forked from burg/timelapse
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
2009-04-03 Sam Weinig <sam@webkit.org> Reviewed by Darin Adler. <rdar://problem/6330929> https://bugs.webkit.org/show_bug.cgi?id=21456 Don't update the document pointer for all inactive windows on navigations. This change causes us to differ slightly from Firefox when accessing the document from within a closure tied to a navigated context, but as all browsers differ on this edge case, I don't foresee compatibility issues. Test: http/tests/security/cross-frame-access-document-direct.html * bindings/js/JSDOMWindowBase.cpp: (WebCore::JSDOMWindowBase::~JSDOMWindowBase): * bindings/js/ScriptController.cpp: (WebCore::ScriptController::clearWindowShell): (WebCore::ScriptController::initScript): (WebCore::ScriptController::updateDocument): * bindings/js/ScriptController.h: LayoutTests: 2009-04-03 Sam Weinig <sam@webkit.org> Reviewed by Darin Adler. Update tests for <rdar://problem/6330929> https://bugs.webkit.org/show_bug.cgi?id=21456 * dom/xhtml/level2/html/HTMLFormElement10-expected.txt: * fast/dom/Window/dom-access-from-closure-iframe-expected.txt: * fast/dom/Window/dom-access-from-closure-window-expected.txt: * http/tests/security/cross-frame-access-document-direct-expected.txt: Added. * http/tests/security/cross-frame-access-document-direct.html: Added. * http/tests/security/resources/cross-frame-iframe-for-document-direct-test-victim.html: Added. * http/tests/security/resources/cross-frame-iframe-for-document-direct-test.html: Added. git-svn-id: http://svn.webkit.org/repository/webkit/trunk@42223 268f45cc-cd09-0410-ab3c-d52691b4dbfc
- Loading branch information
weinig@apple.com
committed
Apr 4, 2009
1 parent
382e908
commit be6430f
Showing
12 changed files
with
99 additions
and
13 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
3 changes: 1 addition & 2 deletions
3
LayoutTests/dom/xhtml/level2/html/HTMLFormElement10-expected.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,2 +1 @@ | ||
Test http://www.w3.org/2001/DOM-Test-Suite/level2/html/HTMLFormElement10 | ||
Status Success | ||
|
2 changes: 1 addition & 1 deletion
2
LayoutTests/fast/dom/Window/dom-access-from-closure-iframe-expected.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2 changes: 1 addition & 1 deletion
2
LayoutTests/fast/dom/Window/dom-access-from-closure-window-expected.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
9 changes: 9 additions & 0 deletions
9
LayoutTests/http/tests/security/cross-frame-access-document-direct-expected.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
Test cross-origin direct document access. | ||
|
||
|
||
|
||
-------- | ||
Frame: 'theFrame' | ||
-------- | ||
PASS: Cross origin direct document access denied. | ||
|
20 changes: 20 additions & 0 deletions
20
LayoutTests/http/tests/security/cross-frame-access-document-direct.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
<script> | ||
if (window.layoutTestController) { | ||
layoutTestController.dumpAsText(); | ||
layoutTestController.dumpChildFramesAsText(); | ||
layoutTestController.waitUntilDone(); | ||
} | ||
|
||
addEventListener("message", function() { | ||
// Call injected function. | ||
attack(); | ||
|
||
// Post message to victim to check if it was accessed. | ||
document.getElementById('theFrame').contentWindow.postMessage("test", "*"); | ||
}, false); | ||
</script> | ||
<body> | ||
<p>Test cross-origin direct document access.</p> | ||
<iframe id="theFrame" src="resources/cross-frame-iframe-for-document-direct-test.html"></iframe> | ||
</body> | ||
</html> |
23 changes: 23 additions & 0 deletions
23
...sts/http/tests/security/resources/cross-frame-iframe-for-document-direct-test-victim.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
<script> | ||
function log(msg) | ||
{ | ||
document.getElementById("console").appendChild(document.createTextNode(msg + "\n")); | ||
} | ||
|
||
onload = function() | ||
{ | ||
parent.postMessage("finishedLoading", "*"); | ||
} | ||
|
||
addEventListener("message", function() { | ||
if (document.fail) { | ||
log("FAIL: Cross origin direct document access allowed."); | ||
} else { | ||
log("PASS: Cross origin direct document access denied."); | ||
} | ||
|
||
if (window.layoutTestController) | ||
layoutTestController.notifyDone(); | ||
}, false); | ||
</script> | ||
<pre id="console"></pre> |
6 changes: 6 additions & 0 deletions
6
LayoutTests/http/tests/security/resources/cross-frame-iframe-for-document-direct-test.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
<script> | ||
parent.attack = function() { | ||
document.fail = "FAIL"; | ||
} | ||
window.location = "http://localhost:8000/security/resources/cross-frame-iframe-for-document-direct-test-victim.html"; | ||
</script> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters