Skip to content

Commit

Permalink
Bug 1564479 [wpt PR 17729] - Fix feature policy origin comparison for…
Browse files Browse the repository at this point in the history
… sandbox., a=testonly

Automatic update from web-platform-tests
Fix feature policy origin comparison for sandbox.

When 'self' was specified in a feature policy header for a sandboxed
page, the resulting policy would not actually allow the feature in that
page, even when it would otherwise have been allowed. This corrects that
by assigning the correct origin to the policy and accepting that origin
in allowlists.

Bug: 973880, 690520
Change-Id: I93325bf24119068f8138f6e38507598cc30cbb06
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1689958
Commit-Queue: Ian Clelland <iclellandchromium.org>
Reviewed-by: Jeremy Roman <jbromanchromium.org>
Cr-Commit-Position: refs/heads/master{#675737}

--

wpt-commits: 6493155a3b1c0a0236aa4059a1ef768961578f98
wpt-pr: 17729

UltraBlame original commit: a4a34b940a8705a6ef52f2fd1341cbcb3ec0a5b7
  • Loading branch information
marco-c committed Oct 4, 2019
1 parent 52c9f27 commit edb4cbf
Show file tree
Hide file tree
Showing 4 changed files with 501 additions and 0 deletions.
Original file line number Diff line number Diff line change
@@ -0,0 +1,241 @@
<
!
DOCTYPE
html
>
<
title
>
Feature
policy
treats
opaque
origins
correctly
<
/
title
>
<
script
src
=
"
/
resources
/
testharness
.
js
"
>
<
/
script
>
<
script
src
=
"
/
resources
/
testharnessreport
.
js
"
>
<
/
script
>
<
body
>
<
script
>
"
use
strict
"
;
async_test
(
t
=
>
{
let
frame
=
document
.
createElement
(
'
iframe
'
)
;
frame
.
src
=
"
/
feature
-
policy
/
resources
/
sandbox
-
self
.
html
"
;
frame
.
allow
=
"
fullscreen
"
;
frame
.
sandbox
=
"
allow
-
scripts
"
;
var
handle_message
=
t
.
step_func
(
evt
=
>
{
if
(
evt
.
source
=
=
=
frame
.
contentWindow
)
{
assert_equals
(
evt
.
data
.
child
true
"
'
self
'
in
header
should
match
origin
of
sandboxed
frame
.
"
)
;
assert_equals
(
evt
.
data
.
grandchild
false
"
Opaque
origins
should
not
match
each
other
.
"
)
;
document
.
body
.
removeChild
(
frame
)
;
window
.
removeEventListener
(
'
message
'
handle_message
)
;
t
.
done
(
)
;
}
}
)
;
window
.
addEventListener
(
'
message
'
handle_message
)
;
document
.
body
.
appendChild
(
frame
)
;
}
)
;
<
/
script
>
Original file line number Diff line number Diff line change
@@ -0,0 +1,65 @@
<
!
DOCTYPE
html
>
<
title
>
Return
fullscreen
feature
policy
state
<
/
title
>
<
script
>
"
use
strict
"
;
window
.
onload
=
(
)
=
>
{
window
.
parent
.
postMessage
(
document
.
featurePolicy
.
allowedFeatures
(
)
.
includes
(
"
fullscreen
"
)
"
*
"
)
;
}
;
<
/
script
>
Loading

0 comments on commit edb4cbf

Please sign in to comment.