Summary: | http/tests/security/sandboxed-iframe-invalid.html is flaky on Mac | ||||||
---|---|---|---|---|---|---|---|
Product: | WebKit | Reporter: | Filip Pizlo <fpizlo> | ||||
Component: | WebCore Misc. | Assignee: | Nobody <webkit-unassigned> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | Normal | CC: | abarth, ap, commit-queue, fpizlo, japhet, mkwst, ossy, patrik.j.persson, roger_fong, simon.fraser | ||||
Priority: | P2 | Keywords: | LayoutTestFailure | ||||
Version: | 528+ (Nightly build) | ||||||
Hardware: | Mac | ||||||
OS: | All | ||||||
Bug Depends on: | 102391 | ||||||
Bug Blocks: | |||||||
Attachments: |
|
Description
Filip Pizlo
2012-05-03 11:38:14 PDT
Could you please post a failure diff? --- /Volumes/SSData/Development/OSX/webkit/OpenSource/WebKitBuild/Debug/layout-test-results/http/tests/security/sandboxed-iframe-modify-self-expected.txt +++ /Volumes/SSData/Development/OSX/webkit/OpenSource/WebKitBuild/Debug/layout-test-results/http/tests/security/sandboxed-iframe-modify-self-actual.txt @@ -1,3 +1,5 @@ +CONSOLE MESSAGE: Unsafe JavaScript attempt to initiate a navigation change for frame with URL http://127.0.0.1:8000/security/sandboxed-iframe-form-top.html from frame with URL http://127.0.0.1:8000/security/resources/sandboxed-iframe-form-top.html. + CONSOLE MESSAGE: Sandbox access violation: Unsafe JavaScript attempt to access frame with URL http://127.0.0.1:8000/security/sandboxed-iframe-modify-self.html from frame with URL http://127.0.0.1:8000/security/resources/sandboxed-iframe-modify-self.html. The frame requesting access is sandboxed into a unique origin. This is a "sanity" test case to verify that a sandboxed frame cannot break out of its sandbox by modifying its own sandbox attribute. Two attempts are made: This test "passes" on windows bots, but in fact the extra Console output appears on the next test that gets run (script-crossorigin-loads-same-origin.html). Here's the diff of the failing test: --- /home/buildbot/slave/win-release-tests/build/layout-test-results/http/tests/security/script-crossorigin-loads-same-origin-expected.txt 2012-09-21 19:20:20.676828600 -0700 +++ /home/buildbot/slave/win-release-tests/build/layout-test-results/http/tests/security/script-crossorigin-loads-same-origin-actual.txt 2012-09-21 19:20:20.674828500 -0700 @@ -1,3 +1,5 @@ +CONSOLE MESSAGE: Unsafe JavaScript attempt to initiate a navigation change for frame with URL http://127.0.0.1:8000/security/sandboxed-iframe-form-top.html from frame with URL http://127.0.0.1:8000/security/resources/sandboxed-iframe-form-top.html. + Test that a script element with a crossorigin attribute loads same-origin scripts correctly when there's no access control headers in the response. PASS Crazy right? Anyways, I'm skipping this test on Windows to get the other one to pass. (In reply to comment #3) > This test "passes" on windows bots, but in fact the extra Console output appears on the next test that gets run (script-crossorigin-loads-same-origin.html). > > Here's the diff of the failing test: > --- /home/buildbot/slave/win-release-tests/build/layout-test-results/http/tests/security/script-crossorigin-loads-same-origin-expected.txt 2012-09-21 19:20:20.676828600 -0700 > +++ /home/buildbot/slave/win-release-tests/build/layout-test-results/http/tests/security/script-crossorigin-loads-same-origin-actual.txt 2012-09-21 19:20:20.674828500 -0700 > @@ -1,3 +1,5 @@ > +CONSOLE MESSAGE: Unsafe JavaScript attempt to initiate a navigation change for frame with URL http://127.0.0.1:8000/security/sandboxed-iframe-form-top.html from frame with URL http://127.0.0.1:8000/security/resources/sandboxed-iframe-form-top.html. > + > Test that a script element with a crossorigin attribute loads same-origin scripts correctly when there's no access control headers in the response. > > PASS > > Crazy right? Anyways, I'm skipping this test on Windows to get the other one to pass. O my, posted in the wrong bug... ignore all that. The root cause here seems to be the previous test: http/tests/security/sandboxed-iframe-form-top.html, which is leaking state into the next test, whatever that happens to be. I've skipped that test in r134929 and r134789 and reneabled the previously skipped tests. *** Bug 105819 has been marked as a duplicate of this bug. *** http/tests/security/sandboxed-iframe-form-top.html got unskipped in r150558 accidentally, so it's causing badness again. I'll see if I can easily fix it, and will skip again if not. Created attachment 208575 [details]
proposed fix
Comment on attachment 208575 [details] proposed fix Clearing flags on attachment: 208575 Committed r153973: <http://trac.webkit.org/changeset/153973> All reviewed patches have been landed. Closing bug. |