mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-20 16:55:40 +00:00
Bug 1190641
part 3. Add the sandbox propagates to auxiliary browsing contexts flag to iframe sandboxing. r=ckerschb
This commit is contained in:
parent
f3092cff84
commit
278db1b97e
@ -23,4 +23,5 @@ SANDBOX_KEYWORD("allow-orientation-lock", alloworientationlock,
|
||||
SANDBOXED_ORIENTATION_LOCK)
|
||||
SANDBOX_KEYWORD("allow-popups", allowpopups, SANDBOXED_AUXILIARY_NAVIGATION)
|
||||
SANDBOX_KEYWORD("allow-modals", allowmodals, SANDBOXED_MODALS)
|
||||
|
||||
SANDBOX_KEYWORD("allow-popups-to-escape-sandbox", allowpopupstoescapesandbox,
|
||||
SANDBOX_PROPAGATES_TO_AUXILIARY_BROWSING_CONTEXTS)
|
||||
|
@ -82,6 +82,7 @@ GK_ATOM(allowfullscreen, "allowfullscreen")
|
||||
GK_ATOM(allowmodals, "allow-modals")
|
||||
GK_ATOM(alloworientationlock,"allow-orientation-lock")
|
||||
GK_ATOM(allowpointerlock,"allow-pointer-lock")
|
||||
GK_ATOM(allowpopupstoescapesandbox,"allow-popups-to-escape-sandbox")
|
||||
GK_ATOM(allowpopups,"allow-popups")
|
||||
GK_ATOM(allowsameorigin,"allow-same-origin")
|
||||
GK_ATOM(allowscripts,"allow-scripts")
|
||||
|
@ -101,10 +101,17 @@ const unsigned long SANDBOXED_DOMAIN = 0x800;
|
||||
*/
|
||||
const unsigned long SANDBOXED_MODALS = 0x1000;
|
||||
|
||||
/**
|
||||
* This flag prevents content from escaping the sandbox by ensuring that any
|
||||
* auxiliary browsing context it creates inherits the content's active
|
||||
* sandboxing flag set.
|
||||
*/
|
||||
const unsigned long SANDBOX_PROPAGATES_TO_AUXILIARY_BROWSING_CONTEXTS = 0x2000;
|
||||
|
||||
/**
|
||||
* This flag prevents locking screen orientation.
|
||||
*/
|
||||
const unsigned long SANDBOXED_ORIENTATION_LOCK = 0x2000;
|
||||
const unsigned long SANDBOXED_ORIENTATION_LOCK = 0x4000;
|
||||
|
||||
const unsigned long SANDBOX_ALL_FLAGS = 0x3FFF;
|
||||
const unsigned long SANDBOX_ALL_FLAGS = 0x7FFF;
|
||||
#endif
|
||||
|
@ -872,9 +872,11 @@ nsWindowWatcher::OpenWindowInternal(mozIDOMWindowProxy* aParent,
|
||||
nsCOMPtr<nsIDocShell> newDocShell(do_QueryInterface(newDocShellItem));
|
||||
NS_ENSURE_TRUE(newDocShell, NS_ERROR_UNEXPECTED);
|
||||
|
||||
// Set up sandboxing attributes if the window is new.
|
||||
// The flags can only be non-zero for new windows.
|
||||
if (activeDocsSandboxFlags != 0) {
|
||||
// Copy sandbox flags to the new window if activeDocsSandboxFlags says to do
|
||||
// so. Note that it's only nonzero if the window is new, so clobbering
|
||||
// sandbox flags on the window makes sense in that case.
|
||||
if (activeDocsSandboxFlags &
|
||||
SANDBOX_PROPAGATES_TO_AUXILIARY_BROWSING_CONTEXTS) {
|
||||
newDocShell->SetSandboxFlags(activeDocsSandboxFlags);
|
||||
if (parentWindow) {
|
||||
newDocShell->SetOnePermittedSandboxedNavigator(
|
||||
|
@ -40794,6 +40794,18 @@
|
||||
"url": "/html/semantics/embedded-content/the-iframe-element/iframe-load-event.html"
|
||||
}
|
||||
],
|
||||
"html/semantics/embedded-content/the-iframe-element/iframe_sandbox_popups_escaping.html": [
|
||||
{
|
||||
"path": "html/semantics/embedded-content/the-iframe-element/iframe_sandbox_popups_escaping.html",
|
||||
"url": "/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_popups_escaping.html"
|
||||
}
|
||||
],
|
||||
"html/semantics/embedded-content/the-iframe-element/iframe_sandbox_popups_nonescaping.html": [
|
||||
{
|
||||
"path": "html/semantics/embedded-content/the-iframe-element/iframe_sandbox_popups_nonescaping.html",
|
||||
"url": "/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_popups_nonescaping.html"
|
||||
}
|
||||
],
|
||||
"html/syntax/serializing-html-fragments/serializing.html": [
|
||||
{
|
||||
"path": "html/syntax/serializing-html-fragments/serializing.html",
|
||||
|
@ -0,0 +1,25 @@
|
||||
<!doctype html>
|
||||
<meta charset=utf-8>
|
||||
<title>Check that popups from a sandboxed iframe escape the sandbox if
|
||||
allow-popups-to-escape-sandbox is used</title>
|
||||
<script src=/resources/testharness.js></script>
|
||||
<script src=/resources/testharnessreport.js></script>
|
||||
<iframe sandbox="allow-scripts allow-popups allow-popups-to-escape-sandbox">
|
||||
</iframe>
|
||||
<script>
|
||||
var t = async_test();
|
||||
var ourOrigin;
|
||||
onmessage = t.step_func(function(e) {
|
||||
assert_equals(e.data, "hello", "This is our origin getter message");
|
||||
ourOrigin = e.origin;
|
||||
|
||||
onmessage = t.step_func_done(function(e) {
|
||||
assert_equals(e.origin, "null", "It came from a sandboxed iframe");
|
||||
assert_equals(e.data.data, undefined, "Should have the right message");
|
||||
assert_equals(e.data.origin, ourOrigin, "Should have escaped the sandbox");
|
||||
});
|
||||
|
||||
document.querySelector("iframe").src = "iframe_sandbox_popups_helper.html";
|
||||
});
|
||||
postMessage("hello", "*");
|
||||
</script>
|
@ -0,0 +1,17 @@
|
||||
<!DOCTYPE html>
|
||||
<script>
|
||||
var popupWin;
|
||||
if (opener) {
|
||||
// We're the popup. Send back our state. What we really want to send is
|
||||
// our origin, but that will come automatically.
|
||||
opener.postMessage(undefined, "*");
|
||||
self.close();
|
||||
} else {
|
||||
// We're the child. Start listening for messages and open ourselves as the
|
||||
// popup.
|
||||
onmessage = function (e) {
|
||||
parent.postMessage({ data: e.data, origin: e.origin }, "*");
|
||||
};
|
||||
popupWin = window.open(location.href);
|
||||
}
|
||||
</script>
|
@ -0,0 +1,15 @@
|
||||
<!doctype html>
|
||||
<meta charset=utf-8>
|
||||
<title>Check that popups from a sandboxed iframe do not escape the sandbox</title>
|
||||
<script src=/resources/testharness.js></script>
|
||||
<script src=/resources/testharnessreport.js></script>
|
||||
<script>
|
||||
var t = async_test();
|
||||
onmessage = t.step_func_done(function(e) {
|
||||
assert_equals(e.origin, "null", "It came from a sandboxed iframe");
|
||||
assert_equals(e.data.data, undefined, "Should have the right message");
|
||||
assert_equals(e.data.origin, "null", "Should not have escaped the sandbox");
|
||||
});
|
||||
</script>
|
||||
<iframe sandbox="allow-scripts allow-popups"
|
||||
src="iframe_sandbox_popups_helper.html"></iframe>
|
Loading…
Reference in New Issue
Block a user