| Summary: | Add attribute allow-top-navigation-by-user-activation to iframe sandbox | ||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Product: | WebKit | Reporter: | Bin Lu <binlu> | ||||||||||||
| Component: | Frames | Assignee: | Frédéric Wang (:fredw) <fred.wang> | ||||||||||||
| Status: | RESOLVED FIXED | ||||||||||||||
| Severity: | Normal | CC: | binlu, buildbot, cdumez, dbates, dvoytenko, esprehn+autocc, fred.wang, jond, kangil.han, malteubl, mkwst | ||||||||||||
| Priority: | P2 | ||||||||||||||
| Version: | WebKit Nightly Build | ||||||||||||||
| Hardware: | All | ||||||||||||||
| OS: | All | ||||||||||||||
| Bug Depends on: | 174351 | ||||||||||||||
| Bug Blocks: | 175300, 182248 | ||||||||||||||
| Attachments: |
|
||||||||||||||
|
Description
Bin Lu
2017-04-26 09:12:35 PDT
There is also an automated test: http://w3c-test.org/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_allow_top_navigation_by_user_activation_without_user_gesture.html I'm not sure, but maybe it is going to timeout for the same reason as tests mentioned in bug 173657. Created attachment 315087 [details]
Patch
Comment on attachment 315087 [details] Patch Attachment 315087 [details] did not pass ios-sim-ews (ios-simulator-wk2): Output: http://webkit-queues.webkit.org/results/4099774 New failing tests: http/tests/security/frameNavigation/sandbox-ALLOWED-top-navigation-with-user-gesture-1.html http/tests/security/frameNavigation/sandbox-ALLOWED-top-navigation-with-user-gesture-2.html Created attachment 315090 [details]
Archive of layout-test-results from ews126 for ios-simulator-wk2
The attached test failures were seen while running run-webkit-tests on the ios-sim-ews.
Bot: ews126 Port: ios-simulator-wk2 Platform: Mac OS X 10.12.5
Created attachment 315103 [details]
Patch
New version using UIHelper.
Created attachment 315104 [details] Adjustment after bug 174351 Created attachment 315246 [details]
Patch
Comment on attachment 315246 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=315246&action=review r=me > Source/WebCore/dom/Document.cpp:3104 > + // i. A frame can navigate its top ancestor when its 'allow-top-navigation' flag is set (sometimes known as 'frame-busting') WebKit comments should end with a period. > LayoutTests/ChangeLog:19 > + * http/tests/security/frameNavigation/sandbox-ALLOWED-top-navigation-with-user-gesture-2.html: Added. Please add a test for when such navigation is NOT allowed. Comment on attachment 315246 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=315246&action=review >> Source/WebCore/dom/Document.cpp:3104 >> + // i. A frame can navigate its top ancestor when its 'allow-top-navigation' flag is set (sometimes known as 'frame-busting') > > WebKit comments should end with a period. oops, this change is a mistake indeed. >> LayoutTests/ChangeLog:19 >> + * http/tests/security/frameNavigation/sandbox-ALLOWED-top-navigation-with-user-gesture-2.html: Added. > > Please add a test for when such navigation is NOT allowed. OK, I'll do that. Thanks! Committed r219797: <http://trac.webkit.org/changeset/219797> Any idea on when this will be available on which version of Safari? I tested it on Safari on iOS 11/11.1, as well as Safari 11/11.01 on macOS, and it's not recognized (although 'allow-popups-to-escape-sandbox' is supported). But Safari technology preview version 40 does support it. So I'm wondering how Safari technology preview version would correspond to Safari version or iOS version. Thanks! (In reply to Bin Lu from comment #11) > Any idea on when this will be available on which version of Safari? Hi Bin Lu. I just tested with the latest releases of iOS and macOS and the allow-top-navigation-by-user-activation works for me. Tests: http://w3c-test.org/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_allow_top_navigation_by_user_activation-manual.html http://w3c-test.org/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_allow_top_navigation_by_user_activation_without_user_gesture.html https://webkit.org/demos/frames/sandboxing/ Awesome. Thanks Frederic! I've just verified that "allow-top-navigation-by-user-activation" is now supported on iOS 11.3. For MacOS, I haven't been able to get the Safari update yet, and will test it once I get it. My MacOS has been finally updated, and I've just verified that "allow-top-navigation-by-user-activation" is now supported on Safari 11.1 (13605.1.33.1.2) on MacOS High Sierra Version 10.13.4. Thanks Frederic again for the nice work! |