Commit c32b0531 authored by eric@webkit.org's avatar eric@webkit.org

2009-09-17 Anton Muhin <antonm@chromium.org>

        Reviewed by Adam Barth.

        Add layout tests to verify there is no security leaks if someone sets a prototype of top
        window to its child window.
        https://bugs.webkit.org/show_bug.cgi?id=29334

        * http/tests/security/resources/iframe-with-element.html: Added.
        * http/tests/security/xss-DENIED-htmlelelment-with-iframe-proto-expected.txt: Added.
        * http/tests/security/xss-DENIED-htmlelelment-with-iframe-proto.html: Added.
        * http/tests/security/xss-DENIED-method-with-iframe-proto-expected.txt: Added.
        * http/tests/security/xss-DENIED-method-with-iframe-proto.html: Added.
        * http/tests/security/xss-DENIED-non-shadowable-propterty-with-iframe-proto-expected.txt: Added.
        * http/tests/security/xss-DENIED-non-shadowable-propterty-with-iframe-proto.html: Added.
        * http/tests/security/xss-DENIED-regular-propterty-with-iframe-proto-expected.txt: Added.
        * http/tests/security/xss-DENIED-regular-propterty-with-iframe-proto.html: Added.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48484 268f45cc-cd09-0410-ab3c-d52691b4dbfc
parent 02e94c42
2009-09-17 Anton Muhin <antonm@chromium.org>
Reviewed by Adam Barth.
Add layout tests to verify there is no security leaks if someone sets a prototype of top
window to its child window.
https://bugs.webkit.org/show_bug.cgi?id=29334
* http/tests/security/resources/iframe-with-element.html: Added.
* http/tests/security/xss-DENIED-htmlelelment-with-iframe-proto-expected.txt: Added.
* http/tests/security/xss-DENIED-htmlelelment-with-iframe-proto.html: Added.
* http/tests/security/xss-DENIED-method-with-iframe-proto-expected.txt: Added.
* http/tests/security/xss-DENIED-method-with-iframe-proto.html: Added.
* http/tests/security/xss-DENIED-non-shadowable-propterty-with-iframe-proto-expected.txt: Added.
* http/tests/security/xss-DENIED-non-shadowable-propterty-with-iframe-proto.html: Added.
* http/tests/security/xss-DENIED-regular-propterty-with-iframe-proto-expected.txt: Added.
* http/tests/security/xss-DENIED-regular-propterty-with-iframe-proto.html: Added.
2009-09-17 Chris Fleizach <cfleizach@apple.com>
Reviewed by Beth Dakin.
......
<input id="myinput" value="Hello World" type="text"/>
CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/iframe-with-element.html from frame with URL http://127.0.0.1:8000/security/xss-DENIED-htmlelelment-with-iframe-proto.html. Domains, protocols and ports must match.
Tests that making other frame window a prototype doesn't expose that window subframe
PASS: targetWindow.myinput should be 'undefined' and is.
<html>
<head>
<script src="resources/cross-frame-access.js"></script>
</head>
<body>
<iframe src="http://localhost:8000/security/resources/iframe-with-element.html" style="">
</iframe>
<pre id="console"></pre>
<script>
if (window.layoutTestController)
layoutTestController.dumpAsText();
log("Tests that making other frame window a prototype doesn't expose that window subframe");
targetWindow = frames[0];
window.onload = function() {
__proto__ = targetWindow;
shouldBeUndefined('targetWindow.myinput');
}
</script>
</body>
</html>
CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/ from frame with URL http://127.0.0.1:8000/security/xss-DENIED-method-with-iframe-proto.html. Domains, protocols and ports must match.
CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/ from frame with URL http://127.0.0.1:8000/security/xss-DENIED-method-with-iframe-proto.html. Domains, protocols and ports must match.
CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/ from frame with URL http://127.0.0.1:8000/security/xss-DENIED-method-with-iframe-proto.html. Domains, protocols and ports must match.
Tests that making other frame window a prototype doesn't expose that window methods
PASS: this.wasInvoked should be 'false' and is.
<html>
<head>
<script src="resources/cross-frame-access.js"></script>
</head>
<body>
<iframe src="http://localhost:8000/" style=""></iframe>
<pre id="console"></pre>
<script>
if (window.layoutTestController) {
layoutTestController.dumpAsText();
layoutTestController.waitUntilDone();
}
log("Tests that making other frame window a prototype doesn't expose that window methods");
targetWindow = frames[0];
wasInvoked = false;
function callback(global) {
global.wasInvoked = true;
}
function check() {
shouldBeFalse('this.wasInvoked');
if (window.layoutTestController)
layoutTestController.notifyDone();
}
window.onload = function() {
originalSetTimeout = setTimeout;
__proto__ = targetWindow;
var needsCheck = false;
try {
targetWindow.setTimeout(callback, 0, this);
needsCheck = true;
} catch (e) { }
try {
setTimeout.call(targetWindow, callback, 0, this);
needsCheck = true;
} catch(e) { }
try {
originalSetTimeout.call(targetWindow, callback, 0, this);
needsCheck = true;
} catch(e) { }
if (needsCheck) {
originalSetTimeout(check, 10);
} else {
if (window.layoutTestController)
layoutTestController.notifyDone();
}
}
</script>
</body>
</html>
Tests that making other frame window a prototype doesn't expose that window properties
PASS: location === originalLocation should be 'true' and is.
PASS: this.location === originalLocation should be 'true' and is.
<html>
<head>
<script src="resources/cross-frame-access.js"></script>
</head>
<body>
<iframe src="http://localhost:8000/" style=""></iframe>
<pre id="console"></pre>
<script>
if (window.layoutTestController)
layoutTestController.dumpAsText();
log("Tests that making other frame window a prototype doesn't expose that window properties");
targetWindow = frames[0];
window.onload = function() {
originalLocation = location;
__proto__ = targetWindow;
shouldBeTrue('location === originalLocation');
shouldBeTrue('this.location === originalLocation');
}
</script>
</body>
</html>
Tests that making other frame window a prototype doesn't expose that window properties
PASS: innerHeight === originalInnerHeight should be 'true' and is.
PASS: this.innerHeight === originalInnerHeight should be 'true' and is.
<html>
<head>
<script src="resources/cross-frame-access.js"></script>
</head>
<body>
<iframe src="http://localhost:8000/" style=""></iframe>
<pre id="console"></pre>
<script>
if (window.layoutTestController)
layoutTestController.dumpAsText();
log("Tests that making other frame window a prototype doesn't expose that window properties");
targetWindow = frames[0];
window.onload = function() {
originalInnerHeight = innerHeight;
__proto__ = targetWindow;
shouldBeTrue('innerHeight === originalInnerHeight');
shouldBeTrue('this.innerHeight === originalInnerHeight');
}
</script>
</body>
</html>
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment