wine/gecko
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-gecko.git synced 2024-09-13 09:24:08 -07:00
Code Issues Packages Projects Releases Wiki Activity

Backed out changeset 86128d3eac88 (bug 916939) for breaking the web. r=me

Browse Source
This commit is contained in:
Bobby Holley 2013-09-20 10:32:32 -07:00
parent c15070152a
commit 9a9b886ded
9 changed files with 81 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
docshell/test/navigation/NavigationUtils.js
View File

@ -93,10 +93,6 @@ function isInaccessible(wnd, message) {
} }
} }
function getSubframe(win, i) {
return SpecialPowers.unwrap(SpecialPowers.wrap(win)[i]);
}
/////////////////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////////////////
// Functions that require UniversalXPConnect privilege // Functions that require UniversalXPConnect privilege
/////////////////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////////////////

11
docshell/test/navigation/test_bug13871.html
View File

@ -9,18 +9,17 @@
iframe { width: 90%; height: 50px; } iframe { width: 90%; height: 50px; }
</style> </style>
<script> <script>
window.onload = function () { window.onload = function () {
navigateByLocation(getSubframe(window0, 0)); navigateByLocation(window0.frames[0]);
navigateByOpen("window1_child0"); navigateByOpen("window1_child0");
navigateByForm("window2_child0"); navigateByForm("window2_child0");
navigateByHyperlink("window3_child0"); navigateByHyperlink("window3_child0");
xpcWaitForFinishedFrames(function() { xpcWaitForFinishedFrames(function() {
isInaccessible(getSubframe(window0, 0), "Should not be able to navigate off-domain frame by setting location."); isInaccessible(window0.frames[0], "Should not be able to navigate off-domain frame by setting location.");
isInaccessible(getSubframe(window1, 0), "Should not be able to navigate off-domain frame by calling window.open."); isInaccessible(window1.frames[0], "Should not be able to navigate off-domain frame by calling window.open.");
isInaccessible(getSubframe(window2, 0), "Should not be able to navigate off-domain frame by submitting form."); isInaccessible(window2.frames[0], "Should not be able to navigate off-domain frame by submitting form.");
isInaccessible(getSubframe(window3, 0), "Should not be able to navigate off-domain frame by targeted hyperlink."); isInaccessible(window3.frames[0], "Should not be able to navigate off-domain frame by targeted hyperlink.");
window0.close(); window0.close();
window1.close(); window1.close();

10
docshell/test/navigation/test_grandchild.html
View File

@ -14,16 +14,16 @@ if (!navigator.platform.startsWith("Win")) {
} }
window.onload = function () { window.onload = function () {
navigateByLocation(getSubframe(getSubframe(frames, 0), 0)); navigateByLocation(frames[0].frames[0]);
navigateByOpen("child1_child0"); navigateByOpen("child1_child0");
navigateByForm("child2_child0"); navigateByForm("child2_child0");
navigateByHyperlink("child3_child0"); navigateByHyperlink("child3_child0");
xpcWaitForFinishedFrames(function() { xpcWaitForFinishedFrames(function() {
isNavigated(getSubframe(getSubframe(frames, 0), 0), "Should be able to navigate off-domain grandchild by setting location."); isNavigated(frames[0].frames[0], "Should be able to navigate off-domain grandchild by setting location.");
isNavigated(getSubframe(getSubframe(frames, 1), 0), "Should be able to navigate off-domain grandchild by calling window.open."); isNavigated(frames[1].frames[0], "Should be able to navigate off-domain grandchild by calling window.open.");
isNavigated(getSubframe(getSubframe(frames, 2), 0), "Should be able to navigate off-domain grandchild by submitting form."); isNavigated(frames[2].frames[0], "Should be able to navigate off-domain grandchild by submitting form.");
isNavigated(getSubframe(getSubframe(frames, 3), 0), "Should be able to navigate off-domain grandchild by targeted hyperlink."); isNavigated(frames[3].frames[0], "Should be able to navigate off-domain grandchild by targeted hyperlink.");
xpcCleanupWindows(); xpcCleanupWindows();
SimpleTest.finish(); SimpleTest.finish();

2
docshell/test/navigation/test_sibling-off-domain.html
View File

@ -11,7 +11,7 @@
<script> <script>
window.onload = function () { window.onload = function () {
document.getElementById('active').innerHTML = document.getElementById('active').innerHTML =
'<iframe src="http://test1.example.org:80/tests/docshell/test/navigation/navigate.html#SpecialPowers.unwrap(SpecialPowers.wrap(parent).frames[0]),location"></iframe>' + '<iframe src="http://test1.example.org:80/tests/docshell/test/navigation/navigate.html#parent.frames[0],location"></iframe>' +
'<iframe src="http://test1.example.org:80/tests/docshell/test/navigation/navigate.html#child1,open"></iframe>' + '<iframe src="http://test1.example.org:80/tests/docshell/test/navigation/navigate.html#child1,open"></iframe>' +
'<iframe src="http://test1.example.org:80/tests/docshell/test/navigation/navigate.html#child2,form"></iframe>' + '<iframe src="http://test1.example.org:80/tests/docshell/test/navigation/navigate.html#child2,form"></iframe>' +
'<iframe src="http://test1.example.org:80/tests/docshell/test/navigation/navigate.html#child3,hyperlink"></iframe>'; '<iframe src="http://test1.example.org:80/tests/docshell/test/navigation/navigate.html#child3,hyperlink"></iframe>';

2
dom/tests/mochitest/bugs/iframe_bug440572.html
View File

@ -5,7 +5,7 @@
var success = 0; var success = 0;
try { try {
SpecialPowers.unwrap(SpecialPowers.wrap(parent)[name]).success = 1; parent[name].success = 1;
} catch (e) { } catch (e) {
parent.postMessage(e, "http://mochi.test:8888"); parent.postMessage(e, "http://mochi.test:8888");
} }

5
dom/tests/mochitest/bugs/test_bug850517.html
View File

@ -16,7 +16,7 @@ https://bugzilla.mozilla.org/show_bug.cgi?id=850517
function go() { function go() {
var ifrA = $('a'); var ifrA = $('a');
var ifrB = $('b'); var ifrB = $('b');
var sb = new SpecialPowers.Cu.Sandbox(SpecialPowers.Services.scriptSecurityManager.getSystemPrincipal()); var sb = new SpecialPowers.Cu.Sandbox('http://www.example.com');
sb.win = window; sb.win = window;
sb.childA = ifrA.contentWindow; sb.childA = ifrA.contentWindow;
sb.childB = ifrB.contentWindow; sb.childB = ifrB.contentWindow;
@ -26,7 +26,8 @@ https://bugzilla.mozilla.org/show_bug.cgi?id=850517
SpecialPowers.Cu.evalInSandbox('is(win.theoneandonly, childA, "Named child resolution works via Xray");', sb); SpecialPowers.Cu.evalInSandbox('is(win.theoneandonly, childA, "Named child resolution works via Xray");', sb);
ifrA.removeAttribute('name'); ifrA.removeAttribute('name');
is(typeof window.theoneandonly, 'undefined', "Revocation works"); is(typeof window.theoneandonly, 'undefined', "Revocation works");
SpecialPowers.Cu.evalInSandbox('is(typeof win.theoneandonly, "undefined", "Revocation works via Xray");', sb); SpecialPowers.Cu.evalInSandbox('try { win.theoneandonly; ok(false, "Should have thrown"); } ' +
'catch (e) {ok(!!/denied/.exec(e) && !!/theoneandonly/.exec(e), "Revocation works via Xray");};', sb);
ifrB.setAttribute('name', 'theoneandonly'); ifrB.setAttribute('name', 'theoneandonly');
is(window.theoneandonly.frameElement, ifrB, "Another mule kicking in the same old stall"); is(window.theoneandonly.frameElement, ifrB, "Another mule kicking in the same old stall");
SpecialPowers.Cu.evalInSandbox('is(win.theoneandonly, childB, "Another mule via Xray");', sb); SpecialPowers.Cu.evalInSandbox('is(win.theoneandonly, childB, "Another mule via Xray");', sb);

11
dom/tests/mochitest/whatwg/postMessage_onOther.html
View File

@ -50,8 +50,6 @@
function receiveSubDomain(evt) function receiveSubDomain(evt)
{ {
var topframe =
SpecialPowers.unwrap(SpecialPowers.wrap(window).parent.topDomainFrame);
if (evt.origin !== "http://mochi.test:8888") if (evt.origin !== "http://mochi.test:8888")
{ {
fail("wrong top-domain origin: " + evt.origin); fail("wrong top-domain origin: " + evt.origin);
@ -64,13 +62,12 @@
} }
document.domain = "example.com"; document.domain = "example.com";
topframe.postMessage("domain-switch", "http://example.com"); window.parent.topDomainFrame.postMessage("domain-switch",
"http://example.com");
} }
function receiveTopDomain(evt) function receiveTopDomain(evt)
{ {
var subframe =
SpecialPowers.unwrap(SpecialPowers.wrap(window).parent.subDomainFrame);
if (evt.origin !== "http://test1.example.com") if (evt.origin !== "http://test1.example.com")
{ {
fail("wrong subdomain origin: " + evt.origin); fail("wrong subdomain origin: " + evt.origin);
@ -81,14 +78,14 @@
fail("wrong subdomain message: " + evt.origin); fail("wrong subdomain message: " + evt.origin);
return; return;
} }
if (evt.source !== subframe) if (evt.source !== window.parent.subDomainFrame)
{ {
fail("wrong source on message from subdomain"); fail("wrong source on message from subdomain");
return; return;
} }
document.domain = "example.com"; document.domain = "example.com";
subframe.testSiblingPostMessage(); window.parent.subDomainFrame.testSiblingPostMessage();
} }
function testSiblingPostMessage() function testSiblingPostMessage()

4
js/xpconnect/tests/mochitest/test_sameOriginPolicy.html
View File

@ -40,7 +40,9 @@ function check(obj, prop, allowed, write) {
var crossOriginReadableWindowProps = ['blur', 'close', 'closed', 'focus', var crossOriginReadableWindowProps = ['blur', 'close', 'closed', 'focus',
'frames', 'location', 'length', 'frames', 'location', 'length',
'opener', 'parent', 'postMessage', 'opener', 'parent', 'postMessage',
'self', 'top', 'window']; 'self', 'top', 'window',
/* indexed and named accessors */
'0', 'subframe'];
function isCrossOriginReadable(obj, prop) { function isCrossOriginReadable(obj, prop) {
if (obj == "Window") if (obj == "Window")

59
js/xpconnect/wrappers/AccessCheck.cpp
View File

@ -165,6 +165,49 @@ IsPermitted(const char *name, JSFlatString *prop, bool set)
#undef R #undef R
#undef W #undef W
static bool
IsFrameId(JSContext *cx, JSObject *objArg, jsid idArg)
{
RootedObject obj(cx, objArg);
RootedId id(cx, idArg);
obj = JS_ObjectToInnerObject(cx, obj);
MOZ_ASSERT(!js::IsWrapper(obj));
XPCWrappedNative *wn = IS_WN_REFLECTOR(obj) ? XPCWrappedNative::Get(obj)
: nullptr;
if (!wn) {
return false;
}
nsCOMPtr<nsIDOMWindow> domwin(do_QueryWrappedNative(wn));
if (!domwin) {
return false;
}
nsCOMPtr<nsIDOMWindowCollection> col;
domwin->GetFrames(getter_AddRefs(col));
if (!col) {
return false;
}
if (JSID_IS_INT(id)) {
col->Item(JSID_TO_INT(id), getter_AddRefs(domwin));
} else if (JSID_IS_STRING(id)) {
nsAutoString str(JS_GetInternedStringChars(JSID_TO_STRING(id)));
col->NamedItem(str, getter_AddRefs(domwin));
} else {
return false;
}
return domwin != nullptr;
}
static bool
IsWindow(const char *name)
{
return name[0] == 'W' && !strcmp(name, "Window");
}
bool bool
AccessCheck::isCrossOriginAccessPermitted(JSContext *cx, JSObject *wrapperArg, jsid idArg, AccessCheck::isCrossOriginAccessPermitted(JSContext *cx, JSObject *wrapperArg, jsid idArg,
Wrapper::Action act) Wrapper::Action act)
@ -200,6 +243,22 @@ AccessCheck::isCrossOriginAccessPermitted(JSContext *cx, JSObject *wrapperArg, j
return true; return true;
} }
if (act != Wrapper::GET)
return false;
// Check for frame IDs. If we're resolving named frames, make sure to only
// resolve ones that don't shadow native properties. See bug 860494.
if (IsWindow(name)) {
if (JSID_IS_STRING(id) && !XrayUtils::IsXrayResolving(cx, wrapper, id)) {
bool wouldShadow = false;
if (!XrayUtils::HasNativeProperty(cx, wrapper, id, &wouldShadow) ||
wouldShadow)
{
return false;
}
}
return IsFrameId(cx, obj, id);
}
return false; return false;
} }