Commit a3a48766 authored by weinig@apple.com's avatar weinig@apple.com

2008-06-07 Sam Weinig <sam@webkit.org>

        Reviewed by Dan Bernstein.

        Fix random failures of XSS tests by using window.postMessage().

        * http/tests/security/dataURL/xss-DENIED-to-data-url-sub-frame-expected.txt:
        * http/tests/security/dataURL/xss-DENIED-to-data-url-sub-frame-uppercase.html:
        * http/tests/security/dataURL/xss-DENIED-to-data-url-sub-frame.html:
        * http/tests/security/javascriptURL/xss-ALLOWED-to-javascript-url-sub-frame.html:
        * http/tests/security/resources/cross-frame-access.js:
        * http/tests/security/resources/cross-frame-iframe-with-explicit-domain-set.html:
        * http/tests/security/resources/cross-frame-iframe.html:
        * platform/mac-leopard/http/tests/security/dataURL/xss-DENIED-to-data-url-sub-frame-uppercase-expected.txt:



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@34431 268f45cc-cd09-0410-ab3c-d52691b4dbfc
parent 8e72b23f
2008-06-07 Sam Weinig <sam@webkit.org>
Reviewed by Dan Bernstein.
Fix random failures of XSS tests by using window.postMessage().
* http/tests/security/dataURL/xss-DENIED-to-data-url-sub-frame-expected.txt:
* http/tests/security/dataURL/xss-DENIED-to-data-url-sub-frame-uppercase.html:
* http/tests/security/dataURL/xss-DENIED-to-data-url-sub-frame.html:
* http/tests/security/javascriptURL/xss-ALLOWED-to-javascript-url-sub-frame.html:
* http/tests/security/resources/cross-frame-access.js:
* http/tests/security/resources/cross-frame-iframe-with-explicit-domain-set.html:
* http/tests/security/resources/cross-frame-iframe.html:
* platform/mac-leopard/http/tests/security/dataURL/xss-DENIED-to-data-url-sub-frame-uppercase-expected.txt:
2008-06-07 Dan Bernstein <mitz@apple.com>
Reviewed by Sam Weinig.
CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL data:text/html,%3Chtml%3E%3Cbody%3E%3Cp%20id='accessMe'%3E%3C/p%3E%3Cp%3EInner%20iframe.%3C/p%3E%3C/body%3E%3C/html%3E from frame with URL http://127.0.0.1:8000/security/dataURL/xss-DENIED-to-data-url-sub-frame.html. Domains, protocols and ports must match.
CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL data:text/html,%3Chtml%3E%3Cscript%3Eonload%20=%20function()%20{%20parent.postMessage('LOADED',%20'*');%20}%20%3C/script%3E%3Cbody%3E%3Cp%20id='accessMe'%3E%3C/p%3E%3Cp%3EInner%20iframe.%3C/p%3E%3C/body%3E%3C/html%3E from frame with URL http://127.0.0.1:8000/security/dataURL/xss-DENIED-to-data-url-sub-frame.html. Domains, protocols and ports must match.
This tests that the main frame can't access the contents of an iframe that contains a data: URL loaded page
......
......@@ -8,7 +8,7 @@
<iframe id="aFrame"></iframe>
<pre id="console"></pre>
<script>
var url = "DATA:text/html,<html><body><p id=\'accessMe\'></p><p>Inner iframe.</p></body></html>";
var url = "DATA:text/html,<html><scr" + "ipt>onload = function() { parent.postMessage(\'LOADED\', \'*\'); } </scr" + "ipt><body><p id=\'accessMe\'></p><p>Inner iframe.</p></body></html>";
var iframeId ="aFrame";
var passMessage = "PASS: Cross frame access to a DATA: URL was denied.";
var failMessage = "FAIL: Cross frame access to a DATA: URL was allowed.";
......
......@@ -7,7 +7,7 @@
<iframe id="aFrame"></iframe>
<pre id="console"></pre>
<script>
var url = "data:text/html,<html><body><p id=\'accessMe\'></p><p>Inner iframe.</p></body></html>";
var url = "data:text/html,<html><scr" + "ipt>onload = function() { parent.postMessage(\'LOADED\', \'*\'); } </scr" + "ipt><body><p id=\'accessMe\'></p><p>Inner iframe.</p></body></html>";
var iframeId ="aFrame";
var passMessage = "PASS: Cross frame access to a data: URL was denied.";
var failMessage = "FAIL: Cross frame access to a data: URL was allowed.";
......
......@@ -7,7 +7,7 @@
<iframe id="aFrame"></iframe>
<pre id="console"></pre>
<script>
var url = "javascript:\"<html><body><p id=\'accessMe\'></p><p>Inner iframe.</p></body></html>\"";
var url = "javascript:\"<html><scr" + "ipt>onload = function() { parent.postMessage(\'LOADED\', \'*\'); } </scr" + "ipt><body><p id=\'accessMe\'></p><p>Inner iframe.</p></body></html>\"";
var iframeId ="aFrame";
var passMessage = "PASS: Cross frame access to a javascript: URL was allowed!";
var failMessage = "FAIL: Cross frame access to a javascript: URL was denied.";
......
......@@ -95,13 +95,26 @@ function toString(expression, valueForException)
// Frame Access Tests
function canAccessFrame(iframeURL, iframeId, passMessage, failMessage) {
function canAccessFrame(iframeURL, iframeId, passMessage, failMessage)
{
if (window.layoutTestController) {
layoutTestController.dumpAsText();
layoutTestController.dumpChildFramesAsText();
layoutTestController.waitUntilDone();
}
window.addEventListener("message", function(event) {
if (event.data == "LOADED") {
test();
}
}, false);
var runawayTimer = setTimeout(function() {
log("FAIL: Subframe did not finish loading.");
if (window.layoutTestController)
layoutTestController.notifyDone();
}, 2000);
var targetWindow = frames[0];
if (!targetWindow.document.body)
log("FAIL: targetWindow started with no document, we won't know if the test passed or failed.");
......@@ -109,45 +122,48 @@ function canAccessFrame(iframeURL, iframeId, passMessage, failMessage) {
var iframe = document.getElementById(iframeId);
iframe.src = iframeURL;
var testDone = false;
setTimeout(test, 1);
setTimeout(function() {
if (!testDone) {
log(failMessage);
if (window.layoutTestController)
layoutTestController.notifyDone();
}
}, 2000);
function test() {
function test()
{
try {
if (targetWindow.document.body) {
if (targetWindow.document.getElementById('accessMe')) {
targetWindow.document.getElementById('accessMe').innerHTML = passMessage;
log(passMessage);
testDone = true;
if (window.layoutTestController)
layoutTestController.notifyDone();
return;
}
if (targetWindow.document && targetWindow.document.getElementById('accessMe')) {
targetWindow.document.getElementById('accessMe').innerHTML = passMessage;
log(passMessage);
clearTimeout(runawayTimer);
if (window.layoutTestController)
layoutTestController.notifyDone();
return;
}
} catch (e) {
log("In catch");
}
setTimeout(test, 1);
log(failMessage);
clearTimeout(runawayTimer);
if (window.layoutTestController)
layoutTestController.notifyDone();
}
}
function cannotAccessFrame(iframeURL, iframeId, passMessage, failMessage) {
function cannotAccessFrame(iframeURL, iframeId, passMessage, failMessage)
{
if (window.layoutTestController) {
layoutTestController.dumpAsText();
layoutTestController.dumpChildFramesAsText();
layoutTestController.waitUntilDone();
}
window.addEventListener("message", function(event) {
if (event.data == "LOADED") {
test();
}
}, false);
var runawayTimer = setTimeout(function() {
log("FAIL: Subframe did not finish loading.");
if (window.layoutTestController)
layoutTestController.notifyDone();
}, 2000);
var targetWindow = frames[0];
if (!targetWindow.document.body)
log("FAIL: targetWindow started with no document, we won't know if the test passed or failed.");
......@@ -155,41 +171,22 @@ function cannotAccessFrame(iframeURL, iframeId, passMessage, failMessage) {
var iframe = document.getElementById(iframeId);
iframe.src = iframeURL;
var testDone = false;
setTimeout(test, 1);
setTimeout(function() {
if (!testDone) {
log(failMessage);
window.stop();
if (window.layoutTestController)
layoutTestController.notifyDone();
}
}, 2000);
function test() {
function test()
{
try {
if (targetWindow.document.body) {
if (targetWindow.document.getElementById('accessMe')) {
targetWindow.document.getElementById('accessMe').innerHTML = failMessage;
log(failMessage);
testDone = true;
window.stop();
if (window.layoutTestController)
layoutTestController.notifyDone();
return;
}
setTimeout(test, 1);
if (targetWindow.document && targetWindow.document.getElementById('accessMe')) {
targetWindow.document.getElementById('accessMe').innerHTML = failMessage;
log(failMessage);
clearTimeout(runawayTimer);
if (window.layoutTestController)
layoutTestController.notifyDone();
return;
}
} catch (e) {
}
log(passMessage);
testDone = true;
window.stop();
clearTimeout(runawayTimer);
if (window.layoutTestController)
layoutTestController.notifyDone();
}
......
......@@ -2,6 +2,7 @@
<head>
<script>
document.domain = "127.0.0.1";
parent.postMessage("LOADED", "*");
</script>
</head>
<body>
......
......@@ -3,6 +3,7 @@
<script>
function fireSentinel()
{
parent.postMessage("LOADED", "*");
if (window.layoutTestController)
layoutTestController.globalFlag = true;
}
......
This tests that the main frame can't access the contents of an iframe that contains a data: URL loaded page using the uppercased variant DATA:
FAIL: Cross frame access to a DATA: URL was allowed.
FAIL: Subframe did not finish loading.
--------
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment