[Webkit-unassigned] [Bug 209067] New: [ Mac wk1 ] http/tests/security/javascriptURL/xss-DENIED-to-javascript-url-in-foreign-domain-subframe.html is flaky failing.

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Mar 13 11:18:31 PDT 2020 

https://bugs.webkit.org/show_bug.cgi?id=209067

            Bug ID: 209067
           Summary: [ Mac wk1 ]
                    http/tests/security/javascriptURL/xss-DENIED-to-javasc
                    ript-url-in-foreign-domain-subframe.html is flaky
                    failing.
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Macintosh
                OS: macOS 10.15
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebCore JavaScript
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: Lawrence.j at apple.com

http/tests/security/javascriptURL/xss-DENIED-to-javascript-url-in-foreign-domain-subframe.html

Description:
This test is flaky failing on Mac wk1. The flaky failures are present throughout the visible history.

History:
https://results.webkit.org/?suite=layout-tests&test=http%2Ftests%2Fsecurity%2FjavascriptURL%2Fxss-DENIED-to-javascript-url-in-foreign-domain-subframe.html&platform=mac&flavor=wk1&style=debug&style=release&limit=50000&recent=false

Diff:
--- /Volumes/Data/slave/mojave-release-tests-wk1/build/layout-test-results/http/tests/security/javascriptURL/xss-DENIED-to-javascript-url-in-foreign-domain-subframe-expected.txt
+++ /Volumes/Data/slave/mojave-release-tests-wk1/build/layout-test-results/http/tests/security/javascriptURL/xss-DENIED-to-javascript-url-in-foreign-domain-subframe-actual.txt
@@ -1,20 +1,47 @@
-CONSOLE MESSAGE: line 41: SecurityError: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a cross-origin frame. Protocols, domains, and ports must match.
-The scenario for this test is that you have an iframe with content from a foreign domain. In that foreign content is an iframe which loads a javascript: URL. This tests that this main document does not have access to that javascript: URL loaded iframe.
-
-
-PASS: Cross frame access to a javascript: URL embed in a frame on a foreign domain denied!
-
-
---------
-Frame: '<!--frame1-->'
---------
-Inner iframe on a foreign domain.
-
-
-
---------
-Frame: 'aFrame'
---------
-PASS: Cross frame access from a frame on a foreign domain denied!
-
-Inner-inner iframe. This iframe (which is javascript: URL and whose parent is on a foreign domain) is the frame that the main frame is trying to access. It should not have access to it.
+layer at (0,0) size 800x600
+  RenderView at (0,0) size 800x600
+layer at (0,0) size 800x600
+  RenderBlock {HTML} at (0,0) size 800x600
+    RenderBody {BODY} at (8,8) size 784x579
+      RenderBlock {P} at (0,0) size 784x54
+        RenderText {#text} at (0,0) size 755x54
+          text run at (0,0) width 568: "The scenario for this test is that you have an iframe with content from a foreign domain. "
+          text run at (567,0) width 148: "In that foreign content "
+          text run at (714,0) width 31: "is an"
+          text run at (0,18) width 249: "iframe which loads a javascript: URL. "
+          text run at (248,18) width 405: "This tests that this main document does not have access to that "
+          text run at (652,18) width 103: "javascript: URL"
+          text run at (0,36) width 93: "loaded iframe."
+      RenderBlock (anonymous) at (0,70) size 784x204
+        RenderIFrame {IFRAME} at (0,0) size 404x204 [border: (2px inset #000000)]
+          layer at (0,0) size 385x204
+            RenderView at (0,0) size 385x200
+          layer at (0,0) size 385x204
+            RenderBlock {HTML} at (0,0) size 385x204
+              RenderBody {BODY} at (8,8) size 369x188
+                RenderBlock {P} at (0,0) size 369x18
+                  RenderText {#text} at (0,0) size 217x18
+                    text run at (0,0) width 217: "Inner iframe on a foreign domain."
+                RenderBlock (anonymous) at (0,34) size 369x154
+                  RenderIFrame {IFRAME} at (0,0) size 304x154 [border: (2px inset #000000)]
+                    layer at (0,0) size 285x166
+                      RenderView at (0,0) size 285x150
+                    layer at (0,0) size 285x166
+                      RenderBlock {HTML} at (0,0) size 285x166
+                        RenderBody {BODY} at (8,8) size 269x142
+                          RenderBlock {P} at (0,0) size 269x36
+                            RenderText {#text} at (0,0) size 256x36
+                              text run at (0,0) width 256: "PASS: Cross frame access from a frame"
+                              text run at (0,18) width 182: "on a foreign domain denied!"
+                          RenderBlock {P} at (0,52) size 269x90
+                            RenderText {#text} at (0,0) size 264x90
+                              text run at (0,0) width 263: "Inner-inner iframe. This iframe (which is"
+                              text run at (0,18) width 264: "javascript: URL and whose parent is on a"
+                              text run at (0,36) width 235: "foreign domain) is the frame that the"
+                              text run at (0,54) width 200: "main frame is trying to access. "
+                              text run at (199,54) width 57: "It should"
+                              text run at (0,72) width 133: "not have access to it."
+                  RenderText {#text} at (0,0) size 0x0
+                  RenderText {#text} at (0,0) size 0x0
+        RenderText {#text} at (0,0) size 0x0
+      RenderBlock {PRE} at (0,287) size 784x0

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200313/21cbdff8/attachment-0001.htm>

More information about the webkit-unassigned mailing list