Bug 191073

Summary: Calling window.open("", "_self") allows working around restrictions on window.close()
Product: WebKit Reporter: Ali Juma <ajuma>
Component: DOMAssignee: Ali Juma <ajuma>
Status: RESOLVED FIXED    
Severity: Normal CC: achristensen, cdumez, commit-queue, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
none
Patch for landing none

Ali Juma
Reported 2018-10-30 11:12:32 PDT
Windows that haven't been opened by script can't be closed using window.close(). However, calling |window.open("", "_self")| causes the existing window to be treated as if it's been opened by script, since in DOMWindow::createWindow we call |newFrame->page()->setOpenedByDOM();| without checking if this is really a newly-created frame. This means that script can trivially workaround the restriction on window.close() by instead calling: window.open("", "_self").close() Neither Blink nor Gecko allows scripts to close windows this way.
Attachments
Patch (3.67 KB, patch)
2018-10-30 11:14 PDT, Ali Juma 		no flags
DetailsFormatted DiffDiff
Patch for landing (3.63 KB, patch)
2018-10-30 12:19 PDT, Ali Juma 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Ali Juma
Comment 1 2018-10-30 11:14:21 PDT
Created attachment 353388 [details] Patch
Chris Dumez
Comment 2 2018-10-30 11:37:56 PDT
Comment on attachment 353388 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=353388&action=review r=me > LayoutTests/fast/dom/Window/window-open-self-disallow-close.html:5 > + <div id="log"></div> Is this really needed?
Ali Juma
Comment 3 2018-10-30 12:19:34 PDT
Created attachment 353396 [details] Patch for landing
Ali Juma
Comment 4 2018-10-30 12:20:56 PDT
(In reply to Chris Dumez from comment #2) > Comment on attachment 353388 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=353388&action=review > > r=me > > > LayoutTests/fast/dom/Window/window-open-self-disallow-close.html:5 > > + <div id="log"></div> > > Is this really needed? Not needed, removed now.
WebKit Commit Bot
Comment 5 2018-10-30 12:58:59 PDT
Comment on attachment 353396 [details] Patch for landing Clearing flags on attachment: 353396 Committed r237598: <https://trac.webkit.org/changeset/237598>
WebKit Commit Bot
Comment 6 2018-10-30 12:59:01 PDT
All reviewed patches have been landed. Closing bug.
Radar WebKit Bug Importer
Comment 7 2018-10-30 12:59:22 PDT
<rdar://problem/45677825>
Note You need to log in before you can comment on or make changes to this bug.