209067 2020-03-13 11:18:31 -0700 [ Mac wk1 ] http/tests/security/javascriptURL/xss-DENIED-to-javascript-url-in-foreign-domain-subframe.html is flaky failing. 2021-01-25 00:39:03 -0800 1 1 1 Unclassified WebKit WebCore JavaScript WebKit Nightly Build Mac macOS 10.15 RESOLVED CONFIGURATION CHANGED InRadar P2 Normal --- 1 Lawrence.j webkit-unassigned hd86782 webkit-bot-watchers-bugzilla webkit-bug-importer oldest_to_newest 1629715 0 Lawrence.j 2020-03-13 11:18:31 -0700 http/tests/security/javascriptURL/xss-DENIED-to-javascript-url-in-foreign-domain-subframe.html Description: This test is flaky failing on Mac wk1. The flaky failures are present throughout the visible history. History: https://results.webkit.org/?suite=layout-tests&test=http%2Ftests%2Fsecurity%2FjavascriptURL%2Fxss-DENIED-to-javascript-url-in-foreign-domain-subframe.html&platform=mac&flavor=wk1&style=debug&style=release&limit=50000&recent=false Diff: --- /Volumes/Data/slave/mojave-release-tests-wk1/build/layout-test-results/http/tests/security/javascriptURL/xss-DENIED-to-javascript-url-in-foreign-domain-subframe-expected.txt +++ /Volumes/Data/slave/mojave-release-tests-wk1/build/layout-test-results/http/tests/security/javascriptURL/xss-DENIED-to-javascript-url-in-foreign-domain-subframe-actual.txt @@ -1,20 +1,47 @@ -CONSOLE MESSAGE: line 41: SecurityError: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a cross-origin frame. Protocols, domains, and ports must match. -The scenario for this test is that you have an iframe with content from a foreign domain. In that foreign content is an iframe which loads a javascript: URL. This tests that this main document does not have access to that javascript: URL loaded iframe. - - -PASS: Cross frame access to a javascript: URL embed in a frame on a foreign domain denied! - - --------- -Frame: '<!--frame1-->' --------- -Inner iframe on a foreign domain. - - - --------- -Frame: 'aFrame' --------- -PASS: Cross frame access from a frame on a foreign domain denied! - -Inner-inner iframe. This iframe (which is javascript: URL and whose parent is on a foreign domain) is the frame that the main frame is trying to access. It should not have access to it. +layer at (0,0) size 800x600 + RenderView at (0,0) size 800x600 +layer at (0,0) size 800x600 + RenderBlock {HTML} at (0,0) size 800x600 + RenderBody {BODY} at (8,8) size 784x579 + RenderBlock {P} at (0,0) size 784x54 + RenderText {#text} at (0,0) size 755x54 + text run at (0,0) width 568: "The scenario for this test is that you have an iframe with content from a foreign domain. " + text run at (567,0) width 148: "In that foreign content " + text run at (714,0) width 31: "is an" + text run at (0,18) width 249: "iframe which loads a javascript: URL. " + text run at (248,18) width 405: "This tests that this main document does not have access to that " + text run at (652,18) width 103: "javascript: URL" + text run at (0,36) width 93: "loaded iframe." + RenderBlock (anonymous) at (0,70) size 784x204 + RenderIFrame {IFRAME} at (0,0) size 404x204 [border: (2px inset #000000)] + layer at (0,0) size 385x204 + RenderView at (0,0) size 385x200 + layer at (0,0) size 385x204 + RenderBlock {HTML} at (0,0) size 385x204 + RenderBody {BODY} at (8,8) size 369x188 + RenderBlock {P} at (0,0) size 369x18 + RenderText {#text} at (0,0) size 217x18 + text run at (0,0) width 217: "Inner iframe on a foreign domain." + RenderBlock (anonymous) at (0,34) size 369x154 + RenderIFrame {IFRAME} at (0,0) size 304x154 [border: (2px inset #000000)] + layer at (0,0) size 285x166 + RenderView at (0,0) size 285x150 + layer at (0,0) size 285x166 + RenderBlock {HTML} at (0,0) size 285x166 + RenderBody {BODY} at (8,8) size 269x142 + RenderBlock {P} at (0,0) size 269x36 + RenderText {#text} at (0,0) size 256x36 + text run at (0,0) width 256: "PASS: Cross frame access from a frame" + text run at (0,18) width 182: "on a foreign domain denied!" + RenderBlock {P} at (0,52) size 269x90 + RenderText {#text} at (0,0) size 264x90 + text run at (0,0) width 263: "Inner-inner iframe. This iframe (which is" + text run at (0,18) width 264: "javascript: URL and whose parent is on a" + text run at (0,36) width 235: "foreign domain) is the frame that the" + text run at (0,54) width 200: "main frame is trying to access. " + text run at (199,54) width 57: "It should" + text run at (0,72) width 133: "not have access to it." + RenderText {#text} at (0,0) size 0x0 + RenderText {#text} at (0,0) size 0x0 + RenderText {#text} at (0,0) size 0x0 + RenderBlock {PRE} at (0,287) size 784x0 1629717 1 webkit-bug-importer 2020-03-13 11:19:44 -0700 <rdar://problem/60425549> 1629725 2 Lawrence.j 2020-03-13 11:26:51 -0700 I have marked this test as failing while this issue is investigated. https://trac.webkit.org/changeset/258413/webkit 1629726 3 Lawrence.j 2020-03-13 11:28:40 -0700 I am able to reproduce this issue with r258393 using the command below. run-webkit-tests -iterations 1000 --exit-after-n-failures 3 --force -f http/tests/security/javascriptURL/xss-DENIED-to-javascript-url-in-foreign-domain-subframe.html -1 [289/1000] http/tests/security/javascriptURL/xss-DENIED-to-javascript-url-in-foreign-domain-subframe.html failed unexpectedly (text diff) [305/1000] http/tests/security/javascriptURL/xss-DENIED-to-javascript-url-in-foreign-domain-subframe.html failed unexpectedly (text diff) [333/1000] http/tests/security/javascriptURL/xss-DENIED-to-javascript-url-in-foreign-domain-subframe.html failed unexpectedly (text diff) Exiting early after 3 failures. 328 tests run. 325 tests ran as expected, 3 didn't (672 didn't run): 1651271 4 Lawrence.j 2020-05-11 07:57:27 -0700 Test test appears to be passing now, removed the expectations here: https://trac.webkit.org/changeset/261477/webkit