Bug 35032

Summary: LayoutTests/http/tests/security/cross-origin-css.html results differ between DumpRenderTree and Safari
Product: WebKit Reporter: David Kilzer (:ddkilzer) <ddkilzer>
Component: Tools / TestsAssignee: Nobody <webkit-unassigned>
Status: RESOLVED INVALID    
Severity: Normal CC: abarth, sam, scarybeasts
Priority: P2 Keywords: LayoutTestFailure
Version: 528+ (Nightly build)   
Hardware: Mac   
OS: OS X 10.4   
URL: http://127.0.0.1:8000/security/cross-origin-css.html
Bug Depends on: 29820    
Bug Blocks:    
Attachments:
Description Flags
Expected test results none

Description David Kilzer (:ddkilzer) 2010-02-17 04:52:38 PST 
* SUMMARY
When LayoutTests/http/tests/security/cross-origin-css.html (added for Bug 29820) is run in Safari 4.0.4 on Mac OS X, it produces different results than when the test is run under DumpRenderTree.  The Safari results look more correct, which indicates this is probably a DumpRenderTree bug.

* STEPS TO REPRODUCE
1. Start the web server:
$ ./WebKitTools/Scripts/run-webkit-httpd -a
2. Launch Safari.
3. Open test case:  <http://localhost:8000/security/cross-origin-css.html>

* RESULTS
The second line of the test results in DumpRenderTree does NOT have a yellow background, while it DOES in Safari:

-LINK + IMPORT Cross-origin, HTML, invalid: rgba(0, 0, 0, 0)
+LINK + IMPORT Cross-origin, HTML, invalid: rgb(255, 255, 0)

Based on the test files, it seems like it should have a yellow background, so the DumpRenderTree results appear to be incorrect.

* REGRESSION
Unknown.  The test landed in r52784.

* NOTES
See Bug 29820.
Comment 1 Chris Evans 2010-02-17 10:24:20 PST 
Isn't this just a reflection that the CSS security fix isn't present in Safari 4.0.4 ?
The test is checking that the "Cross-origin, HTML, invalid" combination does not load CSS.
Comment 2 David Kilzer (:ddkilzer) 2010-02-22 02:00:50 PST 
(In reply to comment #1)
> Isn't this just a reflection that the CSS security fix isn't present in Safari
> 4.0.4 ?
> The test is checking that the "Cross-origin, HTML, invalid" combination does
> not load CSS.

Nope, this reproduces with WebKit nightly build r55027.  The original fix was in r52784.
Comment 3 David Kilzer (:ddkilzer) 2010-02-22 02:27:23 PST 
(In reply to comment #2)
> (In reply to comment #1)
> > Isn't this just a reflection that the CSS security fix isn't present in Safari
> > 4.0.4 ?
> > The test is checking that the "Cross-origin, HTML, invalid" combination does
> > not load CSS.
> 
> Nope, this reproduces with WebKit nightly build r55027.  The original fix was
> in r52784.

Also reproduces with WebKit nightly build r52951 (the first nightly build available after r52784).
Comment 4 David Kilzer (:ddkilzer) 2010-05-01 16:02:25 PDT 
I was using the wrong URL to run the test locally with run-webkit-httpd.  I should have used <http://127.0.0.1:8000/> instead of <http://localhost:8000/>.
Comment 5 David Kilzer (:ddkilzer) 2010-05-01 16:12:19 PDT 
(In reply to comment #4)
> I was using the wrong URL to run the test locally with run-webkit-httpd.  I
> should have used <http://127.0.0.1:8000/> instead of <http://localhost:8000/>.

Closing as RESOLVED/INVALID.
Comment 6 David Kilzer (:ddkilzer) 2010-05-01 16:12:52 PDT 
Created attachment 54860 [details]
Expected test results

This is what the expected test results should show.