-
Notifications
You must be signed in to change notification settings - Fork 1.3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Cherry-pick 267815.624@safari-7617-branch (0ad98b6). https://bugs.web…
…kit.org/show_bug.cgi?id=265812 Cross-origin <embed> elements can request media permission, and prompts show main-frame URL https://bugs.webkit.org/show_bug.cgi?id=265812 rdar://119149318 Reviewed by Chris Dumez. We should apply feature policy for all elements, including embed and frame elements. Since there are no allow attributes, we should use the default feature policy rules for those elements. Update isFeaturePolicyAllowedByDocumentAndAllOwners accordingly. Rebase tests according updated console log message. * LayoutTests/fullscreen/full-screen-enabled-expected.txt: * LayoutTests/fullscreen/full-screen-enabled-prefixed-expected.txt: * LayoutTests/fullscreen/full-screen-iframe-not-allowed-expected.txt: * LayoutTests/fullscreen/full-screen-iframe-without-allow-attribute-allowed-from-parent-expected.txt: * LayoutTests/fullscreen/full-screen-restrictions-expected.txt: * LayoutTests/http/tests/fullscreen/fullscreen-feature-policy-expected.txt: * LayoutTests/http/tests/media/media-stream/enumerate-devices-iframe-allow-attribute-expected.txt: * LayoutTests/http/tests/media/media-stream/get-user-media-in-embed-element-expected.txt: Added. * LayoutTests/http/tests/media/media-stream/get-user-media-in-embed-element.html: Added. * LayoutTests/http/tests/media/media-stream/resources/get-user-media-embed.html: Added. * LayoutTests/http/tests/paymentrequest/payment-allow-attribute.https-expected.txt: * LayoutTests/http/tests/security/sandboxed-iframe-geolocation-getCurrentPosition-expected.txt: * LayoutTests/http/tests/security/sandboxed-iframe-geolocation-watchPosition-expected.txt: * LayoutTests/http/tests/ssl/media-stream/get-user-media-different-host-expected.txt: * LayoutTests/http/tests/ssl/media-stream/get-user-media-nested-expected.txt: * LayoutTests/http/tests/webrtc/enumerateDevicesInFrames-expected.txt: * LayoutTests/http/tests/webshare/webshare-allow-attribute-canShare.https-expected.txt: * LayoutTests/http/tests/webshare/webshare-allow-attribute-share.https-expected.txt: * LayoutTests/imported/w3c/web-platform-tests/html/semantics/embedded-content/the-iframe-element/iframe-allow-expected.txt: * LayoutTests/imported/w3c/web-platform-tests/html/semantics/embedded-content/the-iframe-element/iframe-allowfullscreen-expected.txt: * LayoutTests/imported/w3c/web-platform-tests/mediacapture-streams/MediaStream-feature-policy-none.https-expected.txt: * LayoutTests/imported/w3c/web-platform-tests/permissions-policy/payment-allowed-by-permissions-policy-attribute-redirect-on-load.https.sub-expected.txt: * LayoutTests/imported/w3c/web-platform-tests/screen-wake-lock/wakelock-enabled-by-feature-policy-attribute-redirect-on-load.https.sub-expected.txt: * LayoutTests/imported/w3c/web-platform-tests/web-share/disabled-by-permissions-policy-cross-origin.https.sub-expected.txt: * Source/WebCore/html/FeaturePolicy.cpp: (WebCore::isFeaturePolicyAllowedByDocumentAndAllOwners): (WebCore::FeaturePolicy::parse): * Source/WebCore/html/FeaturePolicy.h: (WebCore::FeaturePolicy::defaultPolicy): (WebCore::FeaturePolicy::parse): Canonical link: https://commits.webkit.org/267815.624@safari-7617-branch
- Loading branch information
Showing
26 changed files
with
227 additions
and
177 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2 changes: 1 addition & 1 deletion
2
LayoutTests/fullscreen/full-screen-enabled-prefixed-expected.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2 changes: 1 addition & 1 deletion
2
LayoutTests/fullscreen/full-screen-iframe-not-allowed-expected.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2 changes: 1 addition & 1 deletion
2
...ts/fullscreen/full-screen-iframe-without-allow-attribute-allowed-from-parent-expected.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
22 changes: 11 additions & 11 deletions
22
LayoutTests/http/tests/fullscreen/fullscreen-feature-policy-expected.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
22 changes: 11 additions & 11 deletions
22
...Tests/http/tests/media/media-stream/enumerate-devices-iframe-allow-attribute-expected.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
7 changes: 7 additions & 0 deletions
7
LayoutTests/http/tests/media/media-stream/get-user-media-in-embed-element-expected.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
CONSOLE MESSAGE: Feature policy 'Camera' check failed for element with origin 'http://localhost:8000' and allow attribute ''. | ||
CONSOLE MESSAGE: Not allowed to call getUserMedia. | ||
|
||
|
||
PASS Same origin embed should get access to camera | ||
PASS Cross origin embed should not get access to camera | ||
|
22 changes: 22 additions & 0 deletions
22
LayoutTests/http/tests/media/media-stream/get-user-media-in-embed-element.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
<!doctype html> | ||
<html> | ||
<script src="/resources/testharness.js"></script> | ||
<script src="/resources/testharnessreport.js"></script> | ||
<body> | ||
<div id="testDiv"></div> | ||
|
||
<script> | ||
promise_test(async t => { | ||
testDiv.innerHTML = '<embed id="embedElement" src="resources/get-user-media-embed.html"></embed>'; | ||
const result = await new Promise(resolve => window.onmessage = e => resolve(e.data)); | ||
assert_equals(result, "OK"); | ||
}, "Same origin embed should get access to camera"); | ||
|
||
promise_test(async t => { | ||
testDiv.innerHTML = '<embed id="embedElement" src="http://localhost:8000/media/media-stream/resources/get-user-media-embed.html"></embed>'; | ||
const result = await new Promise(resolve => window.onmessage = e => resolve(e.data)); | ||
assert_equals(result, "KO"); | ||
}, "Cross origin embed should not get access to camera"); | ||
</script> | ||
</body> | ||
</html> |
9 changes: 9 additions & 0 deletions
9
LayoutTests/http/tests/media/media-stream/resources/get-user-media-embed.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
<script> | ||
onload = () => { | ||
navigator.mediaDevices.getUserMedia({ video: true }).then(() => { | ||
parent.postMessage("OK", "*"); | ||
}, () => { | ||
parent.postMessage("KO", "*"); | ||
}); | ||
} | ||
</script> |
10 changes: 5 additions & 5 deletions
10
LayoutTests/http/tests/paymentrequest/payment-allow-attribute.https-expected.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2 changes: 1 addition & 1 deletion
2
LayoutTests/http/tests/security/sandboxed-iframe-geolocation-getCurrentPosition-expected.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2 changes: 1 addition & 1 deletion
2
LayoutTests/http/tests/security/sandboxed-iframe-geolocation-watchPosition-expected.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2 changes: 1 addition & 1 deletion
2
LayoutTests/http/tests/ssl/media-stream/get-user-media-different-host-expected.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2 changes: 1 addition & 1 deletion
2
LayoutTests/http/tests/ssl/media-stream/get-user-media-nested-expected.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
4 changes: 2 additions & 2 deletions
4
LayoutTests/http/tests/webrtc/enumerateDevicesInFrames-expected.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
10 changes: 5 additions & 5 deletions
10
LayoutTests/http/tests/webshare/webshare-allow-attribute-canShare.https-expected.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
10 changes: 5 additions & 5 deletions
10
LayoutTests/http/tests/webshare/webshare-allow-attribute-share.https-expected.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2 changes: 1 addition & 1 deletion
2
...atform-tests/html/semantics/embedded-content/the-iframe-element/iframe-allow-expected.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,4 @@ | ||
CONSOLE MESSAGE: Feature policy 'Fullscreen' check failed for iframe with origin 'null' and allow attribute ''. | ||
CONSOLE MESSAGE: Feature policy 'Fullscreen' check failed for element with origin 'null' and allow attribute ''. | ||
|
||
FAIL iframe-cross-origin-allow assert_false: Feature should be denied when correct allow attribute is added, before reload expected false got true | ||
|
2 changes: 1 addition & 1 deletion
2
...ts/html/semantics/embedded-content/the-iframe-element/iframe-allowfullscreen-expected.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.