38285 2010-04-28 14:36:02 -0700 REGRESSION: Sandboxing code breaks some javascript: URLs in empty windows 2010-05-03 13:04:51 -0700 1 1 1 Unclassified WebKit Page Loading 528+ (Nightly build) Mac All RESOLVED FIXED InRadar, Regression P1 Normal --- 1 ap ap abarth darin oldest_to_newest 218641 0 ap 2010-04-28 14:36:02 -0700 Steps to reproduce: 1. Open a new empty window or tab. 2. Enter in address field: javascript:window.open('http://digg.com/') Results: nothing happens. Expected results: digg.com opens. The failing check is in FrameLoader::createWindow(): if (isDocumentSandboxed(SandboxNavigation)) <rdar://problem/7903453> 219650 1 54835 ap 2010-04-30 16:53:10 -0700 Created attachment 54835 naive fix 219658 2 54835 darin 2010-04-30 17:18:03 -0700 Comment on attachment 54835 naive fix The reason sandbox flags start with SandboxAll is the principle that it's safest to start with restrictions and relax them rather than the other way around. Changing the default setting affects an unknown set of code paths. That having been said, this change is OK with me. I'd love to hear Adam's take on it too. 219671 3 ap 2010-04-30 17:41:07 -0700 One thing I'm unsure about is relationship between flags in FrameLoader and in Document's security origin. FrameLoader::updateSandboxFlags() is called while opening the new tab/window, and it changes m_sandboxFlags to None. But it's too late for document's SecurityOrigin, because it's created earlier than that, so it still has the original flags from FrameLoader. 219803 4 abarth 2010-05-02 02:28:43 -0700 I'll look at this in more detail later. The sandbox flags on FrameLoader are the flags a new document loaded into that frame would get. The ones on the document's security origin are the ones the document was given when it was loaded. These can be different if someone changes the sandbox attribute after a document is loaded. 220235 5 54952 ap 2010-05-03 12:15:55 -0700 Created attachment 54952 better fix Adam suggested a better fix - we can propagate sandbox flags in init() earlier. This doesn't seem to affect any known behavior, but is generally nicer than starting with SandboxNone. 220237 6 54952 abarth 2010-05-03 12:17:47 -0700 Comment on attachment 54952 better fix Thanks! You might as well land the test you wrote too. It doesn't hurt to add extra tests. 220257 7 ap 2010-05-03 13:04:51 -0700 Committed <http://trac.webkit.org/changeset/58695>. 54835 2010-04-30 16:53:10 -0700 2010-04-30 17:18:03 -0700 naive fix NewWindowSandbox.txt text/plain 1540 ap SW5kZXg6IFdlYkNvcmUvQ2hhbmdlTG9nCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFdlYkNvcmUvQ2hhbmdlTG9n CShyZXZpc2lvbiA1ODYyMikKKysrIFdlYkNvcmUvQ2hhbmdlTG9nCSh3b3JraW5nIGNvcHkpCkBA IC0xLDMgKzEsMTYgQEAKKzIwMTAtMDQtMzAgIEFsZXhleSBQcm9za3VyeWFrb3YgIDxhcEBhcHBs ZS5jb20+CisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BTISkuCisKKyAgICAgICAg aHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTM4Mjg1CisgICAgICAgIDxy ZGFyOi8vcHJvYmxlbS83OTAzNDUzPiBSRUdSRVNTSU9OOiBKYXZhc2NyaXB0IGNvbW1hbmQgd2lu ZG93Lm9wZW4gZG9lcyBub3Qgd29yayBpbiBlbXB0eSB0YWIKKworICAgICAgICBDYW5ub3QgYmUg dGVzdGVkLCBiZWNhdXNlIG5ldyB3aW5kb3dzIGNyZWF0ZWQgaW4gRFJUIGFsd2F5cyBoYXZlIGFu IG9wZW5lciwgYW5kIHRodXMgaW5oZXJpdAorICAgICAgICBpdHMgc2VjdXJpdHkgb3JpZ2luLiBP bmx5IG5ldyB3aW5kb3dzIGFuZCB0YWJzIGNyZWF0ZWQgYnkgYnJvd3NlciBjaHJvbWUgaGFkIHRo aXMgcHJvYmxlbS4KKworICAgICAgICAqIGxvYWRlci9GcmFtZUxvYWRlci5jcHA6IChXZWJDb3Jl OjpGcmFtZUxvYWRlcjo6RnJhbWVMb2FkZXIpOiBJbml0aWFsaXplIG1fc2FuZGJveEZsYWdzIHRv CisgICAgICAgIFNhbmRib3hOb25lLiBJIGNvdWxkIG5vdCBmaW5kIGFueSByZWFzb24gd2h5IHRo ZXkgdXNlZCB0byBiZSBTYW5kb3hBbGwuCisKIDIwMTAtMDQtMzAgIERpbWl0cmkgR2xhemtvdiAg PGRnbGF6a292QGNocm9taXVtLm9yZz4KIAogICAgICAgICBVbnJldmlld2VkLCBidWlsZCBmaXgu CkluZGV4OiBXZWJDb3JlL2xvYWRlci9GcmFtZUxvYWRlci5jcHAKPT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gV2Vi Q29yZS9sb2FkZXIvRnJhbWVMb2FkZXIuY3BwCShyZXZpc2lvbiA1ODUzMykKKysrIFdlYkNvcmUv bG9hZGVyL0ZyYW1lTG9hZGVyLmNwcAkod29ya2luZyBjb3B5KQpAQCAtMjAyLDcgKzIwMiw3IEBA IEZyYW1lTG9hZGVyOjpGcmFtZUxvYWRlcihGcmFtZSogZnJhbWUsIEYKICAgICAsIG1fZGlkUGVy Zm9ybUZpcnN0TmF2aWdhdGlvbihmYWxzZSkKICAgICAsIG1fbG9hZGluZ0Zyb21DYWNoZWRQYWdl KGZhbHNlKQogICAgICwgbV9zdXBwcmVzc09wZW5lckluTmV3RnJhbWUoZmFsc2UpCi0gICAgLCBt X3NhbmRib3hGbGFncyhTYW5kYm94QWxsKQorICAgICwgbV9zYW5kYm94RmxhZ3MoU2FuZGJveE5v bmUpIC8vIFN0YXJ0IHdpdGggTm9uZSB0byBhdm9pZCBicmVha2luZyBqYXZhc2NyaXB0OiBVUkxz IGluIG5ldyB3aW5kb3dzLgogICAgICwgbV9mb3JjZWRTYW5kYm94RmxhZ3MoU2FuZGJveE5vbmUp CiAjaWZuZGVmIE5ERUJVRwogICAgICwgbV9kaWREaXNwYXRjaERpZENvbW1pdExvYWQoZmFsc2Up Cg== 54952 2010-05-03 12:15:55 -0700 2010-05-03 12:17:46 -0700 better fix NewWindowSandbox2.txt text/plain 1943 ap SW5kZXg6IFdlYkNvcmUvQ2hhbmdlTG9nCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFdlYkNvcmUvQ2hhbmdlTG9n CShyZXZpc2lvbiA1ODY5MikKKysrIFdlYkNvcmUvQ2hhbmdlTG9nCSh3b3JraW5nIGNvcHkpCkBA IC0xLDMgKzEsMTcgQEAKKzIwMTAtMDUtMDMgIEFsZXhleSBQcm9za3VyeWFrb3YgIDxhcEBhcHBs ZS5jb20+CisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BTISkuCisKKyAgICAgICAg aHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTM4Mjg1CisgICAgICAgIDxy ZGFyOi8vcHJvYmxlbS83OTAzNDUzPiBSRUdSRVNTSU9OOiBKYXZhc2NyaXB0IGNvbW1hbmQgd2lu ZG93Lm9wZW4gZG9lcyBub3Qgd29yayBpbiBlbXB0eSB0YWIKKworICAgICAgICBDYW5ub3QgYmUg dGVzdGVkLCBiZWNhdXNlIG5ldyB3aW5kb3dzIGNyZWF0ZWQgaW4gRFJUIGFsd2F5cyBoYXZlIGFu IG9wZW5lciwgYW5kIHRodXMgaW5oZXJpdAorICAgICAgICBpdHMgc2VjdXJpdHkgb3JpZ2luLiBP bmx5IG5ldyB3aW5kb3dzIGFuZCB0YWJzIGNyZWF0ZWQgYnkgYnJvd3NlciBjaHJvbWUgaGFkIHRo aXMgcHJvYmxlbS4KKworICAgICAgICAqIGxvYWRlci9GcmFtZUxvYWRlci5jcHA6IChXZWJDb3Jl OjpGcmFtZUxvYWRlcjo6aW5pdCk6IE1vdmVkIHVwZGF0ZVNhbmRib3hGbGFncygpIGNhbGwgdG8K KyAgICAgICAgdGhlIGJlZ2lubmluZywgc28gdGhhdCBhbiBpbml0aWFsIGRvY3VtZW50IHdvdWxk IGdldCBjb3JyZWN0IGZsYWdzLgorICAgICAgICAKKwogMjAxMC0wNS0wMyAgRXJpYyBTZWlkZWwg IDxlcmljQHdlYmtpdC5vcmc+CiAKICAgICAgICAgVW5yZXZpZXdlZCwgcm9sbGluZyBvdXQgcjU4 Njg1LgpJbmRleDogV2ViQ29yZS9sb2FkZXIvRnJhbWVMb2FkZXIuY3BwCj09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0t IFdlYkNvcmUvbG9hZGVyL0ZyYW1lTG9hZGVyLmNwcAkocmV2aXNpb24gNTg2NzgpCisrKyBXZWJD b3JlL2xvYWRlci9GcmFtZUxvYWRlci5jcHAJKHdvcmtpbmcgY29weSkKQEAgLTIyMyw2ICsyMjMs MTAgQEAgRnJhbWVMb2FkZXI6On5GcmFtZUxvYWRlcigpCiAKIHZvaWQgRnJhbWVMb2FkZXI6Omlu aXQoKQogeworICAgIC8vIFByb3BhZ2F0ZSBzYW5kYm94IGF0dHJpYnV0ZXMgdG8gdGhpcyBGcmFt ZWxvYWRlciBhbmQgaXRzIGRlc2NlbmRhbnRzLgorICAgIC8vIFRoaXMgbmVlZHMgdG8gYmUgZG9u ZSBlYXJseSwgc28gdGhhdCBhbiBpbml0aWFsIGRvY3VtZW50IGdldHMgY29ycmVjdCBzYW5kYm94 IGZsYWdzIGluIGl0cyBTZWN1cml0eU9yaWdpbi4KKyAgICB1cGRhdGVTYW5kYm94RmxhZ3MoKTsK KwogICAgIC8vIHRoaXMgc29tZXdoYXQgb2RkIHNldCBvZiBzdGVwcyBpcyBuZWVkZWQgdG8gZ2l2 ZSB0aGUgZnJhbWUgYW4gaW5pdGlhbCBlbXB0eSBkb2N1bWVudAogICAgIG1faXNEaXNwbGF5aW5n SW5pdGlhbEVtcHR5RG9jdW1lbnQgPSBmYWxzZTsKICAgICBtX2NyZWF0aW5nSW5pdGlhbEVtcHR5 RG9jdW1lbnQgPSB0cnVlOwpAQCAtMjM2LDkgKzI0MCw2IEBAIHZvaWQgRnJhbWVMb2FkZXI6Omlu aXQoKQogICAgIG1fZnJhbWUtPmRvY3VtZW50KCktPmNhbmNlbFBhcnNpbmcoKTsKICAgICBtX2Ny ZWF0aW5nSW5pdGlhbEVtcHR5RG9jdW1lbnQgPSBmYWxzZTsKICAgICBtX2RpZENhbGxJbXBsaWNp dENsb3NlID0gdHJ1ZTsKLQotICAgIC8vIFByb3BhZ2F0ZSBzYW5kYm94IGF0dHJpYnV0ZXMgdG8g dGhpcyBGcmFtZWxvYWRlciBhbmQgaXRzIGRlc2NlbmRhbnRzLgotICAgIHVwZGF0ZVNhbmRib3hG bGFncygpOwogfQogCiB2b2lkIEZyYW1lTG9hZGVyOjpzZXREZWZlcnNMb2FkaW5nKGJvb2wgZGVm ZXJzKQo=