Bug 39249 - REGRESSION (r56295): Can't create a new wave on Google Wave
Summary: REGRESSION (r56295): Can't create a new wave on Google Wave
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Page Loading (show other bugs)
Version: 528+ (Nightly build)
Hardware: Mac OS X 10.6
: P1 Normal
Assignee: Daniel Bates
URL:
Keywords: InRadar, Regression, XSSAuditor
: 38137 (view as bug list)
Depends on:
Blocks:
 
Reported: 2010-05-17 16:18 PDT by Alexey Proskuryakov
Modified: 2010-05-24 01:15 PDT (History)
7 users (show)

See Also:

Attachments
Patch with test case (10.66 KB, patch)
2010-05-18 00:50 PDT, Daniel Bates 		no flags Details | Formatted Diff | Diff
Patch with test case (14.21 KB, patch)
2010-05-18 23:37 PDT, Daniel Bates 		no flags Details | Formatted Diff | Diff
Patch with test case (14.60 KB, patch)
2010-05-19 01:05 PDT, Daniel Bates 		no flags Details | Formatted Diff | Diff
Patch with test case (14.24 KB, patch)
2010-05-19 01:10 PDT, Daniel Bates 		abarth: review+
Details | Formatted Diff | Diff
Show Obsolete (3) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alexey Proskuryakov 2010-05-17 16:18:55 PDT 
Observed with r59204 nightly.

Steps to reproduce:
1. Log in to Google Wave.
2. Click "New Wave" at the right.

Results: window navigates to about:blank.
Expected results: a new wave should appear at the right.
Comment 1 Alexey Proskuryakov 2010-05-17 16:19:11 PDT 
<rdar://problem/7994854>
Comment 2 Alexey Proskuryakov 2010-05-17 17:10:11 PDT 
Works in r56294, fails in r56295.
Comment 3 Alexey Proskuryakov 2010-05-17 17:24:17 PDT 
The main resource has " X-Xss-Protection:1; mode=block".
Comment 4 Daniel Bates 2010-05-17 19:04:19 PDT 
(In reply to comment #0)
> Observed with r59204 nightly.
> 
> Steps to reproduce:
> 1. Log in to Google Wave.
> 2. Click "New Wave" at the right.
> 
> Results: window navigates to about:blank.
> Expected results: a new wave should appear at the right.

I am unable to reproduce following the aforementioned steps with r59204 nightly and using my Google account. I tried resetting Safari (Safari->Reset Safari), then following the steps, to no avail. Do you happen to have a copy of the console messages when this occurred? Do you have any additional information on this issue?
Comment 5 Alexey Proskuryakov 2010-05-17 19:12:54 PDT 
It seems to only happen for some people, maybe Google serves different code versions?

The link is <a href="javascript:;"> with some even listeners installed. 

Below is JS Console output:

HTML WARN: The page at https://wave.google.com/wave/ displayed insecure content from http://lh3.ggpht.com/__n9uIWxqWWk/SwXq4UxcJjI/AAAAAAAAA9k/Jk0EV1lvgMc/s104-c/IMG_1611.jpg.

HTML WARN: The page at https://wave.google.com/wave/ displayed insecure content from http://lh3.ggpht.com/__n9uIWxqWWk/SwXq4UxcJjI/AAAAAAAAA9k/Jk0EV1lvgMc/s104-c/IMG_1611.jpg.

JS ERROR: Refused to execute a JavaScript script. Source code of script found within request.

https://wave.google.com/wave/static/5DEB8B560FCA74C2AA4974967ED07055.cache.js:4218: JS ERROR: TypeError: Result of expression '(v.Y?$doc.getElementById(d):Upb(v,d))' [null] is not an object.
Comment 6 Alexey Proskuryakov 2010-05-17 19:20:52 PDT 
I know! I have a semicolon in my Google Wave password - this is why others can't reproduce.
Comment 7 Daniel Bates 2010-05-18 00:50:07 PDT 
Created attachment 56332 [details]
Patch with test case

Pass the schema portion of a JavaScript URL to the XSSAuditor as additional context.
Comment 8 WebKit Review Bot 2010-05-18 01:04:24 PDT 
Attachment 56332 [details] did not build on chromium:
Build output: http://webkit-commit-queue.appspot.com/results/2287234
Comment 9 Daniel Bates 2010-05-18 01:07:26 PDT 
Comment on attachment 56332 [details]
Patch with test case

Need to add the equivalent changes to the v8 bindings.
Comment 10 Daniel Bates 2010-05-18 23:37:22 PDT 
Created attachment 56464 [details]
Patch with test case

Updated patch with changes to V8 bindings and added missing file "http/tests/security/xssAuditor/resources/javascript-link-safe.html".
Comment 11 WebKit Review Bot 2010-05-19 00:47:21 PDT 
Attachment 56464 [details] did not build on chromium:
Build output: http://webkit-commit-queue.appspot.com/results/2273312
Comment 12 Daniel Bates 2010-05-19 01:05:10 PDT 
Created attachment 56473 [details]
Patch with test case
Comment 13 Daniel Bates 2010-05-19 01:10:00 PDT 
Created attachment 56474 [details]
Patch with test case

Fixed V8 prototype for ScriptController::executeIfJavaScriptURL
Comment 14 Alexey Proskuryakov 2010-05-20 11:34:22 PDT 
Adam, is this something you'd be willing to review?
Comment 15 Adam Barth 2010-05-20 12:33:47 PDT 
I'd be happy to.  I'm at W2SP today, but I'll try to review it tonight.
Comment 16 Adam Barth 2010-05-21 15:03:55 PDT 
Comment on attachment 56474 [details]
Patch with test case

Very nice.
Comment 17 Daniel Bates 2010-05-22 13:51:00 PDT 
Committed r60014: <http://trac.webkit.org/changeset/60014>
Comment 18 Alexey Proskuryakov 2010-05-23 18:40:35 PDT 
*** Bug 38137 has been marked as a duplicate of this bug. ***
Comment 19 Ain Tohvri 2010-05-24 01:15:20 PDT 
Behaviour described in bug 39186 is still there in latest r60027.