https://bugs.webkit.org/show_bug.cgi?id=77971
Reviewed by Adam Barth.
Source/WebCore:
[CheckNodeSecurity] is not implemented by code generators.
This patch replaces [CheckNodeSecurity] with [CheckAccessToNode].
Test: http/tests/security/cross-frame-access-frameelement.html
* page/DOMWindow.idl:
LayoutTests:
The added test checks if frameElement is accessible from the same or cross origin iframe.
* http/tests/security/cross-frame-access-frameelement-expected.txt: Added.
* http/tests/security/cross-frame-access-frameelement.html: Added.
* http/tests/security/resources/cross-frame-access-frameelement-from-iframe.html: Added.
* platform/chromium/http/tests/security/cross-frame-access-put-expected.txt: Updated the test result.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@107046
268f45cc-cd09-0410-ab3c-
d52691b4dbfc
+2012-02-08 Kentaro Hara <haraken@chromium.org>
+
+ Replace [CheckNodeSecurity] with [CheckAccessToNode]
+ https://bugs.webkit.org/show_bug.cgi?id=77971
+
+ Reviewed by Adam Barth.
+
+ The added test checks if frameElement is accessible from the same or cross origin iframe.
+
+ * http/tests/security/cross-frame-access-frameelement-expected.txt: Added.
+ * http/tests/security/cross-frame-access-frameelement.html: Added.
+ * http/tests/security/resources/cross-frame-access-frameelement-from-iframe.html: Added.
+ * platform/chromium/http/tests/security/cross-frame-access-put-expected.txt: Updated the test result.
+
2012-02-07 Robert Kroeger <rjkroege@chromium.org>
[chromium] Remove unnecessary Chromium gesture recognizer tests.
--- /dev/null
+CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/cross-frame-access-frameelement.html from frame with URL http://127.0.0.1:8080/security/resources/cross-frame-access-frameelement-from-iframe.html. Domains, protocols and ports must match.
+
+This test checks if frameElement is accessible from the same or cross origin iframe.
+
+
+
+--------
+Frame: '<!--framePath //<!--frame0-->-->'
+--------
+[object HTMLIFrameElement]
+
+--------
+Frame: '<!--framePath //<!--frame1-->-->'
+--------
+undefined
--- /dev/null
+<html>
+<head>
+<script>
+if (window.layoutTestController) {
+ layoutTestController.dumpAsText();
+ layoutTestController.dumpChildFramesAsText();
+}
+</script>
+</head>
+<body>
+<p>This test checks if frameElement is accessible from the same or cross origin iframe.</p>
+<iframe src="resources/cross-frame-access-frameelement-from-iframe.html"></iframe>
+<iframe src="http://127.0.0.1:8080/security/resources/cross-frame-access-frameelement-from-iframe.html"></iframe>
+</body>
+</html>
--- /dev/null
+<body>
+<div id="console"></div>
+<script src="cross-frame-access.js"></script>
+<script>
+log(eval("window.frameElement"));
+</script>
+</body>
+CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/cross-frame-access-put.html from frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-put-test.html. Domains, protocols and ports must match.
+
CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-put-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-put.html. Domains, protocols and ports must match.
CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-put-test.html from frame with URL http://127.0.0.1:8000/security/cross-frame-access-put.html. Domains, protocols and ports must match.
ALERT: PASS: window.document should be '[object HTMLDocument]' and is.
ALERT: PASS: window.embeds should be 'undefined' and is.
ALERT: PASS: window.event should be 'undefined' and is.
-ALERT: PASS: window.frameElement should be '[object HTMLIFrameElement]' and is.
+CONSOLE MESSAGE: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/cross-frame-access-put.html from frame with URL http://localhost:8000/security/resources/cross-frame-iframe-for-put-test.html. Domains, protocols and ports must match.
+
+ALERT: PASS: window.frameElement should be 'undefined' and is.
ALERT: PASS: window.frames should be '[object DOMWindow]' and is.
ALERT: PASS: window.history should be '[object History]' and is.
ALERT: PASS: window.images should be 'undefined' and is.
2012-02-08 Kentaro Hara <haraken@chromium.org>
+ Replace [CheckNodeSecurity] with [CheckAccessToNode]
+ https://bugs.webkit.org/show_bug.cgi?id=77971
+
+ Reviewed by Adam Barth.
+
+ [CheckNodeSecurity] is not implemented by code generators.
+ This patch replaces [CheckNodeSecurity] with [CheckAccessToNode].
+
+ Test: http/tests/security/cross-frame-access-frameelement.html
+
+ * page/DOMWindow.idl:
+
+2012-02-08 Kentaro Hara <haraken@chromium.org>
+
Rename [CustomPushEventHandlerScope] to [JSCustomPushEventHandlerScope]
https://bugs.webkit.org/show_bug.cgi?id=78081
DOMSelection getSelection();
- readonly attribute [CheckNodeSecurity] Element frameElement;
+ readonly attribute [CheckAccessToNode] Element frameElement;
[DoNotCheckDomainSecurity] void focus();
[DoNotCheckDomainSecurity] void blur();
projects / profile / ivi / webkit-efl.git / commitdiff