Commit 8fa93cc1 authored by ap@apple.com's avatar ap@apple.com

Layout Test http/tests/security/canvas-remote-read-remote-image-redirect.html is flaky

https://bugs.webkit.org/show_bug.cgi?id=121458

Reviewed by Sam Weinig.

Source/WebCore:

The code to automagically produce line numbers is quite fragile. Added some FIXMEs,
and added an issue that was making reporting flaky for code is JS event handlers
executed while parsing was paused.

* page/PageConsole.cpp: (WebCore::PageConsole::addMessage): Use actual "script is
running" check instead of "parsing a script element" one.

LayoutTests:

* fast/frames/sandboxed-iframe-attribute-parsing-06-expected.txt:
* fast/frames/sandboxed-iframe-attribute-parsing-07-expected.txt:
* fast/frames/sandboxed-iframe-attribute-parsing-08-expected.txt:
* fast/frames/sandboxed-iframe-attribute-parsing-09-expected.txt:
* fast/frames/sandboxed-iframe-attribute-parsing-10-expected.txt:
* fast/frames/sandboxed-iframe-attribute-parsing-11-expected.txt:
* fast/frames/sandboxed-iframe-attribute-parsing-12-expected.txt:
* fast/frames/sandboxed-iframe-attribute-parsing-13-expected.txt:
* fast/frames/sandboxed-iframe-attribute-parsing-14-expected.txt:
* fast/frames/sandboxed-iframe-parsing-space-characters-expected.txt:
* fast/frames/sandboxed-iframe-scripting-04-expected.txt:
* http/tests/security/contentSecurityPolicy/sandbox-empty-expected.txt:
* http/tests/security/contentSecurityPolicy/sandbox-empty-subframe-expected.txt:
* http/tests/security/contentSecurityPolicy/sandbox-in-http-header-control-expected.txt:
* http/tests/security/contentSecurityPolicy/sandbox-in-http-header-expected.txt:
* http/tests/security/contentSecurityPolicy/sandbox-invalid-header-expected.txt:
* http/tests/security/isolatedWorld/sandboxed-iframe-expected.txt:
* media/video-controls-no-scripting-expected.txt:
We now get a line number for blocked inline scripts, which is a progression.
It is the line number for the closing </script>, which is not ideal, but better
than nothing.

* http/tests/security/mixedContent/insecure-script-in-iframe-expected.txt:
* http/tests/security/mixedContent/redirect-http-to-https-script-in-iframe-expected.txt:
Also a progression - we now get a line number for offending <script>.


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@156130 268f45cc-cd09-0410-ab3c-d52691b4dbfc
parent e9e3b91b
2013-09-19 Alexey Proskuryakov <ap@apple.com>
Layout Test http/tests/security/canvas-remote-read-remote-image-redirect.html is flaky
https://bugs.webkit.org/show_bug.cgi?id=121458
Reviewed by Sam Weinig.
* fast/frames/sandboxed-iframe-attribute-parsing-06-expected.txt:
* fast/frames/sandboxed-iframe-attribute-parsing-07-expected.txt:
* fast/frames/sandboxed-iframe-attribute-parsing-08-expected.txt:
* fast/frames/sandboxed-iframe-attribute-parsing-09-expected.txt:
* fast/frames/sandboxed-iframe-attribute-parsing-10-expected.txt:
* fast/frames/sandboxed-iframe-attribute-parsing-11-expected.txt:
* fast/frames/sandboxed-iframe-attribute-parsing-12-expected.txt:
* fast/frames/sandboxed-iframe-attribute-parsing-13-expected.txt:
* fast/frames/sandboxed-iframe-attribute-parsing-14-expected.txt:
* fast/frames/sandboxed-iframe-parsing-space-characters-expected.txt:
* fast/frames/sandboxed-iframe-scripting-04-expected.txt:
* http/tests/security/contentSecurityPolicy/sandbox-empty-expected.txt:
* http/tests/security/contentSecurityPolicy/sandbox-empty-subframe-expected.txt:
* http/tests/security/contentSecurityPolicy/sandbox-in-http-header-control-expected.txt:
* http/tests/security/contentSecurityPolicy/sandbox-in-http-header-expected.txt:
* http/tests/security/contentSecurityPolicy/sandbox-invalid-header-expected.txt:
* http/tests/security/isolatedWorld/sandboxed-iframe-expected.txt:
* media/video-controls-no-scripting-expected.txt:
We now get a line number for blocked inline scripts, which is a progression.
It is the line number for the closing </script>, which is not ideal, but better
than nothing.
* http/tests/security/mixedContent/insecure-script-in-iframe-expected.txt:
* http/tests/security/mixedContent/redirect-http-to-https-script-in-iframe-expected.txt:
Also a progression - we now get a line number for offending <script>.
2013-09-19 Bear Travis <betravis@adobe.com>
CSS_SHAPES not supported on AppleWin port
CONSOLE MESSAGE: line 9: Error while parsing the 'sandbox' attribute: 'allowscripts' is an invalid sandbox flag.
CONSOLE MESSAGE: Blocked script execution in 'sandboxed-iframe-attribute-parsing-disallowed.html' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
CONSOLE MESSAGE: line 4: Blocked script execution in 'sandboxed-iframe-attribute-parsing-disallowed.html' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
Misspelling.
......
CONSOLE MESSAGE: line 9: Error while parsing the 'sandbox' attribute: 'allows-cripts' is an invalid sandbox flag.
CONSOLE MESSAGE: Blocked script execution in 'sandboxed-iframe-attribute-parsing-disallowed.html' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
CONSOLE MESSAGE: line 4: Blocked script execution in 'sandboxed-iframe-attribute-parsing-disallowed.html' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
Misspelling.
......
CONSOLE MESSAGE: line 9: Error while parsing the 'sandbox' attribute: '-allow-scripts' is an invalid sandbox flag.
CONSOLE MESSAGE: Blocked script execution in 'sandboxed-iframe-attribute-parsing-disallowed.html' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
CONSOLE MESSAGE: line 4: Blocked script execution in 'sandboxed-iframe-attribute-parsing-disallowed.html' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
Misspelling.
......
CONSOLE MESSAGE: line 9: Error while parsing the 'sandbox' attribute: 'allow_scripts' is an invalid sandbox flag.
CONSOLE MESSAGE: Blocked script execution in 'sandboxed-iframe-attribute-parsing-disallowed.html' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
CONSOLE MESSAGE: line 4: Blocked script execution in 'sandboxed-iframe-attribute-parsing-disallowed.html' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
Misspelling.
......
CONSOLE MESSAGE: line 9: Error while parsing the 'sandbox' attribute: 'allowScripts' is an invalid sandbox flag.
CONSOLE MESSAGE: Blocked script execution in 'sandboxed-iframe-attribute-parsing-disallowed.html' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
CONSOLE MESSAGE: line 4: Blocked script execution in 'sandboxed-iframe-attribute-parsing-disallowed.html' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
Misspelling.
......
CONSOLE MESSAGE: line 9: Error while parsing the 'sandbox' attribute: 'aallow-scripts' is an invalid sandbox flag.
CONSOLE MESSAGE: Blocked script execution in 'sandboxed-iframe-attribute-parsing-disallowed.html' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
CONSOLE MESSAGE: line 4: Blocked script execution in 'sandboxed-iframe-attribute-parsing-disallowed.html' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
Misspelling.
......
CONSOLE MESSAGE: line 9: Error while parsing the 'sandbox' attribute: 'allow-scriptss' is an invalid sandbox flag.
CONSOLE MESSAGE: Blocked script execution in 'sandboxed-iframe-attribute-parsing-disallowed.html' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
CONSOLE MESSAGE: line 4: Blocked script execution in 'sandboxed-iframe-attribute-parsing-disallowed.html' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
Misspelling.
......
CONSOLE MESSAGE: line 9: Error while parsing the 'sandbox' attribute: 'allow-script' is an invalid sandbox flag.
CONSOLE MESSAGE: Blocked script execution in 'sandboxed-iframe-attribute-parsing-disallowed.html' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
CONSOLE MESSAGE: line 4: Blocked script execution in 'sandboxed-iframe-attribute-parsing-disallowed.html' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
Misspelling.
......
CONSOLE MESSAGE: Blocked script execution in 'sandboxed-iframe-attribute-parsing-disallowed.html' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
CONSOLE MESSAGE: line 4: Blocked script execution in 'sandboxed-iframe-attribute-parsing-disallowed.html' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
Full sandbox.
......
ALERT: PASS: Form feed is a delimiter.
CONSOLE MESSAGE: Error while parsing the 'sandbox' attribute: 'allow-scripts allow-forms' is an invalid sandbox flag.
CONSOLE MESSAGE: Blocked script execution in 'data:text/html,<script>alert('FAIL: Vertical tab is not a delimiter.');</script>' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
CONSOLE MESSAGE: line 1: Blocked script execution in 'data:text/html,<script>alert('FAIL: Vertical tab is not a delimiter.');</script>' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
ALERT: PASS: Newline is a delimiter.
ALERT: PASS: Return is a delimiter.
CONSOLE MESSAGE: Error while parsing the 'sandbox' attribute: 'allow-scriptsxallow-forms' is an invalid sandbox flag.
CONSOLE MESSAGE: Blocked script execution in 'data:text/html,<script>alert('FAIL: x is not a delimiter.');</script>' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
CONSOLE MESSAGE: line 1: Blocked script execution in 'data:text/html,<script>alert('FAIL: x is not a delimiter.');</script>' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
ALERT: PASS: Tab is a delimiter.
ALERT: PASS: Space is a delimiter character.
This tests whether we correct parse various space characters in the sandbox attribute.
......
CONSOLE MESSAGE: Blocked script execution in 'data:text/html,<script>alert('FAIL: Executed script without allow-scripts in data URL');window.parent.postMessage({'fail': true}, '*');</script>' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
CONSOLE MESSAGE: line 1: Blocked script execution in 'data:text/html,<script>alert('FAIL: Executed script without allow-scripts in data URL');window.parent.postMessage({'fail': true}, '*');</script>' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
Verify that sandboxed frames without sandbox='allow-scripts' cannot execute script from data: URLs.
On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
......
CONSOLE MESSAGE: Blocked script execution in 'http://127.0.0.1:8000/security/contentSecurityPolicy/sandbox-empty.html' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
CONSOLE MESSAGE: line 9: Blocked script execution in 'http://127.0.0.1:8000/security/contentSecurityPolicy/sandbox-empty.html' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
This test passes if it doesn't alert fail.
CONSOLE MESSAGE: Blocked script execution in 'data:text/html,<script>alert('FAIL');</script>' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
CONSOLE MESSAGE: line 1: Blocked script execution in 'data:text/html,<script>alert('FAIL');</script>' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
This test passes if it doesn't alert fail.
CONSOLE MESSAGE: Blocked script execution in 'http://127.0.0.1:8000/security/contentSecurityPolicy/resources/sandbox.php?sandbox=allow-top-navigation%20allow-same-origin' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
CONSOLE MESSAGE: line 6: Blocked script execution in 'http://127.0.0.1:8000/security/contentSecurityPolicy/resources/sandbox.php?sandbox=allow-top-navigation%20allow-same-origin' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
ALERT: PASS: Iframe was not in a unique origin
CONSOLE MESSAGE: Blocked script execution in 'http://127.0.0.1:8000/security/contentSecurityPolicy/resources/sandbox.php?sandbox=allow-top-navigation' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
CONSOLE MESSAGE: line 6: Blocked script execution in 'http://127.0.0.1:8000/security/contentSecurityPolicy/resources/sandbox.php?sandbox=allow-top-navigation' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
CONSOLE MESSAGE: Sandbox access violation: Blocked a frame at "http://127.0.0.1:8000" from accessing a frame at "http://127.0.0.1:8000". The frame being accessed is sandboxed and lacks the "allow-same-origin" flag.
ALERT: PASS: Iframe was in a unique origin
CONSOLE MESSAGE: Error while parsing the 'sandbox' Content Security Policy directive: 'allowScript' is an invalid sandbox flag.
CONSOLE MESSAGE: Blocked script execution in 'http://127.0.0.1:8000/security/contentSecurityPolicy/resources/sandbox.php?sandbox=allowScript' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
CONSOLE MESSAGE: line 6: Blocked script execution in 'http://127.0.0.1:8000/security/contentSecurityPolicy/resources/sandbox.php?sandbox=allowScript' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
CONSOLE MESSAGE: Blocked script execution in 'http://127.0.0.1:8000/security/isolatedWorld/resources/fail.html' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
CONSOLE MESSAGE: line 3: Blocked script execution in 'http://127.0.0.1:8000/security/isolatedWorld/resources/fail.html' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
ALERT: PASS
Test that executing scripts in an isolated world works even inside sandboxed iframes. The test passes, if an alert with the text "PASS" is shown.
......
CONSOLE MESSAGE: The page at https://127.0.0.1:8443/security/mixedContent/resources/frame-with-insecure-script.html ran insecure content from http://127.0.0.1:8080/security/mixedContent/resources/script.js.
CONSOLE MESSAGE: line 1: The page at https://127.0.0.1:8443/security/mixedContent/resources/frame-with-insecure-script.html ran insecure content from http://127.0.0.1:8080/security/mixedContent/resources/script.js.
This test loads a secure iframe that loads an insecure script. We should trigger a mixed content callback even though the main frame is HTTP because the HTTPS frame's origin is contaminated with an insecure script.
......
frame "<!--framePath //<!--frame0-->-->" - didStartProvisionalLoadForFrame
main frame - didFinishDocumentLoadForFrame
frame "<!--framePath //<!--frame0-->-->" - didCommitLoadForFrame
CONSOLE MESSAGE: The page at https://127.0.0.1:8443/security/mixedContent/resources/frame-with-redirect-http-to-https-script.html ran insecure content from http://127.0.0.1:8080/resources/redirect.php?url=https://127.0.0.1:8443/security/mixedContent/resources/script.js.
CONSOLE MESSAGE: line 1: The page at https://127.0.0.1:8443/security/mixedContent/resources/frame-with-redirect-http-to-https-script.html ran insecure content from http://127.0.0.1:8080/resources/redirect.php?url=https://127.0.0.1:8443/security/mixedContent/resources/script.js.
didRunInsecureContent
frame "<!--framePath //<!--frame0-->-->" - didFinishDocumentLoadForFrame
......
CONSOLE MESSAGE: Blocked script execution in 'video-controls-no-scripting-iframe.html' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
CONSOLE MESSAGE: line 10: Blocked script execution in 'video-controls-no-scripting-iframe.html' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
CONSOLE MESSAGE: line 13: Blocked script execution in 'video-controls-no-scripting-iframe.html' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
Tests that the built-in controls are always enabled when JavaScript is disabled.
......
2013-09-19 Alexey Proskuryakov <ap@apple.com>
Layout Test http/tests/security/canvas-remote-read-remote-image-redirect.html is flaky
https://bugs.webkit.org/show_bug.cgi?id=121458
Reviewed by Sam Weinig.
The code to automagically produce line numbers is quite fragile. Added some FIXMEs,
and added an issue that was making reporting flaky for code is JS event handlers
executed while parsing was paused.
* page/PageConsole.cpp: (WebCore::PageConsole::addMessage): Use actual "script is
running" check instead of "parsing a script element" one.
2013-09-18 Ryosuke Niwa <rniwa@webkit.org>
Remove superfluous CSSLinearTimingFunctionValue and use switch on TimingFunction::type() in more places
......@@ -37,6 +37,7 @@
#include "Frame.h"
#include "InspectorConsoleInstrumentation.h"
#include "InspectorController.h"
#include "JSMainThreadExecState.h"
#include "Page.h"
#include "ScriptArguments.h"
#include "ScriptCallStack.h"
......@@ -136,11 +137,15 @@ void PageConsole::addMessage(MessageSource source, MessageLevel level, const Str
String url;
if (document)
url = document->url().string();
// FIXME: <http://webkit.org/b/114319> PageConsole::addMessage should automatically determine column number alongside line number
// FIXME: <http://webkit.org/b/114319> PageConsole::addMessage should automatically determine column number alongside line number.
// FIXME: The below code attempts to determine line numbers for parser generated errors, but this is not the only reason why we can get here.
// For example, if we are still parsing and get a WebSocket network error, it will be erroneously attributed to a line where parsing was paused.
// Also, we should determine line numbers for script generated messages (e.g. calling getImageData on a canvas).
// We probably need to split this function into multiple ones, as appropriate for different call sites. Or maybe decide based on MessageSource.
unsigned line = 0;
if (document && document->parsing() && !document->isInDocumentWrite() && document->scriptableDocumentParser()) {
ScriptableDocumentParser* parser = document->scriptableDocumentParser();
if (!parser->isWaitingForScripts() && !parser->isExecutingScript())
if (!parser->isWaitingForScripts() && !JSMainThreadExecState::currentState())
line = parser->lineNumber().oneBasedInt();
}
addMessage(source, level, message, url, line, 0, 0, 0, requestIdentifier);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment