Bug 171321

Summary:

Add flag allow-modals to iframe sandbox

Product:

WebKit

Reporter:

Frédéric Wang (:fredw) <fred.wang>

Component:

Frames

Assignee:

Frédéric Wang (:fredw) <fred.wang>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

bfulgham, binlu, buildbot, cdumez, dbates, dpaddock, dvoytenko, esprehn+autocc, fred.wang, jond, kangil.han, malte, mkwst, rbyers, rniwa, webkit-bug-importer

Priority:

Keywords:

InRadar

Version:

Safari Technology Preview

Hardware:

Unspecified

OS:

Unspecified

URL:

https://html.spec.whatwg.org/multipage/origin.html#sandboxed-modals-flag

Bug Depends on:

Bug Blocks:

175300, 183568

Attachments:

Description	Flags
Patch	buildbot: commit-queue-
Archive of layout-test-results from ews103 for mac-elcapitan	none
Archive of layout-test-results from ews107 for mac-elcapitan-wk2	none
Archive of layout-test-results from ews125 for ios-simulator-wk2	none
Archive of layout-test-results from ews116 for mac-elcapitan	none
Patch	none
Patch	none
Archive of layout-test-results from ews103 for mac-elcapitan	none
Archive of layout-test-results from ews104 for mac-elcapitan-wk2	none
Archive of layout-test-results from ews113 for mac-elcapitan	none
Archive of layout-test-results from ews126 for ios-simulator-wk2	none
Patch	none
Patch	none

Frédéric Wang (:fredw)

Reported 2017-04-26 04:40:58 PDT

I'm extracting this from bug 158875. https://html.spec.whatwg.org/multipage/browsers.html#attr-iframe-sandbox-allow-modals https://googlechrome.github.io/samples/block-modal-dialogs-sandboxed-iframe/

Attachments
Patch (3.67 KB, patch) 2017-07-24 04:23 PDT, Frédéric Wang (:fredw)	buildbot: commit-queue-	Details Formatted Diff Diff
Archive of layout-test-results from ews103 for mac-elcapitan (1.10 MB, application/zip) 2017-07-24 05:30 PDT, Build Bot	no flags	Details
Archive of layout-test-results from ews107 for mac-elcapitan-wk2 (1.19 MB, application/zip) 2017-07-24 05:37 PDT, Build Bot	no flags	Details
Archive of layout-test-results from ews125 for ios-simulator-wk2 (1.08 MB, application/zip) 2017-07-24 05:56 PDT, Build Bot	no flags	Details
Archive of layout-test-results from ews116 for mac-elcapitan (1.87 MB, application/zip) 2017-07-24 06:10 PDT, Build Bot	no flags	Details
Patch (19.23 KB, patch) 2017-07-24 09:11 PDT, Frédéric Wang (:fredw)	no flags	Details Formatted Diff Diff
Patch (33.84 KB, patch) 2017-07-25 09:48 PDT, Frédéric Wang (:fredw)	no flags	Details Formatted Diff Diff
Archive of layout-test-results from ews103 for mac-elcapitan (1008.51 KB, application/zip) 2017-07-25 10:56 PDT, Build Bot	no flags	Details
Archive of layout-test-results from ews104 for mac-elcapitan-wk2 (1.15 MB, application/zip) 2017-07-25 11:02 PDT, Build Bot	no flags	Details
Archive of layout-test-results from ews113 for mac-elcapitan (1.76 MB, application/zip) 2017-07-25 11:18 PDT, Build Bot	no flags	Details
Archive of layout-test-results from ews126 for ios-simulator-wk2 (1.01 MB, application/zip) 2017-07-25 11:29 PDT, Build Bot	no flags	Details
Patch (33.82 KB, patch) 2017-07-25 13:24 PDT, Frédéric Wang (:fredw)	no flags	Details Formatted Diff Diff
Patch (33.79 KB, patch) 2017-08-25 09:33 PDT, Frédéric Wang (:fredw)	no flags	Details Formatted Diff Diff
Show Obsolete (12) View All Add attachment proposed patch, testcase, etc.

Frédéric Wang (:fredw)

Comment 1 2017-07-12 01:23:30 PDT

I did a quick check of the WebKit and Chromium code and I believe this won't be too difficult to implement. @Bin Lu, Rick: So if I understand correctly, WebKit currently always allows modal dialogs in sandboxed frames so implementing the allow-modals flag won't change anything for that case, right? The relevant benefit is when allow-modals is not specified: Modals dialogs would then be blocked, providing better security. This is however a behavior change that might (in theory) break existing pages using dialogs in sandboxed frame. IIUC, only Gecko and Chromium implements that flag for now. What was your experience with that change at Google? I see that the Chromium counters give very low usage for dialogs in sandboxed frame: https://www.chromestatus.com/metrics/feature/timeline/popularity/767

Bin Lu

Comment 2 2017-07-12 07:13:59 PDT

Yes, I think your understanding is right. In terms of the breakage of dialogs used in sandboxed iframe, the usage was quite low and we didn't get any developer complaints about the blocking in Chrome. So I'd guess it's pretty safe for WebKit to do the same blocking, and the web developer can add 'allow-modals' if they really want it. Thanks Frederic for working on this.

Rick Byers

Comment 3 2017-07-18 12:45:32 PDT

It looks like there was some discussion here: https://groups.google.com/a/chromium.org/d/msg/blink-dev/wXbgxLu63Fo/YtsqkySmTWcJ But yeah given that it's been in Chrome now for ages I'd say it's pretty clear that it's web compatible. I found a couple reports of site breakage when Chrome made the change (eg. https://bugs.chromium.org/p/chromium/issues/detail?id=543485) but it sounds like those the user might actually want to preserve were fixed by adding allow-modals. +mkwst who drove this effort in Chromium and can probably provide more data on the web compat risk.

Frédéric Wang (:fredw)

Comment 4 2017-07-24 04:23:34 PDT

Created attachment 316282 [details] Patch Minimal changes to implement the behavior. Let's see if it breaks any existing tests.

Build Bot

Comment 5 2017-07-24 05:30:54 PDT

Comment on attachment 316282 [details] Patch Attachment 316282 [details] did not pass mac-ews (mac): Output: http://webkit-queues.webkit.org/results/4178135 New failing tests: http/tests/security/contentSecurityPolicy/sandbox-allow-scripts-in-http-header2.php fast/frames/sandboxed-iframe-navigation-top-by-name-denied.html http/tests/security/no-popup-from-sandbox-top.html fast/events/popup-blocked-from-sandboxed-frame-via-window-open-named-sibling-frame.html http/tests/security/popup-allowed-by-sandbox-when-allowed.html http/tests/security/xss-DENIED-window-name-alert.html fast/forms/autofocus-in-sandbox-with-allow-scripts.html http/tests/security/contentSecurityPolicy/sandbox-allow-scripts-in-http-header-control.html http/tests/security/no-popup-from-sandbox.html http/tests/security/popup-allowed-by-sandbox-is-sandboxed-control.html fast/frames/sandboxed-iframe-parsing-space-characters.html fast/events/popup-blocked-from-sandboxed-frame-via-window-open-named-sibling-frame2.html fast/frames/sandboxed-iframe-scripting-02.html http/tests/security/contentSecurityPolicy/iframe-inside-csp.html http/tests/security/no-indexeddb-from-sandbox.html http/tests/security/contentSecurityPolicy/sandbox-allow-scripts-in-http-header.html http/tests/security/drag-drop-same-unique-origin.html

Build Bot

Comment 6 2017-07-24 05:30:55 PDT

Created attachment 316283 [details] Archive of layout-test-results from ews103 for mac-elcapitan The attached test failures were seen while running run-webkit-tests on the mac-ews. Bot: ews103 Port: mac-elcapitan Platform: Mac OS X 10.11.6

Build Bot

Comment 7 2017-07-24 05:37:09 PDT

Comment on attachment 316282 [details] Patch Attachment 316282 [details] did not pass mac-wk2-ews (mac-wk2): Output: http://webkit-queues.webkit.org/results/4178150 New failing tests: http/tests/security/contentSecurityPolicy/sandbox-allow-scripts-in-http-header2.php fast/frames/sandboxed-iframe-navigation-top-by-name-denied.html http/tests/security/no-popup-from-sandbox-top.html fast/events/popup-blocked-from-sandboxed-frame-via-window-open-named-sibling-frame.html http/tests/security/popup-allowed-by-sandbox-when-allowed.html http/tests/security/xss-DENIED-window-name-alert.html fast/forms/autofocus-in-sandbox-with-allow-scripts.html http/tests/security/contentSecurityPolicy/sandbox-allow-scripts-in-http-header-control.html http/tests/security/no-popup-from-sandbox.html http/tests/security/popup-allowed-by-sandbox-is-sandboxed-control.html fast/frames/sandboxed-iframe-parsing-space-characters.html fast/events/popup-blocked-from-sandboxed-frame-via-window-open-named-sibling-frame2.html fast/frames/sandboxed-iframe-scripting-02.html http/tests/security/contentSecurityPolicy/iframe-inside-csp.html http/tests/security/no-indexeddb-from-sandbox.html http/tests/security/contentSecurityPolicy/sandbox-allow-scripts-in-http-header.html

Build Bot

Comment 8 2017-07-24 05:37:10 PDT

Created attachment 316285 [details] Archive of layout-test-results from ews107 for mac-elcapitan-wk2 The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews. Bot: ews107 Port: mac-elcapitan-wk2 Platform: Mac OS X 10.11.6

Build Bot

Comment 9 2017-07-24 05:56:53 PDT

Comment on attachment 316282 [details] Patch Attachment 316282 [details] did not pass ios-sim-ews (ios-simulator-wk2): Output: http://webkit-queues.webkit.org/results/4178167 New failing tests: http/tests/security/contentSecurityPolicy/sandbox-allow-scripts-in-http-header2.php fast/frames/sandboxed-iframe-navigation-top-by-name-denied.html http/tests/security/no-popup-from-sandbox-top.html imported/w3c/IndexedDB-private-browsing/idbfactory_open.html http/tests/security/popup-allowed-by-sandbox-when-allowed.html http/tests/security/xss-DENIED-window-name-alert.html fast/forms/autofocus-in-sandbox-with-allow-scripts.html http/tests/security/contentSecurityPolicy/sandbox-allow-scripts-in-http-header-control.html http/tests/security/no-popup-from-sandbox.html http/tests/security/popup-allowed-by-sandbox-is-sandboxed-control.html fast/frames/sandboxed-iframe-parsing-space-characters.html fast/events/popup-blocked-from-sandboxed-frame-via-window-open-named-sibling-frame2.html fast/frames/sandboxed-iframe-scripting-02.html http/tests/security/contentSecurityPolicy/iframe-inside-csp.html http/tests/security/no-indexeddb-from-sandbox.html http/tests/security/contentSecurityPolicy/sandbox-allow-scripts-in-http-header.html fast/events/popup-blocked-from-sandboxed-frame-via-window-open-named-sibling-frame.html

Build Bot

Comment 10 2017-07-24 05:56:55 PDT

Created attachment 316286 [details] Archive of layout-test-results from ews125 for ios-simulator-wk2 The attached test failures were seen while running run-webkit-tests on the ios-sim-ews. Bot: ews125 Port: ios-simulator-wk2 Platform: Mac OS X 10.12.5

Build Bot

Comment 11 2017-07-24 06:10:22 PDT

Comment on attachment 316282 [details] Patch Attachment 316282 [details] did not pass mac-debug-ews (mac): Output: http://webkit-queues.webkit.org/results/4178191 New failing tests: http/tests/security/contentSecurityPolicy/sandbox-allow-scripts-in-http-header2.php fast/frames/sandboxed-iframe-navigation-top-by-name-denied.html http/tests/security/no-popup-from-sandbox-top.html fast/events/popup-blocked-from-sandboxed-frame-via-window-open-named-sibling-frame.html http/tests/security/popup-allowed-by-sandbox-when-allowed.html http/tests/security/xss-DENIED-window-name-alert.html fast/forms/autofocus-in-sandbox-with-allow-scripts.html http/tests/security/contentSecurityPolicy/sandbox-allow-scripts-in-http-header-control.html http/tests/security/no-popup-from-sandbox.html http/tests/security/popup-allowed-by-sandbox-is-sandboxed-control.html fast/frames/sandboxed-iframe-parsing-space-characters.html fast/events/popup-blocked-from-sandboxed-frame-via-window-open-named-sibling-frame2.html fast/frames/sandboxed-iframe-scripting-02.html http/tests/security/contentSecurityPolicy/iframe-inside-csp.html http/tests/security/no-indexeddb-from-sandbox.html http/tests/security/contentSecurityPolicy/sandbox-allow-scripts-in-http-header.html http/tests/security/drag-drop-same-unique-origin.html

Build Bot

Comment 12 2017-07-24 06:10:24 PDT

Created attachment 316287 [details] Archive of layout-test-results from ews116 for mac-elcapitan The attached test failures were seen while running run-webkit-tests on the mac-debug-ews. Bot: ews116 Port: mac-elcapitan Platform: Mac OS X 10.11.6

Frédéric Wang (:fredw)

Comment 13 2017-07-24 09:11:11 PDT

Created attachment 316294 [details] Patch

Frédéric Wang (:fredw)

Comment 14 2017-07-25 09:48:32 PDT

Created attachment 316369 [details] Patch

Build Bot

Comment 15 2017-07-25 10:56:57 PDT

Comment on attachment 316369 [details] Patch Attachment 316369 [details] did not pass mac-ews (mac): Output: http://webkit-queues.webkit.org/results/4185344 New failing tests: http/tests/security/sandboxed-iframe-ALLOWED-modals.html fast/frames/sandboxed-iframe-parsing-space-characters.html

Build Bot

Comment 16 2017-07-25 10:56:59 PDT

Created attachment 316377 [details] Archive of layout-test-results from ews103 for mac-elcapitan The attached test failures were seen while running run-webkit-tests on the mac-ews. Bot: ews103 Port: mac-elcapitan Platform: Mac OS X 10.11.6

Build Bot

Comment 17 2017-07-25 11:02:41 PDT

Comment on attachment 316369 [details] Patch Attachment 316369 [details] did not pass mac-wk2-ews (mac-wk2): Output: http://webkit-queues.webkit.org/results/4185347 New failing tests: fast/frames/sandboxed-iframe-parsing-space-characters.html

Build Bot

Comment 18 2017-07-25 11:02:43 PDT

Created attachment 316378 [details] Archive of layout-test-results from ews104 for mac-elcapitan-wk2 The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews. Bot: ews104 Port: mac-elcapitan-wk2 Platform: Mac OS X 10.11.6

Build Bot

Comment 19 2017-07-25 11:18:01 PDT

Comment on attachment 316369 [details] Patch Attachment 316369 [details] did not pass mac-debug-ews (mac): Output: http://webkit-queues.webkit.org/results/4185355 New failing tests: http/tests/security/sandboxed-iframe-ALLOWED-modals.html fast/frames/sandboxed-iframe-parsing-space-characters.html

Build Bot

Comment 20 2017-07-25 11:18:02 PDT

Created attachment 316379 [details] Archive of layout-test-results from ews113 for mac-elcapitan The attached test failures were seen while running run-webkit-tests on the mac-debug-ews. Bot: ews113 Port: mac-elcapitan Platform: Mac OS X 10.11.6

Build Bot

Comment 21 2017-07-25 11:29:39 PDT

Comment on attachment 316369 [details] Patch Attachment 316369 [details] did not pass ios-sim-ews (ios-simulator-wk2): Output: http://webkit-queues.webkit.org/results/4185396 New failing tests: fast/frames/sandboxed-iframe-parsing-space-characters.html

Build Bot

Comment 22 2017-07-25 11:29:40 PDT

Created attachment 316381 [details] Archive of layout-test-results from ews126 for ios-simulator-wk2 The attached test failures were seen while running run-webkit-tests on the ios-sim-ews. Bot: ews126 Port: ios-simulator-wk2 Platform: Mac OS X 10.12.5

Frédéric Wang (:fredw)

Comment 23 2017-07-25 13:24:59 PDT

Created attachment 316387 [details] Patch

Brent Fulgham

Comment 24 2017-08-18 09:44:02 PDT

Comment on attachment 316387 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=316387&action=review Thank you for implementing this! r=me, but please update the patch to reflect that bit 11 is already used. > Source/WebCore/dom/SecurityContext.h:54 > + SandboxModals = 1 << 11, Bit 11 is already taken by SandboxDocumentDomain. Can you please change this to 12?

Frédéric Wang (:fredw)

Comment 25 2017-08-25 09:33:47 PDT

Created attachment 319084 [details] Patch

Frédéric Wang (:fredw)

Comment 26 2017-08-25 10:29:05 PDT

Committed r221193: <http://trac.webkit.org/changeset/221193>

Radar WebKit Bug Importer

Comment 27 2017-08-25 10:29:59 PDT

<rdar://problem/34083930>

Brent Fulgham

Comment 28 2017-08-31 12:41:51 PDT

This was actually: <rdar://problem/26079109>

Note You need to log in before you can comment on or make changes to this bug.