RESOLVED FIXED Bug 32691
upstreaming http/tests/security/listener/xss-inactive-closure.html produces inconsistent results 
https://bugs.webkit.org/show_bug.cgi?id=32691
Summary upstreaming http/tests/security/listener/xss-inactive-closure.html produces i...
Dirk Pranke
Reported 2009-12-17 18:28:34 PST
If you run the attached layout test in both Chromium and Safari they produce different results. When the callback fires in resoureces/xss-inactive-closure-child-2.html , Chromium raises an exception that 'document' is undefined . Safari has 'document' defined, by 'document.bar' is undefined. I think both are safe, but I'd like for someone to confirm this. In addition, I'm not sure if Chromium's behavior is correct. It seems like 'document' should still be defined since the handler held a reference to it. But I'm not sure what the difference between invalidating something for GC purposes is vs. invalidating it for SOP / security purposes.
Attachments
patch illustrating tests (4.46 KB, patch)
2009-12-17 18:34 PST, Dirk Pranke 		no flags
DetailsFormatted DiffDiff
Patch (4.20 KB, patch)
2009-12-21 15:52 PST, Dirk Pranke 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Dirk Pranke
Comment 1 2009-12-17 18:34:39 PST
Created attachment 45118 [details] patch illustrating tests Note that I used Git for the first time to generate this patch, instead of svn-create-patch ; let me know if I bungled it somehow.
Dirk Pranke
Comment 2 2009-12-21 15:52:02 PST
Created attachment 45356 [details] Patch
Dirk Pranke
Comment 3 2009-12-21 15:53:01 PST
changing the product - there is no security risk here.
Dirk Pranke
Comment 4 2009-12-21 15:54:02 PST
updating the test to match Safari / WebKit's behavior, which arguably makes more sense. We can mark it FAIL downstream and argue about it there if there's disagreement.
Adam Barth
Comment 5 2009-12-21 16:50:49 PST
Comment on attachment 45356 [details] Patch Thanks!
WebKit Commit Bot
Comment 6 2009-12-22 13:36:58 PST
Comment on attachment 45356 [details] Patch Clearing flags on attachment: 45356 Committed r52497: <http://trac.webkit.org/changeset/52497>
WebKit Commit Bot
Comment 7 2009-12-22 13:37:03 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.