WebKit Bugzilla
Attachment 342172 Details for
Bug 186373
: Handle Storage Access API calls in the absence of an attached frame
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch for landing
bug-186373-20180607090757.patch (text/plain), 8.28 KB, created by
Brent Fulgham
on 2018-06-07 09:07:58 PDT
(
hide
)
Description:
Patch for landing
Filename:
MIME Type:
Creator:
Brent Fulgham
Created:
2018-06-07 09:07:58 PDT
Size:
8.28 KB
patch
obsolete
>Subversion Revision: 232560 >diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog >index fc9f650ed6064ce9df1acb7c95ab0c305eb45ce7..4392b9d079523cd9546ae45d3d448d4465d0d4e0 100644 >--- a/Source/WebCore/ChangeLog >+++ b/Source/WebCore/ChangeLog >@@ -1,3 +1,24 @@ >+2018-06-06 Brent Fulgham <bfulgham@apple.com> >+ >+ Handle Storage Access API calls in the absence of an attached frame >+ https://bugs.webkit.org/show_bug.cgi?id=186373 >+ <rdar://problem/40028265> >+ >+ Reviewed by Daniel Bates. >+ >+ Tests: http/tests/storageAccess/has-storage-access-crash.html >+ http/tests/storageAccess/request-storage-access-crash.html >+ >+ The new frame-specific storage access checks were done without confirming a >+ frame was present, although the frame state was validated in other parts of >+ the same method. >+ >+ This patch checks for a non-null frame before making frame-specific calls. >+ >+ * dom/Document.cpp: >+ (WebCore::Document::hasStorageAccess): >+ (WebCore::Document::requestStorageAccess): >+ > 2018-06-06 Antoine Quint <graouts@apple.com> > > Rename color-filter to -apple-color-filter and do not expose it to Web content >diff --git a/Source/WebCore/dom/Document.cpp b/Source/WebCore/dom/Document.cpp >index 50ddc9a160a637a457b16b0367cdb2b3cc4f7591..3b8d4190a7d009070669b0cb6c922a3b8ae9179f 100644 >--- a/Source/WebCore/dom/Document.cpp >+++ b/Source/WebCore/dom/Document.cpp >@@ -7527,7 +7527,7 @@ void Document::hasStorageAccess(Ref<DeferredPromise>&& promise) > ASSERT(settings().storageAccessAPIEnabled()); > > #if HAVE(CFNETWORK_STORAGE_PARTITIONING) >- if (hasFrameSpecificStorageAccess()) { >+ if (m_frame && hasFrameSpecificStorageAccess()) { > promise->resolve<IDLBoolean>(true); > return; > } >@@ -7578,7 +7578,7 @@ void Document::requestStorageAccess(Ref<DeferredPromise>&& promise) > ASSERT(settings().storageAccessAPIEnabled()); > > #if HAVE(CFNETWORK_STORAGE_PARTITIONING) >- if (hasFrameSpecificStorageAccess()) { >+ if (m_frame && hasFrameSpecificStorageAccess()) { > promise->resolve(); > return; > } >diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog >index 8057c3aba0da6b31381724a2b49bdb6b766513a3..4c9f643e9c59e97af3b0f76c7a698acca804c901 100644 >--- a/LayoutTests/ChangeLog >+++ b/LayoutTests/ChangeLog >@@ -1,3 +1,17 @@ >+2018-06-06 Brent Fulgham <bfulgham@apple.com> >+ >+ Handle Storage Access API calls in the absence of an attached frame >+ https://bugs.webkit.org/show_bug.cgi?id=186373 >+ <rdar://problem/40028265> >+ >+ Reviewed by Daniel Bates. >+ >+ * http/tests/storageAccess/has-storage-access-crash-expected.txt: Added. >+ * http/tests/storageAccess/has-storage-access-crash.html: Added. >+ * http/tests/storageAccess/request-storage-access-crash-expected.txt: Added. >+ * http/tests/storageAccess/request-storage-access-crash.html: Added. >+ * platform/mac-wk2/TestExpectations: Add the two new tests for HighSierra+ >+ > 2018-06-06 David Fenton <david_fenton@apple.com> > > Layout Test http/tests/resourceLoadStatistics/prevalent-resource-with-user-interaction.html is flaky on macOS WK2 [ Release ] >diff --git a/LayoutTests/http/tests/storageAccess/has-storage-access-crash-expected.txt b/LayoutTests/http/tests/storageAccess/has-storage-access-crash-expected.txt >new file mode 100644 >index 0000000000000000000000000000000000000000..4595baa103776801dbcefa226cc5bbdd818eeb0f >--- /dev/null >+++ b/LayoutTests/http/tests/storageAccess/has-storage-access-crash-expected.txt >@@ -0,0 +1,5 @@ >+Test that querying storage access API on a detached frame doesn't crash. >+ >+[object HTMLDocument] >+SUCCESS: Did not crash. >+ >diff --git a/LayoutTests/http/tests/storageAccess/has-storage-access-crash.html b/LayoutTests/http/tests/storageAccess/has-storage-access-crash.html >new file mode 100644 >index 0000000000000000000000000000000000000000..bd9315874ed999ba8ed0994342af7c2e5103fad8 >--- /dev/null >+++ b/LayoutTests/http/tests/storageAccess/has-storage-access-crash.html >@@ -0,0 +1,36 @@ >+<!DOCTYPE html> >+<html> >+<head> >+ <script> >+ function debug(str) { >+ var c = document.getElementById("console") >+ c.innerHTML += (str + "<br>") >+ } >+ >+ if (window.testRunner) { >+ testRunner.dumpAsText(); >+ testRunner.waitUntilDone(); >+ } >+ >+ function runTest() { >+ var testDiv = document.getElementById("test"); >+ var testFrame = document.createElement("iframe"); >+ testDiv.appendChild(testFrame); >+ var testFrameDocument = testFrame.contentDocument; >+ testFrame.outerHTML = testFrameDocument; >+ >+ testFrameDocument.hasStorageAccess(); >+ >+ debug("SUCCESS: Did not crash.") >+ if (window.testRunner) >+ testRunner.notifyDone(); >+ } >+ </script> >+</head> >+<body onload="runTest()"> >+ <div id="test"> >+ <p>Test that querying storage access API on a detached frame doesn't crash.</p> >+ </div> >+ <pre id="console"></pre> >+</body> >+</html> >\ No newline at end of file >diff --git a/LayoutTests/http/tests/storageAccess/request-storage-access-crash-expected.txt b/LayoutTests/http/tests/storageAccess/request-storage-access-crash-expected.txt >new file mode 100644 >index 0000000000000000000000000000000000000000..b7d990395e8dcae3730b9f3c17fb55e18da8fa8f >--- /dev/null >+++ b/LayoutTests/http/tests/storageAccess/request-storage-access-crash-expected.txt >@@ -0,0 +1,5 @@ >+Test that requesting storage access API on a detached frame doesn't crash. >+ >+[object HTMLDocument] >+SUCCESS: Did not crash. >+ >diff --git a/LayoutTests/http/tests/storageAccess/request-storage-access-crash.html b/LayoutTests/http/tests/storageAccess/request-storage-access-crash.html >new file mode 100644 >index 0000000000000000000000000000000000000000..87862a4109c2d7f5d4bc62e558aaf172d4c75439 >--- /dev/null >+++ b/LayoutTests/http/tests/storageAccess/request-storage-access-crash.html >@@ -0,0 +1,36 @@ >+<!DOCTYPE html> >+<html> >+<head> >+ <script> >+ function debug(str) { >+ var c = document.getElementById("console") >+ c.innerHTML += (str + "<br>") >+ } >+ >+ if (window.testRunner) { >+ testRunner.dumpAsText(); >+ testRunner.waitUntilDone(); >+ } >+ >+ function runTest() { >+ var testDiv = document.getElementById("test"); >+ var testFrame = document.createElement("iframe"); >+ testDiv.appendChild(testFrame); >+ var testFrameDocument = testFrame.contentDocument; >+ testFrame.outerHTML = testFrameDocument; >+ >+ testFrameDocument.requestStorageAccess(); >+ >+ debug("SUCCESS: Did not crash.") >+ if (window.testRunner) >+ testRunner.notifyDone(); >+ } >+ </script> >+</head> >+<body onload="runTest()"> >+ <div id="test"> >+ <p>Test that requesting storage access API on a detached frame doesn't crash.</p> >+ </div> >+ <pre id="console"></pre> >+</body> >+</html> >\ No newline at end of file >diff --git a/LayoutTests/platform/mac-wk2/TestExpectations b/LayoutTests/platform/mac-wk2/TestExpectations >index 5b063bc0b73fcf7167f766bb4096134e2c773f4f..eaf091cdcac5e2a3f1742357563f665e8f09c921 100644 >--- a/LayoutTests/platform/mac-wk2/TestExpectations >+++ b/LayoutTests/platform/mac-wk2/TestExpectations >@@ -721,8 +721,11 @@ webkit.org/b/172397 legacy-animation-engine/animations/needs-layout.html [ Pass > # Touch events are not available on open source bots, thus only tested on Mac. > http/tests/resourceLoadStatistics/user-interaction-in-cross-origin-sub-frame.html [ Pass ] > http/tests/resourceLoadStatistics/user-interaction-reported-after-website-data-removal.html [ Pass ] >+ >+[ HighSierra+ ] http/tests/storageAccess/has-storage-access-crash.html [ Pass ] > [ HighSierra+ ] http/tests/storageAccess/request-and-grant-storage-access-cross-origin-non-sandboxed-iframe.html [ Pass ] > [ HighSierra+ ] http/tests/storageAccess/request-and-grant-storage-access-cross-origin-sandboxed-iframe.html [ Pass ] >+[ HighSierra+ ] http/tests/storageAccess/request-storage-access-crash.html [ Pass ] > [ HighSierra+ ] http/tests/storageAccess/request-storage-access-cross-origin-sandboxed-iframe-with-unique-origin.html [ Pass ] > [ HighSierra+ ] http/tests/storageAccess/request-storage-access-cross-origin-sandboxed-iframe-without-allow-token.html [ Pass ] > [ HighSierra+ ] http/tests/storageAccess/request-storage-access-same-origin-iframe.html [ Pass ]
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=342172">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 186373
:
342102
| 342172