mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-08 02:14:43 +00:00
Backed out 3 changesets (bug 1190641
) for failures in test_dialogArguments.html and test_iframe_sandbox_modal.html
Backed out changeset ef1d1a433415 (bug1190641
) Backed out changeset b037f2642082 (bug1190641
) Backed out changeset 733eacd2ed13 (bug1190641
) --HG-- extra : rebase_source : 218cf6d49e6f71742da7c69cf42b0a6a355e1863
This commit is contained in:
parent
ffec923436
commit
462fc252b3
@ -22,6 +22,4 @@ SANDBOX_KEYWORD("allow-pointer-lock", allowpointerlock, SANDBOXED_POINTER_LOCK)
|
||||
SANDBOX_KEYWORD("allow-orientation-lock", alloworientationlock,
|
||||
SANDBOXED_ORIENTATION_LOCK)
|
||||
SANDBOX_KEYWORD("allow-popups", allowpopups, SANDBOXED_AUXILIARY_NAVIGATION)
|
||||
SANDBOX_KEYWORD("allow-modals", allowmodals, SANDBOXED_MODALS)
|
||||
SANDBOX_KEYWORD("allow-popups-to-escape-sandbox", allowpopupstoescapesandbox,
|
||||
SANDBOX_PROPAGATES_TO_AUXILIARY_BROWSING_CONTEXTS)
|
||||
|
||||
|
@ -1360,7 +1360,17 @@ nsContentUtils::ParseSandboxAttributeToFlags(const nsAttrValue* sandboxAttr)
|
||||
if (!sandboxAttr) { return 0; }
|
||||
|
||||
// Start off by setting all the restriction flags.
|
||||
uint32_t out = SANDBOX_ALL_FLAGS;
|
||||
uint32_t out = SANDBOXED_NAVIGATION
|
||||
| SANDBOXED_AUXILIARY_NAVIGATION
|
||||
| SANDBOXED_TOPLEVEL_NAVIGATION
|
||||
| SANDBOXED_PLUGINS
|
||||
| SANDBOXED_ORIGIN
|
||||
| SANDBOXED_FORMS
|
||||
| SANDBOXED_SCRIPTS
|
||||
| SANDBOXED_AUTOMATIC_FEATURES
|
||||
| SANDBOXED_POINTER_LOCK
|
||||
| SANDBOXED_ORIENTATION_LOCK
|
||||
| SANDBOXED_DOMAIN;
|
||||
|
||||
// Macro for updating the flag according to the keywords
|
||||
#define SANDBOX_KEYWORD(string, atom, flags) \
|
||||
|
@ -79,10 +79,8 @@ GK_ATOM(allowevents, "allowevents")
|
||||
GK_ATOM(allownegativeassertions, "allownegativeassertions")
|
||||
GK_ATOM(allowforms,"allow-forms")
|
||||
GK_ATOM(allowfullscreen, "allowfullscreen")
|
||||
GK_ATOM(allowmodals, "allow-modals")
|
||||
GK_ATOM(alloworientationlock,"allow-orientation-lock")
|
||||
GK_ATOM(allowpointerlock,"allow-pointer-lock")
|
||||
GK_ATOM(allowpopupstoescapesandbox,"allow-popups-to-escape-sandbox")
|
||||
GK_ATOM(allowpopups,"allow-popups")
|
||||
GK_ATOM(allowsameorigin,"allow-same-origin")
|
||||
GK_ATOM(allowscripts,"allow-scripts")
|
||||
|
@ -3420,16 +3420,6 @@ nsGlobalWindow::AreDialogsEnabled()
|
||||
}
|
||||
}
|
||||
|
||||
// Dialogs are also blocked if the document is sandboxed with SANDBOXED_MODALS
|
||||
// (or if we have no document, of course). Which document? Who knows; the
|
||||
// spec is daft. See <https://github.com/whatwg/html/issues/1206>. For now
|
||||
// just go ahead and check mDoc, since in everything except edge cases in
|
||||
// which a frame is allow-same-origin but not allow-scripts and is being poked
|
||||
// at by some other window this should be the right thing anyway.
|
||||
if (!mDoc || (mDoc->GetSandboxFlags() & SANDBOXED_MODALS)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
return topWindow->mAreDialogsEnabled;
|
||||
}
|
||||
|
||||
|
@ -22,18 +22,11 @@
|
||||
*/
|
||||
const unsigned long SANDBOXED_NAVIGATION = 0x1;
|
||||
|
||||
/**
|
||||
* This flag prevents content from creating new auxiliary browsing contexts,
|
||||
* e.g. using the target attribute, the window.open() method, or the
|
||||
* showModalDialog() method.
|
||||
*/
|
||||
const unsigned long SANDBOXED_AUXILIARY_NAVIGATION = 0x2;
|
||||
|
||||
/**
|
||||
* This flag prevents content from navigating their top-level browsing
|
||||
* context.
|
||||
*/
|
||||
const unsigned long SANDBOXED_TOPLEVEL_NAVIGATION = 0x4;
|
||||
const unsigned long SANDBOXED_TOPLEVEL_NAVIGATION = 0x2;
|
||||
|
||||
/**
|
||||
* This flag prevents content from instantiating plugins, whether using the
|
||||
@ -41,7 +34,7 @@ const unsigned long SANDBOXED_TOPLEVEL_NAVIGATION = 0x4;
|
||||
* navigation of a nested browsing context, unless those plugins can be
|
||||
* secured.
|
||||
*/
|
||||
const unsigned long SANDBOXED_PLUGINS = 0x8;
|
||||
const unsigned long SANDBOXED_PLUGINS = 0x4;
|
||||
|
||||
/**
|
||||
* This flag forces content into a unique origin, thus preventing it from
|
||||
@ -49,69 +42,43 @@ const unsigned long SANDBOXED_PLUGINS = 0x8;
|
||||
* This flag also prevents script from reading from or writing to the
|
||||
* document.cookie IDL attribute, and blocks access to localStorage.
|
||||
*/
|
||||
const unsigned long SANDBOXED_ORIGIN = 0x10;
|
||||
const unsigned long SANDBOXED_ORIGIN = 0x8;
|
||||
|
||||
/**
|
||||
* This flag blocks form submission.
|
||||
*/
|
||||
const unsigned long SANDBOXED_FORMS = 0x20;
|
||||
|
||||
/**
|
||||
* This flag blocks the document from acquiring pointerlock.
|
||||
*/
|
||||
const unsigned long SANDBOXED_POINTER_LOCK = 0x40;
|
||||
const unsigned long SANDBOXED_FORMS = 0x10;
|
||||
|
||||
/**
|
||||
* This flag blocks script execution.
|
||||
*/
|
||||
const unsigned long SANDBOXED_SCRIPTS = 0x80;
|
||||
const unsigned long SANDBOXED_SCRIPTS = 0x20;
|
||||
|
||||
/**
|
||||
* This flag blocks features that trigger automatically, such as
|
||||
* automatically playing a video or automatically focusing a form control.
|
||||
*/
|
||||
const unsigned long SANDBOXED_AUTOMATIC_FEATURES = 0x100;
|
||||
const unsigned long SANDBOXED_AUTOMATIC_FEATURES = 0x40;
|
||||
|
||||
/**
|
||||
* This flag prevents URL schemes that use storage areas from being able to
|
||||
* access the origin's data.
|
||||
* This flag blocks the document from acquiring pointerlock.
|
||||
*/
|
||||
// We don't have an explicit representation of this one, apparently?
|
||||
// const unsigned long SANDBOXED_STORAGE_AREA_URLS = 0x200;
|
||||
|
||||
/**
|
||||
* This flag prevents content from using the requestFullscreen() method.
|
||||
*/
|
||||
// We don't implement this yet. See represent this as a sandbox flag; instead it's an explicit check for
|
||||
// the "allowfullscreen" attribute on the <iframe> that includes us.
|
||||
// XXXbz This is wrong in two ways: It can change during the life of the
|
||||
// document, and it doesn't get correctly propagated to popups. See
|
||||
// https://bugzilla.mozilla.org/show_bug.cgi?id=1270648
|
||||
// const unsigned long SANDBOXED_FULLSCREEN = 0x400;
|
||||
const unsigned long SANDBOXED_POINTER_LOCK = 0x80;
|
||||
|
||||
/**
|
||||
* This flag blocks the document from changing document.domain.
|
||||
*/
|
||||
const unsigned long SANDBOXED_DOMAIN = 0x800;
|
||||
const unsigned long SANDBOXED_DOMAIN = 0x100;
|
||||
|
||||
/**
|
||||
* This flag prevents content from using window.alert(), window.confirm(),
|
||||
* window.print(), window.prompt() and the beforeunload event from putting up
|
||||
* dialogs.
|
||||
* This flag prevents content from creating new auxiliary browsing contexts,
|
||||
* e.g. using the target attribute, the window.open() method, or the
|
||||
* showModalDialog() method.
|
||||
*/
|
||||
const unsigned long SANDBOXED_MODALS = 0x1000;
|
||||
|
||||
/**
|
||||
* This flag prevents content from escaping the sandbox by ensuring that any
|
||||
* auxiliary browsing context it creates inherits the content's active
|
||||
* sandboxing flag set.
|
||||
*/
|
||||
const unsigned long SANDBOX_PROPAGATES_TO_AUXILIARY_BROWSING_CONTEXTS = 0x2000;
|
||||
const unsigned long SANDBOXED_AUXILIARY_NAVIGATION = 0x200;
|
||||
|
||||
/**
|
||||
* This flag prevents locking screen orientation.
|
||||
*/
|
||||
const unsigned long SANDBOXED_ORIENTATION_LOCK = 0x4000;
|
||||
|
||||
const unsigned long SANDBOX_ALL_FLAGS = 0x7FFF;
|
||||
const unsigned long SANDBOXED_ORIENTATION_LOCK = 0x400;
|
||||
#endif
|
||||
|
@ -872,11 +872,9 @@ nsWindowWatcher::OpenWindowInternal(mozIDOMWindowProxy* aParent,
|
||||
nsCOMPtr<nsIDocShell> newDocShell(do_QueryInterface(newDocShellItem));
|
||||
NS_ENSURE_TRUE(newDocShell, NS_ERROR_UNEXPECTED);
|
||||
|
||||
// Copy sandbox flags to the new window if activeDocsSandboxFlags says to do
|
||||
// so. Note that it's only nonzero if the window is new, so clobbering
|
||||
// sandbox flags on the window makes sense in that case.
|
||||
if (activeDocsSandboxFlags &
|
||||
SANDBOX_PROPAGATES_TO_AUXILIARY_BROWSING_CONTEXTS) {
|
||||
// Set up sandboxing attributes if the window is new.
|
||||
// The flags can only be non-zero for new windows.
|
||||
if (activeDocsSandboxFlags != 0) {
|
||||
newDocShell->SetSandboxFlags(activeDocsSandboxFlags);
|
||||
if (parentWindow) {
|
||||
newDocShell->SetOnePermittedSandboxedNavigator(
|
||||
|
@ -86,8 +86,6 @@
|
||||
#include "nsIPrompt.h"
|
||||
#include "imgIContainer.h" // image animation mode constants
|
||||
|
||||
#include "nsSandboxFlags.h"
|
||||
|
||||
#include "mozilla/DocLoadingTimelineMarker.h"
|
||||
|
||||
//--------------------------
|
||||
@ -1152,8 +1150,7 @@ nsDocumentViewer::PermitUnloadInternal(bool *aShouldPrompt,
|
||||
|
||||
// NB: we nullcheck mDocument because it might now be dead as a result of
|
||||
// the event being dispatched.
|
||||
if (!sIsBeforeUnloadDisabled && *aShouldPrompt && dialogsAreEnabled &&
|
||||
mDocument && !(mDocument->GetSandboxFlags() & SANDBOXED_MODALS) &&
|
||||
if (!sIsBeforeUnloadDisabled && *aShouldPrompt && dialogsAreEnabled && mDocument &&
|
||||
(!sBeforeUnloadRequiresInteraction || mDocument->UserHasInteracted()) &&
|
||||
(event->WidgetEventPtr()->DefaultPrevented() || !text.IsEmpty())) {
|
||||
// Ask the user if it's ok to unload the current page
|
||||
|
@ -40794,18 +40794,6 @@
|
||||
"url": "/html/semantics/embedded-content/the-iframe-element/iframe-load-event.html"
|
||||
}
|
||||
],
|
||||
"html/semantics/embedded-content/the-iframe-element/iframe_sandbox_popups_escaping.html": [
|
||||
{
|
||||
"path": "html/semantics/embedded-content/the-iframe-element/iframe_sandbox_popups_escaping.html",
|
||||
"url": "/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_popups_escaping.html"
|
||||
}
|
||||
],
|
||||
"html/semantics/embedded-content/the-iframe-element/iframe_sandbox_popups_nonescaping.html": [
|
||||
{
|
||||
"path": "html/semantics/embedded-content/the-iframe-element/iframe_sandbox_popups_nonescaping.html",
|
||||
"url": "/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_popups_nonescaping.html"
|
||||
}
|
||||
],
|
||||
"html/syntax/serializing-html-fragments/serializing.html": [
|
||||
{
|
||||
"path": "html/syntax/serializing-html-fragments/serializing.html",
|
||||
|
@ -1,25 +0,0 @@
|
||||
<!doctype html>
|
||||
<meta charset=utf-8>
|
||||
<title>Check that popups from a sandboxed iframe escape the sandbox if
|
||||
allow-popups-to-escape-sandbox is used</title>
|
||||
<script src=/resources/testharness.js></script>
|
||||
<script src=/resources/testharnessreport.js></script>
|
||||
<iframe sandbox="allow-scripts allow-popups allow-popups-to-escape-sandbox">
|
||||
</iframe>
|
||||
<script>
|
||||
var t = async_test();
|
||||
var ourOrigin;
|
||||
onmessage = t.step_func(function(e) {
|
||||
assert_equals(e.data, "hello", "This is our origin getter message");
|
||||
ourOrigin = e.origin;
|
||||
|
||||
onmessage = t.step_func_done(function(e) {
|
||||
assert_equals(e.origin, "null", "It came from a sandboxed iframe");
|
||||
assert_equals(e.data.data, undefined, "Should have the right message");
|
||||
assert_equals(e.data.origin, ourOrigin, "Should have escaped the sandbox");
|
||||
});
|
||||
|
||||
document.querySelector("iframe").src = "iframe_sandbox_popups_helper.html";
|
||||
});
|
||||
postMessage("hello", "*");
|
||||
</script>
|
@ -1,17 +0,0 @@
|
||||
<!DOCTYPE html>
|
||||
<script>
|
||||
var popupWin;
|
||||
if (opener) {
|
||||
// We're the popup. Send back our state. What we really want to send is
|
||||
// our origin, but that will come automatically.
|
||||
opener.postMessage(undefined, "*");
|
||||
self.close();
|
||||
} else {
|
||||
// We're the child. Start listening for messages and open ourselves as the
|
||||
// popup.
|
||||
onmessage = function (e) {
|
||||
parent.postMessage({ data: e.data, origin: e.origin }, "*");
|
||||
};
|
||||
popupWin = window.open(location.href);
|
||||
}
|
||||
</script>
|
@ -1,15 +0,0 @@
|
||||
<!doctype html>
|
||||
<meta charset=utf-8>
|
||||
<title>Check that popups from a sandboxed iframe do not escape the sandbox</title>
|
||||
<script src=/resources/testharness.js></script>
|
||||
<script src=/resources/testharnessreport.js></script>
|
||||
<script>
|
||||
var t = async_test();
|
||||
onmessage = t.step_func_done(function(e) {
|
||||
assert_equals(e.origin, "null", "It came from a sandboxed iframe");
|
||||
assert_equals(e.data.data, undefined, "Should have the right message");
|
||||
assert_equals(e.data.origin, "null", "Should not have escaped the sandbox");
|
||||
});
|
||||
</script>
|
||||
<iframe sandbox="allow-scripts allow-popups"
|
||||
src="iframe_sandbox_popups_helper.html"></iframe>
|
Loading…
Reference in New Issue
Block a user