[webkit-changes] [WebKit/WebKit] f8f6da: Add support for the `allow-downloads` iframe sandb...
Chris Dumez
noreply at github.com
Wed Oct 25 15:47:01 PDT 2023
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: f8f6da20d5073dc5050556c3f4e1c6f8007b2b13
https://github.com/WebKit/WebKit/commit/f8f6da20d5073dc5050556c3f4e1c6f8007b2b13
Author: Chris Dumez <cdumez at apple.com>
Date: 2023-10-25 (Wed, 25 Oct 2023)
Changed paths:
M LayoutTests/http/tests/contentdispositionattachmentsandbox/at-import-stylesheets-disabled.html
M LayoutTests/http/tests/contentdispositionattachmentsandbox/cross-origin-frames-disabled.html
M LayoutTests/http/tests/contentdispositionattachmentsandbox/external-stylesheets-disabled.html
M LayoutTests/http/tests/contentdispositionattachmentsandbox/form-submission-disabled.html
M LayoutTests/http/tests/contentdispositionattachmentsandbox/http-equiv-disabled.html
M LayoutTests/http/tests/contentdispositionattachmentsandbox/plugins-disabled.html
M LayoutTests/http/tests/contentdispositionattachmentsandbox/resources/referer-header-stripped.js
M LayoutTests/http/tests/contentdispositionattachmentsandbox/scripts-disabled.html
M LayoutTests/http/tests/contentdispositionattachmentsandbox/xml-stylesheet-processing-instructions-disabled.html
A LayoutTests/http/tests/download/sandboxed-iframe-download-allowed-expected.txt
A LayoutTests/http/tests/download/sandboxed-iframe-download-allowed-in-popup-expected.txt
A LayoutTests/http/tests/download/sandboxed-iframe-download-allowed-in-popup-noopener-expected.txt
A LayoutTests/http/tests/download/sandboxed-iframe-download-allowed-in-popup-noopener.html
A LayoutTests/http/tests/download/sandboxed-iframe-download-allowed-in-popup.html
A LayoutTests/http/tests/download/sandboxed-iframe-download-allowed.html
A LayoutTests/http/tests/download/sandboxed-iframe-download-not-allowed-expected.txt
A LayoutTests/http/tests/download/sandboxed-iframe-download-not-allowed.html
M LayoutTests/imported/w3c/web-platform-tests/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_anchor_download_block_downloads.tentative-expected.txt
M LayoutTests/imported/w3c/web-platform-tests/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_navigation_download_block_downloads.sub.tentative-expected.txt
M LayoutTests/imported/w3c/web-platform-tests/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_window_open_download_allow_downloads.tentative-expected.txt
R LayoutTests/platform/glib/imported/w3c/web-platform-tests/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_navigation_download_block_downloads.sub.tentative-expected.txt
M LayoutTests/platform/mac-wk1/TestExpectations
M Source/WebCore/dom/SecurityContext.cpp
M Source/WebCore/dom/SecurityContext.h
M Source/WebCore/loader/DocumentLoader.cpp
M Source/WebCore/loader/PolicyChecker.cpp
M Tools/WebKitTestRunner/InjectedBundle/Bindings/TestRunner.idl
M Tools/WebKitTestRunner/InjectedBundle/TestRunner.cpp
M Tools/WebKitTestRunner/InjectedBundle/TestRunner.h
M Tools/WebKitTestRunner/TestController.cpp
M Tools/WebKitTestRunner/TestController.h
M Tools/WebKitTestRunner/TestInvocation.cpp
Log Message:
-----------
Add support for the `allow-downloads` iframe sandbox attribute
https://bugs.webkit.org/show_bug.cgi?id=259155
rdar://109414664
Reviewed by Brent Fulgham.
Add support for the `allow-downloads` iframe sandbox attribute so that downloads
are now forbidden by default in sandboxed iframes and this attribute is required
to allow them. This aligns our behavior with Chrome and Firefox.
* LayoutTests/http/tests/download/sandboxed-iframe-download-allowed-expected.txt: Added.
* LayoutTests/http/tests/download/sandboxed-iframe-download-allowed-in-popup-expected.txt: Added.
* LayoutTests/http/tests/download/sandboxed-iframe-download-allowed-in-popup-noopener-expected.txt: Added.
* LayoutTests/http/tests/download/sandboxed-iframe-download-allowed-in-popup-noopener.html: Added.
* LayoutTests/http/tests/download/sandboxed-iframe-download-allowed-in-popup.html: Added.
* LayoutTests/http/tests/download/sandboxed-iframe-download-allowed.html: Added.
* LayoutTests/http/tests/download/sandboxed-iframe-download-not-allowed-expected.txt: Added.
* LayoutTests/http/tests/download/sandboxed-iframe-download-not-allowed.html: Added.
Add layout test coverage.
* LayoutTests/imported/w3c/web-platform-tests/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_anchor_download_block_downloads.tentative-expected.txt:
Rebaseline due to more PASS lines. I investigated the remaining failure and confirmed that no download is actually occurring for any of the subtests, as expected.
I see our code cancelling the NetworkDataTask. However, the test doesn't seem to detect the stream closing. It may be an issue as CFNetwork level.
* Source/WebCore/dom/SecurityContext.cpp:
(WebCore::SecurityContext::isSupportedSandboxPolicy):
(WebCore::SecurityContext::parseSandboxPolicy):
* Source/WebCore/dom/SecurityContext.h:
* Source/WebCore/loader/DocumentLoader.cpp:
(WebCore::DocumentLoader::continueAfterContentPolicy):
* Source/WebCore/loader/PolicyChecker.cpp:
(WebCore::FrameLoader::PolicyChecker::checkNavigationPolicy):
(WebCore::FrameLoader::PolicyChecker::checkNewWindowPolicy):
* Tools/WebKitTestRunner/TestController.cpp:
(WTR::TestController::decidePolicyForNavigationResponse):
Update WebKitTestRunner to trigger a download when a resource response contains
`Content-Disposition: attachment`, similarly to what a browser would do and what
WPT tests expect. By default, we would only trigger a download if the mime type
couldn't be displayed. However, iframe_sandbox_anchor_download_block_downloads.tentative.html
WPT test uses both a `Content-Disposition: attachment` HTTP header and a displayable
MIME type and rightly expects a download.
Originally-landed-as: 265870.84 at safari-7616-branch (9d46b7777bca). rdar://116425379
Canonical link: https://commits.webkit.org/269788@main
More information about the webkit-changes
mailing list