Commit 56813fa6 authored by abarth@webkit.org's avatar abarth@webkit.org

2011-05-13 Adam Barth <abarth@webkit.org>

        Reviewed by Eric Seidel.

        iframe sandbox doesn't properly block popups
        https://bugs.webkit.org/show_bug.cgi?id=60784

        Test that we block popup windows from inside sandbox.

        * http/tests/security/no-popup-from-sandbox-expected.txt: Added.
        * http/tests/security/no-popup-from-sandbox-top-expected.txt: Added.
        * http/tests/security/no-popup-from-sandbox-top.html: Added.
        * http/tests/security/no-popup-from-sandbox.html: Added.
2011-05-13  Adam Barth  <abarth@webkit.org>

        Reviewed by Eric Seidel.

        iframe sandbox doesn't properly block popups
        https://bugs.webkit.org/show_bug.cgi?id=60784

        Previously, we weren't implementing this requirement from the spec:

        "This flag also prevents content from creating new auxiliary browsing
        contexts, e.g. using the target attribute or the window.open() method."

        Tests: http/tests/security/no-popup-from-sandbox-top.html
               http/tests/security/no-popup-from-sandbox.html

        * loader/PolicyChecker.cpp:
        (WebCore::PolicyChecker::checkNewWindowPolicy):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@86462 268f45cc-cd09-0410-ab3c-d52691b4dbfc
parent 91cc070e
2011-05-13 Adam Barth <abarth@webkit.org>
Reviewed by Eric Seidel.
iframe sandbox doesn't properly block popups
https://bugs.webkit.org/show_bug.cgi?id=60784
Test that we block popup windows from inside sandbox.
* http/tests/security/no-popup-from-sandbox-expected.txt: Added.
* http/tests/security/no-popup-from-sandbox-top-expected.txt: Added.
* http/tests/security/no-popup-from-sandbox-top.html: Added.
* http/tests/security/no-popup-from-sandbox.html: Added.
2011-05-13 Ryosuke Niwa <rniwa@webkit.org>
Reviewed by Darin Adler.
ALERT: PASS
To run this test outside of DumpRenderTree, please disable your popup blocker!
ALERT: PASS
To run this test outside of DumpRenderTree, please disable your popup blocker!
<script>
if (window.layoutTestController) {
layoutTestController.dumpAsText();
layoutTestController.setCanOpenWindows(true);
}
</script>
<p>To run this test outside of DumpRenderTree, please disable your popup blocker!</p>
<iframe sandbox="allow-scripts"
src="data:text/html,
<script>
var win = window.open('about:blank', '_top');
alert(win ? 'FAIL' : 'PASS');
</script>"
></iframe>
<script>
if (window.layoutTestController) {
layoutTestController.dumpAsText();
layoutTestController.setCanOpenWindows(true);
}
</script>
<p>To run this test outside of DumpRenderTree, please disable your popup blocker!</p>
<iframe sandbox="allow-scripts"
src="data:text/html,
<script>
var win = window.open('about:blank', '_blank');
alert(win ? 'FAIL' : 'PASS');
</script>"
></iframe>
2011-05-13 Adam Barth <abarth@webkit.org>
Reviewed by Eric Seidel.
iframe sandbox doesn't properly block popups
https://bugs.webkit.org/show_bug.cgi?id=60784
Previously, we weren't implementing this requirement from the spec:
"This flag also prevents content from creating new auxiliary browsing
contexts, e.g. using the target attribute or the window.open() method."
Tests: http/tests/security/no-popup-from-sandbox-top.html
http/tests/security/no-popup-from-sandbox.html
* loader/PolicyChecker.cpp:
(WebCore::PolicyChecker::checkNewWindowPolicy):
2011-05-13 Ryosuke Niwa <rniwa@webkit.org>
Reviewed by Darin Adler.
......@@ -37,6 +37,7 @@
#include "FrameLoader.h"
#include "FrameLoaderClient.h"
#include "HTMLFormElement.h"
#include "SecurityOrigin.h"
namespace WebCore {
......@@ -92,6 +93,9 @@ void PolicyChecker::checkNavigationPolicy(const ResourceRequest& request, Docume
void PolicyChecker::checkNewWindowPolicy(const NavigationAction& action, NewWindowPolicyDecisionFunction function,
const ResourceRequest& request, PassRefPtr<FormState> formState, const String& frameName, void* argument)
{
if (m_frame->document() && m_frame->document()->securityOrigin()->isSandboxed(SandboxNavigation))
return continueAfterNavigationPolicy(PolicyIgnore);
m_callback.set(request, formState, frameName, action, function, argument);
m_frame->loader()->client()->dispatchDecidePolicyForNewWindowAction(&PolicyChecker::continueAfterNewWindowPolicy,
action, request, formState, frameName);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment