nephele
/
haikuwebkit
1
0
Fork 0
Code Issues Releases Activity
haikuwebkit/LayoutTests/fast/events/popup-blocked-from-sandboxe...

20 lines
572 B
HTML
Raw Permalink Normal View History

Remove remaining alternative preference setting mechanisms from LayoutTests https://bugs.webkit.org/show_bug.cgi?id=218417 Reviewed by Simon Fraser. Source/WebKit: Remove now unused bundle SPI that was only used by the WebKitTestRuner. * WebProcess/InjectedBundle/API/c/WKBundle.cpp: (WKBundleOverrideBoolPreferenceForTestRunner): Deleted. (WKBundleSetAllowUniversalAccessFromFileURLs): Deleted. (WKBundleSetAllowFileAccessFromFileURLs): Deleted. (WKBundleSetAllowStorageAccessFromFileURLS): Deleted. (WKBundleSetMinimumLogicalFontSize): Deleted. (WKBundleSetFrameFlatteningEnabled): Deleted. (WKBundleSetJavaScriptCanAccessClipboard): Deleted. (WKBundleSetPopupBlockingEnabled): Deleted. (WKBundleSetAuthorAndUserStylesEnabled): Deleted. * WebProcess/InjectedBundle/API/c/WKBundlePrivate.h: * WebProcess/InjectedBundle/InjectedBundle.cpp: (WebKit::InjectedBundle::addOriginAccessAllowListEntry): (WebKit::InjectedBundle::overrideBoolPreferenceForTestRunner): Deleted. (WebKit::InjectedBundle::setAllowUniversalAccessFromFileURLs): Deleted. (WebKit::InjectedBundle::setAllowFileAccessFromFileURLs): Deleted. (WebKit::InjectedBundle::setNeedsStorageAccessFromFileURLsQuirk): Deleted. (WebKit::InjectedBundle::setMinimumLogicalFontSize): Deleted. (WebKit::InjectedBundle::setFrameFlatteningEnabled): Deleted. (WebKit::InjectedBundle::setAsyncFrameScrollingEnabled): Deleted. (WebKit::InjectedBundle::setJavaScriptCanAccessClipboard): Deleted. (WebKit::InjectedBundle::setPopupBlockingEnabled): Deleted. (WebKit::InjectedBundle::setAuthorAndUserStylesEnabled): Deleted. * WebProcess/InjectedBundle/InjectedBundle.h: Source/WebKitLegacy/win: * WebPreferenceKeysPrivate.h: Update key to match cocoa WebKitLegacy for shared use by DumpRenderTree. Tools: Remove various one off solutions for setting preferences in WebKitTestRunner and DumpRenderTree keeping only test header commands (which can be set without JS and can be in place before the inital load) and internals.settings, which can be used when dynamic changing is required. * DumpRenderTree/TestOptions.cpp: (WTR::TestOptions::supportedUInt32WebPreferenceFeatures): (WTR::TestOptions::defaults): * DumpRenderTree/TestOptions.h: * DumpRenderTree/TestRunner.cpp: (setPagePausedCallback): (TestRunner::staticFunctions): (setAuthorAndUserStylesEnabledCallback): Deleted. (setJavaScriptCanAccessClipboardCallback): Deleted. (setXSSAuditorEnabledCallback): Deleted. (setAllowUniversalAccessFromFileURLsCallback): Deleted. (setAllowFileAccessFromFileURLsCallback): Deleted. (setNeedsStorageAccessFromFileURLsQuirkCallback): Deleted. (setTelephoneNumberParsingEnabledCallback): Deleted. (setPopupBlockingEnabledCallback): Deleted. (setPluginsEnabledCallback): Deleted. * DumpRenderTree/TestRunner.h: * DumpRenderTree/mac/DumpRenderTree.mm: (enableExperimentalFeatures): (resetWebPreferencesToConsistentValues): (webPreferenceFeatureValue): (setWebPreferencesForTestOptions): (runTest): (boolWebPreferenceFeatureValue): Deleted. (shouldEnableDeveloperExtras): Deleted. * DumpRenderTree/mac/TestRunnerMac.mm: (TestRunner::setAuthorAndUserStylesEnabled): Deleted. (TestRunner::setXSSAuditorEnabled): Deleted. (TestRunner::setAllowUniversalAccessFromFileURLs): Deleted. (TestRunner::setAllowFileAccessFromFileURLs): Deleted. (TestRunner::setNeedsStorageAccessFromFileURLsQuirk): Deleted. (TestRunner::setPopupBlockingEnabled): Deleted. (TestRunner::setPluginsEnabled): Deleted. (TestRunner::setJavaScriptCanAccessClipboard): Deleted. (TestRunner::setTelephoneNumberParsingEnabled): Deleted. (TestRunner::setDeveloperExtrasEnabled): Deleted. * DumpRenderTree/win/DumpRenderTree.cpp: (resetWebPreferencesToConsistentValues): (webPreferenceFeatureValue): (setWebPreferencesForTestOptions): (runTest): (shouldEnableDeveloperExtras): Deleted. (boolWebPreferenceFeatureValue): Deleted. * DumpRenderTree/win/TestRunnerWin.cpp: (TestRunner::setAuthorAndUserStylesEnabled): Deleted. (TestRunner::setXSSAuditorEnabled): Deleted. (TestRunner::setAllowUniversalAccessFromFileURLs): Deleted. (TestRunner::setAllowFileAccessFromFileURLs): Deleted. (TestRunner::setNeedsStorageAccessFromFileURLsQuirk): Deleted. (TestRunner::setPopupBlockingEnabled): Deleted. (TestRunner::setPluginsEnabled): Deleted. (TestRunner::setJavaScriptCanAccessClipboard): Deleted. (TestRunner::setDeveloperExtrasEnabled): Deleted. * WebKitTestRunner/InjectedBundle/Bindings/TestRunner.idl: * WebKitTestRunner/InjectedBundle/InjectedBundle.cpp: (WTR::InjectedBundle::beginTesting): * WebKitTestRunner/InjectedBundle/TestRunner.cpp: (WTR::overridePreference): Deleted. (WTR::TestRunner::setXSSAuditorEnabled): Deleted. (WTR::TestRunner::setMediaDevicesEnabled): Deleted. (WTR::TestRunner::setWebRTCMDNSICECandidatesEnabled): Deleted. (WTR::TestRunner::setWebAPIStatisticsEnabled): Deleted. (WTR::TestRunner::setModernMediaControlsEnabled): Deleted. (WTR::TestRunner::setWebGL2Enabled): Deleted. (WTR::TestRunner::setWritableStreamAPIEnabled): Deleted. (WTR::TestRunner::setTransformStreamAPIEnabled): Deleted. (WTR::TestRunner::setReadableByteStreamAPIEnabled): Deleted. (WTR::TestRunner::setEncryptedMediaAPIEnabled): Deleted. (WTR::TestRunner::setPictureInPictureAPIEnabled): Deleted. (WTR::TestRunner::setGenericCueAPIEnabled): Deleted. (WTR::TestRunner::setAllowUniversalAccessFromFileURLs): Deleted. (WTR::TestRunner::setAllowFileAccessFromFileURLs): Deleted. (WTR::TestRunner::setNeedsStorageAccessFromFileURLsQuirk): Deleted. (WTR::TestRunner::setPluginsEnabled): Deleted. (WTR::TestRunner::setJavaScriptCanAccessClipboard): Deleted. (WTR::TestRunner::setPopupBlockingEnabled): Deleted. (WTR::TestRunner::setAuthorAndUserStylesEnabled): Deleted. (WTR::TestRunner::setOffscreenCanvasEnabled): Deleted. * WebKitTestRunner/InjectedBundle/TestRunner.h: * WebKitTestRunner/TestController.cpp: (WTR::TestController::resetPreferencesToConsistentValues): * WebKitTestRunner/TestOptions.cpp: (WTR::TestOptions::defaults): LayoutTests: Update tests to only rely on test header commands and internals.settings for changing preferences to simplify test writing. * editing/async-clipboard/clipboard-do-not-read-text-from-platform-if-text-changes.html: * editing/async-clipboard/clipboard-read-text-from-platform.html: * editing/async-clipboard/clipboard-read-text-same-origin.html: * editing/async-clipboard/clipboard-write-in-copy-event-handler-in-subframe.html: * editing/async-clipboard/clipboard-write-in-copy-event-handler.html: * editing/async-clipboard/clipboard-write-text-requires-user-gesture.html: * editing/execCommand/clipboard-access-with-user-gesture.html: * editing/execCommand/clipboard-access.html: * fast/css/disabled-author-styles.html: * fast/css/object-fit/object-fit-embed-expected.html: * fast/css/object-fit/object-fit-embed.html: * fast/css/object-position/object-position-embed.html: * fast/events/before-unload-navigate-different-window.html: * fast/events/before-unload-open-window.html: * fast/events/ios/submit-form-target-blank-using-return-key.html: * fast/events/open-window-from-another-frame.html: * fast/events/popup-allowed-from-gesture-initiated-event.html: * fast/events/popup-allowed-from-gesture-initiated-form-submit.html: * fast/events/popup-blocked-from-fake-button-click.html: * fast/events/popup-blocked-from-fake-focus.html: * fast/events/popup-blocked-from-fake-user-gesture.html: * fast/events/popup-blocked-from-history-reload.html: * fast/events/popup-blocked-from-iframe-script.html: * fast/events/popup-blocked-from-iframe-src.html: * fast/events/popup-blocked-from-mousemove.html: * fast/events/popup-blocked-from-sandboxed-frame-via-window-open-named-sibling-frame.html: * fast/events/popup-blocked-from-sandboxed-frame-via-window-open-named-sibling-frame2.html: * fast/events/popup-blocked-from-untrusted-click-event-on-anchor.html: * fast/events/popup-blocked-from-untrusted-mouse-click.html: * fast/events/popup-blocked-from-window-open.html: * fast/events/popup-blocked-to-post-blank.html: * fast/events/popup-blocking-click-in-iframe.html: * fast/events/popup-blocking-timers1.html: * fast/events/popup-blocking-timers2.html: * fast/events/popup-blocking-timers3.html: * fast/events/popup-blocking-timers5.html: * fast/events/popup-blocking-timers6.html: * fast/events/popup-when-select-change.html: * fast/files/file-reader-file-url.html: * fast/files/file-reader-sandbox-iframe.html: * fast/files/workers/inline-worker-via-blob-url.html: * fast/forms/formtarget-attribute-button-html.html: * fast/forms/formtarget-attribute-input-2.html: * fast/forms/formtarget-attribute-input-html.html: * fast/forms/xss-auditor-doesnt-crash-on-post-submit.html: * fast/frames/resources/no-file-access-frame-1.html: * fast/frames/xss-auditor-handles-file-urls.html: * fast/images/embed-image.html: * fast/images/move-image-to-new-document.html: * fast/loader/url-selected-user-gesture.html: * fast/replaced/border-radius-clip-content-edge.html: * fast/replaced/outline-replaced-elements.html: * fast/replaced/pdf-as-embed-with-no-mime-type-is-not-blank.html: * fast/xmlhttprequest/xmlhttprequest-no-file-access.html: * fast/xmlhttprequest/xmlhttprequest-nonexistent-file.html: * fullscreen/full-screen-request-rejected.html: * fullscreen/full-screen-request-removed.html: * fullscreen/full-screen-restrictions.html: * http/tests/cookies/resources/cookie-utilities.js: * http/tests/dom/window-open-about-blank-and-access-document.html: * http/tests/dom/window-open-about-uppercase-blank-and-access-document.html: * http/tests/dom/window-open-about-webkit-org-and-access-document-async-delegates.html: * http/tests/dom/window-open-about-webkit-org-and-access-document.html: * http/tests/download/convert-cached-load-to-download.html: * http/tests/security/popup-blocked-from-fake-event.html: * http/tests/security/popup-blocked-from-window-open.html: * http/tests/security/window-opened-from-sandboxed-iframe-should-inherit-sandbox.html: * http/tests/security/xss-DENIED-click-and-form-submission-from-inactive-domwindow.html: * http/tests/security/xss-DENIED-script-inject-into-inactive-window.html: * http/tests/security/xss-DENIED-script-inject-into-inactive-window2-pson.html: * http/tests/security/xss-DENIED-script-inject-into-inactive-window2.html: * http/tests/security/xss-DENIED-script-inject-into-inactive-window3.html: * http/tests/security/xssAuditor/anchor-url-dom-write-location-inline-event-null-char.html: * http/tests/security/xssAuditor/anchor-url-dom-write-location-inline-event.html: * http/tests/security/xssAuditor/anchor-url-dom-write-location-javascript-URL.html: * http/tests/security/xssAuditor/anchor-url-dom-write-location.html: * http/tests/security/xssAuditor/anchor-url-dom-write-location2.html: * http/tests/security/xssAuditor/base-href-control-char.html: * http/tests/security/xssAuditor/base-href-direct.html: * http/tests/security/xssAuditor/base-href-null-char.html: * http/tests/security/xssAuditor/base-href-safe.html: * http/tests/security/xssAuditor/base-href-safe2.html: * http/tests/security/xssAuditor/base-href-safe3.html: * http/tests/security/xssAuditor/base-href-scheme-relative.html: * http/tests/security/xssAuditor/base-href.html: * http/tests/security/xssAuditor/block-does-not-leak-location.html: * http/tests/security/xssAuditor/block-does-not-leak-referrer.html: * http/tests/security/xssAuditor/block-does-not-leak-that-page-was-blocked-using-empty-data-url.html: * http/tests/security/xssAuditor/cached-frame.html: * http/tests/security/xssAuditor/cookie-injection.html: * http/tests/security/xssAuditor/crash-while-loading-tag-with-pause.html: * http/tests/security/xssAuditor/data-urls-work.html: * http/tests/security/xssAuditor/dom-write-URL.html: * http/tests/security/xssAuditor/dom-write-innerHTML.html: * http/tests/security/xssAuditor/dom-write-location-dom-write-open-img-onerror.html: * http/tests/security/xssAuditor/dom-write-location-inline-event.html: * http/tests/security/xssAuditor/dom-write-location-javascript-URL.html: * http/tests/security/xssAuditor/dom-write-location-open-img-onerror.html: * http/tests/security/xssAuditor/dom-write-location.html: * http/tests/security/xssAuditor/embed-tag-code-attribute-2.html: * http/tests/security/xssAuditor/embed-tag-code-attribute.html: * http/tests/security/xssAuditor/embed-tag-control-char.html: * http/tests/security/xssAuditor/embed-tag-in-path-unterminated.html: * http/tests/security/xssAuditor/embed-tag-javascript-url.html: * http/tests/security/xssAuditor/embed-tag-null-char.html: * http/tests/security/xssAuditor/embed-tag.html: * http/tests/security/xssAuditor/faux-script1.html: * http/tests/security/xssAuditor/faux-script2.html: * http/tests/security/xssAuditor/faux-script3.html: * http/tests/security/xssAuditor/form-action.html: * http/tests/security/xssAuditor/formaction-on-button.html: * http/tests/security/xssAuditor/formaction-on-input.html: * http/tests/security/xssAuditor/frameset-injection.html: * http/tests/security/xssAuditor/full-block-base-href.html: * http/tests/security/xssAuditor/full-block-get-from-iframe.html: * http/tests/security/xssAuditor/full-block-iframe-javascript-url.html: * http/tests/security/xssAuditor/full-block-iframe-no-inherit.php: * http/tests/security/xssAuditor/full-block-javascript-link.html: * http/tests/security/xssAuditor/full-block-link-onclick.html: * http/tests/security/xssAuditor/full-block-object-tag.html: * http/tests/security/xssAuditor/full-block-post-from-iframe.html: * http/tests/security/xssAuditor/full-block-script-tag-cross-domain.html: * http/tests/security/xssAuditor/full-block-script-tag-with-source.html: * http/tests/security/xssAuditor/full-block-script-tag.html: * http/tests/security/xssAuditor/get-from-iframe.html: * http/tests/security/xssAuditor/iframe-injection-allowed-2.html: * http/tests/security/xssAuditor/iframe-injection-allowed-3.html: * http/tests/security/xssAuditor/iframe-injection-allowed.html: * http/tests/security/xssAuditor/iframe-injection.html: * http/tests/security/xssAuditor/iframe-javascript-url-more-encoding.html: * http/tests/security/xssAuditor/iframe-javascript-url-twice-url-encode.html: * http/tests/security/xssAuditor/iframe-javascript-url-twice-url-encode2.html: * http/tests/security/xssAuditor/iframe-javascript-url-twice-url-encode3.html: * http/tests/security/xssAuditor/iframe-javascript-url-url-encoded.html: * http/tests/security/xssAuditor/iframe-javascript-url.html: * http/tests/security/xssAuditor/iframe-onload-GBK-char.html: * http/tests/security/xssAuditor/iframe-onload-in-svg-tag.html: * http/tests/security/xssAuditor/iframe-srcdoc-property-blocked.html: * http/tests/security/xssAuditor/iframe-srcdoc.html: * http/tests/security/xssAuditor/img-onerror-GBK-char.html: * http/tests/security/xssAuditor/img-onerror-accented-char.html: * http/tests/security/xssAuditor/img-onerror-non-ASCII-char-default-encoding.html: * http/tests/security/xssAuditor/img-onerror-non-ASCII-char.html: * http/tests/security/xssAuditor/img-onerror-non-ASCII-char2-default-encoding.html: * http/tests/security/xssAuditor/img-onerror-non-ASCII-char2.html: * http/tests/security/xssAuditor/img-onerror-tricky.html: * http/tests/security/xssAuditor/img-tag-with-comma.html: * http/tests/security/xssAuditor/inline-event-HTML-entities.html: * http/tests/security/xssAuditor/javascript-link-HTML-entities-control-char.html: * http/tests/security/xssAuditor/javascript-link-HTML-entities-named.html: * http/tests/security/xssAuditor/javascript-link-HTML-entities-null-char.html: * http/tests/security/xssAuditor/javascript-link-HTML-entities.html: * http/tests/security/xssAuditor/javascript-link-ampersand.html: * http/tests/security/xssAuditor/javascript-link-control-char.html: * http/tests/security/xssAuditor/javascript-link-control-char2.html: * http/tests/security/xssAuditor/javascript-link-null-char.html: * http/tests/security/xssAuditor/javascript-link-one-plus-one.html: * http/tests/security/xssAuditor/javascript-link-safe.html: * http/tests/security/xssAuditor/javascript-link-url-encoded.html: * http/tests/security/xssAuditor/javascript-link.html: * http/tests/security/xssAuditor/link-onclick-ampersand.html: * http/tests/security/xssAuditor/link-onclick-control-char.html: * http/tests/security/xssAuditor/link-onclick-entities.html: * http/tests/security/xssAuditor/link-onclick-null-char.html: * http/tests/security/xssAuditor/link-onclick.html: * http/tests/security/xssAuditor/link-opens-new-window.html: * http/tests/security/xssAuditor/malformed-HTML.html: * http/tests/security/xssAuditor/malformed-xss-protection-header-1.html: * http/tests/security/xssAuditor/malformed-xss-protection-header-2.html: * http/tests/security/xssAuditor/malformed-xss-protection-header-3.html: * http/tests/security/xssAuditor/malformed-xss-protection-header-4.html: * http/tests/security/xssAuditor/malformed-xss-protection-header-5.html: * http/tests/security/xssAuditor/malformed-xss-protection-header-6.html: * http/tests/security/xssAuditor/malformed-xss-protection-header-7.html: * http/tests/security/xssAuditor/malformed-xss-protection-header-8.html: * http/tests/security/xssAuditor/malformed-xss-protection-header-9.html: * http/tests/security/xssAuditor/meta-tag-http-refresh-javascript-url.html: * http/tests/security/xssAuditor/meta-tag-http-refresh-x-frame-options-ignored.html: * http/tests/security/xssAuditor/nested-dom-write-location-open-img-onerror.html: * http/tests/security/xssAuditor/no-protection-script-tag.html: * http/tests/security/xssAuditor/non-block-javascript-url-frame.html: * http/tests/security/xssAuditor/object-embed-tag-control-char.html: * http/tests/security/xssAuditor/object-embed-tag-null-char.html: * http/tests/security/xssAuditor/object-embed-tag.html: * http/tests/security/xssAuditor/object-src-inject.html: * http/tests/security/xssAuditor/object-tag-javascript-url.html: * http/tests/security/xssAuditor/object-tag.html: * http/tests/security/xssAuditor/open-attribute-body.html: * http/tests/security/xssAuditor/open-event-handler-iframe.html: * http/tests/security/xssAuditor/open-iframe-src-01.html: * http/tests/security/xssAuditor/open-iframe-src-02.html: * http/tests/security/xssAuditor/open-iframe-src-03.html: * http/tests/security/xssAuditor/open-script-src-01.html: * http/tests/security/xssAuditor/open-script-src-02.html: * http/tests/security/xssAuditor/open-script-src-03.html: * http/tests/security/xssAuditor/open-script-src-04.html: * http/tests/security/xssAuditor/post-from-iframe.html: * http/tests/security/xssAuditor/property-escape-comment-01.html: * http/tests/security/xssAuditor/property-escape-comment-02.html: * http/tests/security/xssAuditor/property-escape-comment-03.html: * http/tests/security/xssAuditor/property-escape-entity-01.html: * http/tests/security/xssAuditor/property-escape-entity-02.html: * http/tests/security/xssAuditor/property-escape-entity-03.html: * http/tests/security/xssAuditor/property-escape-long.html: * http/tests/security/xssAuditor/property-escape-noquotes-tab-slash-chars.html: * http/tests/security/xssAuditor/property-escape-noquotes.html: * http/tests/security/xssAuditor/property-escape-quote-01.html: * http/tests/security/xssAuditor/property-escape-quote-02.html: * http/tests/security/xssAuditor/property-escape-quote-03.html: * http/tests/security/xssAuditor/property-escape.html: * http/tests/security/xssAuditor/property-inject.html: * http/tests/security/xssAuditor/reflection-in-path.html: * http/tests/security/xssAuditor/regress-167121.html: * http/tests/security/xssAuditor/report-script-tag-and-do-not-follow-redirect-when-sending-report.html: * http/tests/security/xssAuditor/report-script-tag-full-block-and-do-not-follow-redirect-when-sending-report.html: * http/tests/security/xssAuditor/report-script-tag-full-block.html: * http/tests/security/xssAuditor/report-script-tag-replace-state.html: * http/tests/security/xssAuditor/report-script-tag.html: * http/tests/security/xssAuditor/resources/base-href/base-href-safe2.html: * http/tests/security/xssAuditor/resources/base-href/base-href-safe3.html: * http/tests/security/xssAuditor/script-tag-Big5-char-twice-url-encode-16bit-unicode.html: * http/tests/security/xssAuditor/script-tag-Big5-char-twice-url-encode.html: * http/tests/security/xssAuditor/script-tag-Big5-char.html: * http/tests/security/xssAuditor/script-tag-Big5-char2.html: * http/tests/security/xssAuditor/script-tag-addslashes-backslash.html: * http/tests/security/xssAuditor/script-tag-addslashes-double-quote.html: * http/tests/security/xssAuditor/script-tag-addslashes-null-char.html: * http/tests/security/xssAuditor/script-tag-addslashes-single-quote.html: * http/tests/security/xssAuditor/script-tag-control-char.html: * http/tests/security/xssAuditor/script-tag-convoluted.html: * http/tests/security/xssAuditor/script-tag-entities.html: * http/tests/security/xssAuditor/script-tag-expression-follows.html: * http/tests/security/xssAuditor/script-tag-inside-svg-tag.html: * http/tests/security/xssAuditor/script-tag-inside-svg-tag2.html: * http/tests/security/xssAuditor/script-tag-inside-svg-tag3.html: * http/tests/security/xssAuditor/script-tag-near-start.html: * http/tests/security/xssAuditor/script-tag-null-char.html: * http/tests/security/xssAuditor/script-tag-open-redirect.html: * http/tests/security/xssAuditor/script-tag-post-control-char.html: * http/tests/security/xssAuditor/script-tag-post-null-char.html: * http/tests/security/xssAuditor/script-tag-post.html: * http/tests/security/xssAuditor/script-tag-redirect.html: * http/tests/security/xssAuditor/script-tag-safe.html: * http/tests/security/xssAuditor/script-tag-safe2.html: * http/tests/security/xssAuditor/script-tag-safe3.html: * http/tests/security/xssAuditor/script-tag-safe4.html: * http/tests/security/xssAuditor/script-tag-src-redirect-safe.html: * http/tests/security/xssAuditor/script-tag-with-16bit-unicode-surrogate-pair.html: * http/tests/security/xssAuditor/script-tag-with-16bit-unicode.html: * http/tests/security/xssAuditor/script-tag-with-16bit-unicode2.html: * http/tests/security/xssAuditor/script-tag-with-16bit-unicode3.html: * http/tests/security/xssAuditor/script-tag-with-16bit-unicode4.html: * http/tests/security/xssAuditor/script-tag-with-16bit-unicode5.html: * http/tests/security/xssAuditor/script-tag-with-actual-comma.html: * http/tests/security/xssAuditor/script-tag-with-callbacks.html: * http/tests/security/xssAuditor/script-tag-with-comma-01.html: * http/tests/security/xssAuditor/script-tag-with-comma-02.html: * http/tests/security/xssAuditor/script-tag-with-fancy-unicode.html: * http/tests/security/xssAuditor/script-tag-with-injected-comment.html: * http/tests/security/xssAuditor/script-tag-with-invalid-closing-tag.html: * http/tests/security/xssAuditor/script-tag-with-invalid-url-encoding.html: * http/tests/security/xssAuditor/script-tag-with-source-control-char.html: * http/tests/security/xssAuditor/script-tag-with-source-data-url.html: * http/tests/security/xssAuditor/script-tag-with-source-data-url2.html: * http/tests/security/xssAuditor/script-tag-with-source-data-url3.html: * http/tests/security/xssAuditor/script-tag-with-source-data-url4.html: * http/tests/security/xssAuditor/script-tag-with-source-data-url5.html: * http/tests/security/xssAuditor/script-tag-with-source-double-quote.html: * http/tests/security/xssAuditor/script-tag-with-source-entities.html: * http/tests/security/xssAuditor/script-tag-with-source-no-quote.html: * http/tests/security/xssAuditor/script-tag-with-source-null-char.html: * http/tests/security/xssAuditor/script-tag-with-source-relative-scheme.html: * http/tests/security/xssAuditor/script-tag-with-source-same-host-with-query.html: * http/tests/security/xssAuditor/script-tag-with-source-same-host.html: * http/tests/security/xssAuditor/script-tag-with-source-unterminated-01.html: * http/tests/security/xssAuditor/script-tag-with-source-unterminated-02.html: * http/tests/security/xssAuditor/script-tag-with-source-unterminated-03.html: * http/tests/security/xssAuditor/script-tag-with-source.html: * http/tests/security/xssAuditor/script-tag-with-three-times-url-encoded-16bit-unicode.html: * http/tests/security/xssAuditor/script-tag-with-trailing-comment-U2028.html: * http/tests/security/xssAuditor/script-tag-with-trailing-comment.html: * http/tests/security/xssAuditor/script-tag-with-trailing-comment2.html: * http/tests/security/xssAuditor/script-tag-with-trailing-comment3.html: * http/tests/security/xssAuditor/script-tag-with-trailing-comment4.html: * http/tests/security/xssAuditor/script-tag-with-trailing-comment5.html: * http/tests/security/xssAuditor/script-tag-with-trailing-script-and-urlencode.html: * http/tests/security/xssAuditor/script-tag.html: * http/tests/security/xssAuditor/svg-animate.html: * http/tests/security/xssAuditor/svg-script-tag.html: * http/tests/security/xssAuditor/window-open-without-url-should-not-assert.html: * http/tests/security/xssAuditor/xss-filter-bypass-big5.html: * http/tests/security/xssAuditor/xss-filter-bypass-long-string.html: * http/tests/security/xssAuditor/xss-filter-bypass-sjis.html: * http/tests/security/xssAuditor/xss-protection-parsing-01.html: * http/tests/security/xssAuditor/xss-protection-parsing-02.html: * http/tests/security/xssAuditor/xss-protection-parsing-03.html: * http/tests/security/xssAuditor/xss-protection-parsing-04.html: * http/tests/storageAccess/deny-with-prompt-does-not-preserve-gesture.html: * http/tests/storageAccess/deny-without-prompt-preserves-gesture.html: * http/tests/storageAccess/grant-with-prompt-preserves-gesture.html: * http/tests/storageAccess/resources/request-storage-access-iframe-and-pop-window.html: * http/tests/webAPIStatistics/canvas-read-and-write-data-collection.html: * http/tests/webAPIStatistics/font-load-data-collection.html: * http/tests/webAPIStatistics/navigator-functions-accessed-data-collection.html: * http/tests/webAPIStatistics/screen-functions-accessed-data-collection.html: * imported/blink/fast/events/popup-forwarded-gesture.html: * imported/blink/fast/workers/worker-shared-asm-buffer.html: * platform/ios/ios/fast/text/data-detectors/phone-disabled.html: * platform/ios/ios/fast/text/data-detectors/phone.html: * platform/mac/plugins/disable-plugins.html: * plugins/js-from-destroy.html: * plugins/navigator-plugin-crash.html: * plugins/navigator-plugins-disabled.html: * plugins/plugin-initiate-popup-window.html: * security/cannot-read-self-from-file.html: * storage/domstorage/localstorage/blocked-file-access-permitted-by-quirk.html: * storage/domstorage/localstorage/blocked-file-access.html: * storage/domstorage/localstorage/file-can-access.html: * storage/domstorage/sessionstorage/blocked-file-access.html: * webrtc/datachannel/mdns-ice-candidates.html: * webrtc/peerconnection-new-candidate-page-cache.html: Canonical link: https://commits.webkit.org/231095@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@269236 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2020-11-01 20:09:38 +00:00
<!DOCTYPE html><!-- webkit-test-runner [ JavaScriptCanOpenWindowsAutomatically=false ] -->
Bypass pop-up blocker from cross-origin or sandboxed frame https://bugs.webkit.org/show_bug.cgi?id=166290 <rdar://problem/29742039> Reviewed by Darin Adler. Source/WebCore: Tests: fast/events/popup-blocked-from-sandboxed-frame-via-window-open-named-sibling-frame.html fast/events/popup-blocked-from-sandboxed-frame-via-window-open-named-sibling-frame2.html fast/events/popup-blocked-from-unique-frame-via-window-open-named-sibling-frame.html * page/DOMWindow.cpp: (WebCore::DOMWindow::open): Use FrameLoader::findFrameForNavigation() to find the target frame to navigate with respect to the active document just as we do in WebCore::createWindow(). LayoutTests: * fast/events/popup-blocked-from-sandboxed-frame-via-window-open-named-sibling-frame-expected.txt: Added. * fast/events/popup-blocked-from-sandboxed-frame-via-window-open-named-sibling-frame.html: Added. * fast/events/popup-blocked-from-sandboxed-frame-via-window-open-named-sibling-frame2-expected.txt: Added. * fast/events/popup-blocked-from-sandboxed-frame-via-window-open-named-sibling-frame2.html: Added. * fast/events/popup-blocked-from-unique-frame-via-window-open-named-sibling-frame-expected.txt: Added. * fast/events/popup-blocked-from-unique-frame-via-window-open-named-sibling-frame.html: Added. Canonical link: https://commits.webkit.org/183716@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@210112 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2016-12-22 22:20:25 +00:00
<html>
<head>
<script>
if (window.testRunner) {
testRunner.dumpAsText();
testRunner.setCanOpenWindows();
testRunner.setCloseRemainingWindowsWhenComplete(true);
}
</script>
</head>
<body>
<iframe name="A"></iframe>
Add flag allow-modals to iframe sandbox https://bugs.webkit.org/show_bug.cgi?id=171321 Source/WebCore: This patch implements the "allow-modals" value for the iframe sandbox attribute. It changes the behavior for sandboxed document so that alert, confirm, prompt, print as well as dialogs generated from a beforeunload event are blocked when allow-modals is not set, as defined in the specification. For consistency, we do the same for document.execCommand('print', ...). Users should use the allow-modals flag in order to explictly allow modal dialogs. See https://html.spec.whatwg.org/multipage/origin.html#sandboxed-modals-flag Patch by Frederic Wang <fwang@igalia.com> on 2017-07-25 Reviewed by Brent Fulgham. Tests: http/tests/security/sandboxed-iframe-ALLOWED-modals.html http/tests/security/sandboxed-iframe-DENIED-modals.html * dom/SecurityContext.cpp: Implement parsing for allow-modals (WebCore::SecurityContext::isSupportedSandboxPolicy): (WebCore::SecurityContext::parseSandboxPolicy): * dom/SecurityContext.h: Introduce flag for allow-modals * loader/FrameLoader.cpp: (WebCore::shouldAskForNavigationConfirmation): Prevent confirm dialog from beforeunload when allow-modals is not set. * page/Chrome.h: Change the signature of print, so it may return a failure when the allow-modals flag is not set. * page/Chrome.cpp: (WebCore::Chrome::print): Returns false and print a message error when the allow-modals flag on the frame's document is not set. Otherwise, execute the command and returns true. * editing/EditorCommand.cpp: (WebCore::executePrint): Ensure that document.execCommand for 'print' returns false when the allow-modals flag is not set. * page/DOMWindow.cpp: Add early exit when alert, confirm or prompt when the allow-modals flag for that document is not set. Note that print is handled in Chrome.cpp. (WebCore::DOMWindow::alert): Add early exit. (WebCore::DOMWindow::confirm): Add early exit with the return value indicated in the spec. (WebCore::DOMWindow::prompt): Ditto. LayoutTests: Patch by Frederic Wang <fwang@igalia.com> on 2017-07-25 Reviewed by Brent Fulgham. The allow-modals flag is added to tests trying to open modal dialogs in sandboxed frames, now that the default behavior has changed. New tests are also added to verify that the dialogs are allowed or blocked according to the value of the allow-modals flag. * fast/events/popup-blocked-from-sandboxed-frame-via-window-open-named-sibling-frame.html: Add allow-modals. * fast/events/popup-blocked-from-sandboxed-frame-via-window-open-named-sibling-frame2.html: Ditto. * fast/forms/autofocus-in-sandbox-with-allow-scripts.html: Ditto. * fast/frames/sandboxed-iframe-navigation-top-by-name-denied.html: Ditto. * fast/frames/sandboxed-iframe-parsing-space-characters.html: Ditto. * fast/frames/sandboxed-iframe-scripting-02.html: Ditto. * http/tests/security/contentSecurityPolicy/resources/sandboxed-eval.php: Ditto. * http/tests/security/contentSecurityPolicy/sandbox-allow-scripts-in-http-header-control.html: Ditto. * http/tests/security/contentSecurityPolicy/sandbox-allow-scripts-in-http-header.html: Ditto. * http/tests/security/contentSecurityPolicy/sandbox-allow-scripts-in-http-header2.php: Ditto. * http/tests/security/drag-drop-same-unique-origin.html: Ditto. * http/tests/security/no-indexeddb-from-sandbox.html: Ditto. * http/tests/security/no-popup-from-sandbox-top.html: Ditto. * http/tests/security/no-popup-from-sandbox.html: Ditto. * http/tests/security/popup-allowed-by-sandbox-is-sandboxed-control.html: Ditto. * http/tests/security/popup-allowed-by-sandbox-when-allowed.html: Ditto. * http/tests/security/xss-DENIED-window-name-alert.html: Ditto. * http/tests/security/sandboxed-iframe-ALLOWED-modals.html: Added. Verify that alert, confirm, prompt and print dialogs are allowed when the allow-modals flag is set. * http/tests/security/sandboxed-iframe-ALLOWED-modals-expected.txt: Added. * http/tests/security/sandboxed-iframe-DENIED-modals.html: Added. Verify that alert, confirm, prompt and print dialogs are denied when the allow-modals flag not set. The returned values are also verified. * http/tests/security/sandboxed-iframe-DENIED-modals-expected.txt: Added. * http/tests/misc/iframe-beforeunload-dialog-allow-modals.html: Added. Verify that the confirm dialog for beforeunload is displayed when allow-modals is set. * http/tests/misc/iframe-beforeunload-dialog-allow-modals-expected.txt: Added. * http/tests/misc/iframe-beforeunload-dialog-block-modals.html: Added. Verify that the confirm dialog for beforeunload is not displayed when allow-modals is unset. * http/tests/misc/iframe-beforeunload-dialog-block-modals-expected.txt: Added. Canonical link: https://commits.webkit.org/192641@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@221193 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2017-08-25 17:28:53 +00:00
<iframe id="B" sandbox="allow-scripts allow-same-origin allow-popups allow-modals"></iframe>
Bypass pop-up blocker from cross-origin or sandboxed frame https://bugs.webkit.org/show_bug.cgi?id=166290 <rdar://problem/29742039> Reviewed by Darin Adler. Source/WebCore: Tests: fast/events/popup-blocked-from-sandboxed-frame-via-window-open-named-sibling-frame.html fast/events/popup-blocked-from-sandboxed-frame-via-window-open-named-sibling-frame2.html fast/events/popup-blocked-from-unique-frame-via-window-open-named-sibling-frame.html * page/DOMWindow.cpp: (WebCore::DOMWindow::open): Use FrameLoader::findFrameForNavigation() to find the target frame to navigate with respect to the active document just as we do in WebCore::createWindow(). LayoutTests: * fast/events/popup-blocked-from-sandboxed-frame-via-window-open-named-sibling-frame-expected.txt: Added. * fast/events/popup-blocked-from-sandboxed-frame-via-window-open-named-sibling-frame.html: Added. * fast/events/popup-blocked-from-sandboxed-frame-via-window-open-named-sibling-frame2-expected.txt: Added. * fast/events/popup-blocked-from-sandboxed-frame-via-window-open-named-sibling-frame2.html: Added. * fast/events/popup-blocked-from-unique-frame-via-window-open-named-sibling-frame-expected.txt: Added. * fast/events/popup-blocked-from-unique-frame-via-window-open-named-sibling-frame.html: Added. Canonical link: https://commits.webkit.org/183716@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@210112 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2016-12-22 22:20:25 +00:00
<script>
document.getElementById("B").contentWindow.eval('alert(window.open.call(window.top, "about:blank", "A") ? "FAIL" : "PASS");');
</script>
</body>
</html>