<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[218835] trunk</title>
</head>
<body>

<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt;  }
#msg dl a { font-weight: bold}
#msg dl a:link    { color:#fc3; }
#msg dl a:active  { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff  {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/218835">218835</a></dd>
<dt>Author</dt> <dd>fred.wang@free.fr</dd>
<dt>Date</dt> <dd>2017-06-27 08:59:48 -0700 (Tue, 27 Jun 2017)</dd>
</dl>

<h3>Log Message</h3>
<pre>Some tests to verify forbidden frame navigation time out
https://bugs.webkit.org/show_bug.cgi?id=173657

Patch by Frederic Wang <fwang@igalia.com> on 2017-06-27
Reviewed by Chris Dumez.

LayoutTests/imported/w3c:

* web-platform-tests/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_allow_top_navigation-2-expected.txt: Update the text expectation to PASS.
* web-platform-tests/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_allow_top_navigation_by_user_activation_without_user_gesture-expected.txt: Ditto.
* web-platform-tests/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_navigate_ancestor-1-expected.txt: Ditto.
* web-platform-tests/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_popups_escaping-3-expected.txt: Add the security error until bug 173162 is fixed.
* web-platform-tests/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_popups_nonescaping-3-expected.txt: Ditto.

Source/WebCore:

Currently some tests try and perform a forbidden frame navigation and verify the
corresponding console error. However, WebKit does not raise any exception for such error so
the tests have to wait until the timeout limit to complete, which makes execution slow.
This patch modifies the setters of window.location for which such error may happen in order
to raise an exception so the tests behave as expected.

No new tests, already covered by existing tests.

* page/Location.cpp: Adjust Location::setLocation to return a security exception and pass it
to the callers.
(WebCore::Location::setHref): Adjust function to possibly return an exception.
(WebCore::Location::setProtocol): Ditto.
(WebCore::Location::setHost): Ditto.
(WebCore::Location::setHostname): Ditto.
(WebCore::Location::setPort): Ditto.
(WebCore::Location::setPathname): Ditto.
(WebCore::Location::setSearch): Ditto.
(WebCore::Location::setHash): Ditto.
(WebCore::Location::assign): Ditto.
(WebCore::Location::setLocation): FrameLoader::findFrameForNavigation is really only used
to verify whether navigating m_frame is permitted so it is more simple and clearer to do it
directly. When navigation is not permitted, this function now raises a security exception.
* page/Location.h: Modify some setters to return an ExceptionOr<void>.
* page/Location.idl: Allow some setters to raise an exception.

LayoutTests:

* fast/frames/sandboxed-iframe-navigation-top-denied-expected.txt: Add the security error.
* http/tests/security/frameNavigation/inactive-function-in-popup-navigate-child.html: Adjust
the test to catch and dump the exception and complete immediately.
* http/tests/security/frameNavigation/inactive-function-in-popup-navigate-child-expected.txt:
Add the dumped security error exception.</pre>

<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkLayoutTestsChangeLog">trunk/LayoutTests/ChangeLog</a></li>
<li><a href="#trunkLayoutTestsfastframessandboxediframenavigationtopdeniedexpectedtxt">trunk/LayoutTests/fast/frames/sandboxed-iframe-navigation-top-denied-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityframeNavigationinactivefunctioninpopupnavigatechildexpectedtxt">trunk/LayoutTests/http/tests/security/frameNavigation/inactive-function-in-popup-navigate-child-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityframeNavigationinactivefunctioninpopupnavigatechildhtml">trunk/LayoutTests/http/tests/security/frameNavigation/inactive-function-in-popup-navigate-child.html</a></li>
<li><a href="#trunkLayoutTestsimportedw3cChangeLog">trunk/LayoutTests/imported/w3c/ChangeLog</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestshtmlsemanticsembeddedcontenttheiframeelementiframe_sandbox_allow_top_navigation2expectedtxt">trunk/LayoutTests/imported/w3c/web-platform-tests/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_allow_top_navigation-2-expected.txt</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestshtmlsemanticsembeddedcontenttheiframeelementiframe_sandbox_allow_top_navigation_by_user_activation_without_user_gestureexpectedtxt">trunk/LayoutTests/imported/w3c/web-platform-tests/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_allow_top_navigation_by_user_activation_without_user_gesture-expected.txt</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestshtmlsemanticsembeddedcontenttheiframeelementiframe_sandbox_navigate_ancestor1expectedtxt">trunk/LayoutTests/imported/w3c/web-platform-tests/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_navigate_ancestor-1-expected.txt</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestshtmlsemanticsembeddedcontenttheiframeelementiframe_sandbox_popups_escaping3expectedtxt">trunk/LayoutTests/imported/w3c/web-platform-tests/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_popups_escaping-3-expected.txt</a></li>
<li><a href="#trunkLayoutTestsimportedw3cwebplatformtestshtmlsemanticsembeddedcontenttheiframeelementiframe_sandbox_popups_nonescaping3expectedtxt">trunk/LayoutTests/imported/w3c/web-platform-tests/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_popups_nonescaping-3-expected.txt</a></li>
<li><a href="#trunkSourceWebCoreChangeLog">trunk/Source/WebCore/ChangeLog</a></li>
<li><a href="#trunkSourceWebCorepageLocationcpp">trunk/Source/WebCore/page/Location.cpp</a></li>
<li><a href="#trunkSourceWebCorepageLocationh">trunk/Source/WebCore/page/Location.h</a></li>
<li><a href="#trunkSourceWebCorepageLocationidl">trunk/Source/WebCore/page/Location.idl</a></li>
</ul>

</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkLayoutTestsChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/ChangeLog (218834 => 218835)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/ChangeLog      2017-06-27 14:49:20 UTC (rev 218834)
+++ trunk/LayoutTests/ChangeLog 2017-06-27 15:59:48 UTC (rev 218835)
</span><span class="lines">@@ -1,3 +1,16 @@
</span><ins>+2017-06-27  Frederic Wang  <fwang@igalia.com>
+
+        Some tests to verify forbidden frame navigation time out
+        https://bugs.webkit.org/show_bug.cgi?id=173657
+
+        Reviewed by Chris Dumez.
+
+        * fast/frames/sandboxed-iframe-navigation-top-denied-expected.txt: Add the security error.
+        * http/tests/security/frameNavigation/inactive-function-in-popup-navigate-child.html: Adjust
+        the test to catch and dump the exception and complete immediately.
+        * http/tests/security/frameNavigation/inactive-function-in-popup-navigate-child-expected.txt:
+        Add the dumped security error exception.
+
</ins><span class="cx"> 2017-06-27  Youenn Fablet  <youenn@apple.com>
</span><span class="cx"> 
</span><span class="cx">         LayoutTest webrtc/datachannel/multiple-connections.html is a flaky timeout
</span></span></pre></div>
<a id="trunkLayoutTestsfastframessandboxediframenavigationtopdeniedexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/fast/frames/sandboxed-iframe-navigation-top-denied-expected.txt (218834 => 218835)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/fast/frames/sandboxed-iframe-navigation-top-denied-expected.txt        2017-06-27 14:49:20 UTC (rev 218834)
+++ trunk/LayoutTests/fast/frames/sandboxed-iframe-navigation-top-denied-expected.txt   2017-06-27 15:59:48 UTC (rev 218835)
</span><span class="lines">@@ -1,5 +1,6 @@
</span><span class="cx"> CONSOLE MESSAGE: Unsafe JavaScript attempt to initiate navigation for frame with URL 'navigate-top-to-fail.html'. The frame attempting navigation of the top-level window is sandboxed, but the 'allow-top-navigation' flag is not set.
</span><span class="cx"> 
</span><ins>+CONSOLE MESSAGE: SecurityError (DOM Exception 18): The operation is insecure.
</ins><span class="cx"> This test verifies that a sandboxed IFrame cannot navigate the top-level frame without allow-top-navigation. This test passes if the navigation does not occur.
</span><span class="cx"> 
</span><span class="cx"> 
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityframeNavigationinactivefunctioninpopupnavigatechildexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/frameNavigation/inactive-function-in-popup-navigate-child-expected.txt (218834 => 218835)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/frameNavigation/inactive-function-in-popup-navigate-child-expected.txt     2017-06-27 14:49:20 UTC (rev 218834)
+++ trunk/LayoutTests/http/tests/security/frameNavigation/inactive-function-in-popup-navigate-child-expected.txt        2017-06-27 15:59:48 UTC (rev 218835)
</span><span class="lines">@@ -2,3 +2,4 @@
</span><span class="cx"> ready
</span><span class="cx"> iframe-with-inner-frame-on-foreign-domain-LOADED
</span><span class="cx"> Attempting navigation...
</span><ins>+SecurityError (DOM Exception 18): The operation is insecure.
</ins></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityframeNavigationinactivefunctioninpopupnavigatechildhtml"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/frameNavigation/inactive-function-in-popup-navigate-child.html (218834 => 218835)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/frameNavigation/inactive-function-in-popup-navigate-child.html     2017-06-27 14:49:20 UTC (rev 218834)
+++ trunk/LayoutTests/http/tests/security/frameNavigation/inactive-function-in-popup-navigate-child.html        2017-06-27 15:59:48 UTC (rev 218835)
</span><span class="lines">@@ -30,14 +30,14 @@
</span><span class="cx"> 
</span><span class="cx">     if (e.data = "iframe-with-inner-frame-on-foreign-domain-LOADED") {
</span><span class="cx">         log("Attempting navigation...");
</span><del>-        window.savedFunction();
-        setTimeout(function() {
-            // Unfortunately, there's no way to receive positive confirmation
-            // that the navigation failed, so we just complete the test
-            // asynchronously.
</del><ins>+        try {
+            window.savedFunction();
</ins><span class="cx">             if (window.testRunner)
</span><span class="cx">                 testRunner.notifyDone();
</span><del>-        }, 0);
</del><ins>+        } catch(e) {
+            log(e);
+            testRunner.notifyDone();
+        }
</ins><span class="cx">         return;
</span><span class="cx">     }
</span><span class="cx"> 
</span></span></pre></div>
<a id="trunkLayoutTestsimportedw3cChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/imported/w3c/ChangeLog (218834 => 218835)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/ChangeLog 2017-06-27 14:49:20 UTC (rev 218834)
+++ trunk/LayoutTests/imported/w3c/ChangeLog    2017-06-27 15:59:48 UTC (rev 218835)
</span><span class="lines">@@ -1,3 +1,16 @@
</span><ins>+2017-06-27  Frederic Wang  <fwang@igalia.com>
+
+        Some tests to verify forbidden frame navigation time out
+        https://bugs.webkit.org/show_bug.cgi?id=173657
+
+        Reviewed by Chris Dumez.
+
+        * web-platform-tests/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_allow_top_navigation-2-expected.txt: Update the text expectation to PASS.
+        * web-platform-tests/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_allow_top_navigation_by_user_activation_without_user_gesture-expected.txt: Ditto.
+        * web-platform-tests/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_navigate_ancestor-1-expected.txt: Ditto.
+        * web-platform-tests/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_popups_escaping-3-expected.txt: Add the security error until bug 173162 is fixed.
+        * web-platform-tests/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_popups_nonescaping-3-expected.txt: Ditto.
+
</ins><span class="cx"> 2017-06-23  Youenn Fablet  <youenn@apple.com>
</span><span class="cx"> 
</span><span class="cx">         Set getUserMedia permission to true by default on WTR
</span></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestshtmlsemanticsembeddedcontenttheiframeelementiframe_sandbox_allow_top_navigation2expectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_allow_top_navigation-2-expected.txt (218834 => 218835)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_allow_top_navigation-2-expected.txt  2017-06-27 14:49:20 UTC (rev 218834)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_allow_top_navigation-2-expected.txt     2017-06-27 15:59:48 UTC (rev 218835)
</span><span class="lines">@@ -2,7 +2,5 @@
</span><span class="cx"> 
</span><span class="cx"> 
</span><span class="cx"> 
</span><del>-Harness Error (TIMEOUT), message = null
</del><ins>+PASS Frames without `allow-top-navigation` should not be able to navigate the top frame. 
</ins><span class="cx"> 
</span><del>-TIMEOUT Frames without `allow-top-navigation` should not be able to navigate the top frame. Test timed out
-
</del></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestshtmlsemanticsembeddedcontenttheiframeelementiframe_sandbox_allow_top_navigation_by_user_activation_without_user_gestureexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_allow_top_navigation_by_user_activation_without_user_gesture-expected.txt (218834 => 218835)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_allow_top_navigation_by_user_activation_without_user_gesture-expected.txt    2017-06-27 14:49:20 UTC (rev 218834)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_allow_top_navigation_by_user_activation_without_user_gesture-expected.txt       2017-06-27 15:59:48 UTC (rev 218835)
</span><span class="lines">@@ -5,5 +5,5 @@
</span><span class="cx"> 
</span><span class="cx"> 
</span><span class="cx"> 
</span><del>-FAIL The sandboxed iframe should post a message saying the test was in the state of 'PASS'. assert_equals: The message should say 'PASS' instead of 'FAIL' expected "PASS" but got "FAIL"
</del><ins>+PASS The sandboxed iframe should post a message saying the test was in the state of 'PASS'. 
</ins><span class="cx"> 
</span></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestshtmlsemanticsembeddedcontenttheiframeelementiframe_sandbox_navigate_ancestor1expectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_navigate_ancestor-1-expected.txt (218834 => 218835)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_navigate_ancestor-1-expected.txt     2017-06-27 14:49:20 UTC (rev 218834)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_navigate_ancestor-1-expected.txt        2017-06-27 15:59:48 UTC (rev 218835)
</span><span class="lines">@@ -2,7 +2,5 @@
</span><span class="cx"> 
</span><span class="cx"> 
</span><span class="cx"> 
</span><del>-Harness Error (TIMEOUT), message = null
</del><ins>+PASS Check that sandboxed iframe can not navigate their ancestors 
</ins><span class="cx"> 
</span><del>-NOTRUN Check that sandboxed iframe can not navigate their ancestors 
-
</del></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestshtmlsemanticsembeddedcontenttheiframeelementiframe_sandbox_popups_escaping3expectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_popups_escaping-3-expected.txt (218834 => 218835)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_popups_escaping-3-expected.txt       2017-06-27 14:49:20 UTC (rev 218834)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_popups_escaping-3-expected.txt  2017-06-27 15:59:48 UTC (rev 218835)
</span><span class="lines">@@ -1,5 +1,6 @@
</span><span class="cx"> CONSOLE MESSAGE: line 15: Unsafe JavaScript attempt to initiate navigation for frame with URL 'about:blank' from frame with URL 'http://localhost:8800/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_popups_helper-3.html'. The frame attempting navigation is sandboxed, and is therefore disallowed from navigating its ancestors.
</span><span class="cx"> 
</span><ins>+CONSOLE MESSAGE: line 15: SecurityError (DOM Exception 18): The operation is insecure.
</ins><span class="cx"> 
</span><span class="cx"> 
</span><span class="cx"> Harness Error (TIMEOUT), message = null
</span></span></pre></div>
<a id="trunkLayoutTestsimportedw3cwebplatformtestshtmlsemanticsembeddedcontenttheiframeelementiframe_sandbox_popups_nonescaping3expectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_popups_nonescaping-3-expected.txt (218834 => 218835)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/imported/w3c/web-platform-tests/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_popups_nonescaping-3-expected.txt    2017-06-27 14:49:20 UTC (rev 218834)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_popups_nonescaping-3-expected.txt       2017-06-27 15:59:48 UTC (rev 218835)
</span><span class="lines">@@ -1,5 +1,6 @@
</span><span class="cx"> CONSOLE MESSAGE: line 15: Unsafe JavaScript attempt to initiate navigation for frame with URL 'about:blank' from frame with URL 'http://localhost:8800/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_popups_helper-3.html'. The frame attempting navigation is sandboxed, and is therefore disallowed from navigating its ancestors.
</span><span class="cx"> 
</span><ins>+CONSOLE MESSAGE: line 15: SecurityError (DOM Exception 18): The operation is insecure.
</ins><span class="cx"> 
</span><span class="cx"> 
</span><span class="cx"> Harness Error (TIMEOUT), message = null
</span></span></pre></div>
<a id="trunkSourceWebCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/ChangeLog (218834 => 218835)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/ChangeLog   2017-06-27 14:49:20 UTC (rev 218834)
+++ trunk/Source/WebCore/ChangeLog      2017-06-27 15:59:48 UTC (rev 218835)
</span><span class="lines">@@ -1,3 +1,35 @@
</span><ins>+2017-06-27  Frederic Wang  <fwang@igalia.com>
+
+        Some tests to verify forbidden frame navigation time out
+        https://bugs.webkit.org/show_bug.cgi?id=173657
+
+        Reviewed by Chris Dumez.
+
+        Currently some tests try and perform a forbidden frame navigation and verify the
+        corresponding console error. However, WebKit does not raise any exception for such error so
+        the tests have to wait until the timeout limit to complete, which makes execution slow.
+        This patch modifies the setters of window.location for which such error may happen in order
+        to raise an exception so the tests behave as expected.
+
+        No new tests, already covered by existing tests.
+
+        * page/Location.cpp: Adjust Location::setLocation to return a security exception and pass it
+        to the callers.
+        (WebCore::Location::setHref): Adjust function to possibly return an exception.
+        (WebCore::Location::setProtocol): Ditto.
+        (WebCore::Location::setHost): Ditto.
+        (WebCore::Location::setHostname): Ditto.
+        (WebCore::Location::setPort): Ditto.
+        (WebCore::Location::setPathname): Ditto.
+        (WebCore::Location::setSearch): Ditto.
+        (WebCore::Location::setHash): Ditto.
+        (WebCore::Location::assign): Ditto.
+        (WebCore::Location::setLocation): FrameLoader::findFrameForNavigation is really only used
+        to verify whether navigating m_frame is permitted so it is more simple and clearer to do it
+        directly. When navigation is not permitted, this function now raises a security exception.
+        * page/Location.h: Modify some setters to return an ExceptionOr<void>.
+        * page/Location.idl: Allow some setters to raise an exception.
+
</ins><span class="cx"> 2017-06-26  Fujii Hironori  <Hironori.Fujii@sony.com>
</span><span class="cx"> 
</span><span class="cx">         [GTK] Layout Test webrtc/video.html issues "stack smashing detected"
</span></span></pre></div>
<a id="trunkSourceWebCorepageLocationcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/page/Location.cpp (218834 => 218835)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/page/Location.cpp   2017-06-27 14:49:20 UTC (rev 218834)
+++ trunk/Source/WebCore/page/Location.cpp      2017-06-27 15:59:48 UTC (rev 218835)
</span><span class="lines">@@ -150,11 +150,11 @@
</span><span class="cx">     return fragmentIdentifier.isEmpty() ? emptyString() : "#" + fragmentIdentifier;
</span><span class="cx"> }
</span><span class="cx"> 
</span><del>-void Location::setHref(DOMWindow& activeWindow, DOMWindow& firstWindow, const String& url)
</del><ins>+ExceptionOr<void> Location::setHref(DOMWindow& activeWindow, DOMWindow& firstWindow, const String& url)
</ins><span class="cx"> {
</span><span class="cx">     if (!m_frame)
</span><del>-        return;
-    setLocation(activeWindow, firstWindow, url);
</del><ins>+        return { };
+    return setLocation(activeWindow, firstWindow, url);
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> ExceptionOr<void> Location::setProtocol(DOMWindow& activeWindow, DOMWindow& firstWindow, const String& protocol)
</span><span class="lines">@@ -164,32 +164,31 @@
</span><span class="cx">     URL url = m_frame->document()->url();
</span><span class="cx">     if (!url.setProtocol(protocol))
</span><span class="cx">         return Exception { SYNTAX_ERR };
</span><del>-    setLocation(activeWindow, firstWindow, url.string());
-    return { };
</del><ins>+    return setLocation(activeWindow, firstWindow, url.string());
</ins><span class="cx"> }
</span><span class="cx"> 
</span><del>-void Location::setHost(DOMWindow& activeWindow, DOMWindow& firstWindow, const String& host)
</del><ins>+ExceptionOr<void> Location::setHost(DOMWindow& activeWindow, DOMWindow& firstWindow, const String& host)
</ins><span class="cx"> {
</span><span class="cx">     if (!m_frame)
</span><del>-        return;
</del><ins>+        return { };
</ins><span class="cx">     URL url = m_frame->document()->url();
</span><span class="cx">     url.setHostAndPort(host);
</span><del>-    setLocation(activeWindow, firstWindow, url.string());
</del><ins>+    return setLocation(activeWindow, firstWindow, url.string());
</ins><span class="cx"> }
</span><span class="cx"> 
</span><del>-void Location::setHostname(DOMWindow& activeWindow, DOMWindow& firstWindow, const String& hostname)
</del><ins>+ExceptionOr<void> Location::setHostname(DOMWindow& activeWindow, DOMWindow& firstWindow, const String& hostname)
</ins><span class="cx"> {
</span><span class="cx">     if (!m_frame)
</span><del>-        return;
</del><ins>+        return { };
</ins><span class="cx">     URL url = m_frame->document()->url();
</span><span class="cx">     url.setHost(hostname);
</span><del>-    setLocation(activeWindow, firstWindow, url.string());
</del><ins>+    return setLocation(activeWindow, firstWindow, url.string());
</ins><span class="cx"> }
</span><span class="cx"> 
</span><del>-void Location::setPort(DOMWindow& activeWindow, DOMWindow& firstWindow, const String& portString)
</del><ins>+ExceptionOr<void> Location::setPort(DOMWindow& activeWindow, DOMWindow& firstWindow, const String& portString)
</ins><span class="cx"> {
</span><span class="cx">     if (!m_frame)
</span><del>-        return;
</del><ins>+        return { };
</ins><span class="cx">     URL url = m_frame->document()->url();
</span><span class="cx">     int port = portString.toInt();
</span><span class="cx">     if (port < 0 || port > 0xFFFF || portString.isEmpty())
</span><span class="lines">@@ -196,31 +195,31 @@
</span><span class="cx">         url.removePort();
</span><span class="cx">     else
</span><span class="cx">         url.setPort(port);
</span><del>-    setLocation(activeWindow, firstWindow, url.string());
</del><ins>+    return setLocation(activeWindow, firstWindow, url.string());
</ins><span class="cx"> }
</span><span class="cx"> 
</span><del>-void Location::setPathname(DOMWindow& activeWindow, DOMWindow& firstWindow, const String& pathname)
</del><ins>+ExceptionOr<void> Location::setPathname(DOMWindow& activeWindow, DOMWindow& firstWindow, const String& pathname)
</ins><span class="cx"> {
</span><span class="cx">     if (!m_frame)
</span><del>-        return;
</del><ins>+        return { };
</ins><span class="cx">     URL url = m_frame->document()->url();
</span><span class="cx">     url.setPath(pathname);
</span><del>-    setLocation(activeWindow, firstWindow, url.string());
</del><ins>+    return setLocation(activeWindow, firstWindow, url.string());
</ins><span class="cx"> }
</span><span class="cx"> 
</span><del>-void Location::setSearch(DOMWindow& activeWindow, DOMWindow& firstWindow, const String& search)
</del><ins>+ExceptionOr<void> Location::setSearch(DOMWindow& activeWindow, DOMWindow& firstWindow, const String& search)
</ins><span class="cx"> {
</span><span class="cx">     if (!m_frame)
</span><del>-        return;
</del><ins>+        return { };
</ins><span class="cx">     URL url = m_frame->document()->url();
</span><span class="cx">     url.setQuery(search);
</span><del>-    setLocation(activeWindow, firstWindow, url.string());
</del><ins>+    return setLocation(activeWindow, firstWindow, url.string());
</ins><span class="cx"> }
</span><span class="cx"> 
</span><del>-void Location::setHash(DOMWindow& activeWindow, DOMWindow& firstWindow, const String& hash)
</del><ins>+ExceptionOr<void> Location::setHash(DOMWindow& activeWindow, DOMWindow& firstWindow, const String& hash)
</ins><span class="cx"> {
</span><span class="cx">     if (!m_frame)
</span><del>-        return;
</del><ins>+        return { };
</ins><span class="cx">     ASSERT(m_frame->document());
</span><span class="cx">     auto url = m_frame->document()->url();
</span><span class="cx">     auto oldFragmentIdentifier = url.fragmentIdentifier();
</span><span class="lines">@@ -232,15 +231,15 @@
</span><span class="cx">     // comparing fragments post-canonicalization, and so this handles the 
</span><span class="cx">     // cases where fragment identifiers are ignored or invalid. 
</span><span class="cx">     if (equalIgnoringNullity(oldFragmentIdentifier, url.fragmentIdentifier()))
</span><del>-        return;
-    setLocation(activeWindow, firstWindow, url.string());
</del><ins>+        return { };
+    return setLocation(activeWindow, firstWindow, url.string());
</ins><span class="cx"> }
</span><span class="cx"> 
</span><del>-void Location::assign(DOMWindow& activeWindow, DOMWindow& firstWindow, const String& url)
</del><ins>+ExceptionOr<void> Location::assign(DOMWindow& activeWindow, DOMWindow& firstWindow, const String& url)
</ins><span class="cx"> {
</span><span class="cx">     if (!m_frame)
</span><del>-        return;
-    setLocation(activeWindow, firstWindow, url);
</del><ins>+        return { };
+    return setLocation(activeWindow, firstWindow, url);
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> void Location::replace(DOMWindow& activeWindow, DOMWindow& firstWindow, const String& url)
</span><span class="lines">@@ -280,15 +279,15 @@
</span><span class="cx">     m_frame->navigationScheduler().scheduleRefresh(activeDocument);
</span><span class="cx"> }
</span><span class="cx"> 
</span><del>-void Location::setLocation(DOMWindow& activeWindow, DOMWindow& firstWindow, const String& url)
</del><ins>+ExceptionOr<void> Location::setLocation(DOMWindow& activeWindow, DOMWindow& firstWindow, const String& url)
</ins><span class="cx"> {
</span><span class="cx">     ASSERT(m_frame);
</span><del>-    auto* targetFrame = m_frame->loader().findFrameForNavigation({ }, activeWindow.document());
-    if (!targetFrame)
-        return;
-    ASSERT(targetFrame->document());
-    ASSERT(targetFrame->document()->domWindow());
-    targetFrame->document()->domWindow()->setLocation(activeWindow, firstWindow, url);
</del><ins>+    if (!activeWindow.document()->canNavigate(m_frame))
+        return Exception { SECURITY_ERR };
+    ASSERT(m_frame->document());
+    ASSERT(m_frame->document()->domWindow());
+    m_frame->document()->domWindow()->setLocation(activeWindow, firstWindow, url);
+    return { };
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> } // namespace WebCore
</span></span></pre></div>
<a id="trunkSourceWebCorepageLocationh"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/page/Location.h (218834 => 218835)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/page/Location.h     2017-06-27 14:49:20 UTC (rev 218834)
+++ trunk/Source/WebCore/page/Location.h        2017-06-27 15:59:48 UTC (rev 218835)
</span><span class="lines">@@ -43,26 +43,26 @@
</span><span class="cx"> public:
</span><span class="cx">     static Ref<Location> create(Frame* frame) { return adoptRef(*new Location(frame)); }
</span><span class="cx"> 
</span><del>-    void setHref(DOMWindow& activeWindow, DOMWindow& firstWindow, const String&);
</del><ins>+    ExceptionOr<void> setHref(DOMWindow& activeWindow, DOMWindow& firstWindow, const String&);
</ins><span class="cx">     String href() const;
</span><span class="cx"> 
</span><del>-    void assign(DOMWindow& activeWindow, DOMWindow& firstWindow, const String&);
</del><ins>+    ExceptionOr<void> assign(DOMWindow& activeWindow, DOMWindow& firstWindow, const String&);
</ins><span class="cx">     void replace(DOMWindow& activeWindow, DOMWindow& firstWindow, const String&);
</span><span class="cx">     void reload(DOMWindow& activeWindow);
</span><span class="cx"> 
</span><span class="cx">     ExceptionOr<void> setProtocol(DOMWindow& activeWindow, DOMWindow& firstWindow, const String&);
</span><span class="cx">     String protocol() const;
</span><del>-    void setHost(DOMWindow& activeWindow, DOMWindow& firstWindow, const String&);
</del><ins>+    ExceptionOr<void> setHost(DOMWindow& activeWindow, DOMWindow& firstWindow, const String&);
</ins><span class="cx">     String host() const;
</span><del>-    void setHostname(DOMWindow& activeWindow, DOMWindow& firstWindow, const String&);
</del><ins>+    ExceptionOr<void> setHostname(DOMWindow& activeWindow, DOMWindow& firstWindow, const String&);
</ins><span class="cx">     String hostname() const;
</span><del>-    void setPort(DOMWindow& activeWindow, DOMWindow& firstWindow, const String&);
</del><ins>+    ExceptionOr<void> setPort(DOMWindow& activeWindow, DOMWindow& firstWindow, const String&);
</ins><span class="cx">     String port() const;
</span><del>-    void setPathname(DOMWindow& activeWindow, DOMWindow& firstWindow, const String&);
</del><ins>+    ExceptionOr<void> setPathname(DOMWindow& activeWindow, DOMWindow& firstWindow, const String&);
</ins><span class="cx">     String pathname() const;
</span><del>-    void setSearch(DOMWindow& activeWindow, DOMWindow& firstWindow, const String&);
</del><ins>+    ExceptionOr<void> setSearch(DOMWindow& activeWindow, DOMWindow& firstWindow, const String&);
</ins><span class="cx">     String search() const;
</span><del>-    void setHash(DOMWindow& activeWindow, DOMWindow& firstWindow, const String&);
</del><ins>+    ExceptionOr<void> setHash(DOMWindow& activeWindow, DOMWindow& firstWindow, const String&);
</ins><span class="cx">     String hash() const;
</span><span class="cx">     String origin() const;
</span><span class="cx"> 
</span><span class="lines">@@ -73,7 +73,7 @@
</span><span class="cx"> private:
</span><span class="cx">     explicit Location(Frame*);
</span><span class="cx"> 
</span><del>-    void setLocation(DOMWindow& activeWindow, DOMWindow& firstWindow, const String&);
</del><ins>+    ExceptionOr<void> setLocation(DOMWindow& activeWindow, DOMWindow& firstWindow, const String&);
</ins><span class="cx"> 
</span><span class="cx">     const URL& url() const;
</span><span class="cx"> };
</span></span></pre></div>
<a id="trunkSourceWebCorepageLocationidl"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/page/Location.idl (218834 => 218835)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/page/Location.idl   2017-06-27 14:49:20 UTC (rev 218834)
+++ trunk/Source/WebCore/page/Location.idl      2017-06-27 15:59:48 UTC (rev 218835)
</span><span class="lines">@@ -42,20 +42,20 @@
</span><span class="cx">     IsImmutablePrototypeExoticObject,
</span><span class="cx">     Unforgeable,
</span><span class="cx"> ] interface Location {
</span><del>-    [SetterCallWith=ActiveWindow&FirstWindow, DoNotCheckSecurityOnSetter] stringifier attribute USVString href;
</del><ins>+    [SetterCallWith=ActiveWindow&FirstWindow, SetterMayThrowException, DoNotCheckSecurityOnSetter] stringifier attribute USVString href;
</ins><span class="cx"> 
</span><del>-    [CallWith=ActiveWindow&FirstWindow, ForwardDeclareInHeader] void assign(USVString url);
</del><ins>+    [CallWith=ActiveWindow&FirstWindow, MayThrowException, ForwardDeclareInHeader] void assign(USVString url);
</ins><span class="cx">     [DoNotCheckSecurity, CallWith=ActiveWindow&FirstWindow, ForwardDeclareInHeader] void replace(USVString url);
</span><span class="cx">     [CallWith=ActiveWindow, ForwardDeclareInHeader] void reload();
</span><span class="cx"> 
</span><span class="cx">     // URI decomposition attributes
</span><span class="cx">     [SetterCallWith=ActiveWindow&FirstWindow, SetterMayThrowException] attribute USVString protocol;
</span><del>-    [SetterCallWith=ActiveWindow&FirstWindow] attribute USVString host;
-    [SetterCallWith=ActiveWindow&FirstWindow] attribute USVString hostname;
-    [SetterCallWith=ActiveWindow&FirstWindow] attribute USVString port;
-    [SetterCallWith=ActiveWindow&FirstWindow] attribute USVString pathname;
-    [SetterCallWith=ActiveWindow&FirstWindow] attribute USVString search;
-    [SetterCallWith=ActiveWindow&FirstWindow] attribute USVString hash;
</del><ins>+    [SetterCallWith=ActiveWindow&FirstWindow, SetterMayThrowException] attribute USVString host;
+    [SetterCallWith=ActiveWindow&FirstWindow, SetterMayThrowException] attribute USVString hostname;
+    [SetterCallWith=ActiveWindow&FirstWindow, SetterMayThrowException] attribute USVString port;
+    [SetterCallWith=ActiveWindow&FirstWindow, SetterMayThrowException] attribute USVString pathname;
+    [SetterCallWith=ActiveWindow&FirstWindow, SetterMayThrowException] attribute USVString search;
+    [SetterCallWith=ActiveWindow&FirstWindow, SetterMayThrowException] attribute USVString hash;
</ins><span class="cx"> 
</span><span class="cx">     readonly attribute USVString origin;
</span><span class="cx"> 
</span></span></pre>
</div>
</div>

</body>
</html>