Bug 18870 - SQUIRRELFISH: security check is wrong (global object issues?)
Summary: SQUIRRELFISH: security check is wrong (global object issues?)
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: 528+ (Nightly build)
Hardware: Mac OS X 10.5
: P2 Normal
Assignee: Geoffrey Garen
URL:
Keywords:
Depends on:
Blocks: 18631
  Show dependency treegraph
 
Reported: 2008-05-03 01:40 PDT by Maciej Stachowiak
Modified: 2008-05-07 23:15 PDT (History)
0 users

See Also:


Attachments
patch to fix much of the underlying problem, but not all (10.75 KB, patch)
2008-05-03 13:25 PDT, Geoffrey Garen
sam: review+
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Maciej Stachowiak 2008-05-03 01:40:13 PDT
We seem to be doing global object comparison security checks wrong, leading the following layout tests to fail:

  http/tests/security/cross-frame-access-callback-explicit-domain-ALLOW.htm
  http/tests/security/listener/xss-JSTargetNode-onclick-shortcut.html
  http/tests/security/listener/xss-XMLHttpRequest-addEventListener.html
  http/tests/security/listener/xss-XMLHttpRequest-shortcut.html
  http/tests/security/listener/xss-window-onclick-addEventListener.html
  http/tests/security/listener/xss-window-onclick-shortcut.html
Comment 1 Geoffrey Garen 2008-05-03 13:25:22 PDT
Created attachment 20953 [details]
patch to fix much of the underlying problem, but not all
Comment 2 Geoffrey Garen 2008-05-03 13:39:25 PDT
Committed revision 32840.

We still need to figure out why the exception messages in these tests have changed.
Comment 3 Geoffrey Garen 2008-05-07 21:24:25 PDT
Looks like two issues:

- "-CONSOLE MESSAGE: line 6: Value undefined (result of expression alert) is not object."

The difference here is a difference of exception message style.

- "+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame..."

The difference here seems to be that squirrelfish looks up a global value an extra time. (Seems like a real bug.)
Comment 4 Geoffrey Garen 2008-05-07 23:15:44 PDT
Committed revision 32971.