Skip to content

Commit

Permalink
Disallow alert/confirm/prompt in cross-origin-domain subframes
Browse files Browse the repository at this point in the history
https://bugs.webkit.org/show_bug.cgi?id=221568

Reviewed by Geoff Garen.

Source/WebCore:

Disallow alert/confirm/prompt in cross-origin-domain subframes as per the latest HTML specification:
- whatwg/html#6297

Tests: http/tests/security/cross-origin-js-prompt-forbidden.html
       http/tests/security/same-origin-different-domain-js-prompt-forbidden.html

* page/DOMWindow.cpp:
(WebCore::DOMWindow::alert):
(WebCore::DOMWindow::confirmForBindings):
(WebCore::DOMWindow::prompt):
* page/SecurityOrigin.cpp:
* page/SecurityOrigin.h:

LayoutTests:

Add layout test coverage and update existing tests to stop using alert() in cross-origin iframes.

* fast/events/popup-blocked-from-unique-frame-via-window-open-named-sibling-frame-expected.txt:
* fast/events/popup-blocked-from-unique-frame-via-window-open-named-sibling-frame.html:
* fast/events/popup-when-select-change-expected.txt:
* fast/events/popup-when-select-change.html:
* fast/events/resize-subframe-expected.txt:
* fast/events/resize-subframe.html:
* fast/forms/autofocus-in-sandbox-with-allow-scripts-expected.txt:
* fast/forms/autofocus-in-sandbox-with-allow-scripts.html:
* fast/frames/resources/navigate-top-by-name-to-fail.html:
* fast/frames/sandboxed-iframe-navigation-top-by-name-denied-expected.txt:
* http/tests/cookies/resources/third-party-cookie-relaxing-iframe.html:
* http/tests/cookies/third-party-cookie-relaxing-expected.txt:
* http/tests/history/cross-origin-replace-history-object-child-expected.txt:
* http/tests/history/cross-origin-replace-history-object-expected.txt:
* http/tests/history/resources/cross-origin-replaces-history-object-child-iframe.html:
* http/tests/history/resources/cross-origin-replaces-history-object-iframe.html:
* http/tests/plugins/resources/third-party-cookie-accept-policy-iframe.html:
* http/tests/plugins/third-party-cookie-accept-policy-expected.txt:
* http/tests/security/contentSecurityPolicy/embed-redirect-allowed-expected.txt:
* http/tests/security/contentSecurityPolicy/embed-redirect-allowed2-expected.txt:
* http/tests/security/contentSecurityPolicy/frame-src-cross-origin-load-expected.txt:
* http/tests/security/contentSecurityPolicy/iframe-allowed-when-loaded-via-javascript-url-expected.txt:
* http/tests/security/contentSecurityPolicy/iframe-inside-csp-expected.txt:
* http/tests/security/contentSecurityPolicy/iframe-redirect-allowed-by-child-src-expected.txt:
* http/tests/security/contentSecurityPolicy/iframe-redirect-allowed-by-child-src2-expected.txt:
* http/tests/security/contentSecurityPolicy/iframe-redirect-allowed-by-frame-src-expected.txt:
* http/tests/security/contentSecurityPolicy/iframe-redirect-allowed-by-frame-src2-expected.txt:
* http/tests/security/contentSecurityPolicy/object-redirect-allowed-expected.txt:
* http/tests/security/contentSecurityPolicy/object-redirect-allowed2-expected.txt:
* http/tests/security/contentSecurityPolicy/resources/alert-fail.html:
* http/tests/security/contentSecurityPolicy/resources/alert-fail.js:
(catch):
* http/tests/security/contentSecurityPolicy/resources/alert-pass.html:
* http/tests/security/contentSecurityPolicy/resources/alert-pass.js:
(catch):
* http/tests/security/contentSecurityPolicy/resources/sandbox.php:
* http/tests/security/contentSecurityPolicy/resources/sandboxed-eval.php:
* http/tests/security/contentSecurityPolicy/sandbox-allow-scripts-in-http-header-control-expected.txt:
* http/tests/security/contentSecurityPolicy/sandbox-allow-scripts-in-http-header-expected.txt:
* http/tests/security/contentSecurityPolicy/sandbox-report-only-expected.txt:
* http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/proper-nested-upgrades-expected.txt:
* http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrades-mixed-content-expected.txt:
* http/tests/security/cross-origin-js-prompt-forbidden-expected.txt: Added.
* http/tests/security/cross-origin-js-prompt-forbidden.html: Added.
* http/tests/security/dataURL/resources/foreign-domain-data-url-accessor-iframe.html:
* http/tests/security/dataURL/resources/foreign-domain-data-url-accessor-opened-frame.html:
* http/tests/security/dataURL/xss-DENIED-from-data-url-in-foreign-domain-subframe-expected.txt:
* http/tests/security/dataURL/xss-DENIED-from-data-url-in-foreign-domain-window-open-expected.txt:
* http/tests/security/mixedContent/resources/frame-with-insecure-websocket.html:
* http/tests/security/mixedContent/websocket/insecure-websocket-in-iframe-expected.txt:
* http/tests/security/resources/cross-origin-js-prompt-forbidden.html: Added.
* http/tests/security/same-origin-different-domain-js-prompt-forbidden-expected.txt: Added.
* http/tests/security/same-origin-different-domain-js-prompt-forbidden.html: Added.
* http/tests/security/xssAuditor/base-href-control-char-expected.txt:
* http/tests/security/xssAuditor/base-href-direct-expected.txt:
* http/tests/security/xssAuditor/base-href-expected.txt:
* http/tests/security/xssAuditor/base-href-null-char-expected.txt:
* http/tests/security/xssAuditor/base-href-safe-expected.txt:
* http/tests/security/xssAuditor/base-href-safe2-expected.txt:
* http/tests/security/xssAuditor/base-href-safe3-expected.txt:
* http/tests/security/xssAuditor/base-href-scheme-relative-expected.txt:
* http/tests/security/xssAuditor/cached-frame-expected.txt:
* http/tests/security/xssAuditor/cached-frame.html:
* http/tests/security/xssAuditor/cookie-injection-expected.txt:
* http/tests/security/xssAuditor/data-urls-work-expected.txt:
* http/tests/security/xssAuditor/data-urls-work.html:
* http/tests/security/xssAuditor/dom-write-innerHTML-expected.txt:
* http/tests/security/xssAuditor/dom-write-innerHTML.html:
* http/tests/security/xssAuditor/form-action-expected.txt:
* http/tests/security/xssAuditor/formaction-on-button-expected.txt:
* http/tests/security/xssAuditor/formaction-on-input-expected.txt:
* http/tests/security/xssAuditor/javascript-link-safe-expected.txt:
* http/tests/security/xssAuditor/javascript-link-safe.html:
* http/tests/security/xssAuditor/property-escape-noquotes-expected.txt:
* http/tests/security/xssAuditor/property-escape-noquotes-tab-slash-chars-expected.txt:
* http/tests/security/xssAuditor/property-escape-noquotes-tab-slash-chars.html:
* http/tests/security/xssAuditor/property-escape-noquotes.html:
* http/tests/security/xssAuditor/property-inject-expected.txt:
* http/tests/security/xssAuditor/property-inject.html:
* http/tests/security/xssAuditor/resources/base-href/really-safe-script.js:
* http/tests/security/xssAuditor/resources/base-href/safe-script.js:
* http/tests/security/xssAuditor/resources/echo-intertag.pl:
* http/tests/security/xssAuditor/resources/javascript-link-safe.html:
* http/tests/security/xssAuditor/resources/nph-cached.pl:
* http/tests/security/xssAuditor/resources/safe-script-noquotes.js:
* http/tests/security/xssAuditor/resources/safe-script.js:
* http/tests/security/xssAuditor/resources/script-tag-safe2.html:
* http/tests/security/xssAuditor/script-tag-near-start-expected.txt:
* http/tests/security/xssAuditor/script-tag-near-start.html:
* http/tests/security/xssAuditor/script-tag-safe2-expected.txt:
* http/tests/security/xssAuditor/script-tag-safe2.html:
* http/tests/security/xssAuditor/script-tag-safe3-expected.txt:
* http/tests/security/xssAuditor/script-tag-safe3.html:
* http/tests/security/xssAuditor/script-tag-src-redirect-safe-expected.txt:
* http/tests/security/xssAuditor/script-tag-with-injected-comment-expected.txt:
* http/tests/security/xssAuditor/script-tag-with-injected-comment.html:
* http/tests/security/xssAuditor/script-tag-with-source-same-host-expected.txt:
* platform/wk2/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/proper-nested-upgrades-expected.txt:


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@272607 268f45cc-cd09-0410-ab3c-d52691b4dbfc
  • Loading branch information
[email protected] committed Feb 9, 2021
1 parent 1ea0e89 commit 02562e3
Show file tree
Hide file tree
Showing 137 changed files with 658 additions and 410 deletions.
108 changes: 108 additions & 0 deletions LayoutTests/ChangeLog
Original file line number Diff line number Diff line change
@@ -1,3 +1,111 @@
2021-02-09 Chris Dumez <[email protected]>

Disallow alert/confirm/prompt in cross-origin-domain subframes
https://bugs.webkit.org/show_bug.cgi?id=221568

Reviewed by Geoff Garen.

Add layout test coverage and update existing tests to stop using alert() in cross-origin iframes.

* fast/events/popup-blocked-from-unique-frame-via-window-open-named-sibling-frame-expected.txt:
* fast/events/popup-blocked-from-unique-frame-via-window-open-named-sibling-frame.html:
* fast/events/popup-when-select-change-expected.txt:
* fast/events/popup-when-select-change.html:
* fast/events/resize-subframe-expected.txt:
* fast/events/resize-subframe.html:
* fast/forms/autofocus-in-sandbox-with-allow-scripts-expected.txt:
* fast/forms/autofocus-in-sandbox-with-allow-scripts.html:
* fast/frames/resources/navigate-top-by-name-to-fail.html:
* fast/frames/sandboxed-iframe-navigation-top-by-name-denied-expected.txt:
* http/tests/cookies/resources/third-party-cookie-relaxing-iframe.html:
* http/tests/cookies/third-party-cookie-relaxing-expected.txt:
* http/tests/history/cross-origin-replace-history-object-child-expected.txt:
* http/tests/history/cross-origin-replace-history-object-expected.txt:
* http/tests/history/resources/cross-origin-replaces-history-object-child-iframe.html:
* http/tests/history/resources/cross-origin-replaces-history-object-iframe.html:
* http/tests/plugins/resources/third-party-cookie-accept-policy-iframe.html:
* http/tests/plugins/third-party-cookie-accept-policy-expected.txt:
* http/tests/security/contentSecurityPolicy/embed-redirect-allowed-expected.txt:
* http/tests/security/contentSecurityPolicy/embed-redirect-allowed2-expected.txt:
* http/tests/security/contentSecurityPolicy/frame-src-cross-origin-load-expected.txt:
* http/tests/security/contentSecurityPolicy/iframe-allowed-when-loaded-via-javascript-url-expected.txt:
* http/tests/security/contentSecurityPolicy/iframe-inside-csp-expected.txt:
* http/tests/security/contentSecurityPolicy/iframe-redirect-allowed-by-child-src-expected.txt:
* http/tests/security/contentSecurityPolicy/iframe-redirect-allowed-by-child-src2-expected.txt:
* http/tests/security/contentSecurityPolicy/iframe-redirect-allowed-by-frame-src-expected.txt:
* http/tests/security/contentSecurityPolicy/iframe-redirect-allowed-by-frame-src2-expected.txt:
* http/tests/security/contentSecurityPolicy/object-redirect-allowed-expected.txt:
* http/tests/security/contentSecurityPolicy/object-redirect-allowed2-expected.txt:
* http/tests/security/contentSecurityPolicy/resources/alert-fail.html:
* http/tests/security/contentSecurityPolicy/resources/alert-fail.js:
(catch):
* http/tests/security/contentSecurityPolicy/resources/alert-pass.html:
* http/tests/security/contentSecurityPolicy/resources/alert-pass.js:
(catch):
* http/tests/security/contentSecurityPolicy/resources/sandbox.php:
* http/tests/security/contentSecurityPolicy/resources/sandboxed-eval.php:
* http/tests/security/contentSecurityPolicy/sandbox-allow-scripts-in-http-header-control-expected.txt:
* http/tests/security/contentSecurityPolicy/sandbox-allow-scripts-in-http-header-expected.txt:
* http/tests/security/contentSecurityPolicy/sandbox-report-only-expected.txt:
* http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/proper-nested-upgrades-expected.txt:
* http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrades-mixed-content-expected.txt:
* http/tests/security/cross-origin-js-prompt-forbidden-expected.txt: Added.
* http/tests/security/cross-origin-js-prompt-forbidden.html: Added.
* http/tests/security/dataURL/resources/foreign-domain-data-url-accessor-iframe.html:
* http/tests/security/dataURL/resources/foreign-domain-data-url-accessor-opened-frame.html:
* http/tests/security/dataURL/xss-DENIED-from-data-url-in-foreign-domain-subframe-expected.txt:
* http/tests/security/dataURL/xss-DENIED-from-data-url-in-foreign-domain-window-open-expected.txt:
* http/tests/security/mixedContent/resources/frame-with-insecure-websocket.html:
* http/tests/security/mixedContent/websocket/insecure-websocket-in-iframe-expected.txt:
* http/tests/security/resources/cross-origin-js-prompt-forbidden.html: Added.
* http/tests/security/same-origin-different-domain-js-prompt-forbidden-expected.txt: Added.
* http/tests/security/same-origin-different-domain-js-prompt-forbidden.html: Added.
* http/tests/security/xssAuditor/base-href-control-char-expected.txt:
* http/tests/security/xssAuditor/base-href-direct-expected.txt:
* http/tests/security/xssAuditor/base-href-expected.txt:
* http/tests/security/xssAuditor/base-href-null-char-expected.txt:
* http/tests/security/xssAuditor/base-href-safe-expected.txt:
* http/tests/security/xssAuditor/base-href-safe2-expected.txt:
* http/tests/security/xssAuditor/base-href-safe3-expected.txt:
* http/tests/security/xssAuditor/base-href-scheme-relative-expected.txt:
* http/tests/security/xssAuditor/cached-frame-expected.txt:
* http/tests/security/xssAuditor/cached-frame.html:
* http/tests/security/xssAuditor/cookie-injection-expected.txt:
* http/tests/security/xssAuditor/data-urls-work-expected.txt:
* http/tests/security/xssAuditor/data-urls-work.html:
* http/tests/security/xssAuditor/dom-write-innerHTML-expected.txt:
* http/tests/security/xssAuditor/dom-write-innerHTML.html:
* http/tests/security/xssAuditor/form-action-expected.txt:
* http/tests/security/xssAuditor/formaction-on-button-expected.txt:
* http/tests/security/xssAuditor/formaction-on-input-expected.txt:
* http/tests/security/xssAuditor/javascript-link-safe-expected.txt:
* http/tests/security/xssAuditor/javascript-link-safe.html:
* http/tests/security/xssAuditor/property-escape-noquotes-expected.txt:
* http/tests/security/xssAuditor/property-escape-noquotes-tab-slash-chars-expected.txt:
* http/tests/security/xssAuditor/property-escape-noquotes-tab-slash-chars.html:
* http/tests/security/xssAuditor/property-escape-noquotes.html:
* http/tests/security/xssAuditor/property-inject-expected.txt:
* http/tests/security/xssAuditor/property-inject.html:
* http/tests/security/xssAuditor/resources/base-href/really-safe-script.js:
* http/tests/security/xssAuditor/resources/base-href/safe-script.js:
* http/tests/security/xssAuditor/resources/echo-intertag.pl:
* http/tests/security/xssAuditor/resources/javascript-link-safe.html:
* http/tests/security/xssAuditor/resources/nph-cached.pl:
* http/tests/security/xssAuditor/resources/safe-script-noquotes.js:
* http/tests/security/xssAuditor/resources/safe-script.js:
* http/tests/security/xssAuditor/resources/script-tag-safe2.html:
* http/tests/security/xssAuditor/script-tag-near-start-expected.txt:
* http/tests/security/xssAuditor/script-tag-near-start.html:
* http/tests/security/xssAuditor/script-tag-safe2-expected.txt:
* http/tests/security/xssAuditor/script-tag-safe2.html:
* http/tests/security/xssAuditor/script-tag-safe3-expected.txt:
* http/tests/security/xssAuditor/script-tag-safe3.html:
* http/tests/security/xssAuditor/script-tag-src-redirect-safe-expected.txt:
* http/tests/security/xssAuditor/script-tag-with-injected-comment-expected.txt:
* http/tests/security/xssAuditor/script-tag-with-injected-comment.html:
* http/tests/security/xssAuditor/script-tag-with-source-same-host-expected.txt:
* platform/wk2/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/proper-nested-upgrades-expected.txt:

2021-02-09 Peng Liu <[email protected]>

[GPUP] Test media/track/audio-track-add-remove.html crashes on debug bots
Expand Down
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
CONSOLE MESSAGE: Unsafe JavaScript attempt to initiate navigation for frame with URL 'about:blank' from frame with URL 'data:text/html,<script>alert(window.open('about:blank', 'A') ?%20'FAIL'%20:%20'PASS');%3C/script%3E'. The frame attempting navigation is neither same-origin with the target, nor is it the target's parent or opener.
CONSOLE MESSAGE: Unsafe JavaScript attempt to initiate navigation for frame with URL 'about:blank' from frame with URL 'data:text/html,<script>console.log(window.open('about:blank', 'A') ?%20'FAIL'%20:%20'PASS');%3C/script%3E'. The frame attempting navigation is neither same-origin with the target, nor is it the target's parent or opener.

ALERT: PASS
CONSOLE MESSAGE: PASS

Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,6 @@
</head>
<body>
<iframe name="A"></iframe>
<iframe name="B" src="data:text/html,<script>alert(window.open('about:blank', 'A') ? 'FAIL' : 'PASS');</script>"></iframe>
<iframe name="B" src="data:text/html,<script>console.log(window.open('about:blank', 'A') ? 'FAIL' : 'PASS');</script>"></iframe>
</body>
</html>
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
ALERT: PASSED
CONSOLE MESSAGE: PASSED
If the pop-up was not blocked then there will be an PASS message. Otherwise, the test fails.


Expand Down
2 changes: 1 addition & 1 deletion LayoutTests/fast/events/popup-when-select-change.html
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@
<body onload="test()">
<select onchange="onpopup()" id="control1"><option value="0">abcd</option><option value="0">efgh</option></select>
If the pop-up was not blocked then there will be an PASS message. Otherwise, the test fails.
<form id="form" action="data:text/html,<script>alert('PASSED')</script>" target="target">
<form id="form" action="data:text/html,<script>console.log('PASSED')</script>" target="target">
<input id="control2" type="submit" value="Submit to new window"/>
</form>
<form id="form2" action="data:text/html,<b>hello!</b><script>window.testRunner && testRunner.notifyDone()</script>" target="panel">
Expand Down
2 changes: 1 addition & 1 deletion LayoutTests/fast/events/resize-subframe-expected.txt
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
ALERT: PASS
CONSOLE MESSAGE: PASS

2 changes: 1 addition & 1 deletion LayoutTests/fast/events/resize-subframe.html
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@
{
if (window.testRunner)
{
alert('PASS');
console.log('PASS');
testRunner.notifyDone();
}
else
Expand Down
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
ALERT: INPUT
CONSOLE MESSAGE: INPUT
This test passes if the activeElement is the input element rather than the body (which it would be if the sandbox didn't allow autofocus although allow-scripts flag is set).
Original file line number Diff line number Diff line change
Expand Up @@ -5,4 +5,4 @@
This test passes if the activeElement is the input element rather than the body
(which it would be if the sandbox didn't allow autofocus although allow-scripts flag is set).
<iframe sandbox="allow-scripts allow-modals"
src="data:text/html,<input autofocus onfocus><script>window.onload = function() { alert(document.activeElement.tagName) }</script>"></iframe>
src="data:text/html,<input autofocus onfocus><script>window.onload = function() { console.log(document.activeElement.tagName) }</script>"></iframe>
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
<script>
if (window.open("fail-and-notify-done.html", "target"))
alert("FAIL");
console.log("FAIL");
if (window.open("fail-and-notify-done.html", "_top"))
alert("FAIL");
console.log("FAIL");
if (window.open("fail-and-notify-done.html", "_parent"))
alert("FAIL");
console.log("FAIL");
if (window.open("fail-and-notify-done.html", "_blank"))
alert("FAIL");
alert("PASS");
console.log("FAIL");
console.log("PASS");
</script>
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ CONSOLE MESSAGE: Unsafe JavaScript attempt to initiate navigation for frame with
CONSOLE MESSAGE: Unsafe JavaScript attempt to initiate navigation for frame with URL 'navigate-top-by-name-to-fail.html'. The frame attempting navigation of the top-level window is sandboxed, but the 'allow-top-navigation' flag is not set.

CONSOLE MESSAGE: Blocked opening 'fail-and-notify-done.html' in a new window because the request was made in a sandboxed frame whose 'allow-popups' permission is not set.
ALERT: PASS
CONSOLE MESSAGE: PASS
This test verifies that a sandboxed IFrame cannot navigate the top-level frame without allow-top-navigation. This test passes if the navigation does not occur.


Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
ALERT: PASS: Form feed is a delimiter.
CONSOLE MESSAGE: PASS: Form feed is a delimiter.
CONSOLE MESSAGE: Error while parsing the 'sandbox' attribute: 'allow-scripts allow-forms' is an invalid sandbox flag.
CONSOLE MESSAGE: Blocked script execution in 'data:text/html,<script>alert('FAIL: Vertical tab is not a delimiter.');</script>' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
ALERT: PASS: Newline is a delimiter.
ALERT: PASS: Return is a delimiter.
CONSOLE MESSAGE: Blocked script execution in 'data:text/html,<script>console.log('FAIL: Vertical tab is not a delimiter.');</script>' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
CONSOLE MESSAGE: PASS: Newline is a delimiter.
CONSOLE MESSAGE: PASS: Return is a delimiter.
CONSOLE MESSAGE: Error while parsing the 'sandbox' attribute: 'allow-scriptsxallow-forms' is an invalid sandbox flag.
CONSOLE MESSAGE: Blocked script execution in 'data:text/html,<script>alert('FAIL: x is not a delimiter.');</script>' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
ALERT: PASS: Tab is a delimiter.
ALERT: PASS: Space is a delimiter character.
CONSOLE MESSAGE: Blocked script execution in 'data:text/html,<script>console.log('FAIL: x is not a delimiter.');</script>' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
CONSOLE MESSAGE: PASS: Tab is a delimiter.
CONSOLE MESSAGE: PASS: Space is a delimiter character.
This tests whether we correct parse various space characters in the sandbox attribute.

Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@
var policy = "allow-modals allow-scripts" + possibleDelimiter + "allow-forms";
var iframe = document.createElement('iframe');
iframe.sandbox = policy;
iframe.src = "data:text/html,<script>alert('" + message + "');<\/script>";
iframe.src = "data:text/html,<script>console.log('" + message + "');<\/script>";
iframe.onload = next;
document.body.appendChild(iframe);
}
Expand Down
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
ALERT: PASS: Executed script in data URL
CONSOLE MESSAGE: PASS: Executed script in data URL
Verify that sandboxed frames with sandbox='allow-scripts' can execute script from data: URLs.

On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
Expand Down
2 changes: 1 addition & 1 deletion LayoutTests/fast/frames/sandboxed-iframe-scripting-02.html
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@
</head>
<body>
<iframe sandbox="allow-same-origin allow-scripts allow-modals"
src="data:text/html,<script>alert('PASS: Executed script in data URL');window.parent.postMessage({'pass': true}, '*');</script>">
src="data:text/html,<script>console.log('PASS: Executed script in data URL');window.parent.postMessage({'pass': true}, '*');</script>">
</iframe>
<script>
description("Verify that sandboxed frames with sandbox='allow-scripts' can execute script from data: URLs.");
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@
resetCookiesAndNotifyDone();
return;
} else
alert("Unknown message.");
console.log("Unknown message.");
}

function sortCookie(cookie)
Expand All @@ -31,23 +31,23 @@
var stage = 1;
function showCookies()
{
alert("Test stage " + stage++ + " document.cookie is: " + sortCookie(document.cookie));
console.log("Test stage " + stage++ + " document.cookie is: " + sortCookie(document.cookie));
parent.window.postMessage("done", "*");
}

function sendXHR(queryCommand)
{
var baseurl = "http://localhost:8000/cookies/resources/cookie-utility.php";
var url = queryCommand ? baseurl + "?queryfunction=" + queryCommand : baseurl;
alert(url);
console.log(url);
var req = new XMLHttpRequest();
req.open('GET', url, false);
req.send();

if (req.status == 200)
alert("XHR response - " + req.responseText);
console.log("XHR response - " + req.responseText);
else
alert("xhr error");
console.log("xhr error");

parent.window.postMessage("done", "*");
}
Expand Down
Loading

0 comments on commit 02562e3

Please sign in to comment.