Reviewed by Adam Barth.
Gesture API, disallow popup bypass with using iframe src.
https://bugs.webkit.org/show_bug.cgi?id=53244
* fast/events/popup-blocked-from-iframe-src-expected.txt: Added.
* fast/events/popup-blocked-from-iframe-src.html: Added.
2011-01-28 Johnny Ding <jnd@chromium.org>
Reviewed by Adam Barth.
Gesture API: Don't use current gesture status to set "forceUserGesture" parameter when calling ScriptController::executeScript.
The "forceUserGesture" parameter should be only set when you are definitely sure that the running script is from a hyper-link.
https://bugs.webkit.org/show_bug.cgi?id=53244
Test: fast/events/popup-blocked-from-iframe-src.html
* bindings/ScriptControllerBase.cpp:
(WebCore::ScriptController::executeIfJavaScriptURL):
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@77049
268f45cc-cd09-0410-ab3c-
d52691b4dbfc
+2011-01-28 Johnny Ding <jnd@chromium.org>
+
+ Reviewed by Adam Barth.
+
+ Gesture API, disallow popup bypass with using iframe src.
+ https://bugs.webkit.org/show_bug.cgi?id=53244
+
+ * fast/events/popup-blocked-from-iframe-src-expected.txt: Added.
+ * fast/events/popup-blocked-from-iframe-src.html: Added.
+
2011-01-28 Ryosuke Niwa <rniwa@webkit.org>
Unreviewed; removed Chromium test expectations for tests that have been steadily passing.
--- /dev/null
+
+When running script to open a window without user gesture from SRC of the enclosing iframe, webkit should test out that the opening is not initiated by user. This is a test case for bug https://bugs.webkit.org/show_bug.cgi?id=53244.
+PASSED
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html>
+<head>
+<script>
+if (window.layoutTestController) {
+ layoutTestController.dumpAsText();
+ layoutTestController.setCanOpenWindows();
+ layoutTestController.setPopupBlockingEnabled(true);
+ layoutTestController.setCloseRemainingWindowsWhenComplete(true);
+ layoutTestController.waitUntilDone();
+ // Record current window count.
+ window.windowCount = window.layoutTestController.windowCount();
+}
+function test() {
+ if (!window.layoutTestController)
+ return;
+ if (layoutTestController.windowCount() == window.windowCount)
+ document.getElementById("console").innerText = "PASSED";
+ layoutTestController.notifyDone();
+}
+</script>
+</head>
+<body onload="test();">
+<iframe src="javascript:window.open('about:blank','_blank', 'height=600,width=720')">popup</iframe><br>
+When running script to open a window without user gesture from SRC of the enclosing iframe, webkit should test out that the opening is not initiated by user. This is a test case for bug https://bugs.webkit.org/show_bug.cgi?id=53244.
+<div id="console">FAILED</div>
+</body>
+</html>
+
+2011-01-28 Johnny Ding <jnd@chromium.org>
+
+ Reviewed by Adam Barth.
+
+ Gesture API: Don't use current gesture status to set "forceUserGesture" parameter when calling ScriptController::executeScript.
+ The "forceUserGesture" parameter should be only set when you are definitely sure that the running script is from a hyper-link.
+ https://bugs.webkit.org/show_bug.cgi?id=53244
+
+ Test: fast/events/popup-blocked-from-iframe-src.html
+
+ * bindings/ScriptControllerBase.cpp:
+ (WebCore::ScriptController::executeIfJavaScriptURL):
+
2011-01-28 Simon Fraser <simon.fraser@apple.com>
Reviewed by Gavin Barraclough.
String decodedURL = decodeURLEscapeSequences(url.string());
ScriptValue result;
if (xssAuditor()->canEvaluateJavaScriptURL(decodedURL))
- result = executeScript(decodedURL.substring(javascriptSchemeLength), processingUserGesture(), AllowXSS);
+ result = executeScript(decodedURL.substring(javascriptSchemeLength), false, AllowXSS);
// If executing script caused this frame to be removed from the page, we
// don't want to try to replace its document!