Bug 173657

Summary: Some tests to verify forbidden frame navigation time out
Product: WebKit Reporter: Frédéric Wang (:fredw) <fred.wang>
Component: FramesAssignee: Frédéric Wang (:fredw) <fred.wang>
Status: RESOLVED FIXED    
Severity: Normal CC: ap, buildbot, cdumez, dbates, esprehn+autocc, fred.wang, kangil.han, kondapallykalyan, rniwa, youennf
Priority: P2    
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on: 173649    
Bug Blocks: 173162    
Attachments:
Description Flags
Patch
none
Archive of layout-test-results from ews102 for mac-elcapitan
none
Archive of layout-test-results from ews106 for mac-elcapitan-wk2
none
Archive of layout-test-results from ews126 for ios-simulator-wk2
none
Archive of layout-test-results from ews113 for mac-elcapitan
none
Patch
none
Patch cdumez: review+

Description Frédéric Wang (:fredw) 2017-06-21 09:49:26 PDT
The following tests time out in WebKit but they don't in Gecko or Chromium:

http://w3c-test.org/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_allow_top_navigation-2.html
http://w3c-test.org/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_navigate_ancestor-1.html

Apparently the Javascript error caused by Document::canNavigate is not caught by the try statement which prevents the tests to complete.

(Note: timeouts also happen for iframe_sandbox_popups_escaping-3, iframe_sandbox_popups_nonescaping-3, and iframe_sandbox_allow_top_navigation_by_user_activation_without_user_gesture but this is because of incomplete implementation, see bug 173162 and bug 171327).
Comment 1 Frédéric Wang (:fredw) 2017-06-26 04:22:46 PDT
Created attachment 313824 [details]
Patch
Comment 2 Build Bot 2017-06-26 05:21:44 PDT
Comment on attachment 313824 [details]
Patch

Attachment 313824 [details] did not pass mac-ews (mac):
Output: http://webkit-queues.webkit.org/results/4000224

New failing tests:
fast/frames/sandboxed-iframe-navigation-top-denied.html
http/tests/security/frameNavigation/inactive-function-in-popup-navigate-child.html
Comment 3 Build Bot 2017-06-26 05:21:46 PDT
Created attachment 313829 [details]
Archive of layout-test-results from ews102 for mac-elcapitan

The attached test failures were seen while running run-webkit-tests on the mac-ews.
Bot: ews102  Port: mac-elcapitan  Platform: Mac OS X 10.11.6
Comment 4 Build Bot 2017-06-26 05:30:24 PDT
Comment on attachment 313824 [details]
Patch

Attachment 313824 [details] did not pass mac-wk2-ews (mac-wk2):
Output: http://webkit-queues.webkit.org/results/4000288

New failing tests:
fast/frames/sandboxed-iframe-navigation-top-denied.html
http/tests/security/frameNavigation/inactive-function-in-popup-navigate-child.html
Comment 5 Build Bot 2017-06-26 05:30:26 PDT
Created attachment 313830 [details]
Archive of layout-test-results from ews106 for mac-elcapitan-wk2

The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews.
Bot: ews106  Port: mac-elcapitan-wk2  Platform: Mac OS X 10.11.6
Comment 6 Build Bot 2017-06-26 05:54:24 PDT
Comment on attachment 313824 [details]
Patch

Attachment 313824 [details] did not pass ios-sim-ews (ios-simulator-wk2):
Output: http://webkit-queues.webkit.org/results/4000305

New failing tests:
fast/frames/sandboxed-iframe-navigation-top-denied.html
http/tests/security/frameNavigation/inactive-function-in-popup-navigate-child.html
Comment 7 Build Bot 2017-06-26 05:54:26 PDT
Created attachment 313831 [details]
Archive of layout-test-results from ews126 for ios-simulator-wk2

The attached test failures were seen while running run-webkit-tests on the ios-sim-ews.
Bot: ews126  Port: ios-simulator-wk2  Platform: Mac OS X 10.12.5
Comment 8 Build Bot 2017-06-26 05:56:24 PDT
Comment on attachment 313824 [details]
Patch

Attachment 313824 [details] did not pass mac-debug-ews (mac):
Output: http://webkit-queues.webkit.org/results/4000303

New failing tests:
fast/frames/sandboxed-iframe-navigation-top-denied.html
http/tests/security/frameNavigation/inactive-function-in-popup-navigate-child.html
Comment 9 Build Bot 2017-06-26 05:56:25 PDT
Created attachment 313832 [details]
Archive of layout-test-results from ews113 for mac-elcapitan

The attached test failures were seen while running run-webkit-tests on the mac-debug-ews.
Bot: ews113  Port: mac-elcapitan  Platform: Mac OS X 10.11.6
Comment 10 Frédéric Wang (:fredw) 2017-06-26 06:34:53 PDT
Created attachment 313833 [details]
Patch
Comment 11 Chris Dumez 2017-06-26 19:14:23 PDT
Comment on attachment 313833 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=313833&action=review

> Source/WebCore/page/Location.cpp:287
> +        return Exception { SECURITY_ERR };

While this gives the right behavior, it is a bit obscure to return a SECURITY_ERR if findFrameForNavigation() returns null. Instead, I would stop relying on findFrameForNavigation() altogether (we are anyway not looking up a frame). Something like:
ASSERT(m_frame);
if (!activeWindow.document().canNavigate(m_frame))
    return Exception { SECURITY_ERR };
ASSERT(m_frame->document());
ASSERT(m_frame->document()->domWindow());
m_frame->document()->domWindow()->setLocation(activeWindow, firstWindow, url);
return { };
Comment 12 Frédéric Wang (:fredw) 2017-06-27 00:32:45 PDT
Created attachment 313903 [details]
Patch
Comment 13 Chris Dumez 2017-06-27 08:53:55 PDT
Comment on attachment 313903 [details]
Patch

r=me
Comment 14 Frédéric Wang (:fredw) 2017-06-27 08:59:58 PDT
Committed r218835: <http://trac.webkit.org/changeset/218835>