Commit e31007f1 authored by scheib@chromium.org's avatar scheib@chromium.org

webkitFullscreenElement, webkitCurrentFullScreenElement,...

webkitFullscreenElement, webkitCurrentFullScreenElement, webkitPointerLockElement block cross origin access.
https://bugs.webkit.org/show_bug.cgi?id=91892

Reviewed by Adam Barth.

Source/WebCore:

PointerLockElement only returned when requested from the document that owns it.

Tests: http/tests/fullscreen/fullscreenelement-different-origin.html
       http/tests/fullscreen/fullscreenelement-same-origin.html
       http/tests/pointer-lock/pointerlockelement-different-origin.html
       http/tests/pointer-lock/pointerlockelement-same-origin.html

* dom/Document.cpp:
(WebCore::Document::webkitPointerLockElement):

LayoutTests:

Tests verifying the behavior of accessing
webkitFullscreenElement, webkitCurrentFullScreenElement, webkitPointerLockElement
from different origins.

* http/tests/fullscreen/fullscreenelement-different-origin-expected.txt: Added.
* http/tests/fullscreen/fullscreenelement-different-origin.html: Added.
* http/tests/fullscreen/fullscreenelement-same-origin-expected.txt: Added.
* http/tests/fullscreen/fullscreenelement-same-origin.html: Added.
* http/tests/pointer-lock/pointerlockelement-different-origin-expected.txt: Added.
* http/tests/pointer-lock/pointerlockelement-different-origin.html: Added.
* http/tests/pointer-lock/pointerlockelement-same-origin-expected.txt: Added.
* http/tests/pointer-lock/pointerlockelement-same-origin.html: Added.
* http/tests/resources/pointer-lock/iframe-common.js: Added.
(thisFileName):
(window.onmessage):
* http/tests/resources/pointer-lock/inner-iframe.html: Added.
* http/tests/resources/pointer-lock/pointer-lock-test-harness.js:
(runOnKeyPress.keypressHandler):
* pointer-lock/locked-element-iframe-removed-from-dom-expected.txt:
* pointer-lock/locked-element-iframe-removed-from-dom.html:
* pointer-lock/locked-element-removed-from-dom-expected.txt:
* pointer-lock/locked-element-removed-from-dom.html:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@123343 268f45cc-cd09-0410-ab3c-d52691b4dbfc
parent 1f562649
2012-07-21 Vincent Scheib <scheib@chromium.org>
webkitFullscreenElement, webkitCurrentFullScreenElement, webkitPointerLockElement block cross origin access.
https://bugs.webkit.org/show_bug.cgi?id=91892
Reviewed by Adam Barth.
Tests verifying the behavior of accessing
webkitFullscreenElement, webkitCurrentFullScreenElement, webkitPointerLockElement
from different origins.
* http/tests/fullscreen/fullscreenelement-different-origin-expected.txt: Added.
* http/tests/fullscreen/fullscreenelement-different-origin.html: Added.
* http/tests/fullscreen/fullscreenelement-same-origin-expected.txt: Added.
* http/tests/fullscreen/fullscreenelement-same-origin.html: Added.
* http/tests/pointer-lock/pointerlockelement-different-origin-expected.txt: Added.
* http/tests/pointer-lock/pointerlockelement-different-origin.html: Added.
* http/tests/pointer-lock/pointerlockelement-same-origin-expected.txt: Added.
* http/tests/pointer-lock/pointerlockelement-same-origin.html: Added.
* http/tests/resources/pointer-lock/iframe-common.js: Added.
(thisFileName):
(window.onmessage):
* http/tests/resources/pointer-lock/inner-iframe.html: Added.
* http/tests/resources/pointer-lock/pointer-lock-test-harness.js:
(runOnKeyPress.keypressHandler):
* pointer-lock/locked-element-iframe-removed-from-dom-expected.txt:
* pointer-lock/locked-element-iframe-removed-from-dom.html:
* pointer-lock/locked-element-removed-from-dom-expected.txt:
* pointer-lock/locked-element-removed-from-dom.html:
2012-07-23 Zan Dobersek <zandobersek@gmail.com>
Unreviewed GTK gardening, adding the WONTFIX modifier to a few more tests,
Test iframe from different origin can not access webkitFullscreenElement.
On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
PASS document.webkitFullscreenElement is targetDiv1
PASS document.webkitCurrentFullScreenElement is targetDiv1
PASS message is "inner-iframe.html document.webkitFullscreenElement = null"
PASS message is "inner-iframe.html document.webkitCurrentFullScreenElement = null"
PASS successfullyParsed is true
TEST COMPLETE
<!DOCTYPE HTML>
<html>
<head>
<script src="../resources/js-test-pre.js"></script>
<script src="../resources/pointer-lock/pointer-lock-test-harness.js"></script>
</head>
<body>
<div>
<div id="target1"></div>
<iframe src="http://localhost:8080/resources/pointer-lock/inner-iframe.html" onload="doNextStepWithUserGesture()"></iframe>
</div>
<script>
description("Test iframe from different origin can not access webkitFullscreenElement.")
window.jsTestIsAsync = true;
targetDiv1 = document.getElementById("target1");
iframe = document.getElementsByTagName("iframe")[0];
todo = [
function () {
document.onwebkitfullscreenchange = function () { doNextStep(); document.onwebkitfullscreenchange = null; }
targetDiv1.webkitRequestFullscreen();
},
function () {
shouldBe("document.webkitFullscreenElement", "targetDiv1");
shouldBe("document.webkitCurrentFullScreenElement", "targetDiv1");
doNextStep();
},
function () {
iframe.contentWindow.postMessage(["eval", 'parent.postMessage(thisFileName() + " document.webkitFullscreenElement = " + document.webkitFullscreenElement, "*")'], "*");
window.onmessage = function (messageEvent) {
message = messageEvent.data;
shouldBeEqualToString("message", "inner-iframe.html document.webkitFullscreenElement = null");
window.onmessage = null;
doNextStep();
}
},
function () {
iframe.contentWindow.postMessage(["eval", 'parent.postMessage(thisFileName() + " document.webkitCurrentFullScreenElement = " + document.webkitCurrentFullScreenElement, "*")'], "*");
window.onmessage = function (messageEvent) {
message = messageEvent.data;
shouldBeEqualToString("message", "inner-iframe.html document.webkitCurrentFullScreenElement = null");
window.onmessage = null;
doNextStep();
}
},
];
// doNextStep() called by iframe onload handler.
</script>
<script src="../resources/js-test-post.js"></script>
</body>
</html>
Test iframe from same origin can not access webkitFullscreenElement.
On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
PASS document.webkitFullscreenElement is targetDiv1
PASS document.webkitCurrentFullScreenElement is targetDiv1
PASS message is "inner-iframe.html document.webkitFullscreenElement = null"
PASS message is "inner-iframe.html document.webkitCurrentFullScreenElement = null"
PASS successfullyParsed is true
TEST COMPLETE
<!DOCTYPE HTML>
<html>
<head>
<script src="../resources/js-test-pre.js"></script>
<script src="../resources/pointer-lock/pointer-lock-test-harness.js"></script>
</head>
<body>
<div>
<div id="target1"></div>
<iframe src="../resources/pointer-lock/inner-iframe.html" onload="doNextStepWithUserGesture()"></iframe>
</div>
<script>
description("Test iframe from same origin can not access webkitFullscreenElement.")
window.jsTestIsAsync = true;
targetDiv1 = document.getElementById("target1");
iframe = document.getElementsByTagName("iframe")[0];
todo = [
function () {
document.onwebkitfullscreenchange = function () { doNextStep(); document.onwebkitfullscreenchange = null; }
targetDiv1.webkitRequestFullscreen();
},
function () {
shouldBe("document.webkitFullscreenElement", "targetDiv1");
shouldBe("document.webkitCurrentFullScreenElement", "targetDiv1");
doNextStep();
},
function () {
iframe.contentWindow.postMessage(["eval", 'parent.postMessage(thisFileName() + " document.webkitFullscreenElement = " + document.webkitFullscreenElement, "*")'], "*");
window.onmessage = function (messageEvent) {
message = messageEvent.data;
shouldBeEqualToString("message", "inner-iframe.html document.webkitFullscreenElement = null");
window.onmessage = null;
doNextStep();
}
},
function () {
iframe.contentWindow.postMessage(["eval", 'parent.postMessage(thisFileName() + " document.webkitCurrentFullScreenElement = " + document.webkitCurrentFullScreenElement, "*")'], "*");
window.onmessage = function (messageEvent) {
message = messageEvent.data;
shouldBeEqualToString("message", "inner-iframe.html document.webkitCurrentFullScreenElement = null");
window.onmessage = null;
doNextStep();
}
},
];
// doNextStep() called by iframe onload handler.
</script>
<script src="../resources/js-test-post.js"></script>
</body>
</html>
Test iframe from different origin can not access webkitPointerLockElement.
On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
Lock targetDiv1.
PASS onwebkitpointerlockchange received after: Lock targetDiv1.
PASS document.webkitPointerLockElement is targetDiv1
PASS message is "inner-iframe.html document.webkitPointerLockElement = null"
PASS successfullyParsed is true
TEST COMPLETE
<!DOCTYPE HTML>
<html>
<head>
<script src="../resources/js-test-pre.js"></script>
<script src="../resources/pointer-lock/pointer-lock-test-harness.js"></script>
</head>
<body>
<div>
<div id="target1"></div>
<iframe src="http://localhost:8080/resources/pointer-lock/inner-iframe.html" onload="doNextStepWithUserGesture()"></iframe>
</div>
<script>
description("Test iframe from different origin can not access webkitPointerLockElement.")
window.jsTestIsAsync = true;
targetDiv1 = document.getElementById("target1");
iframe = document.getElementsByTagName("iframe")[0];
todo = [
function () {
expectOnlyChangeEvent("Lock targetDiv1.");
targetDiv1.webkitRequestPointerLock();
// doNextStep called by event handler.
},
function () {
shouldBe("document.webkitPointerLockElement", "targetDiv1");
doNextStep();
},
function () {
iframe.contentWindow.postMessage(["eval", 'parent.postMessage(thisFileName() + " document.webkitPointerLockElement = " + document.webkitPointerLockElement, "*")'], "*");
window.onmessage = function (messageEvent) {
message = messageEvent.data;
shouldBeEqualToString("message", "inner-iframe.html document.webkitPointerLockElement = null");
window.onmessage = null;
doNextStep();
}
},
];
// doNextStep() called by iframe onload handler.
</script>
<script src="../resources/js-test-post.js"></script>
</body>
</html>
Test iframe from same origin can not access webkitPointerLockElement.
On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
Lock targetDiv1.
PASS onwebkitpointerlockchange received after: Lock targetDiv1.
PASS document.webkitPointerLockElement is targetDiv1
PASS message is "inner-iframe.html document.webkitPointerLockElement = null"
PASS successfullyParsed is true
TEST COMPLETE
<!DOCTYPE HTML>
<html>
<head>
<script src="../resources/js-test-pre.js"></script>
<script src="../resources/pointer-lock/pointer-lock-test-harness.js"></script>
</head>
<body>
<div>
<div id="target1"></div>
<iframe src="../resources/pointer-lock/inner-iframe.html" onload="doNextStepWithUserGesture()"></iframe>
</div>
<script>
description("Test iframe from same origin can not access webkitPointerLockElement.")
window.jsTestIsAsync = true;
targetDiv1 = document.getElementById("target1");
iframe = document.getElementsByTagName("iframe")[0];
todo = [
function () {
expectOnlyChangeEvent("Lock targetDiv1.");
targetDiv1.webkitRequestPointerLock();
// doNextStep called by event handler.
},
function () {
shouldBe("document.webkitPointerLockElement", "targetDiv1");
doNextStep();
},
function () {
iframe.contentWindow.postMessage(["eval", 'parent.postMessage(thisFileName() + " document.webkitPointerLockElement = " + document.webkitPointerLockElement, "*")'], "*");
window.onmessage = function (messageEvent) {
message = messageEvent.data;
shouldBeEqualToString("message", "inner-iframe.html document.webkitPointerLockElement = null");
window.onmessage = null;
doNextStep();
}
},
];
// doNextStep() called by iframe onload handler.
</script>
<script src="../resources/js-test-post.js"></script>
</body>
</html>
function thisFileName()
{
return window.location.href.split("/").pop();
}
window.onmessage = function (messageEvent) {
switch (messageEvent.data[0]) {
case "eval":
eval(messageEvent.data[1]);
break;
}
}
<!DOCTYPE HTML>
<html>
<head>
<script src="iframe-common.js"></script>
</head>
<body>
inner-iframe.html
</body>
</html>
// Automatically add doNextStepButton to document for manual tests.
if (!window.testRunner) {
setTimeout(function () {
if (window.doNextStepButtonDisabled)
return;
doNextStepButton = document.body.insertBefore(document.createElement("button"), document.body.firstChild);
doNextStepButton.onclick = doNextStep;
doNextStepButton.innerText = "doNextStep button for manual testing. Use keyboard to select button and press (TAB, then SPACE).";
}, 0);
}
function doNextStep()
function runOnKeyPress(fn)
{
function keypressHandler() {
document.removeEventListener('keypress', keypressHandler, false);
fn();
}
document.addEventListener('keypress', keypressHandler, false);
if (window.testRunner)
eventSender.keyDown(" ", []);
}
function doNextStep(args)
{
args = args || {};
if (!window.testRunner && args.withUserGesture)
return; // Wait for human to press doNextStep button.
if (typeof(currentStep) == "undefined")
currentStep = 0;
setTimeout(function () {
var thisStep = currentStep++;
if (thisStep < todo.length)
todo[thisStep]();
if (args.withUserGesture)
runOnKeyPress(todo[thisStep]);
else
todo[thisStep]();
else if (thisStep == todo.length)
setTimeout(function () { finishJSTest(); }, 0); // Deferred so that excessive doNextStep calls will be observed.
else
......@@ -25,9 +46,7 @@ function doNextStep()
function doNextStepWithUserGesture()
{
if (!window.testRunner)
return; // Wait for human to press doNextStep button.
doNextStep();
doNextStep({withUserGesture: true});
}
function eventExpected(eventHandlerName, message, expectedCalls, targetHanderNode)
......
......@@ -6,7 +6,7 @@ On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE
Lock target in iframe. (main document handler)
Lock target in iframe. (iframe handler)
PASS onwebkitpointerlockchange received after: Lock target in iframe. (iframe handler)
PASS document.webkitPointerLockElement is targetDiv1
PASS targetIframe1.contentDocument.webkitPointerLockElement is targetDiv1
PASS targetDiv1.parentElement.parentElement is targetIframe1.contentDocument.body
Remove iframe & immediately lock target2. (main document handler)
Remove iframe & immediately lock target2. (iframe handler)
......
......@@ -32,7 +32,7 @@
// doNextStep called by event handler.
},
function () {
shouldBe("document.webkitPointerLockElement", "targetDiv1");
shouldBe("targetIframe1.contentDocument.webkitPointerLockElement", "targetDiv1");
shouldBe("targetDiv1.parentElement.parentElement", "targetIframe1.contentDocument.body");
expectOnlyChangeEvent("Remove iframe & immediately lock target2. (main document handler)");
expectNoEvents("Remove iframe & immediately lock target2. (iframe handler)", targetIframe1.contentDocument);
......
......@@ -6,7 +6,7 @@ On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE
Lock target in iframe. (main document handler).
Lock target in iframe. (iframe handler)
PASS onwebkitpointerlockchange received after: Lock target in iframe. (iframe handler)
PASS document.webkitPointerLockElement is targetDiv1
PASS targetIframe1.contentDocument.webkitPointerLockElement is targetDiv1
PASS targetDiv1.parentElement.parentElement is targetIframe1.contentDocument.body
Remove targetDiv1's parent from iframe & immediately lock target2. (main document handler)
Remove targetDiv1's parent from iframe & immediately lock target2. (iframe handler)
......
......@@ -32,7 +32,7 @@
// doNextStep called by event handler.
},
function () {
shouldBe("document.webkitPointerLockElement", "targetDiv1");
shouldBe("targetIframe1.contentDocument.webkitPointerLockElement", "targetDiv1");
shouldBe("targetDiv1.parentElement.parentElement", "targetIframe1.contentDocument.body");
expectOnlyErrorEvent("Remove targetDiv1's parent from iframe & immediately lock target2. (main document handler)");
expectOnlyChangeEvent("Remove targetDiv1's parent from iframe & immediately lock target2. (iframe handler)", targetIframe1.contentDocument);
......
2012-07-21 Vincent Scheib <scheib@chromium.org>
webkitFullscreenElement, webkitCurrentFullScreenElement, webkitPointerLockElement block cross origin access.
https://bugs.webkit.org/show_bug.cgi?id=91892
Reviewed by Adam Barth.
PointerLockElement only returned when requested from the document that owns it.
Tests: http/tests/fullscreen/fullscreenelement-different-origin.html
http/tests/fullscreen/fullscreenelement-same-origin.html
http/tests/pointer-lock/pointerlockelement-different-origin.html
http/tests/pointer-lock/pointerlockelement-same-origin.html
* dom/Document.cpp:
(WebCore::Document::webkitPointerLockElement):
2012-07-23 Philippe Normand <pnormand@igalia.com>
[GTK][jhbuild] Switch to GStreamer 0.11 build
......@@ -5821,7 +5821,13 @@ void Document::webkitExitPointerLock()
Element* Document::webkitPointerLockElement() const
{
return page() ? page()->pointerLockController()->element() : 0;
if (!page())
return 0;
if (Element* element = page()->pointerLockController()->element()) {
if (element->document() == this)
return element;
}
return 0;
}
#endif
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment