Bug 68711

Summary: REGRESSION (r87756) - Document::initSecurityContext() fails to call securityOrigin().grantLoadLocalResources()
Product: WebKit Reporter: Steve Block <steveblock>
Component: WebCore Misc.Assignee: Jocelyn Turcotte <jturcotte>
Status: RESOLVED FIXED    
Severity: Normal CC: abarth, ap, beidson, benm, darin, dbates, dglazkov, d-r, eric.carlson, feature-media-reviews, fmalita, japhet, jturcotte, mifenton, ojan, ossy, pdr, peter+ews, rafael.lobo, schenney, steveblock, webkit.review.bot
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 38654    
Attachments:
Description Flags
Patch
none
Patch
none
Patch none

Steve Block
Reported 2011-09-23 11:36:07 PDT
The Document constructor calls Document::initSecurityContext(). This function is broken because it calls Document::loader() before the frame has a chance to point to this document. This was introduced by r87756. See https://bugs.webkit.org/show_bug.cgi?id=61494#c19 and onwards. Note that both Qt and Android use AllowLocalLoadsForLocalAndSubstituteData so rely on Document::initSecurityContext().
Attachments
Patch (48.32 KB, patch)
2012-11-27 08:20 PST, Jocelyn Turcotte 		no flags
DetailsFormatted DiffDiff
Patch (49.12 KB, patch)
2012-11-28 01:30 PST, Jocelyn Turcotte 		no flags
DetailsFormatted DiffDiff
Patch (5.12 KB, patch)
2012-11-30 05:51 PST, Jocelyn Turcotte 		no flags
DetailsFormatted DiffDiff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
Darin Adler
Comment 1 2011-09-23 12:25:20 PDT
The core of this problem is the fact that during the creation of the Document it can’t get to its own DocumentLoader. I can think of two ways of fixing this: 1) Improving the ownership model so the document doesn’t have to go through the frame's “active document loader” to get to its document loader. This is the best long term solution. 2) Passing the document loader in when creating the document. This seems like something better to pass in than the frame, in fact. Maybe there are other fixes. (2) should be relatively mechanical so it may be a good way to do things. The only concern I have is that some documents may not have a loader.
Darin Adler
Comment 2 2011-09-23 12:27:38 PDT
Another possibility: 3) Hack the document initialization process so that it relies on the frame loader’s active document loader being the document’s loader despite the fact that the frame does not yet have the document as its current document. This hack could be simply implemented as a boolean that gets set during initialization and then cleared once initialization is complete. While (3) makes things more like they were before r87756, it creates the risk of reintroducing the kind of problems r87756 was supposed to solve if during document initialization there is something that causes the frame loader to move on to a new document. And (3) is not a good direction long term, since it makes things even more complicated.
Jocelyn Turcotte
Comment 3 2012-11-27 08:20:58 PST
Created attachment 176271 [details] Patch
Jocelyn Turcotte
Comment 4 2012-11-27 08:25:35 PST
This basically implements (2). It didn't feel comfortable to add a reference of DocumentLoader into Document or the other way around since both are pretty heavy objects and their lifetime can't easily be encapsulated into one another.
Jocelyn Turcotte
Comment 5 2012-11-27 08:35:59 PST
*** Bug 63245 has been marked as a duplicate of this bug. ***
Peter Beverloo (cr-android ews)
Comment 6 2012-11-27 10:16:14 PST
Comment on attachment 176271 [details] Patch Attachment 176271 [details] did not pass cr-android-ews (chromium-android): Output: http://queues.webkit.org/results/15014150
WebKit Review Bot
Comment 7 2012-11-27 17:22:09 PST
Comment on attachment 176271 [details] Patch Attachment 176271 [details] did not pass chromium-ews (chromium-xvfb): Output: http://queues.webkit.org/results/15018234
Jocelyn Turcotte
Comment 8 2012-11-28 01:30:25 PST
Created attachment 176426 [details] Patch Fix the chromium build.
Adam Barth
Comment 9 2012-11-29 10:13:01 PST
Comment on attachment 176426 [details] Patch There's got to be a better way of doing this. Passing in both the Frame and the DocumentLoader into the constructor is redundant.
Adam Barth
Comment 10 2012-11-29 10:14:10 PST
Perhaps the DocumentLoader should be in charge of calling grantLoadLocalResources() when it is using substitute data? I don't think there is a particular reason we need to call the function during initSecurityContext().
Nate Chapin
Comment 11 2012-11-29 10:32:03 PST
(In reply to comment #9) > (From update of attachment 176426 [details]) > There's got to be a better way of doing this. Passing in both the Frame and the DocumentLoader into the constructor is redundant. Should Document's constructor just take a DocumentLoader* then? (In reply to comment #10) > Perhaps the DocumentLoader should be in charge of calling grantLoadLocalResources() when it is using substitute data? I don't think there is a particular reason we need to call the function during initSecurityContext(). That seems reasonable. The grantLoadLocalResources() call appears to be the only place that Document knows about SubstituteData, which makes it seem particularly out of place.
Jocelyn Turcotte
Comment 12 2012-11-30 05:46:59 PST
(In reply to comment #11) > (In reply to comment #10) > > Perhaps the DocumentLoader should be in charge of calling grantLoadLocalResources() when it is using substitute data? I don't think there is a particular reason we need to call the function during initSecurityContext(). > > That seems reasonable. The grantLoadLocalResources() call appears to be the only place that Document knows about SubstituteData, which makes it seem particularly out of place. Thanks for the hint, that makes it much simpler.
Jocelyn Turcotte
Comment 13 2012-11-30 05:51:53 PST
Created attachment 176949 [details] Patch Move the check to FrameLoader::didBeginDocument. It could also be done in DocumentLoader::commitData by returning the Document from DocumentWriter::begin if you prefer.
WebKit Review Bot
Comment 14 2012-11-30 06:34:25 PST
Comment on attachment 176949 [details] Patch Attachment 176949 [details] did not pass chromium-ews (chromium-xvfb): Output: http://queues.webkit.org/results/15067146 New failing tests: inspector-protocol/debugger-terminate-dedicated-worker-while-paused.html
Adam Barth
Comment 15 2012-11-30 13:37:11 PST
Comment on attachment 176949 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=176949&action=review > Source/WebKit/qt/tests/qwebpage/tst_qwebpage.cpp:-2935 > - QEXPECT_FAIL("", "https://bugs.webkit.org/show_bug.cgi?id=63245", Continue); Does this mean that this test is testing change? I'm not familiar with this test harness.
Adam Barth
Comment 16 2012-11-30 13:37:32 PST
> New failing tests: > inspector-protocol/debugger-terminate-dedicated-worker-while-paused.html ^^^ This test is flaky. Sorry about the noise.
Jocelyn Turcotte
Comment 17 2012-12-03 08:45:35 PST
Comment on attachment 176949 [details] Patch (In reply to comment #15) > Does this mean that this test is testing change? I'm not familiar with this test harness. Thanks, yes it is.
WebKit Review Bot
Comment 18 2012-12-03 09:02:52 PST
Comment on attachment 176949 [details] Patch Clearing flags on attachment: 176949 Committed r136404: <http://trac.webkit.org/changeset/136404>
WebKit Review Bot
Comment 19 2012-12-03 09:03:00 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.