WebKit Bugzilla
Attachment 342102 Details for
Bug 186373
: Handle Storage Access API calls in the absence of an attached frame
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-186373-20180606180526.patch (text/plain), 6.82 KB, created by
Brent Fulgham
on 2018-06-06 18:05:27 PDT
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Brent Fulgham
Created:
2018-06-06 18:05:27 PDT
Size:
6.82 KB
patch
obsolete
>Subversion Revision: 232560 >diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog >index fc9f650ed6064ce9df1acb7c95ab0c305eb45ce7..1885c9dc788dc20e6d16c339fefdbc974cfe85e9 100644 >--- a/Source/WebCore/ChangeLog >+++ b/Source/WebCore/ChangeLog >@@ -1,3 +1,24 @@ >+2018-06-06 Brent Fulgham <bfulgham@apple.com> >+ >+ Handle Storage Access API calls in the absence of an attached frame >+ https://bugs.webkit.org/show_bug.cgi?id=186373 >+ <rdar://problem/40028265> >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ Tests: http/tests/storageAccess/has-storage-access-crash.html >+ http/tests/storageAccess/request-storage-access-crash.html >+ >+ The new frame-specific storage access checks were done without confirming a >+ frame was present, although the frame state was validated in other parts of >+ the same method. >+ >+ This patch checks for a non-null frame before making frame-specific calls. >+ >+ * dom/Document.cpp: >+ (WebCore::Document::hasStorageAccess): >+ (WebCore::Document::requestStorageAccess): >+ > 2018-06-06 Antoine Quint <graouts@apple.com> > > Rename color-filter to -apple-color-filter and do not expose it to Web content >diff --git a/Source/WebCore/dom/Document.cpp b/Source/WebCore/dom/Document.cpp >index 50ddc9a160a637a457b16b0367cdb2b3cc4f7591..3b8d4190a7d009070669b0cb6c922a3b8ae9179f 100644 >--- a/Source/WebCore/dom/Document.cpp >+++ b/Source/WebCore/dom/Document.cpp >@@ -7527,7 +7527,7 @@ void Document::hasStorageAccess(Ref<DeferredPromise>&& promise) > ASSERT(settings().storageAccessAPIEnabled()); > > #if HAVE(CFNETWORK_STORAGE_PARTITIONING) >- if (hasFrameSpecificStorageAccess()) { >+ if (m_frame && hasFrameSpecificStorageAccess()) { > promise->resolve<IDLBoolean>(true); > return; > } >@@ -7578,7 +7578,7 @@ void Document::requestStorageAccess(Ref<DeferredPromise>&& promise) > ASSERT(settings().storageAccessAPIEnabled()); > > #if HAVE(CFNETWORK_STORAGE_PARTITIONING) >- if (hasFrameSpecificStorageAccess()) { >+ if (m_frame && hasFrameSpecificStorageAccess()) { > promise->resolve(); > return; > } >diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog >index 8057c3aba0da6b31381724a2b49bdb6b766513a3..21f9a4e1d60d99fe7a4f330ebb031273a15e9305 100644 >--- a/LayoutTests/ChangeLog >+++ b/LayoutTests/ChangeLog >@@ -1,3 +1,16 @@ >+2018-06-06 Brent Fulgham <bfulgham@apple.com> >+ >+ Handle Storage Access API calls in the absence of an attached frame >+ https://bugs.webkit.org/show_bug.cgi?id=186373 >+ <rdar://problem/40028265> >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ * http/tests/storageAccess/has-storage-access-crash-expected.txt: Added. >+ * http/tests/storageAccess/has-storage-access-crash.html: Added. >+ * http/tests/storageAccess/request-storage-access-crash-expected.txt: Added. >+ * http/tests/storageAccess/request-storage-access-crash.html: Added. >+ > 2018-06-06 David Fenton <david_fenton@apple.com> > > Layout Test http/tests/resourceLoadStatistics/prevalent-resource-with-user-interaction.html is flaky on macOS WK2 [ Release ] >diff --git a/LayoutTests/http/tests/storageAccess/has-storage-access-crash-expected.txt b/LayoutTests/http/tests/storageAccess/has-storage-access-crash-expected.txt >new file mode 100644 >index 0000000000000000000000000000000000000000..b6d32bb323a46d2a6609ff9541ecc40e3e6352f2 >--- /dev/null >+++ b/LayoutTests/http/tests/storageAccess/has-storage-access-crash-expected.txt >@@ -0,0 +1,11 @@ >+Test that storage access API called on a detached frame doesn't crash. >+ >+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". >+ >+ >+PASS successfullyParsed is true >+ >+TEST COMPLETE >+Test that querying storage access API called on a detached frame doesn't crash. >+ >+[object HTMLDocument] >diff --git a/LayoutTests/http/tests/storageAccess/has-storage-access-crash.html b/LayoutTests/http/tests/storageAccess/has-storage-access-crash.html >new file mode 100644 >index 0000000000000000000000000000000000000000..4f9e3c6f53d2062aa9f5eb42b83548b4ffdd1580 >--- /dev/null >+++ b/LayoutTests/http/tests/storageAccess/has-storage-access-crash.html >@@ -0,0 +1,26 @@ >+<!DOCTYPE html> >+<html> >+<head> >+ <script src="/js-test-resources/js-test.js"></script> >+ <script> >+ description("Test that storage access API called on a detached frame doesn't crash."); >+ jsTestIsAsync = true; >+ >+ function runTest() { >+ var o2 = document.getElementById('test'); >+ var testFrame = document.createElement("iframe"); >+ o2.appendChild(testFrame); >+ var testFrameDocument = testFrame.contentDocument; >+ testFrame.outerHTML = testFrameDocument; >+ >+ testFrameDocument.hasStorageAccess(); >+ finishJSTest(); >+ } >+ </script> >+</head> >+<body onload="runTest()"> >+ <div id="test"> >+ <p>Test that querying storage access API called on a detached frame doesn't crash.</p> >+ </div> >+</body> >+</html> >\ No newline at end of file >diff --git a/LayoutTests/http/tests/storageAccess/request-storage-access-crash-expected.txt b/LayoutTests/http/tests/storageAccess/request-storage-access-crash-expected.txt >new file mode 100644 >index 0000000000000000000000000000000000000000..c64434c745be5057e4cf0cbafdb962458bfaf179 >--- /dev/null >+++ b/LayoutTests/http/tests/storageAccess/request-storage-access-crash-expected.txt >@@ -0,0 +1,11 @@ >+Test that storage access API called on a detached frame doesn't crash. >+ >+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". >+ >+ >+PASS successfullyParsed is true >+ >+TEST COMPLETE >+Test that requesting storage access API called on a detached frame doesn't crash. >+ >+[object HTMLDocument] >diff --git a/LayoutTests/http/tests/storageAccess/request-storage-access-crash.html b/LayoutTests/http/tests/storageAccess/request-storage-access-crash.html >new file mode 100644 >index 0000000000000000000000000000000000000000..138f2cbb8fc6cb3749a3a033dfe0f13348fa85b4 >--- /dev/null >+++ b/LayoutTests/http/tests/storageAccess/request-storage-access-crash.html >@@ -0,0 +1,26 @@ >+<!DOCTYPE html> >+<html> >+<head> >+ <script src="/js-test-resources/js-test.js"></script> >+ <script> >+ description("Test that storage access API called on a detached frame doesn't crash."); >+ jsTestIsAsync = true; >+ >+ function runTest() { >+ var o2 = document.getElementById('test'); >+ var testFrame = document.createElement("iframe"); >+ o2.appendChild(testFrame); >+ var testFrameDocument = testFrame.contentDocument; >+ testFrame.outerHTML = testFrameDocument; >+ >+ testFrameDocument.requestStorageAccess(); >+ finishJSTest(); >+ } >+ </script> >+</head> >+<body onload="runTest()"> >+ <div id="test"> >+ <p>Test that requesting storage access API called on a detached frame doesn't crash.</p> >+ </div> >+</body> >+</html> >\ No newline at end of file
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=342102">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 186373
:
342102
|
342172