[webkit-changes] [WebKit/WebKit] 863558: Cross-origin <embed> elements can request media pe...
youennf
noreply at github.com
Tue Jan 30 07:09:07 PST 2024
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 863558a77cbf5d2cf19869c6fb9884b6928dbbdf
https://github.com/WebKit/WebKit/commit/863558a77cbf5d2cf19869c6fb9884b6928dbbdf
Author: Youenn Fablet <youennf at gmail.com>
Date: 2024-01-30 (Tue, 30 Jan 2024)
Changed paths:
M LayoutTests/fullscreen/full-screen-enabled-expected.txt
M LayoutTests/fullscreen/full-screen-enabled-prefixed-expected.txt
M LayoutTests/fullscreen/full-screen-iframe-not-allowed-expected.txt
M LayoutTests/fullscreen/full-screen-iframe-without-allow-attribute-allowed-from-parent-expected.txt
M LayoutTests/fullscreen/full-screen-restrictions-expected.txt
M LayoutTests/http/tests/fullscreen/fullscreen-feature-policy-expected.txt
M LayoutTests/http/tests/gamepad/gamepad-allow-attribute.https-expected.txt
M LayoutTests/http/tests/media/media-stream/enumerate-devices-iframe-allow-attribute-expected.txt
A LayoutTests/http/tests/media/media-stream/get-user-media-in-embed-element-expected.txt
A LayoutTests/http/tests/media/media-stream/get-user-media-in-embed-element.html
A LayoutTests/http/tests/media/media-stream/resources/get-user-media-embed.html
M LayoutTests/http/tests/paymentrequest/payment-allow-attribute.https-expected.txt
M LayoutTests/http/tests/security/sandboxed-iframe-geolocation-getCurrentPosition-expected.txt
M LayoutTests/http/tests/security/sandboxed-iframe-geolocation-watchPosition-expected.txt
M LayoutTests/http/tests/ssl/media-stream/get-user-media-different-host-expected.txt
M LayoutTests/http/tests/ssl/media-stream/get-user-media-nested-expected.txt
M LayoutTests/http/tests/webrtc/enumerateDevicesInFrames-expected.txt
M LayoutTests/http/tests/webshare/webshare-allow-attribute-canShare.https-expected.txt
M LayoutTests/http/tests/webshare/webshare-allow-attribute-share.https-expected.txt
M LayoutTests/imported/w3c/web-platform-tests/html/semantics/embedded-content/the-iframe-element/iframe-allow-expected.txt
M LayoutTests/imported/w3c/web-platform-tests/html/semantics/embedded-content/the-iframe-element/iframe-allowfullscreen-expected.txt
M LayoutTests/imported/w3c/web-platform-tests/mediacapture-streams/MediaStream-feature-policy-none.https-expected.txt
M LayoutTests/imported/w3c/web-platform-tests/permissions-policy/payment-allowed-by-permissions-policy-attribute-redirect-on-load.https.sub-expected.txt
M LayoutTests/imported/w3c/web-platform-tests/screen-wake-lock/wakelock-enabled-by-feature-policy-attribute-redirect-on-load.https.sub-expected.txt
M LayoutTests/imported/w3c/web-platform-tests/web-share/disabled-by-permissions-policy-cross-origin.https.sub-expected.txt
M LayoutTests/platform/glib/imported/w3c/web-platform-tests/mediacapture-streams/MediaStream-feature-policy-none.https-expected.txt
M LayoutTests/platform/glib/imported/w3c/web-platform-tests/screen-wake-lock/wakelock-enabled-by-feature-policy-attribute-redirect-on-load.https.sub-expected.txt
M Source/WebCore/html/FeaturePolicy.cpp
M Source/WebCore/html/FeaturePolicy.h
Log Message:
-----------
Cross-origin <embed> elements can request media permission, and prompts show main-frame URL
https://bugs.webkit.org/show_bug.cgi?id=265812
rdar://119149318
Reviewed by Chris Dumez.
We should apply feature policy for all elements, including embed and frame elements.
Since there are no allow attributes, we should use the default feature policy rules for those elements.
Update isFeaturePolicyAllowedByDocumentAndAllOwners accordingly.
Rebase tests according updated console log message.
* LayoutTests/fullscreen/full-screen-enabled-expected.txt:
* LayoutTests/fullscreen/full-screen-enabled-prefixed-expected.txt:
* LayoutTests/fullscreen/full-screen-iframe-not-allowed-expected.txt:
* LayoutTests/fullscreen/full-screen-iframe-without-allow-attribute-allowed-from-parent-expected.txt:
* LayoutTests/fullscreen/full-screen-restrictions-expected.txt:
* LayoutTests/http/tests/fullscreen/fullscreen-feature-policy-expected.txt:
* LayoutTests/http/tests/media/media-stream/enumerate-devices-iframe-allow-attribute-expected.txt:
* LayoutTests/http/tests/media/media-stream/get-user-media-in-embed-element-expected.txt: Added.
* LayoutTests/http/tests/media/media-stream/get-user-media-in-embed-element.html: Added.
* LayoutTests/http/tests/media/media-stream/resources/get-user-media-embed.html: Added.
* LayoutTests/http/tests/paymentrequest/payment-allow-attribute.https-expected.txt:
* LayoutTests/http/tests/security/sandboxed-iframe-geolocation-getCurrentPosition-expected.txt:
* LayoutTests/http/tests/security/sandboxed-iframe-geolocation-watchPosition-expected.txt:
* LayoutTests/http/tests/ssl/media-stream/get-user-media-different-host-expected.txt:
* LayoutTests/http/tests/ssl/media-stream/get-user-media-nested-expected.txt:
* LayoutTests/http/tests/webrtc/enumerateDevicesInFrames-expected.txt:
* LayoutTests/http/tests/webshare/webshare-allow-attribute-canShare.https-expected.txt:
* LayoutTests/http/tests/webshare/webshare-allow-attribute-share.https-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/html/semantics/embedded-content/the-iframe-element/iframe-allow-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/html/semantics/embedded-content/the-iframe-element/iframe-allowfullscreen-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/mediacapture-streams/MediaStream-feature-policy-none.https-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/permissions-policy/payment-allowed-by-permissions-policy-attribute-redirect-on-load.https.sub-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/screen-wake-lock/wakelock-enabled-by-feature-policy-attribute-redirect-on-load.https.sub-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/web-share/disabled-by-permissions-policy-cross-origin.https.sub-expected.txt:
* Source/WebCore/html/FeaturePolicy.cpp:
(WebCore::isFeaturePolicyAllowedByDocumentAndAllOwners):
(WebCore::FeaturePolicy::parse):
* Source/WebCore/html/FeaturePolicy.h:
(WebCore::FeaturePolicy::defaultPolicy):
(WebCore::FeaturePolicy::parse):
Originally-landed-as: 267815.624 at safari-7617-branch (0ad98b606305). rdar://121480412
Canonical link: https://commits.webkit.org/273753@main
More information about the webkit-changes
mailing list