Bug 18870

Summary: SQUIRRELFISH: security check is wrong (global object issues?)
Product: WebKit Reporter: Maciej Stachowiak <mjs>
Component: JavaScriptCoreAssignee: Geoffrey Garen <ggaren>
Status: RESOLVED FIXED    
Severity: Normal    
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Mac   
OS: OS X 10.5   
Bug Depends on:    
Bug Blocks: 18631    
Attachments:
Description Flags
patch to fix much of the underlying problem, but not all sam: review+

Maciej Stachowiak
Reported 2008-05-03 01:40:13 PDT
We seem to be doing global object comparison security checks wrong, leading the following layout tests to fail: http/tests/security/cross-frame-access-callback-explicit-domain-ALLOW.htm http/tests/security/listener/xss-JSTargetNode-onclick-shortcut.html http/tests/security/listener/xss-XMLHttpRequest-addEventListener.html http/tests/security/listener/xss-XMLHttpRequest-shortcut.html http/tests/security/listener/xss-window-onclick-addEventListener.html http/tests/security/listener/xss-window-onclick-shortcut.html
Attachments
patch to fix much of the underlying problem, but not all (10.75 KB, patch)
2008-05-03 13:25 PDT, Geoffrey Garen 		sam: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Geoffrey Garen
Comment 1 2008-05-03 13:25:22 PDT
Created attachment 20953 [details] patch to fix much of the underlying problem, but not all
Geoffrey Garen
Comment 2 2008-05-03 13:39:25 PDT
Committed revision 32840. We still need to figure out why the exception messages in these tests have changed.
Geoffrey Garen
Comment 3 2008-05-07 21:24:25 PDT
Looks like two issues: - "-CONSOLE MESSAGE: line 6: Value undefined (result of expression alert) is not object." The difference here is a difference of exception message style. - "+CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame..." The difference here seems to be that squirrelfish looks up a global value an extra time. (Seems like a real bug.)
Geoffrey Garen
Comment 4 2008-05-07 23:15:44 PDT
Committed revision 32971.
Note You need to log in before you can comment on or make changes to this bug.