Bug 32691 - upstreaming http/tests/security/listener/xss-inactive-closure.html produces inconsistent results
Summary: upstreaming http/tests/security/listener/xss-inactive-closure.html produces i...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Tools / Tests (show other bugs)
Version: 528+ (Nightly build)
Hardware: PC OS X 10.5
: P2 Normal
Assignee: Dirk Pranke
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-12-17 18:28 PST by Dirk Pranke
Modified: 2009-12-22 13:37 PST (History)
5 users (show)

See Also:


Attachments
patch illustrating tests (4.46 KB, patch)
2009-12-17 18:34 PST, Dirk Pranke
no flags Details | Formatted Diff | Diff
Patch (4.20 KB, patch)
2009-12-21 15:52 PST, Dirk Pranke
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Dirk Pranke 2009-12-17 18:28:34 PST
If you run the attached layout test in both Chromium and Safari they produce different results. 

When the callback fires in resoureces/xss-inactive-closure-child-2.html , Chromium raises an exception that 'document' is undefined . Safari has 'document' defined, by 'document.bar' is undefined. I think both are safe, but I'd like for someone to confirm this. In addition, I'm not sure if Chromium's behavior is correct. It seems like 'document' should still be defined since the handler held a reference to it. But I'm not sure what the difference between invalidating something for GC purposes is vs. invalidating it for SOP / security purposes.
Comment 1 Dirk Pranke 2009-12-17 18:34:39 PST
Created attachment 45118 [details]
patch illustrating tests

Note that I used Git for the first time to generate this patch, instead of svn-create-patch ; let me know if I bungled it somehow.
Comment 2 Dirk Pranke 2009-12-21 15:52:02 PST
Created attachment 45356 [details]
Patch
Comment 3 Dirk Pranke 2009-12-21 15:53:01 PST
changing the product - there is no security risk here.
Comment 4 Dirk Pranke 2009-12-21 15:54:02 PST
updating the test to match Safari / WebKit's behavior, which arguably makes more sense. We can mark it FAIL downstream and argue about it there if there's disagreement.
Comment 5 Adam Barth 2009-12-21 16:50:49 PST
Comment on attachment 45356 [details]
Patch

Thanks!
Comment 6 WebKit Commit Bot 2009-12-22 13:36:58 PST
Comment on attachment 45356 [details]
Patch

Clearing flags on attachment: 45356

Committed r52497: <http://trac.webkit.org/changeset/52497>
Comment 7 WebKit Commit Bot 2009-12-22 13:37:03 PST
All reviewed patches have been landed.  Closing bug.