From edb4cbf1788d9a1dd775743eafe4d1d227f84af7 Mon Sep 17 00:00:00 2001 From: Marco Castelluccio Date: Fri, 4 Oct 2019 14:58:18 +0000 Subject: [PATCH] Bug 1564479 [wpt PR 17729] - Fix feature policy origin comparison for sandbox., a=testonly Automatic update from web-platform-tests Fix feature policy origin comparison for sandbox. When 'self' was specified in a feature policy header for a sandboxed page, the resulting policy would not actually allow the feature in that page, even when it would otherwise have been allowed. This corrects that by assigning the correct origin to the policy and accepting that origin in allowlists. Bug: 973880, 690520 Change-Id: I93325bf24119068f8138f6e38507598cc30cbb06 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1689958 Commit-Queue: Ian Clelland Reviewed-by: Jeremy Roman Cr-Commit-Position: refs/heads/master{#675737} -- wpt-commits: 6493155a3b1c0a0236aa4059a1ef768961578f98 wpt-pr: 17729 UltraBlame original commit: a4a34b940a8705a6ef52f2fd1341cbcb3ec0a5b7 --- .../policy-extends-to-sandbox.html | 241 ++++++++++++++++++ .../resources/nested-sandbox.html | 65 +++++ .../resources/sandbox-self.html | 187 ++++++++++++++ .../resources/sandbox-self.html.headers | 8 + 4 files changed, 501 insertions(+) create mode 100644 testing/web-platform/tests/feature-policy/policy-extends-to-sandbox.html create mode 100644 testing/web-platform/tests/feature-policy/resources/nested-sandbox.html create mode 100644 testing/web-platform/tests/feature-policy/resources/sandbox-self.html create mode 100644 testing/web-platform/tests/feature-policy/resources/sandbox-self.html.headers diff --git a/testing/web-platform/tests/feature-policy/policy-extends-to-sandbox.html b/testing/web-platform/tests/feature-policy/policy-extends-to-sandbox.html new file mode 100644 index 0000000000000..bf5e1a3c57635 --- /dev/null +++ b/testing/web-platform/tests/feature-policy/policy-extends-to-sandbox.html @@ -0,0 +1,241 @@ +< +! +DOCTYPE +html +> +< +title +> +Feature +policy +treats +opaque +origins +correctly +< +/ +title +> +< +script +src += +" +/ +resources +/ +testharness +. +js +" +> +< +/ +script +> +< +script +src += +" +/ +resources +/ +testharnessreport +. +js +" +> +< +/ +script +> +< +body +> +< +script +> +" +use +strict +" +; +async_test +( +t += +> +{ +let +frame += +document +. +createElement +( +' +iframe +' +) +; +frame +. +src += +" +/ +feature +- +policy +/ +resources +/ +sandbox +- +self +. +html +" +; +frame +. +allow += +" +fullscreen +" +; +frame +. +sandbox += +" +allow +- +scripts +" +; +var +handle_message += +t +. +step_func +( +evt += +> +{ +if +( +evt +. +source += += += +frame +. +contentWindow +) +{ +assert_equals +( +evt +. +data +. +child +true +" +' +self +' +in +header +should +match +origin +of +sandboxed +frame +. +" +) +; +assert_equals +( +evt +. +data +. +grandchild +false +" +Opaque +origins +should +not +match +each +other +. +" +) +; +document +. +body +. +removeChild +( +frame +) +; +window +. +removeEventListener +( +' +message +' +handle_message +) +; +t +. +done +( +) +; +} +} +) +; +window +. +addEventListener +( +' +message +' +handle_message +) +; +document +. +body +. +appendChild +( +frame +) +; +} +) +; +< +/ +script +> diff --git a/testing/web-platform/tests/feature-policy/resources/nested-sandbox.html b/testing/web-platform/tests/feature-policy/resources/nested-sandbox.html new file mode 100644 index 0000000000000..0d76654dab162 --- /dev/null +++ b/testing/web-platform/tests/feature-policy/resources/nested-sandbox.html @@ -0,0 +1,65 @@ +< +! +DOCTYPE +html +> +< +title +> +Return +fullscreen +feature +policy +state +< +/ +title +> +< +script +> +" +use +strict +" +; +window +. +onload += +( +) += +> +{ +window +. +parent +. +postMessage +( +document +. +featurePolicy +. +allowedFeatures +( +) +. +includes +( +" +fullscreen +" +) +" +* +" +) +; +} +; +< +/ +script +> diff --git a/testing/web-platform/tests/feature-policy/resources/sandbox-self.html b/testing/web-platform/tests/feature-policy/resources/sandbox-self.html new file mode 100644 index 0000000000000..4bc7ddd14ca08 --- /dev/null +++ b/testing/web-platform/tests/feature-policy/resources/sandbox-self.html @@ -0,0 +1,187 @@ +< +! +DOCTYPE +html +> +< +title +> +Return +fullscreen +feature +policy +state +from +self +and +a +sandboxed +child +frame +< +/ +title +> +< +script +> +" +use +strict +" +; +window +. +onload += +( +) += +> +{ +let +frame += +document +. +createElement +( +' +iframe +' +) +; +frame +. +src += +" +/ +feature +- +policy +/ +resources +/ +nested +- +sandbox +. +html +" +; +frame +. +sandbox += +" +allow +- +scripts +" +; +var +handle_message += +evt += +> +{ +if +( +evt +. +source += += += +frame +. +contentWindow +) +{ +window +. +parent +. +postMessage +( +{ +" +child +" +: +document +. +featurePolicy +. +allowedFeatures +( +) +. +includes +( +" +fullscreen +" +) +" +grandchild +" +: +evt +. +data +} +" +* +" +) +; +document +. +body +. +removeChild +( +frame +) +; +window +. +removeEventListener +( +' +message +' +handle_message +) +; +} +} +; +window +. +addEventListener +( +' +message +' +handle_message +) +; +document +. +body +. +appendChild +( +frame +) +; +} +; +< +/ +script +> diff --git a/testing/web-platform/tests/feature-policy/resources/sandbox-self.html.headers b/testing/web-platform/tests/feature-policy/resources/sandbox-self.html.headers new file mode 100644 index 0000000000000..107bd4b1898f8 --- /dev/null +++ b/testing/web-platform/tests/feature-policy/resources/sandbox-self.html.headers @@ -0,0 +1,8 @@ +Feature +- +Policy +: +fullscreen +' +self +'