Skip to content
Find file Blame History Permalink
  • abarth@webkit.org's avatar
    Implement allow-popups for iframe@sandbox · 82d25a44
    abarth@webkit.org authored 
    https://bugs.webkit.org/show_bug.cgi?id=66505

Reviewed by Eric Seidel.

Source/WebCore: 

There's been some discussion in the HTML working group about adding an
allow-popups directive to the iframe sandbox.  Microsoft has added it
to IE10 platform preview and is fairly adamant about this feature
because it's needed by one or their products that's planning to use
iframe sandbox.  Hixie says he'll add it to the spec once we implement
it, so here's our implementation.  (See discussion in the W3C linked in
the bug for more details.)

This patch lands most of the infrastructure for this feature, but it
doesn't actually enable the feature.  I'll enable it in a follow-up
patch.

Tests: http/tests/security/popup-allowed-by-sandbox-is-sandboxed-control.html
       http/tests/security/popup-allowed-by-sandbox-is-sandboxed.html
       http/tests/security/popup-allowed-by-sandbox-when-allowed.html

* html/HTMLIFrameElement.cpp:
(WebCore::HTMLIFrameElement::parseMappedAttribute):
* loader/FrameLoader.h:
(WebCore::FrameLoader::forceSandboxFlags):
* loader/FrameLoaderTypes.h:
* page/SecurityOrigin.cpp:
(WebCore::SecurityOrigin::parseSandboxPolicy):
* page/SecurityOrigin.h:
(WebCore::SecurityOrigin::sandboxFlags):
* svg/graphics/SVGImage.cpp:
(WebCore::SVGImage::dataChanged):

LayoutTests: 

Test that the allow-popups directive works as expected.  Note:
no-popup-from-sandbox.html verifies that we still block popups without
the directive.

These tests currently have expected.txt results that show failures, but
they will pass once this feature is enabled.

* http/tests/security/popup-allowed-by-sandbox-is-sandboxed-control-expected.txt: Added.
* http/tests/security/popup-allowed-by-sandbox-is-sandboxed-control.html: Added.
* http/tests/security/popup-allowed-by-sandbox-is-sandboxed-expected.txt: Added.
* http/tests/security/popup-allowed-by-sandbox-is-sandboxed.html: Added.
* http/tests/security/popup-allowed-by-sandbox-when-allowed-expected.txt: Added.
* http/tests/security/popup-allowed-by-sandbox-when-allowed.html: Added.


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@99228 268f45cc-cd09-0410-ab3c-d52691b4dbfc
    82d25a44