Commit c6434f6d authored by barraclough@apple.com's avatar barraclough@apple.com
Browse files

https://bugs.webkit.org/show_bug.cgi?id=120086

REGRESSION (r154300): http/tests/security/cross-frame-access-getOwnPropertyDescriptor is failing or crashing on the bots

Reviewed by Geoff Garen.

Previously we allowed cross-frame access to these properties, but hid the descriptors.
Now we allow access, but make them read-only, non-configurable.

* http/tests/security/cross-frame-access-getOwnPropertyDescriptor-expected.txt:
* http/tests/security/cross-frame-access-getOwnPropertyDescriptor.html:
* platform/mac/TestExpectations:
    - Update test/results/expectations.



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154379 268f45cc-cd09-0410-ab3c-d52691b4dbfc
parent de4fcd43
2013-08-20 Gavin Barraclough <barraclough@apple.com>
https://bugs.webkit.org/show_bug.cgi?id=120086
REGRESSION (r154300): http/tests/security/cross-frame-access-getOwnPropertyDescriptor is failing or crashing on the bots
Reviewed by Geoff Garen.
Previously we allowed cross-frame access to these properties, but hid the descriptors.
Now we allow access, but make them read-only, non-configurable.
* http/tests/security/cross-frame-access-getOwnPropertyDescriptor-expected.txt:
* http/tests/security/cross-frame-access-getOwnPropertyDescriptor.html:
* platform/mac/TestExpectations:
- Update test/results/expectations.
2013-08-20 Filip Pizlo <fpizlo@apple.com>
 
fast/js/regress/emscripten-cube2hash is failing on all the Mac bots
......@@ -268,19 +268,29 @@
}
log("----- tests access to cross domain location object -----");
window.targetLocation = targetWindow.location;
var locationProperties = [
"assign", "replace", "reload", "protocol", "host", "hostname", "port", "pathname", "search", "hash", "toString", "valueOf", "customProperty"
var locationPropertiesNotAllowed = [
"protocol", "host", "hostname", "port", "pathname", "search", "hash", "toString", "valueOf", "customProperty"
];
for (var i = 0; i < locationProperties.length; i++)
shouldBeFalse("canGetDescriptor(targetLocation, '" + locationProperties[i] + "')");
var locationPropertiesAllowed = [
"assign", "replace", "reload"
];
for (var i = 0; i < locationPropertiesNotAllowed.length; i++)
shouldBeFalse("canGetDescriptor(targetLocation, '" + locationPropertiesNotAllowed[i] + "')");
for (var i = 0; i < locationPropertiesAllowed.length; i++)
shouldBeTrue("canGetDescriptor(targetLocation, '" + locationPropertiesAllowed[i] + "')");
log("----- tests access to cross domain history object -----");
window.targetHistory = targetWindow.history;
var historyProperties = [
"length", "back", "forward", "go", "pushState", "replaceState", "customProperty"
var historyPropertiesNotAllowed = [
"length", "pushState", "replaceState", "customProperty"
];
var historyPropertiesAllowed = [
"back", "forward", "go"
];
for (var i = 0; i < historyProperties.length; i++)
shouldBeFalse("canGetDescriptor(targetHistory, '" + historyProperties[i] + "')");
for (var i = 0; i < historyPropertiesNotAllowed.length; i++)
shouldBeFalse("canGetDescriptor(targetHistory, '" + historyPropertiesNotAllowed[i] + "')");
for (var i = 0; i < historyPropertiesAllowed.length; i++)
shouldBeTrue("canGetDescriptor(targetHistory, '" + historyPropertiesAllowed[i] + "')");
}
</script>
</head>
......
......@@ -1311,5 +1311,3 @@ webkit.org/b/90708 fullscreen/exit-full-screen-iframe.html [ Pass Failure ]
webkit.org/b/120085 [ Lion ] http/tests/inspector/resource-tree/resource-tree-document-url.html [ Pass Failure ]
webkit.org/b/120087 [ Lion ] fast/forms/submit-to-url-fragment.html [ Pass Crash ]
webkit.org/b/120086 http/tests/security/cross-frame-access-getOwnPropertyDescriptor.html [ Failure ]
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment