Bug 341604 - iframe sandbox - block indexedDB if sandboxed without allow-same-origin, add tests for indexedDB r=jst

2024-09-13 09:24:08 -07:00 · 2012-08-20 11:34:34 -07:00 · 2012-08-20 11:34:34 -07:00 · 7b1c3d5d1b
commit 7b1c3d5d1b
parent 260965c8f7
5 changed files with 74 additions and 2 deletions
--- a/content/html/content/test/Makefile.in
+++ b/content/html/content/test/Makefile.in
@ -287,6 +287,8 @@ MOCHITEST_FILES = \
 		file_iframe_sandbox_c_if4.html \
 		file_iframe_sandbox_c_if5.html \
 		file_iframe_sandbox_c_if6.html \
+		file_iframe_sandbox_c_if7.html \
+		file_iframe_sandbox_c_if8.html \
 		file_iframe_sandbox_form_fail.html \
 		file_iframe_sandbox_form_pass.html \
 		file_iframe_sandbox_open_window_fail.html \
--- a/content/html/content/test/file_iframe_sandbox_c_if7.html
+++ b/content/html/content/test/file_iframe_sandbox_c_if7.html
@ -0,0 +1,27 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <meta charset="utf-8">
+  <title>Test for Bug 341604</title>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
+</head>
+<script type="text/javascript">
+  function ok(result, desc) {
+    window.parent.postMessage({ok: result, desc: desc}, "*");
+  }
+
+  function doStuff() {
+    try {
+      var thing = indexedDB.open("sandbox");
+      ok(false, "documents sandboxed without allow-same-origin should NOT be able to access indexedDB");
+    }
+
+    catch(e) {
+      ok(true, "documents sandboxed without allow-same-origin should NOT be able to access indexedDB");
+    }  
+  }
+</script>
+<body onLoad='doStuff();'>
+  I am sandboxed but with "allow-scripts"
+</body>
+</html>
--- a/content/html/content/test/file_iframe_sandbox_c_if8.html
+++ b/content/html/content/test/file_iframe_sandbox_c_if8.html
@ -0,0 +1,27 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <meta charset="utf-8">
+  <title>Test for Bug 341604</title>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
+</head>
+<script type="text/javascript">
+  function ok(result, desc) {
+    window.parent.postMessage({ok: result, desc: desc}, "*");
+  }
+
+  function doStuff() {
+    var thing = indexedDB.open("sandbox");
+
+    thing.onerror = function(event) {
+      ok(false, "documents sandboxed with allow-same-origin SHOULD be able to access indexedDB");
+    };
+    thing.onsuccess = function(event) {
+      ok(true, "documents sandboxed with allow-same-origin SHOULD  be able to access indexedDB");
+    };  
+  }
+</script>
+<body onLoad='doStuff();'>
+  I am sandboxed but with "allow-scripts allow-same-origin"
+</body>
+</html>
--- a/content/html/content/test/test_iframe_sandbox_general.html
+++ b/content/html/content/test/test_iframe_sandbox_general.html
@ -39,8 +39,8 @@ function ok_wrapper(result, desc) {
    passedTests++;
  }

-  if (completedTests == 21) {
-    is(passedTests, 21, "There are 21 general tests that should pass");
+  if (completedTests == 23) {
+    is(passedTests, 23, "There are 23 general tests that should pass");
    SimpleTest.finish();
  }
 }
@ -163,6 +163,14 @@ function doTest() {
  // 25) test that an iframe with sandbox="allow-scripts", starting out with a document already loaded, DOES have script
  // in a newly set src attribute created by a javascript: URL executed
  // done by this page, see if_10
+
+  // passes if good or fails if bad
+  // 26) test that an sandboxed document without 'allow-same-origin' can NOT access indexedDB
+  // done via file_iframe_sandbox_c_if7.html, which has sandbox='allow-scripts'
+
+  // passes if good or fails if bad
+  // 26) test that an sandboxed document without 'allow-same-origin' can access indexedDB
+  // done via file_iframe_sandbox_c_if8.html, which has sandbox='allow-scripts allow-same-origin'
 }

 addLoadEvent(doTest);
@ -214,6 +222,8 @@ function do_if_10() {
 <iframe sandbox="allow-same-origin allow-scripts" id='if_8' src="javascript:'<html><script>window.parent.ok_wrapper(true, \'an iframe sandboxed without allow-scripts should execute script in a javascript URL in its src attribute\');<\/script><\/html>';" height="10" width="10"></iframe>
 <iframe sandbox="allow-same-origin" onload='start_if_9()' id='if_9' src="about:blank" height="10" width="10"></iframe>
 <iframe sandbox="allow-same-origin allow-scripts" onload='start_if_10()' id='if_10' src="about:blank" height="10" width="10"></iframe>
+<iframe sandbox="allow-scripts" id='if_11' src="file_iframe_sandbox_c_if7.html" height="10" width="10"></iframe>
+<iframe sandbox="allow-same-origin allow-scripts" id='if_12' src="file_iframe_sandbox_c_if8.html" height="10" width="10"></iframe>
 <input type='button' id="a_button" onclick='do_if_9()'>
 <input type='button' id="a_button2" onclick='do_if_10()'>
 </div>
--- a/dom/base/nsGlobalWindow.cpp
+++ b/dom/base/nsGlobalWindow.cpp
@ -8390,6 +8390,12 @@ nsGlobalWindow::GetIndexedDB(nsIIDBFactory** _retval)
  if (!mIndexedDB) {
    nsresult rv;

+    // If the document has the sandboxed origin flag set
+    // don't allow access to indexedDB.
+    if (mDoc && (mDoc->GetSandboxFlags() & SANDBOXED_ORIGIN)) {
+      return NS_ERROR_DOM_SECURITY_ERR;
+    }
+
    if (!IsChromeWindow()) {
      nsCOMPtr<mozIThirdPartyUtil> thirdPartyUtil =
        do_GetService(THIRDPARTYUTIL_CONTRACTID);