-
Notifications
You must be signed in to change notification settings - Fork 1.3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Cherry-pick a0fa94d. rdar://problem/109364674
Restrict further top-frame navigations by a third-party iframe https://bugs.webkit.org/show_bug.cgi?id=256549 rdar://108794051 Reviewed by Geoffrey Garen. Restrict further top-frame navigations by a third-party iframe: - Block navigations to a different scheme - Block navigations that start off same-site but redirect to a different site * Source/WebCore/dom/Document.cpp: (WebCore::Document::isNavigationBlockedByThirdPartyIFrameRedirectBlocking): * Source/WebCore/dom/Document.h: * Source/WebCore/loader/DocumentLoader.cpp: (WebCore::DocumentLoader::willSendRequest): * Source/WebCore/loader/NavigationRequester.cpp: (WebCore::NavigationRequester::from): * Source/WebCore/loader/NavigationRequester.h: (WebCore::NavigationRequester::encode const): (WebCore::NavigationRequester::decode): Canonical link: https://commits.webkit.org/259548.752@safari-7615-branch Canonical link: https://commits.webkit.org/245886.889@safari-7613.4.1.0-branch
- Loading branch information
Showing
13 changed files
with
137 additions
and
8 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,2 +1,7 @@ | ||
CONSOLE MESSAGE: Started reading... | ||
PASS if no crash. | ||
|
||
Test that using FileReader from a document with unique origin doesn't cause a crash. | ||
|
||
If testing manually, please drop a file on an input above. | ||
|
||
PASS if not crash. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
16 changes: 16 additions & 0 deletions
16
...curity/block-top-level-navigation-to-different-scheme-by-third-party-iframes-expected.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
CONSOLE MESSAGE: Unsafe JavaScript attempt to initiate navigation for frame with URL 'http://127.0.0.1:8000/security/block-top-level-navigation-to-different-scheme-by-third-party-iframes.html' from frame with URL 'http://localhost:8000/security/resources/navigate-top-level-frame-to-failure-page-different-scheme.html'. The frame attempting navigation of the top-level window is cross-origin or untrusted and the user has never interacted with the frame. | ||
|
||
CONSOLE MESSAGE: SecurityError: The operation is insecure. | ||
CONSOLE MESSAGE: Unsafe JavaScript attempt to initiate navigation for frame with URL 'http://127.0.0.1:8000/security/block-top-level-navigation-to-different-scheme-by-third-party-iframes.html' from frame with URL 'http://localhost:8000/security/resources/navigate-top-level-frame-to-failure-page-different-scheme.html'. The frame attempting navigation of the top-level window is cross-origin or untrusted and the user has never interacted with the frame. | ||
|
||
CONSOLE MESSAGE: SecurityError: The operation is insecure. | ||
Test blocking of suspicious top-level navigations by a third-party iframe (same-site but different scheme) | ||
|
||
On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". | ||
|
||
|
||
PASS All navigations by subframes have been blocked | ||
PASS successfullyParsed is true | ||
|
||
TEST COMPLETE | ||
|
21 changes: 21 additions & 0 deletions
21
...tests/security/block-top-level-navigation-to-different-scheme-by-third-party-iframes.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
<!DOCTYPE html> | ||
<html> | ||
<body> | ||
<script src="/js-test-resources/js-test.js"></script> | ||
<script> | ||
description("Test blocking of suspicious top-level navigations by a third-party iframe (same-site but different scheme)"); | ||
jsTestIsAsync = true; | ||
onload = () => { | ||
setTimeout(() => { | ||
document.getElementById('testFrame').src = "http://localhost:8000/security/resources/navigate-top-level-frame-to-failure-page-different-scheme.html"; | ||
setTimeout(() => { | ||
testPassed("All navigations by subframes have been blocked"); | ||
finishJSTest(); | ||
}, 100); | ||
}, 10); | ||
} | ||
</script> | ||
<iframe src="http://localhost:8000/security/resources/navigate-top-level-frame-to-failure-page-different-scheme.html"></iframe> | ||
<iframe id="testFrame"></iframe> | ||
</body> | ||
</html> |
11 changes: 11 additions & 0 deletions
11
...ests/security/block-top-level-navigation-via-redirect-by-third-party-iframes-expected.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
CONSOLE MESSAGE: Unsafe JavaScript attempt to initiate navigation for frame with URL 'http://127.0.0.1:8000/security/block-top-level-navigation-via-redirect-by-third-party-iframes.html' from frame with URL 'http://localhost:8000/security/resources/navigate-top-level-frame-to-failure-page-via-redirect.html'. The frame attempting navigation of the top-level window is cross-origin or untrusted and the user has never interacted with the frame. | ||
Test blocking of suspicious top-level navigations by a third-party iframe (same-site but redirects to a different site) | ||
|
||
On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". | ||
|
||
|
||
PASS All navigations by subframes have been blocked | ||
PASS successfullyParsed is true | ||
|
||
TEST COMPLETE | ||
|
20 changes: 20 additions & 0 deletions
20
...s/http/tests/security/block-top-level-navigation-via-redirect-by-third-party-iframes.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
<!DOCTYPE html> | ||
<html> | ||
<body> | ||
<script src="/js-test-resources/js-test.js"></script> | ||
<script> | ||
description("Test blocking of suspicious top-level navigations by a third-party iframe (same-site but redirects to a different site)"); | ||
jsTestIsAsync = true; | ||
onload = () => { | ||
setTimeout(() => { | ||
document.getElementById('testFrame').src = "http://localhost:8000/security/resources/navigate-top-level-frame-to-failure-page-via-redirect.html"; | ||
setTimeout(() => { | ||
testPassed("All navigations by subframes have been blocked"); | ||
finishJSTest(); | ||
}, 100); | ||
}, 10); | ||
} | ||
</script> | ||
<iframe id="testFrame"></iframe> | ||
</body> | ||
</html> |
10 changes: 10 additions & 0 deletions
10
...p/tests/security/resources/navigate-top-level-frame-to-failure-page-different-scheme.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
<html> | ||
<body> | ||
Success! The navigation was blocked | ||
<script> | ||
window.addEventListener("load", e => { | ||
top.location = "https://127.0.0.1:8443/security/resources/should-not-have-loaded.html"; | ||
}); | ||
</script> | ||
</body> | ||
</html> |
11 changes: 11 additions & 0 deletions
11
.../http/tests/security/resources/navigate-top-level-frame-to-failure-page-via-redirect.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
<html> | ||
<body> | ||
Success! The navigation was blocked | ||
<script> | ||
window.addEventListener("load", e => { | ||
// The initial navigation URL is same-site but it redirects to a different site. | ||
top.location = "http://127.0.0.1:8000/resources/redirect.py?url=http://localhost:8000/security/resources/should-not-have-loaded.html"; | ||
}); | ||
</script> | ||
</body> | ||
</html> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters