9cc6607fba3a02de7dc7d875e3766754ba3..85e8b0c6ef7a65748733cf34fd3ce9f1fcbd1482 100644 (file)
@@ -90,7 +90,7 @@ bool ScriptController::executeIfJavaScriptURL(const KURL& url, ShouldReplaceDocu
     String decodedURL = decodeURLEscapeSequences(url.string());
     ScriptValue result;
     if (xssAuditor()->canEvaluateJavaScriptURL(decodedURL))
-        result = executeScript(decodedURL.substring(javascriptSchemeLength), processingUserGesture(), AllowXSS);
+        result = executeScript(decodedURL.substring(javascriptSchemeLength), false, AllowXSS);
 
     // If executing script caused this frame to be removed from the page, we
     // don't want to try to replace its document!