104365 – Log to console when script is blocked by sandbox attributes.

Bug 104365 - Log to console when script is blocked by sandbox attributes.

Summary: Log to console when script is blocked by sandbox attributes.

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebCore Misc. (show other bugs)
Version:	528+ (Nightly build)
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Mike West

URL:
Keywords:

Depends on:	104471
Blocks:	101964
	Show dependency tree / graph

Reported:	2012-12-07 05:34 PST by Mike West
Modified:	2012-12-10 10:43 PST (History)
CC List:	9 users (show)

See Also:

Attachments
Patch (9.41 KB, patch) 2012-12-07 05:36 PST, Mike West	no flags	Details \| Formatted Diff \| Diff
Patch (16.53 KB, patch) 2012-12-07 07:47 PST, Mike West	no flags	Details \| Formatted Diff \| Diff
Patch for landing (16.40 KB, patch) 2012-12-08 13:08 PST, Mike West	no flags	Details \| Formatted Diff \| Diff
Patch (18.21 KB, patch) 2012-12-10 04:44 PST, Mike West	no flags	Details \| Formatted Diff \| Diff
Show Obsolete (3) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Mike West 2012-12-07 05:34:03 PST

Continuing to skim through the sandbox flags we're currently not logging. This touches the (only) call site which checks SandboxedScripts: ScriptControllerBase::canExecuteScript.

Comment 1 Mike West 2012-12-07 05:36:42 PST

Created attachment 178205 [details]
Patch

Comment 2 WebKit Review Bot 2012-12-07 07:21:02 PST

Comment on attachment 178205 [details]
Patch

Attachment 178205 [details] did not pass chromium-ews (chromium-xvfb):
Output: http://queues.webkit.org/results/15191256

New failing tests:
http/tests/security/contentSecurityPolicy/sandbox-empty.html
http/tests/security/isolatedWorld/sandboxed-iframe.html
http/tests/security/contentSecurityPolicy/sandbox-in-http-header.html
http/tests/security/sandbox-inherit-to-initial-document-2.html
http/tests/security/contentSecurityPolicy/sandbox-invalid-header.html
http/tests/security/contentSecurityPolicy/sandbox-empty-subframe.html
http/tests/security/contentSecurityPolicy/sandbox-in-http-header-control.html
media/video-controls-no-scripting.html

Comment 3 Mike West 2012-12-07 07:47:58 PST

Created attachment 178218 [details]
Patch

Comment 4 Mike West 2012-12-08 13:08:54 PST

Created attachment 178376 [details]
Patch for landing

Comment 5 WebKit Review Bot 2012-12-08 17:55:10 PST

Comment on attachment 178376 [details]
Patch for landing

Clearing flags on attachment: 178376

Committed r137053: <http://trac.webkit.org/changeset/137053>

Comment 6 WebKit Review Bot 2012-12-08 17:55:14 PST

All reviewed patches have been landed.  Closing bug.

Comment 7 Csaba Osztrogonác 2012-12-09 01:27:21 PST

(In reply to comment #5)
> (From update of attachment 178376 [details])
> Clearing flags on attachment: 178376
> 
> Committed r137053: <http://trac.webkit.org/changeset/137053>

It broke the Parser/html-parser.html perf test. See the Qt perf bots for details

Comment 8 WebKit Review Bot 2012-12-09 01:48:51 PST

Re-opened since this is blocked by bug 104471

Comment 9 Ryosuke Niwa 2012-12-09 09:19:51 PST

The correct fix is to ignore "CONSOLE MESSAGE: Blocked script execution in 'html-parser.html' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.” in perf_test.py.

Comment 10 Mike West 2012-12-10 04:44:20 PST

Created attachment 178520 [details]
Patch

Comment 11 Mike West 2012-12-10 04:45:31 PST

(In reply to comment #9)
> The correct fix is to ignore "CONSOLE MESSAGE: Blocked script execution in 'html-parser.html' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.” in perf_test.py.

Thanks, excellent tip. :)

The attached patch adjusts perftest.py as you've suggested. The test passes locally, and I'm carrying over Ojan's r+. Still, I'd appreciate you taking a look before I land it, just to ensure I've skipped the warning in the right place.

Comment 12 Ryosuke Niwa 2012-12-10 09:49:41 PST

(In reply to comment #11)
> (In reply to comment #9)
> > The correct fix is to ignore "CONSOLE MESSAGE: Blocked script execution in 'html-parser.html' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.” in perf_test.py.
> 
> Thanks, excellent tip. :)
> 
> The attached patch adjusts perftest.py as you've suggested. The test passes locally, and I'm carrying over Ojan's r+. Still, I'd appreciate you taking a look before I land it, just to ensure I've skipped the warning in the right place.

Change looks right.

Comment 13 Mike West 2012-12-10 10:02:19 PST

Comment on attachment 178520 [details]
Patch

Thanks for taking a look.

Comment 14 WebKit Review Bot 2012-12-10 10:43:46 PST

Comment on attachment 178520 [details]
Patch

Clearing flags on attachment: 178520

Committed r137180: <http://trac.webkit.org/changeset/137180>

Comment 15 WebKit Review Bot 2012-12-10 10:43:50 PST

All reviewed patches have been landed.  Closing bug.