-
Notifications
You must be signed in to change notification settings - Fork 1.4k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Implement allow-popups for iframe@sandbox
https://bugs.webkit.org/show_bug.cgi?id=66505 Reviewed by Eric Seidel. Source/WebCore: There's been some discussion in the HTML working group about adding an allow-popups directive to the iframe sandbox. Microsoft has added it to IE10 platform preview and is fairly adamant about this feature because it's needed by one or their products that's planning to use iframe sandbox. Hixie says he'll add it to the spec once we implement it, so here's our implementation. (See discussion in the W3C linked in the bug for more details.) Tests: http/tests/security/popup-allowed-by-sandbox-is-sandboxed-control.html http/tests/security/popup-allowed-by-sandbox-is-sandboxed.html http/tests/security/popup-allowed-by-sandbox-when-allowed.html * html/HTMLIFrameElement.cpp: (WebCore::HTMLIFrameElement::parseMappedAttribute): * loader/FrameLoader.cpp: (WebCore::FrameLoader::setOpener): (WebCore::createWindow): * loader/FrameLoader.h: (WebCore::FrameLoader::forceSandboxFlags): * loader/FrameLoaderTypes.h: * loader/PolicyChecker.cpp: (WebCore::PolicyChecker::checkNewWindowPolicy): * page/SecurityOrigin.cpp: (WebCore::SecurityOrigin::parseSandboxPolicy): * page/SecurityOrigin.h: (WebCore::SecurityOrigin::sandboxFlags): * svg/graphics/SVGImage.cpp: (WebCore::SVGImage::dataChanged): LayoutTests: Test that the allow-popups directive works as expected. Note: no-popup-from-sandbox.html verifies that we still block popups without the directive. * http/tests/security/popup-allowed-by-sandbox-is-sandboxed-control-expected.txt: Added. * http/tests/security/popup-allowed-by-sandbox-is-sandboxed-control.html: Added. * http/tests/security/popup-allowed-by-sandbox-is-sandboxed-expected.txt: Added. * http/tests/security/popup-allowed-by-sandbox-is-sandboxed.html: Added. * http/tests/security/popup-allowed-by-sandbox-when-allowed-expected.txt: Added. * http/tests/security/popup-allowed-by-sandbox-when-allowed.html: Added. Canonical link: https://commits.webkit.org/87729@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@99138 268f45cc-cd09-0410-ab3c-d52691b4dbfc
- Loading branch information
Adam Barth
committed
Nov 3, 2011
1 parent
7c43e7a
commit 78f8706
Showing
16 changed files
with
170 additions
and
41 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
6 changes: 6 additions & 0 deletions
6
LayoutTests/http/tests/security/popup-allowed-by-sandbox-is-sandboxed-control-expected.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
ALERT: /PASS/ | ||
To run this test outside of DumpRenderTree, please disable your popup blocker! | ||
|
||
If you change this test, please be sure to change popup-allowed-by-sandbox-is-sandboxed.html as well! | ||
|
||
|
16 changes: 16 additions & 0 deletions
16
LayoutTests/http/tests/security/popup-allowed-by-sandbox-is-sandboxed-control.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
<script> | ||
if (window.layoutTestController) { | ||
layoutTestController.dumpAsText(); | ||
layoutTestController.waitUntilDone(); | ||
layoutTestController.setCanOpenWindows(true); | ||
layoutTestController.setCloseRemainingWindowsWhenComplete(true); | ||
} | ||
</script> | ||
<p>To run this test outside of DumpRenderTree, please disable your popup blocker!</p> | ||
<p>If you change this test, please be sure to change popup-allowed-by-sandbox-is-sandboxed.html as well!</p> | ||
<iframe sandbox="allow-scripts allow-popups allow-forms" | ||
src="data:text/html, | ||
<script> | ||
var win = window.open('data:text/html,<form action=javascript:alert(/PASS/) ><input type=submit></form><script>document.forms[0].submit(); if (window.layoutTestController) layoutTestController.notifyDone();<\/script>', '_blank'); | ||
</script>" | ||
></iframe> |
7 changes: 7 additions & 0 deletions
7
LayoutTests/http/tests/security/popup-allowed-by-sandbox-is-sandboxed-expected.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
To run this test outside of DumpRenderTree, please disable your popup blocker! | ||
|
||
If you change this test, please be sure to change popup-allowed-by-sandbox-is-sandboxed-control.html as well! | ||
|
||
This test passes if it doesn't alert FAIL. | ||
|
||
|
17 changes: 17 additions & 0 deletions
17
LayoutTests/http/tests/security/popup-allowed-by-sandbox-is-sandboxed.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
<script> | ||
if (window.layoutTestController) { | ||
layoutTestController.dumpAsText(); | ||
layoutTestController.waitUntilDone(); | ||
layoutTestController.setCanOpenWindows(true); | ||
layoutTestController.setCloseRemainingWindowsWhenComplete(true); | ||
} | ||
</script> | ||
<p>To run this test outside of DumpRenderTree, please disable your popup blocker!</p> | ||
<p>If you change this test, please be sure to change popup-allowed-by-sandbox-is-sandboxed-control.html as well!</p> | ||
<p>This test passes if it doesn't alert FAIL.</p> | ||
<iframe sandbox="allow-scripts allow-popups" | ||
src="data:text/html, | ||
<script> | ||
var win = window.open('data:text/html,<form action=javascript:alert(/FAIL/) ><input type=submit></form><script>document.forms[0].submit(); if (window.layoutTestController) layoutTestController.notifyDone();<\/script>', '_blank'); | ||
</script>" | ||
></iframe> |
4 changes: 4 additions & 0 deletions
4
LayoutTests/http/tests/security/popup-allowed-by-sandbox-when-allowed-expected.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
ALERT: PASS | ||
To run this test outside of DumpRenderTree, please disable your popup blocker! | ||
|
||
|
16 changes: 16 additions & 0 deletions
16
LayoutTests/http/tests/security/popup-allowed-by-sandbox-when-allowed.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
<script> | ||
if (window.layoutTestController) { | ||
layoutTestController.dumpAsText(); | ||
layoutTestController.waitUntilDone(); | ||
layoutTestController.setCanOpenWindows(true); | ||
layoutTestController.setCloseRemainingWindowsWhenComplete(true); | ||
} | ||
</script> | ||
<p>To run this test outside of DumpRenderTree, please disable your popup blocker!</p> | ||
<iframe sandbox="allow-scripts allow-popups" | ||
src="data:text/html, | ||
<script> | ||
var win = window.open('data:text/html,<script>if (window.layoutTestController) layoutTestController.notifyDone();<\/script>', '_blank'); | ||
alert(win ? 'PASS' : 'FAIL'); | ||
</script>" | ||
></iframe> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters