Commit 81045559 authored by haraken@chromium.org's avatar haraken@chromium.org

Replace [CheckNodeSecurity] with [CheckAccessToNode]

https://bugs.webkit.org/show_bug.cgi?id=77971

Reviewed by Adam Barth.

Source/WebCore:

[CheckNodeSecurity] is not implemented by code generators.
This patch replaces [CheckNodeSecurity] with [CheckAccessToNode].

Test: http/tests/security/cross-frame-access-frameelement.html

* page/DOMWindow.idl:

LayoutTests:

The added test checks if frameElement is accessible from the same or cross origin iframe.

* http/tests/security/cross-frame-access-frameelement-expected.txt: Added.
* http/tests/security/cross-frame-access-frameelement.html: Added.
* http/tests/security/resources/cross-frame-access-frameelement-from-iframe.html: Added.
* platform/chromium/http/tests/security/cross-frame-access-put-expected.txt: Updated the test result.


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@107046 268f45cc-cd09-0410-ab3c-d52691b4dbfc
parent c68e66d8
2012-02-08 Kentaro Hara <haraken@chromium.org>
Replace [CheckNodeSecurity] with [CheckAccessToNode]
https://bugs.webkit.org/show_bug.cgi?id=77971
Reviewed by Adam Barth.
The added test checks if frameElement is accessible from the same or cross origin iframe.
* http/tests/security/cross-frame-access-frameelement-expected.txt: Added.
* http/tests/security/cross-frame-access-frameelement.html: Added.
* http/tests/security/resources/cross-frame-access-frameelement-from-iframe.html: Added.
* platform/chromium/http/tests/security/cross-frame-access-put-expected.txt: Updated the test result.
2012-02-07 Robert Kroeger <rjkroege@chromium.org>
[chromium] Remove unnecessary Chromium gesture recognizer tests.
CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/cross-frame-access-frameelement.html from frame with URL http://127.0.0.1:8080/security/resources/cross-frame-access-frameelement-from-iframe.html. Domains, protocols and ports must match.
This test checks if frameElement is accessible from the same or cross origin iframe.
--------
Frame: '<!--framePath //<!--frame0-->-->'
--------
[object HTMLIFrameElement]
--------
Frame: '<!--framePath //<!--frame1-->-->'
--------
undefined
<html>
<head>
<script>
if (window.layoutTestController) {
layoutTestController.dumpAsText();
layoutTestController.dumpChildFramesAsText();
}
</script>
</head>
<body>
<p>This test checks if frameElement is accessible from the same or cross origin iframe.</p>
<iframe src="resources/cross-frame-access-frameelement-from-iframe.html"></iframe>
<iframe src="http://127.0.0.1:8080/security/resources/cross-frame-access-frameelement-from-iframe.html"></iframe>
</body>
</html>
<body>
<div id="console"></div>
<script src="cross-frame-access.js"></script>
<script>
log(eval("window.frameElement"));
</script>
</body>
CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/cross-frame-access-put.html from frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-put-test.html. Domains, protocols and ports must match.
CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-put-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-put.html. Domains, protocols and ports must match.
CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-put-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-put.html. Domains, protocols and ports must match.
......@@ -483,7 +485,9 @@ ALERT: PASS: window.devicePixelRatio should be '1' and is.
ALERT: PASS: window.document should be '[object HTMLDocument]' and is.
ALERT: PASS: window.embeds should be 'undefined' and is.
ALERT: PASS: window.event should be 'undefined' and is.
ALERT: PASS: window.frameElement should be '[object HTMLIFrameElement]' and is.
CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/cross-frame-access-put.html from frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-put-test.html. Domains, protocols and ports must match.
ALERT: PASS: window.frameElement should be 'undefined' and is.
ALERT: PASS: window.frames should be '[object DOMWindow]' and is.
ALERT: PASS: window.history should be '[object History]' and is.
ALERT: PASS: window.images should be 'undefined' and is.
......
2012-02-08 Kentaro Hara <haraken@chromium.org>
Replace [CheckNodeSecurity] with [CheckAccessToNode]
https://bugs.webkit.org/show_bug.cgi?id=77971
Reviewed by Adam Barth.
[CheckNodeSecurity] is not implemented by code generators.
This patch replaces [CheckNodeSecurity] with [CheckAccessToNode].
Test: http/tests/security/cross-frame-access-frameelement.html
* page/DOMWindow.idl:
2012-02-08 Kentaro Hara <haraken@chromium.org>
Rename [CustomPushEventHandlerScope] to [JSCustomPushEventHandlerScope]
......@@ -60,7 +60,7 @@ module window {
DOMSelection getSelection();
readonly attribute [CheckNodeSecurity] Element frameElement;
readonly attribute [CheckAccessToNode] Element frameElement;
[DoNotCheckDomainSecurity] void focus();
[DoNotCheckDomainSecurity] void blur();
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment