Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-08 02:14:43 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Backed out 3 changesets (bug 1190641) for failures in test_dialogArguments.html and test_iframe_sandbox_modal.html

Browse Source 
Backed out changeset ef1d1a433415 (bug 1190641)
Backed out changeset b037f2642082 (bug 1190641)
Backed out changeset 733eacd2ed13 (bug 1190641)

--HG--
extra : rebase_source : 218cf6d49e6f71742da7c69cf42b0a6a355e1863
This commit is contained in:
Wes Kocher 2016-05-06 12:54:16 -07:00
parent ffec923436
commit 462fc252b3
11 changed files with 30 additions and 141 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
dom/base/IframeSandboxKeywordList.h
View File

@ -22,6 +22,4 @@ SANDBOX_KEYWORD("allow-pointer-lock", allowpointerlock, SANDBOXED_POINTER_LOCK)
SANDBOX_KEYWORD("allow-orientation-lock", alloworientationlock,
SANDBOXED_ORIENTATION_LOCK)
SANDBOX_KEYWORD("allow-popups", allowpopups, SANDBOXED_AUXILIARY_NAVIGATION)
SANDBOX_KEYWORD("allow-modals", allowmodals, SANDBOXED_MODALS)
SANDBOX_KEYWORD("allow-popups-to-escape-sandbox", allowpopupstoescapesandbox,
SANDBOX_PROPAGATES_TO_AUXILIARY_BROWSING_CONTEXTS)

12
dom/base/nsContentUtils.cpp
View File

@ -1360,7 +1360,17 @@ nsContentUtils::ParseSandboxAttributeToFlags(const nsAttrValue* sandboxAttr)
if (!sandboxAttr) { return 0; }
// Start off by setting all the restriction flags.
uint32_t out = SANDBOX_ALL_FLAGS;
uint32_t out = SANDBOXED_NAVIGATION
| SANDBOXED_AUXILIARY_NAVIGATION
| SANDBOXED_TOPLEVEL_NAVIGATION
| SANDBOXED_PLUGINS
| SANDBOXED_ORIGIN
| SANDBOXED_FORMS
| SANDBOXED_SCRIPTS
| SANDBOXED_AUTOMATIC_FEATURES
| SANDBOXED_POINTER_LOCK
| SANDBOXED_ORIENTATION_LOCK
| SANDBOXED_DOMAIN;
// Macro for updating the flag according to the keywords
#define SANDBOX_KEYWORD(string, atom, flags) \

2
dom/base/nsGkAtomList.h
View File

@ -79,10 +79,8 @@ GK_ATOM(allowevents, "allowevents")
GK_ATOM(allownegativeassertions, "allownegativeassertions")
GK_ATOM(allowforms,"allow-forms")
GK_ATOM(allowfullscreen, "allowfullscreen")
GK_ATOM(allowmodals, "allow-modals")
GK_ATOM(alloworientationlock,"allow-orientation-lock")
GK_ATOM(allowpointerlock,"allow-pointer-lock")
GK_ATOM(allowpopupstoescapesandbox,"allow-popups-to-escape-sandbox")
GK_ATOM(allowpopups,"allow-popups")
GK_ATOM(allowsameorigin,"allow-same-origin")
GK_ATOM(allowscripts,"allow-scripts")

10
dom/base/nsGlobalWindow.cpp
View File

@ -3420,16 +3420,6 @@ nsGlobalWindow::AreDialogsEnabled()
}
}
// Dialogs are also blocked if the document is sandboxed with SANDBOXED_MODALS
// (or if we have no document, of course). Which document? Who knows; the
// spec is daft. See <https://github.com/whatwg/html/issues/1206>. For now
// just go ahead and check mDoc, since in everything except edge cases in
// which a frame is allow-same-origin but not allow-scripts and is being poked
// at by some other window this should be the right thing anyway.
if (!mDoc || (mDoc->GetSandboxFlags() & SANDBOXED_MODALS)) {
return false;
}
return topWindow->mAreDialogsEnabled;
}

61
dom/base/nsSandboxFlags.h
View File

@ -22,18 +22,11 @@
*/
const unsigned long SANDBOXED_NAVIGATION = 0x1;
/**
* This flag prevents content from creating new auxiliary browsing contexts,
* e.g. using the target attribute, the window.open() method, or the
* showModalDialog() method.
*/
const unsigned long SANDBOXED_AUXILIARY_NAVIGATION = 0x2;
/**
* This flag prevents content from navigating their top-level browsing
* context.
*/
const unsigned long SANDBOXED_TOPLEVEL_NAVIGATION = 0x4;
const unsigned long SANDBOXED_TOPLEVEL_NAVIGATION = 0x2;
/**
* This flag prevents content from instantiating plugins, whether using the
@ -41,7 +34,7 @@ const unsigned long SANDBOXED_TOPLEVEL_NAVIGATION = 0x4;
* navigation of a nested browsing context, unless those plugins can be
* secured.
*/
const unsigned long SANDBOXED_PLUGINS = 0x8;
const unsigned long SANDBOXED_PLUGINS = 0x4;
/**
* This flag forces content into a unique origin, thus preventing it from
@ -49,69 +42,43 @@ const unsigned long SANDBOXED_PLUGINS = 0x8;
* This flag also prevents script from reading from or writing to the
* document.cookie IDL attribute, and blocks access to localStorage.
*/
const unsigned long SANDBOXED_ORIGIN = 0x10;
const unsigned long SANDBOXED_ORIGIN = 0x8;
/**
* This flag blocks form submission.
*/
const unsigned long SANDBOXED_FORMS = 0x20;
/**
* This flag blocks the document from acquiring pointerlock.
*/
const unsigned long SANDBOXED_POINTER_LOCK = 0x40;
const unsigned long SANDBOXED_FORMS = 0x10;
/**
* This flag blocks script execution.
*/
const unsigned long SANDBOXED_SCRIPTS = 0x80;
const unsigned long SANDBOXED_SCRIPTS = 0x20;
/**
* This flag blocks features that trigger automatically, such as
* automatically playing a video or automatically focusing a form control.
*/
const unsigned long SANDBOXED_AUTOMATIC_FEATURES = 0x100;
const unsigned long SANDBOXED_AUTOMATIC_FEATURES = 0x40;
/**
* This flag prevents URL schemes that use storage areas from being able to
* access the origin's data.
* This flag blocks the document from acquiring pointerlock.
*/
// We don't have an explicit representation of this one, apparently?
// const unsigned long SANDBOXED_STORAGE_AREA_URLS = 0x200;
/**
* This flag prevents content from using the requestFullscreen() method.
*/
// We don't implement this yet. See represent this as a sandbox flag; instead it's an explicit check for
// the "allowfullscreen" attribute on the <iframe> that includes us.
// XXXbz This is wrong in two ways: It can change during the life of the
// document, and it doesn't get correctly propagated to popups. See
// https://bugzilla.mozilla.org/show_bug.cgi?id=1270648
// const unsigned long SANDBOXED_FULLSCREEN = 0x400;
const unsigned long SANDBOXED_POINTER_LOCK = 0x80;
/**
* This flag blocks the document from changing document.domain.
*/
const unsigned long SANDBOXED_DOMAIN = 0x800;
const unsigned long SANDBOXED_DOMAIN = 0x100;
/**
* This flag prevents content from using window.alert(), window.confirm(),
* window.print(), window.prompt() and the beforeunload event from putting up
* dialogs.
* This flag prevents content from creating new auxiliary browsing contexts,
* e.g. using the target attribute, the window.open() method, or the
* showModalDialog() method.
*/
const unsigned long SANDBOXED_MODALS = 0x1000;
/**
* This flag prevents content from escaping the sandbox by ensuring that any
* auxiliary browsing context it creates inherits the content's active
* sandboxing flag set.
*/
const unsigned long SANDBOX_PROPAGATES_TO_AUXILIARY_BROWSING_CONTEXTS = 0x2000;
const unsigned long SANDBOXED_AUXILIARY_NAVIGATION = 0x200;
/**
* This flag prevents locking screen orientation.
*/
const unsigned long SANDBOXED_ORIENTATION_LOCK = 0x4000;
const unsigned long SANDBOX_ALL_FLAGS = 0x7FFF;
const unsigned long SANDBOXED_ORIENTATION_LOCK = 0x400;
#endif

8
embedding/components/windowwatcher/nsWindowWatcher.cpp
View File

@ -872,11 +872,9 @@ nsWindowWatcher::OpenWindowInternal(mozIDOMWindowProxy* aParent,
nsCOMPtr<nsIDocShell> newDocShell(do_QueryInterface(newDocShellItem));
NS_ENSURE_TRUE(newDocShell, NS_ERROR_UNEXPECTED);
// Copy sandbox flags to the new window if activeDocsSandboxFlags says to do
// so. Note that it's only nonzero if the window is new, so clobbering
// sandbox flags on the window makes sense in that case.
if (activeDocsSandboxFlags &
SANDBOX_PROPAGATES_TO_AUXILIARY_BROWSING_CONTEXTS) {
// Set up sandboxing attributes if the window is new.
// The flags can only be non-zero for new windows.
if (activeDocsSandboxFlags != 0) {
newDocShell->SetSandboxFlags(activeDocsSandboxFlags);
if (parentWindow) {
newDocShell->SetOnePermittedSandboxedNavigator(

5
layout/base/nsDocumentViewer.cpp
View File

@ -86,8 +86,6 @@
#include "nsIPrompt.h"
#include "imgIContainer.h" // image animation mode constants
#include "nsSandboxFlags.h"
#include "mozilla/DocLoadingTimelineMarker.h"
//--------------------------
@ -1152,8 +1150,7 @@ nsDocumentViewer::PermitUnloadInternal(bool *aShouldPrompt,
// NB: we nullcheck mDocument because it might now be dead as a result of
// the event being dispatched.
if (!sIsBeforeUnloadDisabled && *aShouldPrompt && dialogsAreEnabled &&
mDocument && !(mDocument->GetSandboxFlags() & SANDBOXED_MODALS) &&
if (!sIsBeforeUnloadDisabled && *aShouldPrompt && dialogsAreEnabled && mDocument &&
(!sBeforeUnloadRequiresInteraction || mDocument->UserHasInteracted()) &&
(event->WidgetEventPtr()->DefaultPrevented() || !text.IsEmpty())) {
// Ask the user if it's ok to unload the current page

12
testing/web-platform/meta/MANIFEST.json
View File

@ -40794,18 +40794,6 @@
"url": "/html/semantics/embedded-content/the-iframe-element/iframe-load-event.html"
}
],
"html/semantics/embedded-content/the-iframe-element/iframe_sandbox_popups_escaping.html": [
{
"path": "html/semantics/embedded-content/the-iframe-element/iframe_sandbox_popups_escaping.html",
"url": "/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_popups_escaping.html"
}
],
"html/semantics/embedded-content/the-iframe-element/iframe_sandbox_popups_nonescaping.html": [
{
"path": "html/semantics/embedded-content/the-iframe-element/iframe_sandbox_popups_nonescaping.html",
"url": "/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_popups_nonescaping.html"
}
],
"html/syntax/serializing-html-fragments/serializing.html": [
{
"path": "html/syntax/serializing-html-fragments/serializing.html",

25
testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_popups_escaping.html
View File

@ -1,25 +0,0 @@
<!doctype html>
<meta charset=utf-8>
<title>Check that popups from a sandboxed iframe escape the sandbox if
allow-popups-to-escape-sandbox is used</title>
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<iframe sandbox="allow-scripts allow-popups allow-popups-to-escape-sandbox">
</iframe>
<script>
var t = async_test();
var ourOrigin;
onmessage = t.step_func(function(e) {
assert_equals(e.data, "hello", "This is our origin getter message");
ourOrigin = e.origin;
onmessage = t.step_func_done(function(e) {
assert_equals(e.origin, "null", "It came from a sandboxed iframe");
assert_equals(e.data.data, undefined, "Should have the right message");
assert_equals(e.data.origin, ourOrigin, "Should have escaped the sandbox");
});
document.querySelector("iframe").src = "iframe_sandbox_popups_helper.html";
});
postMessage("hello", "*");
</script>

17
testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_popups_helper.html
View File

@ -1,17 +0,0 @@
<!DOCTYPE html>
<script>
var popupWin;
if (opener) {
// We're the popup. Send back our state. What we really want to send is
// our origin, but that will come automatically.
opener.postMessage(undefined, "*");
self.close();
} else {
// We're the child. Start listening for messages and open ourselves as the
// popup.
onmessage = function (e) {
parent.postMessage({ data: e.data, origin: e.origin }, "*");
};
popupWin = window.open(location.href);
}
</script>

15
testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_popups_nonescaping.html
View File

@ -1,15 +0,0 @@
<!doctype html>
<meta charset=utf-8>
<title>Check that popups from a sandboxed iframe do not escape the sandbox</title>
<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script>
var t = async_test();
onmessage = t.step_func_done(function(e) {
assert_equals(e.origin, "null", "It came from a sandboxed iframe");
assert_equals(e.data.data, undefined, "Should have the right message");
assert_equals(e.data.origin, "null", "Should not have escaped the sandbox");
});
</script>
<iframe sandbox="allow-scripts allow-popups"
src="iframe_sandbox_popups_helper.html"></iframe>