Commit b8a10552 authored by abarth@webkit.org's avatar abarth@webkit.org
Browse files

2009-12-01 Patrik Persson <patrik.j.persson@ericsson.com>

        Reviewed by Darin Adler.

        Implement HTML5 sandbox attribute for iframes.
        http://www.w3.org/TR/html5/text-level-semantics.html#attr-iframe-sandbox
        https://bugs.webkit.org/show_bug.cgi?id=21288

        * fast/frames/resources/non-sandboxed-iframe-navigation.html: Added.
        * fast/frames/resources/sandboxed-iframe-attribute-parsing-allowed.html: Added.
        * fast/frames/resources/sandboxed-iframe-attribute-parsing-disallowed.html: Added.
        * fast/frames/resources/sandboxed-iframe-form-allowed.html: Added.
        * fast/frames/resources/sandboxed-iframe-form-disallowed.html: Added.
        * fast/frames/resources/sandboxed-iframe-navigated.html: Added.
        * fast/frames/resources/sandboxed-iframe-navigation-child.html: Added.
        * fast/frames/resources/sandboxed-iframe-navigation-navigated.html: Added.
        * fast/frames/resources/sandboxed-iframe-navigation-parent.html: Added.
        * fast/frames/resources/sandboxed-iframe-navigation-source.html: Added.
        * fast/frames/resources/sandboxed-iframe-navigation-targetlink.html: Added.
        * fast/frames/resources/sandboxed-iframe-navigation-windowopen.html: Added.
        * fast/frames/resources/sandboxed-iframe-plugins-frame-applet.html: Added.
        * fast/frames/resources/sandboxed-iframe-plugins-frame-embed.html: Added.
        * fast/frames/resources/sandboxed-iframe-plugins-frame-object.html: Added.
        * fast/frames/resources/sandboxed-iframe-script-dynamic.html: Added.
        * fast/frames/resources/sandboxed-iframe-storage-allowed.html: Added.
        * fast/frames/resources/sandboxed-iframe-storage-disallowed.html: Added.
        * fast/frames/sandboxed-iframe-attribute-parsing-expected.txt: Added.
        * fast/frames/sandboxed-iframe-attribute-parsing.html: Added.
        * fast/frames/sandboxed-iframe-forms-expected.txt: Added.
        * fast/frames/sandboxed-iframe-forms.html: Added.
        * fast/frames/sandboxed-iframe-navigation-allowed-expected.txt: Added.
        * fast/frames/sandboxed-iframe-navigation-allowed.html: Added.
        * fast/frames/sandboxed-iframe-navigation-parent-expected.txt: Added.
        * fast/frames/sandboxed-iframe-navigation-parent.html: Added.
        * fast/frames/sandboxed-iframe-navigation-targetlink-expected.txt: Added.
        * fast/frames/sandboxed-iframe-navigation-targetlink.html: Added.
        * fast/frames/sandboxed-iframe-navigation-windowopen-expected.txt: Added.
        * fast/frames/sandboxed-iframe-navigation-windowopen.html: Added.
        * fast/frames/sandboxed-iframe-plugins-expected.txt: Added.
        * fast/frames/sandboxed-iframe-plugins.html: Added.
        * fast/frames/sandboxed-iframe-scripting-expected.txt: Added.
        * fast/frames/sandboxed-iframe-scripting.html: Added.
        * fast/frames/sandboxed-iframe-storage-expected.txt: Added.
        * fast/frames/sandboxed-iframe-storage.html: Added.
        * http/tests/security/resources/sandboxed-iframe-document-cookie-read-denied.html: Added.
        * http/tests/security/resources/sandboxed-iframe-modify-self.html: Added.
        * http/tests/security/resources/xss-DENIED-sandboxed-iframe-attacker.html: Added.
        * http/tests/security/sandboxed-iframe-document-cookie-expected.txt: Added.
        * http/tests/security/sandboxed-iframe-document-cookie.html: Added.
        * http/tests/security/sandboxed-iframe-modify-self-expected.txt: Added.
        * http/tests/security/sandboxed-iframe-modify-self.html: Added.
        * http/tests/security/xss-DENIED-sandboxed-iframe-expected.txt: Added.
        * http/tests/security/xss-DENIED-sandboxed-iframe.html: Added.
        * http/tests/xmlhttprequest/access-control-sandboxed-iframe-allow-expected.txt: Added.
        * http/tests/xmlhttprequest/access-control-sandboxed-iframe-allow.html: Added.
        * http/tests/xmlhttprequest/access-control-sandboxed-iframe-denied-expected.txt: Added.
        * http/tests/xmlhttprequest/access-control-sandboxed-iframe-denied-without-wildcard-expected.txt: Added.
        * http/tests/xmlhttprequest/access-control-sandboxed-iframe-denied-without-wildcard.html: Added.
        * http/tests/xmlhttprequest/access-control-sandboxed-iframe-denied.html: Added.
        * http/tests/xmlhttprequest/resources/access-control-sandboxed-iframe-allow-iframe.html: Added.
        * http/tests/xmlhttprequest/resources/access-control-sandboxed-iframe-allow.cgi: Added.
        * http/tests/xmlhttprequest/resources/access-control-sandboxed-iframe-denied-iframe.html: Added.
        * http/tests/xmlhttprequest/resources/access-control-sandboxed-iframe-denied-without-wildcard-iframe.html: Added.
        * http/tests/xmlhttprequest/resources/access-control-sandboxed-iframe-denied-without-wildcard.cgi: Added.
        * http/tests/xmlhttprequest/resources/access-control-sandboxed-iframe-denied.cgi: Added.
2009-12-01  Patrik Persson  <patrik.j.persson@ericsson.com>

        Reviewed by Darin Adler.

        Implement HTML5 sandbox attribute for iframes.
        http://www.w3.org/TR/html5/text-level-semantics.html#attr-iframe-sandbox
        https://bugs.webkit.org/show_bug.cgi?id=21288

        Tests: fast/frames/sandboxed-iframe-attribute-parsing.html
               fast/frames/sandboxed-iframe-forms.html
               fast/frames/sandboxed-iframe-navigation-allowed.html
               fast/frames/sandboxed-iframe-navigation-parent.html
               fast/frames/sandboxed-iframe-navigation-targetlink.html
               fast/frames/sandboxed-iframe-navigation-windowopen.html
               fast/frames/sandboxed-iframe-plugins.html
               fast/frames/sandboxed-iframe-scripting.html
               fast/frames/sandboxed-iframe-storage.html
               http/tests/security/sandboxed-iframe-document-cookie.html
               http/tests/security/sandboxed-iframe-modify-self.html
               http/tests/security/xss-DENIED-sandboxed-iframe.html
               http/tests/xmlhttprequest/access-control-sandboxed-iframe-allow.html
               http/tests/xmlhttprequest/access-control-sandboxed-iframe-denied-without-wildcard.html
               http/tests/xmlhttprequest/access-control-sandboxed-iframe-denied.html

        * bindings/js/JSDOMWindowCustom.cpp: sandboxing navigation
        (WebCore::createWindow):
        * bindings/js/ScriptController.cpp: sandboxing scripts
        (WebCore::ScriptController::isEnabled):
        * dom/Document.cpp:
        (WebCore::Document::processHttpEquiv):
        (WebCore::Document::cookie): raise exception when accessed from sandbox
        (WebCore::Document::setCookie): raise exception when accessed from sandbox
        (WebCore::Document::initSecurityContext): updae sandbox status
        (WebCore::Document::updateSandboxFlags):
        * dom/Document.h:
        * dom/Document.idl:
        * html/HTMLAppletElement.cpp: sandboxing applets
        (WebCore::HTMLAppletElement::createRenderer):
        (WebCore::HTMLAppletElement::renderWidgetForJSBindings):
        (WebCore::HTMLAppletElement::canEmbedJava):
        * html/HTMLAppletElement.h:
        * html/HTMLAttributeNames.in:
        * html/HTMLFrameOwnerElement.cpp: management of sandbox flags as stated in attribute
        (WebCore::HTMLFrameOwnerElement::HTMLFrameOwnerElement):
        (WebCore::HTMLFrameOwnerElement::setSandboxFlags):
        * html/HTMLFrameOwnerElement.h:
        (WebCore::HTMLFrameOwnerElement::sandboxFlags):
        * html/HTMLIFrameElement.cpp: sandbox attribute parsing
        (WebCore::parseSandboxAttribute):
        (WebCore::HTMLIFrameElement::parseMappedAttribute):
        * html/HTMLIFrameElement.idl:
        * inspector/InspectorController.cpp:
        (WebCore::InspectorController::getCookies):
        * loader/CrossOriginAccessControl.cpp:
        (WebCore::passesAccessControlCheck):
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::FrameLoader):
        (WebCore::FrameLoader::init):
        (WebCore::FrameLoader::submitForm): sandboxing forms
        (WebCore::FrameLoader::requestObject): sandboxing plugins
        (WebCore::FrameLoader::shouldAllowNavigation): sandboxing navigation
        (WebCore::FrameLoader::updateSandboxFlags): propagation of sandbox flags
        * loader/FrameLoader.h:
        (WebCore::FrameLoader::ownerElementSandboxFlagsChanged):
        (WebCore::FrameLoader::isSandboxed):
        (WebCore::FrameLoader::sandboxFlags):
        * loader/FrameLoaderTypes.h:
        (WebCore::):
        * page/DOMWindow.cpp: disable storage and databases in sandboxed frames
        (WebCore::DOMWindow::sessionStorage):
        (WebCore::DOMWindow::localStorage):
        (WebCore::DOMWindow::openDatabase):
        * page/SecurityOrigin.cpp: added sandboxing status
        (WebCore::SecurityOrigin::SecurityOrigin):
        (WebCore::SecurityOrigin::canAccess):
        (WebCore::SecurityOrigin::canRequest):
        (WebCore::SecurityOrigin::toString):
        * page/SecurityOrigin.h:
        (WebCore::SecurityOrigin::setSandboxFlags):
        (WebCore::SecurityOrigin::isSandboxed):
        (WebCore::SecurityOrigin::canAccessDatabase):
        (WebCore::SecurityOrigin::canAccessStorage):
        * websockets/WebSocketChannel.cpp:
        (WebCore::WebSocketChannel::didReceiveData):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@51577 268f45cc-cd09-0410-ab3c-d52691b4dbfc
parent bd43f07d
2009-12-01 Patrik Persson <patrik.j.persson@ericsson.com>
Reviewed by Darin Adler.
Implement HTML5 sandbox attribute for iframes.
http://www.w3.org/TR/html5/text-level-semantics.html#attr-iframe-sandbox
https://bugs.webkit.org/show_bug.cgi?id=21288
* fast/frames/resources/non-sandboxed-iframe-navigation.html: Added.
* fast/frames/resources/sandboxed-iframe-attribute-parsing-allowed.html: Added.
* fast/frames/resources/sandboxed-iframe-attribute-parsing-disallowed.html: Added.
* fast/frames/resources/sandboxed-iframe-form-allowed.html: Added.
* fast/frames/resources/sandboxed-iframe-form-disallowed.html: Added.
* fast/frames/resources/sandboxed-iframe-navigated.html: Added.
* fast/frames/resources/sandboxed-iframe-navigation-child.html: Added.
* fast/frames/resources/sandboxed-iframe-navigation-navigated.html: Added.
* fast/frames/resources/sandboxed-iframe-navigation-parent.html: Added.
* fast/frames/resources/sandboxed-iframe-navigation-source.html: Added.
* fast/frames/resources/sandboxed-iframe-navigation-targetlink.html: Added.
* fast/frames/resources/sandboxed-iframe-navigation-windowopen.html: Added.
* fast/frames/resources/sandboxed-iframe-plugins-frame-applet.html: Added.
* fast/frames/resources/sandboxed-iframe-plugins-frame-embed.html: Added.
* fast/frames/resources/sandboxed-iframe-plugins-frame-object.html: Added.
* fast/frames/resources/sandboxed-iframe-script-dynamic.html: Added.
* fast/frames/resources/sandboxed-iframe-storage-allowed.html: Added.
* fast/frames/resources/sandboxed-iframe-storage-disallowed.html: Added.
* fast/frames/sandboxed-iframe-attribute-parsing-expected.txt: Added.
* fast/frames/sandboxed-iframe-attribute-parsing.html: Added.
* fast/frames/sandboxed-iframe-forms-expected.txt: Added.
* fast/frames/sandboxed-iframe-forms.html: Added.
* fast/frames/sandboxed-iframe-navigation-allowed-expected.txt: Added.
* fast/frames/sandboxed-iframe-navigation-allowed.html: Added.
* fast/frames/sandboxed-iframe-navigation-parent-expected.txt: Added.
* fast/frames/sandboxed-iframe-navigation-parent.html: Added.
* fast/frames/sandboxed-iframe-navigation-targetlink-expected.txt: Added.
* fast/frames/sandboxed-iframe-navigation-targetlink.html: Added.
* fast/frames/sandboxed-iframe-navigation-windowopen-expected.txt: Added.
* fast/frames/sandboxed-iframe-navigation-windowopen.html: Added.
* fast/frames/sandboxed-iframe-plugins-expected.txt: Added.
* fast/frames/sandboxed-iframe-plugins.html: Added.
* fast/frames/sandboxed-iframe-scripting-expected.txt: Added.
* fast/frames/sandboxed-iframe-scripting.html: Added.
* fast/frames/sandboxed-iframe-storage-expected.txt: Added.
* fast/frames/sandboxed-iframe-storage.html: Added.
* http/tests/security/resources/sandboxed-iframe-document-cookie-read-denied.html: Added.
* http/tests/security/resources/sandboxed-iframe-modify-self.html: Added.
* http/tests/security/resources/xss-DENIED-sandboxed-iframe-attacker.html: Added.
* http/tests/security/sandboxed-iframe-document-cookie-expected.txt: Added.
* http/tests/security/sandboxed-iframe-document-cookie.html: Added.
* http/tests/security/sandboxed-iframe-modify-self-expected.txt: Added.
* http/tests/security/sandboxed-iframe-modify-self.html: Added.
* http/tests/security/xss-DENIED-sandboxed-iframe-expected.txt: Added.
* http/tests/security/xss-DENIED-sandboxed-iframe.html: Added.
* http/tests/xmlhttprequest/access-control-sandboxed-iframe-allow-expected.txt: Added.
* http/tests/xmlhttprequest/access-control-sandboxed-iframe-allow.html: Added.
* http/tests/xmlhttprequest/access-control-sandboxed-iframe-denied-expected.txt: Added.
* http/tests/xmlhttprequest/access-control-sandboxed-iframe-denied-without-wildcard-expected.txt: Added.
* http/tests/xmlhttprequest/access-control-sandboxed-iframe-denied-without-wildcard.html: Added.
* http/tests/xmlhttprequest/access-control-sandboxed-iframe-denied.html: Added.
* http/tests/xmlhttprequest/resources/access-control-sandboxed-iframe-allow-iframe.html: Added.
* http/tests/xmlhttprequest/resources/access-control-sandboxed-iframe-allow.cgi: Added.
* http/tests/xmlhttprequest/resources/access-control-sandboxed-iframe-denied-iframe.html: Added.
* http/tests/xmlhttprequest/resources/access-control-sandboxed-iframe-denied-without-wildcard-iframe.html: Added.
* http/tests/xmlhttprequest/resources/access-control-sandboxed-iframe-denied-without-wildcard.cgi: Added.
* http/tests/xmlhttprequest/resources/access-control-sandboxed-iframe-denied.cgi: Added.
2009-12-01 Chris Fleizach <cfleizach@apple.com>
 
Reviewed by David Kilzer.
<html>
<body>
<iframe src="sandboxed-iframe-navigation-source.html"></iframe>
</body>
</html>
<html>
<script>
top.allowedCallFromSandbox();
</script>
<body onload="document.getElementById('f').submit();">
<form id='f' action="javascript:top.disallowedFormSubmitted();">
<input name="x" value="y" type="checkbox" checked="yes" />
</form>
</body>
</html>
<html>
<script>
top.disallowedCallFromSandbox();
</script>
</html>
<body onload="document.getElementById('form').submit();">
<form id="form" action="javascript:window.top.allowedFormSubmitted();">
<input name=x value=y type="checkbox" checked="yes"/>
</form>
</body>
<body onload="document.getElementById('form').submit();"
bgcolor='yellow'>
<form id="form" action="javascript:window.top.disallowedFormSubmitted();">
<input name=x value=y type="checkbox" checked="yes"/>
</form>
</body>
<html>
<body onload='self.top.countFrame();'>
navigated
</body>
</html>
<html>
<head>
<script>
function modify()
{
self.navigated.location.assign("javascript: top.childFrameWasNavigated();");
}
</script>
</head>
<body onload="modify();">
<iframe name="navigated"
src="sandboxed-iframe-navigation-navigated.html">
</iframe>
<iframe name="frameWithPlugin"
src="sandboxed-iframe-plugins-frame-object.html">
</iframe>
</body>
</html>
<html>
<head>
</head>
<body>
<!-- This file is in a separate document in order to share origin with the
parent document. -->
innocent content
</body>
</html>
<html>
<body>
<iframe sandbox="allow-scripts allow-same-origin"
src="sandboxed-iframe-navigation-source.html">
</iframe>
<p id='innocent_content'>innocent content</p>
</body>
</html>
<html>
<head>
<script>
function modify()
{
self.parent.location.assign('sandboxed-iframe-navigated.html');
}
</script>
</head>
<body onload='modify();'>
</body>
</html>
<html>
<head>
<script>
/*
* Set the target of the link to 'X_target', where X is the name of
* this frame.
*
* Then click the link.
*/
function click_link()
{
var event = document.createEvent('MouseEvent');
event.initEvent('click', true, true);
var link = document.getElementById('link');
link.target = self.name + '_target';
link.dispatchEvent(event);
}
</script>
</head>
<body onload='click_link();'>
<a href="sandboxed-iframe-navigated.html" id="link">
(link triggered by script)
</a>
</body>
</html>
<script>
window.open("javascript: opener.parent.windowOpened(opener);");
</script>
<html>
<head>
</head>
<body>
<applet name="app"
codebase="../../dom/resources"
code="TestApplet"
</applet>
</body>
</html>
<html>
<head>
</head>
<body>
<embed id="plugin"
type="application/x-webkit-test-netscape"
src="data:text/plain,"
style="width:0; height:0">
</embed>
</body>
</html>
<html>
<head>
</head>
<body>
<object id="plugin"
type="application/x-webkit-test-netscape"
style="width:0; height:0">
</object>
</body>
</html>
<html>
<head>
<script>
frame = window.top.document.getElementById('frame');
// setting the sandbox flag at runtime should not terminate already
// running scripts (e.g., this one)
frame.sandbox = 'allow-same-origin'; // NO allow-scripts
++window.top.allowedExecuted;
// however, new scripts (such as the onload one below) should
// not run
function onload_hook()
{
++window.top.disallowedExecuted;
};
</script>
</head>
<body onload='onload_hook();'></body>
</html>
<html>
<head>
<link rel="stylesheet" href="../../js/resources/js-test-style.css">
<script src="../../js/resources/js-test-pre.js"></script>
<script src="../../js/resources/js-test-post-function.js"></script>
<script>
window.onload = function() {
shouldBeTrue("window.openDatabase() != null");
shouldBeTrue("window.localStorage != null");
shouldBeTrue("window.sessionStorage != null");
}
</script>
</head>
<body>
<div id="console"></div>
</body>
</html>
<html>
<head>
<link rel="stylesheet" href="../../js/resources/js-test-style.css">
<script src="../../js/resources/js-test-pre.js"></script>
<script src="../../js/resources/js-test-post-function.js"></script>
<script>
window.onload = function() {
shouldBeTrue("window.openDatabase() == null");
shouldBeTrue("window.localStorage == null");
shouldBeTrue("window.sessionStorage == null");
}
</script>
</head>
<body>
<div id="console"></div>
</body>
</html>
This test runs five IFrames with forms allowed, one IFrame with forms disallowed, then five more IFrames with forms allowed. If ten form submissions are made, and the disallowed submission is not one of them, we consider the test to have passed. This test will print "PASS" on success.
PASS
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment