Bug 35032 - LayoutTests/http/tests/security/cross-origin-css.html results differ between DumpRenderTree and Safari
Summary: LayoutTests/http/tests/security/cross-origin-css.html results differ between ...
Status: RESOLVED INVALID
Alias: None
Product: WebKit
Classification: Unclassified
Component: Tools / Tests (show other bugs)
Version: 528+ (Nightly build)
Hardware: Mac OS X 10.4
: P2 Normal
Assignee: Nobody
URL: http://127.0.0.1:8000/security/cross-...
Keywords: LayoutTestFailure
Depends on: 29820
Blocks:
  Show dependency treegraph
 
Reported: 2010-02-17 04:52 PST by David Kilzer (:ddkilzer)
Modified: 2010-05-01 16:12 PDT (History)
3 users (show)

See Also:

Attachments
Expected test results (23.81 KB, image/png)
2010-05-01 16:12 PDT, David Kilzer (:ddkilzer) 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description David Kilzer (:ddkilzer) 2010-02-17 04:52:38 PST 
* SUMMARY
When LayoutTests/http/tests/security/cross-origin-css.html (added for Bug 29820) is run in Safari 4.0.4 on Mac OS X, it produces different results than when the test is run under DumpRenderTree.  The Safari results look more correct, which indicates this is probably a DumpRenderTree bug.

* STEPS TO REPRODUCE
1. Start the web server:
$ ./WebKitTools/Scripts/run-webkit-httpd -a
2. Launch Safari.
3. Open test case:  <http://localhost:8000/security/cross-origin-css.html>

* RESULTS
The second line of the test results in DumpRenderTree does NOT have a yellow background, while it DOES in Safari:

-LINK + IMPORT Cross-origin, HTML, invalid: rgba(0, 0, 0, 0)
+LINK + IMPORT Cross-origin, HTML, invalid: rgb(255, 255, 0)

Based on the test files, it seems like it should have a yellow background, so the DumpRenderTree results appear to be incorrect.

* REGRESSION
Unknown.  The test landed in r52784.

* NOTES
See Bug 29820.
Comment 1 Chris Evans 2010-02-17 10:24:20 PST 
Isn't this just a reflection that the CSS security fix isn't present in Safari 4.0.4 ?
The test is checking that the "Cross-origin, HTML, invalid" combination does not load CSS.
Comment 2 David Kilzer (:ddkilzer) 2010-02-22 02:00:50 PST 
(In reply to comment #1)
> Isn't this just a reflection that the CSS security fix isn't present in Safari
> 4.0.4 ?
> The test is checking that the "Cross-origin, HTML, invalid" combination does
> not load CSS.

Nope, this reproduces with WebKit nightly build r55027.  The original fix was in r52784.
Comment 3 David Kilzer (:ddkilzer) 2010-02-22 02:27:23 PST 
(In reply to comment #2)
> (In reply to comment #1)
> > Isn't this just a reflection that the CSS security fix isn't present in Safari
> > 4.0.4 ?
> > The test is checking that the "Cross-origin, HTML, invalid" combination does
> > not load CSS.
> 
> Nope, this reproduces with WebKit nightly build r55027.  The original fix was
> in r52784.

Also reproduces with WebKit nightly build r52951 (the first nightly build available after r52784).
Comment 4 David Kilzer (:ddkilzer) 2010-05-01 16:02:25 PDT 
I was using the wrong URL to run the test locally with run-webkit-httpd.  I should have used <http://127.0.0.1:8000/> instead of <http://localhost:8000/>.
Comment 5 David Kilzer (:ddkilzer) 2010-05-01 16:12:19 PDT 
(In reply to comment #4)
> I was using the wrong URL to run the test locally with run-webkit-httpd.  I
> should have used <http://127.0.0.1:8000/> instead of <http://localhost:8000/>.

Closing as RESOLVED/INVALID.
Comment 6 David Kilzer (:ddkilzer) 2010-05-01 16:12:52 PDT 
Created attachment 54860 [details]
Expected test results

This is what the expected test results should show.