197466 – Setting a frame's src to a javascript URL should not run it synchronously

RESOLVED FIXED197466

Setting a frame's src to a javascript URL should not run it synchronously

https://bugs.webkit.org/show_bug.cgi?id=197466

Summary Setting a frame's src to a javascript URL should not run it synchronously

Chris Dumez

Reported 2019-05-01 10:23:12 PDT

Setting a frame's src to a javascript URL should not run it synchronously. Firefox and Chrome appear to schedule a navigation to that javascript URL instead.

Attachments
WIP Patch (3.15 KB, patch) 2019-05-01 10:24 PDT, Chris Dumez	ews-watchlist: commit-queue-	Details Formatted Diff Diff
Archive of layout-test-results from ews106 for mac-highsierra-wk2 (2.94 MB, application/zip) 2019-05-01 11:44 PDT, EWS Watchlist	no flags	Details
Archive of layout-test-results from ews115 for mac-highsierra (3.02 MB, application/zip) 2019-05-01 12:14 PDT, EWS Watchlist	no flags	Details
Archive of layout-test-results from ews122 for ios-simulator-wk2 (24.90 MB, application/zip) 2019-05-01 12:22 PDT, EWS Watchlist	no flags	Details
Archive of layout-test-results from ews101 for mac-highsierra (3.17 MB, application/zip) 2019-05-01 12:34 PDT, EWS Watchlist	no flags	Details
WiP Patch (11.67 KB, patch) 2019-05-01 13:35 PDT, Chris Dumez	no flags	Details Formatted Diff Diff
WiP Patch (12.74 KB, patch) 2019-05-01 14:10 PDT, Chris Dumez	no flags	Details Formatted Diff Diff
WiP Patch (3.15 KB, patch) 2019-05-01 14:18 PDT, Chris Dumez	no flags	Details Formatted Diff Diff
WiP Patch (15.43 KB, patch) 2019-05-01 14:20 PDT, Chris Dumez	ews-watchlist: commit-queue-	Details Formatted Diff Diff
Archive of layout-test-results from ews103 for mac-highsierra (1.08 MB, application/zip) 2019-05-01 15:11 PDT, EWS Watchlist	no flags	Details
Archive of layout-test-results from ews104 for mac-highsierra-wk2 (1.95 MB, application/zip) 2019-05-01 15:43 PDT, EWS Watchlist	no flags	Details
Archive of layout-test-results from ews114 for mac-highsierra (1.32 MB, application/zip) 2019-05-01 15:59 PDT, EWS Watchlist	no flags	Details
WiP Patch (23.06 KB, patch) 2019-05-01 16:10 PDT, Chris Dumez	no flags	Details Formatted Diff Diff
WiP Patch (25.65 KB, patch) 2019-05-01 16:27 PDT, Chris Dumez	no flags	Details Formatted Diff Diff
WiP Patch (30.99 KB, patch) 2019-05-01 16:44 PDT, Chris Dumez	no flags	Details Formatted Diff Diff
WiP Patch (32.24 KB, patch) 2019-05-01 17:00 PDT, Chris Dumez	ews-watchlist: commit-queue-	Details Formatted Diff Diff
Archive of layout-test-results from ews104 for mac-highsierra-wk2 (3.45 MB, application/zip) 2019-05-01 18:06 PDT, EWS Watchlist	no flags	Details
Archive of layout-test-results from ews101 for mac-highsierra (3.09 MB, application/zip) 2019-05-01 18:08 PDT, EWS Watchlist	no flags	Details
Archive of layout-test-results from ews114 for mac-highsierra (3.28 MB, application/zip) 2019-05-01 19:01 PDT, EWS Watchlist	no flags	Details
Archive of layout-test-results from ews125 for ios-simulator-wk2 (8.69 MB, application/zip) 2019-05-01 19:38 PDT, EWS Watchlist	no flags	Details
WIP Patch (38.33 KB, patch) 2019-05-01 20:26 PDT, Chris Dumez	no flags	Details Formatted Diff Diff
Patch (44.58 KB, patch) 2019-05-01 20:38 PDT, Chris Dumez	no flags	Details Formatted Diff Diff
Patch (41.49 KB, patch) 2019-05-01 21:01 PDT, Chris Dumez	no flags	Details Formatted Diff Diff
Patch (41.55 KB, patch) 2019-05-01 21:06 PDT, Chris Dumez	no flags	Details Formatted Diff Diff
Archive of layout-test-results from ews103 for mac-highsierra (3.08 MB, application/zip) 2019-05-01 22:00 PDT, EWS Watchlist	no flags	Details
Archive of layout-test-results from ews115 for mac-highsierra (1.55 MB, application/zip) 2019-05-01 22:31 PDT, EWS Watchlist	no flags	Details
Archive of layout-test-results from ews105 for mac-highsierra-wk2 (3.12 MB, application/zip) 2019-05-01 22:45 PDT, EWS Watchlist	no flags	Details
Archive of layout-test-results from ews123 for ios-simulator-wk2 (95.58 MB, application/zip) 2019-05-01 23:16 PDT, EWS Watchlist	no flags	Details
Archive of layout-test-results from ews210 for win-future (13.88 MB, application/zip) 2019-05-02 10:11 PDT, EWS Watchlist	no flags	Details
Patch (44.16 KB, patch) 2019-05-02 10:35 PDT, Chris Dumez	no flags	Details Formatted Diff Diff
Archive of layout-test-results from ews103 for mac-highsierra (3.19 MB, application/zip) 2019-05-02 11:20 PDT, EWS Watchlist	no flags	Details
Archive of layout-test-results from ews107 for mac-highsierra-wk2 (2.85 MB, application/zip) 2019-05-02 11:30 PDT, EWS Watchlist	no flags	Details
Archive of layout-test-results from ews126 for ios-simulator-wk2 (8.04 MB, application/zip) 2019-05-02 12:33 PDT, EWS Watchlist	no flags	Details
Patch (40.91 KB, patch) 2019-05-02 12:34 PDT, Chris Dumez	no flags	Details Formatted Diff Diff
Patch (40.87 KB, patch) 2019-05-02 13:25 PDT, Chris Dumez	no flags	Details Formatted Diff Diff
Patch (40.87 KB, patch) 2019-05-02 14:29 PDT, Chris Dumez	no flags	Details Formatted Diff Diff
Patch (40.86 KB, patch) 2019-05-02 15:08 PDT, Chris Dumez	no flags	Details Formatted Diff Diff
Show Obsolete (36) View All Add attachment proposed patch, testcase, etc.

Chris Dumez

Comment 1 2019-05-01 10:24:42 PDT

Created attachment 368683 [details] WIP Patch

EWS Watchlist

Comment 2 2019-05-01 11:44:36 PDT

Comment on attachment 368683 [details] WIP Patch Attachment 368683 [details] did not pass mac-wk2-ews (mac-wk2): Output: https://webkit-queues.webkit.org/results/12052645 New failing tests: fast/parser/iframe-sets-parent-to-javascript-url.html fast/dom/javascript-url-exception-isolation.html http/tests/security/contentSecurityPolicy/javascript-url-blocked.html imported/blink/loader/iframe-sync-loads.html fast/dom/Attr/only-attach-attr-once.html http/tests/security/javascriptURL/xss-ALLOWED-from-javascript-url-sub-frame-2-level.html fast/loader/javascript-url-in-object.html fast/dom/javascript-url-crash-function.html http/tests/security/javascriptURL/xss-ALLOWED-from-javascript-url-sub-frame.html http/tests/security/contentSecurityPolicy/javascript-url-allowed.html fast/dom/no-assert-for-malformed-js-url-attribute.html fast/loader/nested-document-handling.html

EWS Watchlist

Comment 3 2019-05-01 11:44:37 PDT

Created attachment 368689 [details] Archive of layout-test-results from ews106 for mac-highsierra-wk2 The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews. Bot: ews106 Port: mac-highsierra-wk2 Platform: Mac OS X 10.13.6

EWS Watchlist

Comment 4 2019-05-01 12:14:30 PDT

Comment on attachment 368683 [details] WIP Patch Attachment 368683 [details] did not pass mac-debug-ews (mac): Output: https://webkit-queues.webkit.org/results/12052681 New failing tests: fast/parser/iframe-sets-parent-to-javascript-url.html fast/dom/javascript-url-exception-isolation.html http/tests/security/contentSecurityPolicy/javascript-url-blocked.html imported/blink/loader/iframe-sync-loads.html fast/dom/Attr/only-attach-attr-once.html fast/loader/javascript-url-in-object.html fast/dom/javascript-url-crash-function.html http/tests/security/javascriptURL/xss-ALLOWED-from-javascript-url-sub-frame.html http/tests/security/contentSecurityPolicy/javascript-url-allowed.html fast/dom/no-assert-for-malformed-js-url-attribute.html fast/loader/nested-document-handling.html

EWS Watchlist

Comment 5 2019-05-01 12:14:32 PDT

Created attachment 368690 [details] Archive of layout-test-results from ews115 for mac-highsierra The attached test failures were seen while running run-webkit-tests on the mac-debug-ews. Bot: ews115 Port: mac-highsierra Platform: Mac OS X 10.13.6

EWS Watchlist

Comment 6 2019-05-01 12:22:18 PDT

Comment on attachment 368683 [details] WIP Patch Attachment 368683 [details] did not pass ios-sim-ews (ios-simulator-wk2): Output: https://webkit-queues.webkit.org/results/12052692 New failing tests: http/tests/security/javascriptURL/xss-ALLOWED-to-javascript-url-from-javscript-url.html fast/loader/javascript-url-in-embed.html fast/dom/javascript-url-exception-isolation.html http/tests/security/contentSecurityPolicy/javascript-url-blocked.html imported/blink/loader/iframe-sync-loads.html fast/dom/Attr/only-attach-attr-once.html http/tests/security/javascriptURL/xss-ALLOWED-from-javascript-url-sub-frame-2-level.html fast/loader/javascript-url-in-object.html fast/dom/javascript-url-crash-function.html http/tests/security/javascriptURL/xss-ALLOWED-from-javascript-url-sub-frame.html fast/loader/nested-document-handling.html http/tests/security/contentSecurityPolicy/javascript-url-allowed.html fast/dom/no-assert-for-malformed-js-url-attribute.html fast/parser/iframe-sets-parent-to-javascript-url.html

EWS Watchlist

Comment 7 2019-05-01 12:22:20 PDT

Created attachment 368691 [details] Archive of layout-test-results from ews122 for ios-simulator-wk2 The attached test failures were seen while running run-webkit-tests on the ios-sim-ews. Bot: ews122 Port: ios-simulator-wk2 Platform: Mac OS X 10.14.4

EWS Watchlist

Comment 8 2019-05-01 12:34:54 PDT

Comment on attachment 368683 [details] WIP Patch Attachment 368683 [details] did not pass mac-ews (mac): Output: https://webkit-queues.webkit.org/results/12052921 New failing tests: fast/dom/javascript-url-exception-isolation.html http/tests/security/javascriptURL/xss-ALLOWED-to-javascript-url-from-javscript-url.html imported/blink/loader/iframe-sync-loads.html fast/dom/Attr/only-attach-attr-once.html http/tests/security/javascriptURL/xss-ALLOWED-from-javascript-url-sub-frame-2-level.html fast/loader/javascript-url-in-object.html fast/dom/javascript-url-crash-function.html http/tests/security/javascriptURL/xss-ALLOWED-from-javascript-url-sub-frame.html http/tests/security/contentSecurityPolicy/javascript-url-blocked.html fast/loader/nested-document-handling.html http/tests/security/contentSecurityPolicy/javascript-url-allowed.html fast/dom/no-assert-for-malformed-js-url-attribute.html fast/parser/iframe-sets-parent-to-javascript-url.html

EWS Watchlist

Comment 9 2019-05-01 12:34:56 PDT

Created attachment 368693 [details] Archive of layout-test-results from ews101 for mac-highsierra The attached test failures were seen while running run-webkit-tests on the mac-ews. Bot: ews101 Port: mac-highsierra Platform: Mac OS X 10.13.6

Chris Dumez

Comment 10 2019-05-01 13:35:41 PDT

Created attachment 368699 [details] WiP Patch

Chris Dumez

Comment 11 2019-05-01 14:10:24 PDT

Created attachment 368706 [details] WiP Patch

Chris Dumez

Comment 12 2019-05-01 14:18:56 PDT

Created attachment 368709 [details] WiP Patch

Chris Dumez

Comment 13 2019-05-01 14:20:01 PDT

Created attachment 368710 [details] WiP Patch

EWS Watchlist

Comment 14 2019-05-01 15:11:21 PDT

Comment on attachment 368710 [details] WiP Patch Attachment 368710 [details] did not pass mac-ews (mac): Output: https://webkit-queues.webkit.org/results/12054620 Number of test failures exceeded the failure limit.

EWS Watchlist

Comment 15 2019-05-01 15:11:23 PDT

Created attachment 368719 [details] Archive of layout-test-results from ews103 for mac-highsierra The attached test failures were seen while running run-webkit-tests on the mac-ews. Bot: ews103 Port: mac-highsierra Platform: Mac OS X 10.13.6

EWS Watchlist

Comment 16 2019-05-01 15:43:38 PDT

Comment on attachment 368710 [details] WiP Patch Attachment 368710 [details] did not pass mac-wk2-ews (mac-wk2): Output: https://webkit-queues.webkit.org/results/12054843 Number of test failures exceeded the failure limit.

EWS Watchlist

Comment 17 2019-05-01 15:43:39 PDT

Created attachment 368723 [details] Archive of layout-test-results from ews104 for mac-highsierra-wk2 The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews. Bot: ews104 Port: mac-highsierra-wk2 Platform: Mac OS X 10.13.6

EWS Watchlist

Comment 18 2019-05-01 15:59:33 PDT

Comment on attachment 368710 [details] WiP Patch Attachment 368710 [details] did not pass mac-debug-ews (mac): Output: https://webkit-queues.webkit.org/results/12054816 Number of test failures exceeded the failure limit.

EWS Watchlist

Comment 19 2019-05-01 15:59:35 PDT

Created attachment 368725 [details] Archive of layout-test-results from ews114 for mac-highsierra The attached test failures were seen while running run-webkit-tests on the mac-debug-ews. Bot: ews114 Port: mac-highsierra Platform: Mac OS X 10.13.6

Chris Dumez

Comment 20 2019-05-01 16:10:52 PDT

Created attachment 368729 [details] WiP Patch

EWS Watchlist

Comment 21 2019-05-01 16:13:33 PDT

Attachment 368729 [details] did not pass style-queue: ERROR: Source/WebCore/loader/SubframeLoader.cpp:106: One line control clauses should not use braces. [whitespace/braces] [4] Total errors found: 1 in 22 files If any of these errors are false positives, please file a bug against check-webkit-style.

Chris Dumez

Comment 22 2019-05-01 16:27:49 PDT

Created attachment 368732 [details] WiP Patch

EWS Watchlist

Comment 23 2019-05-01 16:29:26 PDT

Attachment 368732 [details] did not pass style-queue: ERROR: Source/WebCore/loader/SubframeLoader.cpp:106: One line control clauses should not use braces. [whitespace/braces] [4] Total errors found: 1 in 25 files If any of these errors are false positives, please file a bug against check-webkit-style.

Chris Dumez

Comment 24 2019-05-01 16:44:40 PDT

Created attachment 368734 [details] WiP Patch

Chris Dumez

Comment 25 2019-05-01 17:00:46 PDT

Created attachment 368736 [details] WiP Patch

EWS Watchlist

Comment 26 2019-05-01 18:06:31 PDT

Comment on attachment 368736 [details] WiP Patch Attachment 368736 [details] did not pass mac-wk2-ews (mac-wk2): Output: https://webkit-queues.webkit.org/results/12056530 New failing tests: webarchive/loading/javascript-url-iframe-crash.html imported/w3c/web-platform-tests/webmessaging/without-ports/018.html http/tests/navigation/lockedhistory-iframe.html js/dom/call-base-resolution.html fast/loader/javascript-url-iframe-remove-on-navigate-async-delegate.html fast/loader/javascript-url-iframe-remove-on-navigate.html fast/parser/xml-error-adopted.xml

EWS Watchlist

Comment 27 2019-05-01 18:06:33 PDT

Created attachment 368741 [details] Archive of layout-test-results from ews104 for mac-highsierra-wk2 The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews. Bot: ews104 Port: mac-highsierra-wk2 Platform: Mac OS X 10.13.6

EWS Watchlist

Comment 28 2019-05-01 18:08:16 PDT

Comment on attachment 368736 [details] WiP Patch Attachment 368736 [details] did not pass mac-ews (mac): Output: https://webkit-queues.webkit.org/results/12056564 New failing tests: fast/parser/xml-error-adopted.xml webarchive/loading/javascript-url-iframe-crash.html js/dom/call-base-resolution.html imported/w3c/web-platform-tests/webmessaging/without-ports/018.html http/tests/navigation/lockedhistory-iframe.html

EWS Watchlist

Comment 29 2019-05-01 18:08:18 PDT

Created attachment 368742 [details] Archive of layout-test-results from ews101 for mac-highsierra The attached test failures were seen while running run-webkit-tests on the mac-ews. Bot: ews101 Port: mac-highsierra Platform: Mac OS X 10.13.6

EWS Watchlist

Comment 30 2019-05-01 19:01:48 PDT

Comment on attachment 368736 [details] WiP Patch Attachment 368736 [details] did not pass mac-debug-ews (mac): Output: https://webkit-queues.webkit.org/results/12056748 New failing tests: webarchive/loading/javascript-url-iframe-crash.html js/dom/call-base-resolution.html imported/w3c/web-platform-tests/webmessaging/without-ports/018.html http/tests/navigation/lockedhistory-iframe.html

EWS Watchlist

Comment 31 2019-05-01 19:01:50 PDT

Created attachment 368750 [details] Archive of layout-test-results from ews114 for mac-highsierra The attached test failures were seen while running run-webkit-tests on the mac-debug-ews. Bot: ews114 Port: mac-highsierra Platform: Mac OS X 10.13.6

EWS Watchlist

Comment 32 2019-05-01 19:38:26 PDT

Comment on attachment 368736 [details] WiP Patch Attachment 368736 [details] did not pass ios-sim-ews (ios-simulator-wk2): Output: https://webkit-queues.webkit.org/results/12057226 New failing tests: webarchive/loading/javascript-url-iframe-crash.html imported/w3c/web-platform-tests/webmessaging/without-ports/018.html http/tests/navigation/lockedhistory-iframe.html js/dom/call-base-resolution.html fast/loader/javascript-url-iframe-remove-on-navigate-async-delegate.html fast/loader/javascript-url-iframe-remove-on-navigate.html fast/parser/xml-error-adopted.xml

EWS Watchlist

Comment 33 2019-05-01 19:38:28 PDT

Created attachment 368751 [details] Archive of layout-test-results from ews125 for ios-simulator-wk2 The attached test failures were seen while running run-webkit-tests on the ios-sim-ews. Bot: ews125 Port: ios-simulator-wk2 Platform: Mac OS X 10.14.4

Chris Dumez

Comment 34 2019-05-01 20:26:24 PDT

Created attachment 368755 [details] WIP Patch

Chris Dumez

Comment 35 2019-05-01 20:38:23 PDT

Created attachment 368756 [details] Patch

EWS Watchlist

Comment 36 2019-05-01 20:41:45 PDT

Attachment 368756 [details] did not pass style-queue: ERROR: Source/WebCore/ChangeLog:10: Please consider whether the use of security-sensitive phrasing could help someone exploit WebKit: security bug [changelog/unwantedsecurityterms] [3] Total errors found: 1 in 37 files If any of these errors are false positives, please file a bug against check-webkit-style.

Chris Dumez

Comment 37 2019-05-01 21:01:30 PDT

Created attachment 368757 [details] Patch

EWS Watchlist

Comment 38 2019-05-01 21:03:58 PDT

Attachment 368757 [details] did not pass style-queue: ERROR: Source/WebCore/ChangeLog:10: Please consider whether the use of security-sensitive phrasing could help someone exploit WebKit: security bug [changelog/unwantedsecurityterms] [3] Total errors found: 1 in 34 files If any of these errors are false positives, please file a bug against check-webkit-style.

Chris Dumez

Comment 39 2019-05-01 21:06:10 PDT

Created attachment 368758 [details] Patch

EWS Watchlist

Comment 40 2019-05-01 21:07:42 PDT

Attachment 368758 [details] did not pass style-queue: ERROR: Source/WebCore/ChangeLog:10: Please consider whether the use of security-sensitive phrasing could help someone exploit WebKit: security bug [changelog/unwantedsecurityterms] [3] Total errors found: 1 in 34 files If any of these errors are false positives, please file a bug against check-webkit-style.

EWS Watchlist

Comment 41 2019-05-01 22:00:37 PDT

Comment on attachment 368758 [details] Patch Attachment 368758 [details] did not pass mac-ews (mac): Output: https://webkit-queues.webkit.org/results/12058925 Number of test failures exceeded the failure limit.

EWS Watchlist

Comment 42 2019-05-01 22:00:39 PDT

Created attachment 368762 [details] Archive of layout-test-results from ews103 for mac-highsierra The attached test failures were seen while running run-webkit-tests on the mac-ews. Bot: ews103 Port: mac-highsierra Platform: Mac OS X 10.13.6

EWS Watchlist

Comment 43 2019-05-01 22:31:48 PDT

Comment on attachment 368758 [details] Patch Attachment 368758 [details] did not pass mac-debug-ews (mac): Output: https://webkit-queues.webkit.org/results/12058946 Number of test failures exceeded the failure limit.

EWS Watchlist

Comment 44 2019-05-01 22:31:50 PDT

Created attachment 368763 [details] Archive of layout-test-results from ews115 for mac-highsierra The attached test failures were seen while running run-webkit-tests on the mac-debug-ews. Bot: ews115 Port: mac-highsierra Platform: Mac OS X 10.13.6

EWS Watchlist

Comment 45 2019-05-01 22:45:07 PDT

Comment on attachment 368758 [details] Patch Attachment 368758 [details] did not pass mac-wk2-ews (mac-wk2): Output: https://webkit-queues.webkit.org/results/12059081 New failing tests: svg/as-object/svg-embedded-in-html-in-iframe.html imported/w3c/web-platform-tests/html/semantics/embedded-content/the-iframe-element/iframe_javascript_url_01.htm fast/dom/javascript-url-crash-function.html fast/parser/iframe-sets-parent-to-javascript-url.html webarchive/loading/javascript-url-iframe-crash.html imported/blink/loader/iframe-sync-loads.html http/tests/security/xssAuditor/non-block-javascript-url-frame.html fast/loader/javascript-url-encoding.html imported/w3c/web-platform-tests/html/browsers/browsing-the-web/navigating-across-documents/javascript-url-query-fragment-components.html fast/loader/nested-document-handling.html http/tests/security/javascriptURL/xss-DENIED-from-javascript-url-in-foreign-domain-subframe.html fast/frames/cached-frame-counter.html imported/w3c/web-platform-tests/html/browsers/browsing-the-web/navigating-across-documents/javascript-url-return-value-handling.html http/tests/security/javascriptURL/xss-ALLOWED-from-javascript-url-to-javscript-url.html fast/parser/javascript-url-compat-mode.html http/tests/security/javascriptURL/xss-ALLOWED-from-javascript-url-sub-frame.html http/tests/misc/javascript-url-stop-loaders.html fast/events/frame-programmatic-focus.html http/tests/security/javascriptURL/xss-ALLOWED-to-javascript-url-from-javscript-url.html http/tests/security/javascriptURL/xss-ALLOWED-to-javascript-url-sub-frame.html http/tests/security/javascriptURL/xss-ALLOWED-from-javascript-url-sub-frame-2-level.html fast/dom/frame-src-javascript-url-async.html http/tests/security/javascriptURL/xss-DENIED-to-javascript-url-in-foreign-domain-subframe.html http/tests/security/javascriptURL/xss-ALLOWED-from-javascript-url-sub-frame-to-javascript-url-sub-frame.html

EWS Watchlist

Comment 46 2019-05-01 22:45:09 PDT

Created attachment 368764 [details] Archive of layout-test-results from ews105 for mac-highsierra-wk2 The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews. Bot: ews105 Port: mac-highsierra-wk2 Platform: Mac OS X 10.13.6

EWS Watchlist

Comment 47 2019-05-01 23:16:42 PDT

Comment on attachment 368758 [details] Patch Attachment 368758 [details] did not pass ios-sim-ews (ios-simulator-wk2): Output: https://webkit-queues.webkit.org/results/12059057 New failing tests: imported/w3c/web-platform-tests/html/semantics/embedded-content/the-iframe-element/iframe_javascript_url_01.htm fast/dom/javascript-url-crash-function.html fast/loader/nested-document-handling.html webarchive/loading/javascript-url-iframe-crash.html imported/blink/loader/iframe-sync-loads.html http/tests/security/xssAuditor/non-block-javascript-url-frame.html fast/loader/javascript-url-encoding.html imported/w3c/web-platform-tests/html/browsers/browsing-the-web/navigating-across-documents/javascript-url-query-fragment-components.html fast/parser/iframe-sets-parent-to-javascript-url.html http/tests/security/javascriptURL/xss-DENIED-from-javascript-url-in-foreign-domain-subframe.html fast/frames/cached-frame-counter.html imported/w3c/web-platform-tests/html/browsers/browsing-the-web/navigating-across-documents/javascript-url-return-value-handling.html http/tests/security/javascriptURL/xss-ALLOWED-from-javascript-url-to-javscript-url.html fast/parser/javascript-url-compat-mode.html http/tests/security/javascriptURL/xss-ALLOWED-from-javascript-url-sub-frame.html http/tests/misc/javascript-url-stop-loaders.html http/tests/security/javascriptURL/xss-ALLOWED-to-javascript-url-from-javscript-url.html http/tests/security/javascriptURL/xss-ALLOWED-to-javascript-url-sub-frame.html http/tests/security/javascriptURL/xss-ALLOWED-from-javascript-url-sub-frame-2-level.html fast/dom/frame-src-javascript-url-async.html http/tests/security/javascriptURL/xss-DENIED-to-javascript-url-in-foreign-domain-subframe.html http/tests/security/javascriptURL/xss-ALLOWED-from-javascript-url-sub-frame-to-javascript-url-sub-frame.html

EWS Watchlist

Comment 48 2019-05-01 23:16:47 PDT

Created attachment 368765 [details] Archive of layout-test-results from ews123 for ios-simulator-wk2 The attached test failures were seen while running run-webkit-tests on the ios-sim-ews. Bot: ews123 Port: ios-simulator-wk2 Platform: Mac OS X 10.14.4

EWS Watchlist

Comment 49 2019-05-02 10:10:59 PDT

Comment on attachment 368758 [details] Patch Attachment 368758 [details] did not pass win-ews (win): Output: https://webkit-queues.webkit.org/results/12062769 Number of test failures exceeded the failure limit.

EWS Watchlist

Comment 50 2019-05-02 10:11:07 PDT

Created attachment 368781 [details] Archive of layout-test-results from ews210 for win-future The attached test failures were seen while running run-webkit-tests on the win-ews. Bot: ews210 Port: win-future Platform: CYGWIN_NT-10.0-17763-3.0.5-338.x86_64-x86_64-64bit

Chris Dumez

Comment 51 2019-05-02 10:35:56 PDT

Created attachment 368786 [details] Patch

EWS Watchlist

Comment 52 2019-05-02 10:37:49 PDT

Attachment 368786 [details] did not pass style-queue: ERROR: Source/WebCore/ChangeLog:10: Please consider whether the use of security-sensitive phrasing could help someone exploit WebKit: security bug [changelog/unwantedsecurityterms] [3] Total errors found: 1 in 36 files If any of these errors are false positives, please file a bug against check-webkit-style.

EWS Watchlist

Comment 53 2019-05-02 11:20:34 PDT

Comment on attachment 368786 [details] Patch Attachment 368786 [details] did not pass mac-ews (mac): Output: https://webkit-queues.webkit.org/results/12063566 New failing tests: imported/w3c/web-platform-tests/webmessaging/with-ports/018.html

EWS Watchlist

Comment 54 2019-05-02 11:20:37 PDT

Created attachment 368793 [details] Archive of layout-test-results from ews103 for mac-highsierra The attached test failures were seen while running run-webkit-tests on the mac-ews. Bot: ews103 Port: mac-highsierra Platform: Mac OS X 10.13.6

EWS Watchlist

Comment 55 2019-05-02 11:30:08 PDT

Comment on attachment 368786 [details] Patch Attachment 368786 [details] did not pass mac-wk2-ews (mac-wk2): Output: https://webkit-queues.webkit.org/results/12063571 New failing tests: imported/w3c/web-platform-tests/webmessaging/with-ports/018.html http/tests/security/javascriptURL/xss-ALLOWED-to-javascript-url-from-javscript-url.html

EWS Watchlist

Comment 56 2019-05-02 11:30:11 PDT

Created attachment 368796 [details] Archive of layout-test-results from ews107 for mac-highsierra-wk2 The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews. Bot: ews107 Port: mac-highsierra-wk2 Platform: Mac OS X 10.13.6

EWS Watchlist

Comment 57 2019-05-02 12:32:57 PDT

Comment on attachment 368786 [details] Patch Attachment 368786 [details] did not pass ios-sim-ews (ios-simulator-wk2): Output: https://webkit-queues.webkit.org/results/12063864 New failing tests: imported/w3c/web-platform-tests/webmessaging/with-ports/018.html

EWS Watchlist

Comment 58 2019-05-02 12:33:00 PDT

Created attachment 368805 [details] Archive of layout-test-results from ews126 for ios-simulator-wk2 The attached test failures were seen while running run-webkit-tests on the ios-sim-ews. Bot: ews126 Port: ios-simulator-wk2 Platform: Mac OS X 10.14.4

Chris Dumez

Comment 59 2019-05-02 12:34:13 PDT

Created attachment 368807 [details] Patch

EWS Watchlist

Comment 60 2019-05-02 12:37:52 PDT

Attachment 368807 [details] did not pass style-queue: ERROR: Source/WebCore/ChangeLog:10: Please consider whether the use of security-sensitive phrasing could help someone exploit WebKit: security bug [changelog/unwantedsecurityterms] [3] Total errors found: 1 in 33 files If any of these errors are false positives, please file a bug against check-webkit-style.

Chris Dumez

Comment 61 2019-05-02 13:25:20 PDT

Created attachment 368813 [details] Patch

EWS Watchlist

Comment 62 2019-05-02 13:27:55 PDT

Attachment 368813 [details] did not pass style-queue: ERROR: Source/WebCore/ChangeLog:10: Please consider whether the use of security-sensitive phrasing could help someone exploit WebKit: security bug [changelog/unwantedsecurityterms] [3] Total errors found: 1 in 33 files If any of these errors are false positives, please file a bug against check-webkit-style.

Darin Adler

Comment 63 2019-05-02 14:26:29 PDT

Comment on attachment 368813 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=368813&action=review > Source/WebCore/ChangeLog:10 > + to execute it asynchronously, which was a source of security bugs and also did asynchronously -> synchronously > Source/WebCore/loader/NavigationScheduler.cpp:425 > + return completionHandler(); Heh, the "return void" debate. I will refrain from commenting further. > Source/WebCore/loader/SubframeLoader.cpp:90 > + // If we will schedule a javascript URL load, we need to delay the firing of the load event at least until we've run the javascript URL. I think it’s strange wording to say "run the javascript URL"; maybe "run the JavaScript in the URL"?

Chris Dumez

Comment 64 2019-05-02 14:29:16 PDT

Created attachment 368821 [details] Patch

EWS Watchlist

Comment 65 2019-05-02 14:32:15 PDT

Attachment 368821 [details] did not pass style-queue: ERROR: Source/WebCore/ChangeLog:10: Please consider whether the use of security-sensitive phrasing could help someone exploit WebKit: security bug [changelog/unwantedsecurityterms] [3] Total errors found: 1 in 33 files If any of these errors are false positives, please file a bug against check-webkit-style.

Darin Adler

Comment 66 2019-05-02 14:41:33 PDT

> ERROR: Source/WebCore/ChangeLog:10: Please consider whether the use of > security-sensitive phrasing could help someone exploit WebKit: security bug > [changelog/unwantedsecurityterms] [3] Slightly surprised you decided to leave the word "security" in the change log.

Chris Dumez

Comment 67 2019-05-02 15:06:54 PDT

(In reply to Darin Adler from comment #66) > > ERROR: Source/WebCore/ChangeLog:10: Please consider whether the use of > > security-sensitive phrasing could help someone exploit WebKit: security bug > > [changelog/unwantedsecurityterms] [3] > > Slightly surprised you decided to leave the word "security" in the change > log. Ok, I will remove it. In the context, it did not particularly bother me.

Chris Dumez

Comment 68 2019-05-02 15:08:42 PDT

Created attachment 368825 [details] Patch

WebKit Commit Bot

Comment 69 2019-05-02 15:24:34 PDT

Comment on attachment 368825 [details] Patch Clearing flags on attachment: 368825 Committed r244892: <https://trac.webkit.org/changeset/244892>

WebKit Commit Bot

Comment 70 2019-05-02 15:24:37 PDT

All reviewed patches have been landed. Closing bug.

Radar WebKit Bug Importer

Comment 71 2019-05-02 15:26:41 PDT

<rdar://problem/50424426>

Truitt Savell

Comment 72 2019-05-07 09:05:26 PDT

It looks like the new test fast/dom/frame-src-javascript-url-async.html added in https://trac.webkit.org/changeset/244892/webkit is flakey. History: https://webkit-test-results.webkit.org/dashboards/flakiness_dashboard.html#showAllRuns=true&tests=fast%2Fdom%2Fframe-src-javascript-url-async.html

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component WebCore Misc.

Assignee

Chris Dumez

Reported

2019-05-01 10:23 PDT

Modified

2019-05-07 09:16 PDT History

CC List

15 users Show

URL

Keywords InRadar

Depends on

197664

Blocks

Dependencies

tree graph