RESOLVED FIXED 93660
Sandboxing view source documents is ineffective 
https://bugs.webkit.org/show_bug.cgi?id=93660
Summary Sandboxing view source documents is ineffective
Adam Barth
Reported 2012-08-09 14:45:51 PDT
Sandboxing view source documents is ineffective
Attachments
Patch (5.79 KB, patch)
2012-08-09 15:23 PDT, Adam Barth 		no flags
DetailsFormatted DiffDiff
Patch for landing (31.85 KB, patch)
2012-08-09 19:30 PDT, Shane Stephens 		no flags
DetailsFormatted DiffDiff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
Adam Barth
Comment 1 2012-08-09 15:23:03 PDT
Created attachment 157560 [details] Patch
Eric Seidel (no email)
Comment 2 2012-08-09 15:36:43 PDT
Comment on attachment 157560 [details] Patch Did you change the test? Is this observable?
Adam Barth
Comment 3 2012-08-09 15:41:39 PDT
> Did you change the test? The test times out after this patch because it can't reach inside the XMLTreeViewer document. I moved it out of the http directory so it has universal privileges and can ignore the sandbox. > Is this observable? I don't know how to test it without a race condition. The problem is that we need to use a top-level window for XMLTreeViewer to kick in, but then we don't know how long to wait to for the document to load. If we could use an iframe, we could wait for the load event, which propagates across origins, but there's no equivalent for top-level windows. In other tests, we have the popup window send a postMessage back to its opener, but we can't do that here because we don't control the contents of the window (XMLTreeViewer does).
Eric Seidel (no email)
Comment 4 2012-08-09 15:43:17 PDT
Comment on attachment 157560 [details] Patch ok.
WebKit Review Bot
Comment 5 2012-08-09 17:00:08 PDT
Comment on attachment 157560 [details] Patch Clearing flags on attachment: 157560 Committed r125222: <http://trac.webkit.org/changeset/125222>
WebKit Review Bot
Comment 6 2012-08-09 17:00:12 PDT
All reviewed patches have been landed. Closing bug.
Shane Stephens
Comment 7 2012-08-09 19:29:58 PDT
Reopening to attach new patch.
Shane Stephens
Comment 8 2012-08-09 19:30:05 PDT
Created attachment 157614 [details] Patch for landing
Shane Stephens
Comment 9 2012-08-09 19:32:20 PDT
How did this even happen?
Eric Seidel (no email)
Comment 10 2012-08-09 21:26:08 PDT
Presumably your checkout got confused and thus webkit-patch was passed a diff including the ChangeLog message from this commit. Or possibly you passed webkit-patch upload the number 93660 somehow. Or most likely elves. Always the damn elves...
Note You need to log in before you can comment on or make changes to this bug.