184432 2018-04-09 16:10:14 -0700 Fix flakiness in insecure-iframe-in-main-frame.html 2018-05-07 17:00:28 -0700 1 1 1 Unclassified WebKit Tools / Tests WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED https://bugs.webkit.org/show_bug.cgi?id=185404 InRadar P2 Normal --- 1 krollin krollin cdumez commit-queue dbates ews-watchlist jer.noble lforschler mkwst webkit-bug-importer oldest_to_newest 1413062 0 krollin 2018-04-09 16:10:14 -0700 The test LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-iframe-in-main-frame.html is flaky. It enables the option to dump frame load events. It then opens a new window. The result is that the load events of the window-opening-window and the load events of the opened-window are interleaved non-deterministically. <rdar://problem/39297079> 1413063 1 krollin 2018-04-09 16:17:51 -0700 data-url-iframe-in-main-frame.html seems like it should have the same issue, in that it enables load event dumping and then calls window.open(). 1413066 2 krollin 2018-04-09 16:25:10 -0700 Also: * insecure-css-in-main-frame.html * insecure-image-in-main-frame.html * insecure-plugin-in-main-frame.html * insecure-script-in-main-frame.html * insecure-xhr-asynchronous-in-main-frame.html * insecure-xhr-synchronous-in-main-frame.html * about-blank-iframe-in-main-frame.html * data-url-iframe-in-main-frame.html * insecure-css-in-main-frame.html * insecure-css-with-secure-cookies.html * insecure-executable-css-with-secure-cookies.html * insecure-form-in-main-frame.html * insecure-iframe-in-main-frame.html * javascript-url-form-in-main-frame.html * redirect-http-to-https-iframe-in-main-frame.html * redirect-https-to-http-iframe-in-main-frame.html * redirect-https-to-http-image-secure-cookies-block.html * redirect-https-to-http-image-secure-cookies.html 1413071 3 krollin 2018-04-09 16:36:14 -0700 The difference may be related to the following code in insecure-iframe-in-main-frame.html: // FIXME: For some reason a SecurityPolicyViolation event is not dispatched in frame-with-insecure-iframe.html (why?). // So, dump-securitypolicyviolation-and-notify-done.js loaded by frame-with-insecure-iframe.html will never call // testRunner.notifyDone(). For now we do not call testRunner.waitUntilDone() and instead wait a fixed timeout :( window.setTimeout(function () { if (window.testRunner) testRunner.notifyDone(); }, 500); I note that, the comment notwithstanding, waitUntilDone is indeed called. I also note that the following tests have similar comments, but that they don't go so far as including the timeout code: * insecure-iframe-in-iframe.html * insecure-image-in-javascript-url-iframe-in-iframe.html 1413376 4 krollin 2018-04-10 13:53:25 -0700 Ultimately, the issue is not with determinism. If the expected results for this test are rebased, we’ll pass the test every time. The issue was that the order in which events of interleaved windows are reported was changed. Most other tests affected by this change had their expected results changed. However, this particular test was not treated in the same way because it was marked as flaky. Since it was expected to occasionally fail, the fact that it now *always* failed was missed. I'm (a) rebasing the expected results and (b) tweaking the test so that the two windows are not opening at the same time and so aren't having their frame-load events interleaved. 1413377 5 337632 krollin 2018-04-10 13:58:25 -0700 Created attachment 337632 Patch 1414129 6 337632 commit-queue 2018-04-12 12:18:53 -0700 Comment on attachment 337632 Patch Clearing flags on attachment: 337632 Committed r230590: <https://trac.webkit.org/changeset/230590> 1414130 7 commit-queue 2018-04-12 12:18:54 -0700 All reviewed patches have been landed. Closing bug. 1421521 8 337632 cdumez 2018-05-07 17:00:28 -0700 Comment on attachment 337632 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=337632&action=review > LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-iframe-in-main-frame.html:34 > + window.setTimeout(function() { setTimeout(0) still does not guarantee the current page will have loaded. We may want to do the setTimeout(0) in in unload = function() { }. 337632 2018-04-10 13:58:25 -0700 2018-04-12 12:18:53 -0700 Patch bug-184432-20180410135817.patch text/plain 6247 krollin U3VidmVyc2lvbiBSZXZpc2lvbjogMjMwNDQ0CmRpZmYgLS1naXQgYS9MYXlvdXRUZXN0cy9DaGFu Z2VMb2cgYi9MYXlvdXRUZXN0cy9DaGFuZ2VMb2cKaW5kZXggZDY1MGQ0MzJhNmExYzg5OGQ0NTk5 ODU2NWZlMTJkNGMwMzZmNjQwMS4uMDEyNGQzMmYzMzlhZjU3MmI2MmM3NDMxY2MwMWY4NjNlN2Uw OGM3NCAxMDA2NDQKLS0tIGEvTGF5b3V0VGVzdHMvQ2hhbmdlTG9nCisrKyBiL0xheW91dFRlc3Rz L0NoYW5nZUxvZwpAQCAtMSwzICsxLDIxIEBACisyMDE4LTA0LTEwICBLZWl0aCBSb2xsaW4gIDxr cm9sbGluQGFwcGxlLmNvbT4KKworICAgICAgICBGaXggZmxha2luZXNzIGluIGluc2VjdXJlLWlm cmFtZS1pbi1tYWluLWZyYW1lLmh0bWwKKyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcv c2hvd19idWcuY2dpP2lkPTE4NDQzMgorCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09Q UyEpLgorCisgICAgICAgIE1hcmsgaW5zZWN1cmUtaWZyYW1lLWluLW1haW4tZnJhbWUuaHRtbCBh cyBubyBsb25nZXIgZmxha3kuIFR3ZWFrIGl0CisgICAgICAgIHNvIHRoYXQgdGhlIGZyYW1lLWxv YWQgZXZlbnRzIG9mIHRoZSB0ZXN0IHdpbmRvdyBkbyBubyBpbnRlcmxlYXZlIHdpdGgKKyAgICAg ICAgdGhlIGZyYW1lLWxvYWQgZXZlbnRzIG9mIHRoZSB3aW5kb3cgb3BlbmVkIGJ5IHRoZSB0ZXN0 IHNvIHRoYXQgYW55CisgICAgICAgIG5vbi1kZXRlcm1pbmlzdGljIGJlaGF2aW9yIGRvZXNuJ3Qg YWZmZWN0IHRoZSBvcmRlciBvZiB0aGUgZXhwZWN0CisgICAgICAgIHNlcXVlbmNlIG9mIG1lc3Nh Z2VzLgorCisgICAgICAgICogVGVzdEV4cGVjdGF0aW9uczoKKyAgICAgICAgKiBodHRwL3Rlc3Rz L3NlY3VyaXR5L2NvbnRlbnRTZWN1cml0eVBvbGljeS9ibG9jay1hbGwtbWl4ZWQtY29udGVudC9p bnNlY3VyZS1pZnJhbWUtaW4tbWFpbi1mcmFtZS1leHBlY3RlZC50eHQ6CisgICAgICAgICogaHR0 cC90ZXN0cy9zZWN1cml0eS9jb250ZW50U2VjdXJpdHlQb2xpY3kvYmxvY2stYWxsLW1peGVkLWNv bnRlbnQvaW5zZWN1cmUtaWZyYW1lLWluLW1haW4tZnJhbWUuaHRtbDoKKyAgICAgICAgKiBwbGF0 Zm9ybS93azIvaHR0cC90ZXN0cy9zZWN1cml0eS9jb250ZW50U2VjdXJpdHlQb2xpY3kvYmxvY2st YWxsLW1peGVkLWNvbnRlbnQvaW5zZWN1cmUtaWZyYW1lLWluLW1haW4tZnJhbWUtZXhwZWN0ZWQu dHh0OgorCiAyMDE4LTA0LTA3ICBZb3Vlbm4gRmFibGV0ICA8eW91ZW5uQGFwcGxlLmNvbT4KIAog ICAgICAgICBSZXNwb25zZSBoZWFkZXJzIHNob3VsZCBiZSBmaWx0ZXJlZCB3aGVuIHNlbnQgZnJv bSBOZXR3b3JrUHJvY2VzcyB0byBXZWJQcm9jZXNzCmRpZmYgLS1naXQgYS9MYXlvdXRUZXN0cy9U ZXN0RXhwZWN0YXRpb25zIGIvTGF5b3V0VGVzdHMvVGVzdEV4cGVjdGF0aW9ucwppbmRleCA4YTcz YjE4ZmU4ZDliNWY4Y2IwODBhNmNmZmI5N2FiM2M3ZWViM2Y1Li5jN2JiZmM5ODFhYTdmNTkxYWQ5 ZDBjMTU5YTNmNTBiNDFmYzM1YjBlIDEwMDY0NAotLS0gYS9MYXlvdXRUZXN0cy9UZXN0RXhwZWN0 YXRpb25zCisrKyBiL0xheW91dFRlc3RzL1Rlc3RFeHBlY3RhdGlvbnMKQEAgLTU4Miw3ICs1ODIs NiBAQCB3ZWJraXQub3JnL2IvMTY5NTY1IGltcG9ydGVkL3czYy93ZWItcGxhdGZvcm0tdGVzdHMv Y29ycy8zMDQuaHRtIFsgRmFpbHVyZSBdCiAjIFRoZXNlIHRlc3RzIHVzZWQgdG8gaGF2ZSBkZXRl cm1pbmlzdGljIGxvYWQgZGVsZWdhdGUgY2FsbGJhY2sgb3JkZXIgYmVmb3JlIHdlYmtpdC5vcmcv Yi8xNjA2NzcKIGh0dHAvdGVzdHMvc3ZnL3N2Zy11c2UtZXh0ZXJuYWwuaHRtbCBbIFBhc3MgRmFp bHVyZSBdCiBodHRwL3Rlc3RzL2xvYWRpbmcvdGV4dC1jb250ZW50LXR5cGUtd2l0aC1iaW5hcnkt ZXh0ZW5zaW9uLmh0bWwgWyBQYXNzIEZhaWx1cmUgXQotaHR0cC90ZXN0cy9zZWN1cml0eS9jb250 ZW50U2VjdXJpdHlQb2xpY3kvYmxvY2stYWxsLW1peGVkLWNvbnRlbnQvaW5zZWN1cmUtaWZyYW1l LWluLW1haW4tZnJhbWUuaHRtbCBbIFBhc3MgRmFpbHVyZSBdCiAKICMgVGVzdHMgdGhhdCBhcmUg Zmxha2V5IGR1ZSB0byB1bmhhbmRsZWQgcHJvbWlzZSByZWplY3Rpb24gZXJyb3IgbWVzc2FnZXMK IHdlYmtpdC5vcmcvYi8xNzEwOTQgaW1wb3J0ZWQvdzNjL3dlYi1wbGF0Zm9ybS10ZXN0cy9zdHJl YW1zL3JlYWRhYmxlLXN0cmVhbXMvdGVlLmh0bWwgWyBQYXNzIEZhaWx1cmUgXQpkaWZmIC0tZ2l0 IGEvTGF5b3V0VGVzdHMvaHR0cC90ZXN0cy9zZWN1cml0eS9jb250ZW50U2VjdXJpdHlQb2xpY3kv YmxvY2stYWxsLW1peGVkLWNvbnRlbnQvaW5zZWN1cmUtaWZyYW1lLWluLW1haW4tZnJhbWUtZXhw ZWN0ZWQudHh0IGIvTGF5b3V0VGVzdHMvaHR0cC90ZXN0cy9zZWN1cml0eS9jb250ZW50U2VjdXJp dHlQb2xpY3kvYmxvY2stYWxsLW1peGVkLWNvbnRlbnQvaW5zZWN1cmUtaWZyYW1lLWluLW1haW4t ZnJhbWUtZXhwZWN0ZWQudHh0CmluZGV4IDM1MmFhNGRhZjliZGRmY2Q4NGUwNzEyNzYyODBkMDcy Y2U4ZDkyZDAuLjg3OGRiMjYxN2Y1ZDcxODNjOGZhODRkMDIyMWIzZWY5MGJiY2NjNDkgMTAwNjQ0 Ci0tLSBhL0xheW91dFRlc3RzL2h0dHAvdGVzdHMvc2VjdXJpdHkvY29udGVudFNlY3VyaXR5UG9s aWN5L2Jsb2NrLWFsbC1taXhlZC1jb250ZW50L2luc2VjdXJlLWlmcmFtZS1pbi1tYWluLWZyYW1l LWV4cGVjdGVkLnR4dAorKysgYi9MYXlvdXRUZXN0cy9odHRwL3Rlc3RzL3NlY3VyaXR5L2NvbnRl bnRTZWN1cml0eVBvbGljeS9ibG9jay1hbGwtbWl4ZWQtY29udGVudC9pbnNlY3VyZS1pZnJhbWUt aW4tbWFpbi1mcmFtZS1leHBlY3RlZC50eHQKQEAgLTEsNyArMSw3IEBACi1tYWluIGZyYW1lIC0g ZGlkU3RhcnRQcm92aXNpb25hbExvYWRGb3JGcmFtZQogbWFpbiBmcmFtZSAtIGRpZEZpbmlzaERv Y3VtZW50TG9hZEZvckZyYW1lCiBtYWluIGZyYW1lIC0gZGlkSGFuZGxlT25sb2FkRXZlbnRzRm9y RnJhbWUKIG1haW4gZnJhbWUgLSBkaWRGaW5pc2hMb2FkRm9yRnJhbWUKK21haW4gZnJhbWUgLSBk aWRTdGFydFByb3Zpc2lvbmFsTG9hZEZvckZyYW1lCiBtYWluIGZyYW1lIC0gZGlkQ29tbWl0TG9h ZEZvckZyYW1lCiBmcmFtZSAiPCEtLWZyYW1lUGF0aCAvLzwhLS1mcmFtZTAtLT4tLT4iIC0gZGlk U3RhcnRQcm92aXNpb25hbExvYWRGb3JGcmFtZQogQ09OU09MRSBNRVNTQUdFOiBCbG9ja2VkIG1p eGVkIGNvbnRlbnQgaHR0cDovLzEyNy4wLjAuMTo4MDAwL3NlY3VyaXR5L2NvbnRlbnRTZWN1cml0 eVBvbGljeS9ibG9jay1hbGwtbWl4ZWQtY29udGVudC9yZXNvdXJjZXMvZmFpbC5odG1sIGJlY2F1 c2UgJ2Jsb2NrLWFsbC1taXhlZC1jb250ZW50JyBhcHBlYXJzIGluIHRoZSBDb250ZW50IFNlY3Vy aXR5IFBvbGljeS4KZGlmZiAtLWdpdCBhL0xheW91dFRlc3RzL2h0dHAvdGVzdHMvc2VjdXJpdHkv Y29udGVudFNlY3VyaXR5UG9saWN5L2Jsb2NrLWFsbC1taXhlZC1jb250ZW50L2luc2VjdXJlLWlm cmFtZS1pbi1tYWluLWZyYW1lLmh0bWwgYi9MYXlvdXRUZXN0cy9odHRwL3Rlc3RzL3NlY3VyaXR5 L2NvbnRlbnRTZWN1cml0eVBvbGljeS9ibG9jay1hbGwtbWl4ZWQtY29udGVudC9pbnNlY3VyZS1p ZnJhbWUtaW4tbWFpbi1mcmFtZS5odG1sCmluZGV4IDU4ZTJmNzkwM2EzNzRiNDk3ZjRkNGZjOTQ4 MmEwZjA4ZWFmODE0NjYuLjhjMzQ4NGRkNDRhOWU3N2FkM2Q5NjE1MzkyZmYwOTc3NzE1ZGM4M2Eg MTAwNjQ0Ci0tLSBhL0xheW91dFRlc3RzL2h0dHAvdGVzdHMvc2VjdXJpdHkvY29udGVudFNlY3Vy aXR5UG9saWN5L2Jsb2NrLWFsbC1taXhlZC1jb250ZW50L2luc2VjdXJlLWlmcmFtZS1pbi1tYWlu LWZyYW1lLmh0bWwKKysrIGIvTGF5b3V0VGVzdHMvaHR0cC90ZXN0cy9zZWN1cml0eS9jb250ZW50 U2VjdXJpdHlQb2xpY3kvYmxvY2stYWxsLW1peGVkLWNvbnRlbnQvaW5zZWN1cmUtaWZyYW1lLWlu LW1haW4tZnJhbWUuaHRtbApAQCAtMzEsNyArMzEsOSBAQCB3aW5kb3cuYWRkRXZlbnRMaXN0ZW5l cigibWVzc2FnZSIsIGZ1bmN0aW9uIChtZXNzYWdlRXZlbnQpIHsKIG1peGVkIGNvbnRlbnQgYmxv Y2sgYmVjYXVzZSB0aGUgbWFpbiBmcmFtZSBpbiB0aGUgd2luZG93IGhhcyBDU1AgZGlyZWN0aXZl IGJsb2NrLWFsbC1taXhlZC1jb250ZW50LjwvcD4KIDxwcmUgaWQ9ImNvbnNvbGUiPjwvcHJlPgog PHNjcmlwdD4KLSAgICB3aW5kb3cub3BlbigiaHR0cHM6Ly8xMjcuMC4wLjE6ODQ0My9zZWN1cml0 eS9jb250ZW50U2VjdXJpdHlQb2xpY3kvYmxvY2stYWxsLW1peGVkLWNvbnRlbnQvcmVzb3VyY2Vz L2ZyYW1lLXdpdGgtaW5zZWN1cmUtaWZyYW1lLmh0bWwiKTsKKyAgICB3aW5kb3cuc2V0VGltZW91 dChmdW5jdGlvbigpIHsKKyAgICAgICAgd2luZG93Lm9wZW4oImh0dHBzOi8vMTI3LjAuMC4xOjg0 NDMvc2VjdXJpdHkvY29udGVudFNlY3VyaXR5UG9saWN5L2Jsb2NrLWFsbC1taXhlZC1jb250ZW50 L3Jlc291cmNlcy9mcmFtZS13aXRoLWluc2VjdXJlLWlmcmFtZS5odG1sIik7CisgICAgfSwgMCk7 CiA8L3NjcmlwdD4KIDwvYm9keT4KIDwvaHRtbD4KZGlmZiAtLWdpdCBhL0xheW91dFRlc3RzL3Bs YXRmb3JtL3drMi9odHRwL3Rlc3RzL3NlY3VyaXR5L2NvbnRlbnRTZWN1cml0eVBvbGljeS9ibG9j ay1hbGwtbWl4ZWQtY29udGVudC9pbnNlY3VyZS1pZnJhbWUtaW4tbWFpbi1mcmFtZS1leHBlY3Rl ZC50eHQgYi9MYXlvdXRUZXN0cy9wbGF0Zm9ybS93azIvaHR0cC90ZXN0cy9zZWN1cml0eS9jb250 ZW50U2VjdXJpdHlQb2xpY3kvYmxvY2stYWxsLW1peGVkLWNvbnRlbnQvaW5zZWN1cmUtaWZyYW1l LWluLW1haW4tZnJhbWUtZXhwZWN0ZWQudHh0CmluZGV4IDM1MmFhNGRhZjliZGRmY2Q4NGUwNzEy NzYyODBkMDcyY2U4ZDkyZDAuLjA0ZWM3MTIzZWY3ZWE5MzViZjIxZjYwMjRjYWYxNzFmM2E1YjA3 ZmIgMTAwNjQ0Ci0tLSBhL0xheW91dFRlc3RzL3BsYXRmb3JtL3drMi9odHRwL3Rlc3RzL3NlY3Vy aXR5L2NvbnRlbnRTZWN1cml0eVBvbGljeS9ibG9jay1hbGwtbWl4ZWQtY29udGVudC9pbnNlY3Vy ZS1pZnJhbWUtaW4tbWFpbi1mcmFtZS1leHBlY3RlZC50eHQKKysrIGIvTGF5b3V0VGVzdHMvcGxh dGZvcm0vd2syL2h0dHAvdGVzdHMvc2VjdXJpdHkvY29udGVudFNlY3VyaXR5UG9saWN5L2Jsb2Nr LWFsbC1taXhlZC1jb250ZW50L2luc2VjdXJlLWlmcmFtZS1pbi1tYWluLWZyYW1lLWV4cGVjdGVk LnR4dApAQCAtMSwxMyArMSwxMyBAQAotbWFpbiBmcmFtZSAtIGRpZFN0YXJ0UHJvdmlzaW9uYWxM b2FkRm9yRnJhbWUKIG1haW4gZnJhbWUgLSBkaWRGaW5pc2hEb2N1bWVudExvYWRGb3JGcmFtZQog bWFpbiBmcmFtZSAtIGRpZEhhbmRsZU9ubG9hZEV2ZW50c0ZvckZyYW1lCiBtYWluIGZyYW1lIC0g ZGlkRmluaXNoTG9hZEZvckZyYW1lCittYWluIGZyYW1lIC0gZGlkU3RhcnRQcm92aXNpb25hbExv YWRGb3JGcmFtZQogbWFpbiBmcmFtZSAtIGRpZENvbW1pdExvYWRGb3JGcmFtZQorbWFpbiBmcmFt ZSAtIGRpZEZpbmlzaERvY3VtZW50TG9hZEZvckZyYW1lCiBmcmFtZSAiPCEtLWZyYW1lUGF0aCAv LzwhLS1mcmFtZTAtLT4tLT4iIC0gZGlkU3RhcnRQcm92aXNpb25hbExvYWRGb3JGcmFtZQogQ09O U09MRSBNRVNTQUdFOiBCbG9ja2VkIG1peGVkIGNvbnRlbnQgaHR0cDovLzEyNy4wLjAuMTo4MDAw L3NlY3VyaXR5L2NvbnRlbnRTZWN1cml0eVBvbGljeS9ibG9jay1hbGwtbWl4ZWQtY29udGVudC9y ZXNvdXJjZXMvZmFpbC5odG1sIGJlY2F1c2UgJ2Jsb2NrLWFsbC1taXhlZC1jb250ZW50JyBhcHBl YXJzIGluIHRoZSBDb250ZW50IFNlY3VyaXR5IFBvbGljeS4KLWZyYW1lICI8IS0tZnJhbWVQYXRo IC8vPCEtLWZyYW1lMC0tPi0tPiIgLSBkaWRGYWlsUHJvdmlzaW9uYWxMb2FkV2l0aEVycm9yCi1t YWluIGZyYW1lIC0gZGlkRmluaXNoRG9jdW1lbnRMb2FkRm9yRnJhbWUKIG1haW4gZnJhbWUgLSBk aWRIYW5kbGVPbmxvYWRFdmVudHNGb3JGcmFtZQorZnJhbWUgIjwhLS1mcmFtZVBhdGggLy88IS0t ZnJhbWUwLS0+LS0+IiAtIGRpZEZhaWxQcm92aXNpb25hbExvYWRXaXRoRXJyb3IKIG1haW4gZnJh bWUgLSBkaWRGaW5pc2hMb2FkRm9yRnJhbWUKIFRoaXMgdGVzdCBvcGVucyBhIHdpbmRvdyBhbmQg bG9hZHMgYW4gaW5zZWN1cmUgaWZyYW1lLiBXZSBzaG91bGQgdHJpZ2dlciBhIG1peGVkIGNvbnRl bnQgYmxvY2sgYmVjYXVzZSB0aGUgbWFpbiBmcmFtZSBpbiB0aGUgd2luZG93IGhhcyBDU1AgZGly ZWN0aXZlIGJsb2NrLWFsbC1taXhlZC1jb250ZW50LgogCg==