diff options
Diffstat (limited to 'webkit')
4 files changed, 3 insertions, 6 deletions
diff --git a/webkit/data/layout_test_results/v8/LayoutTests/http/tests/security/aboutBlank/xss-DENIED-navigate-opener-document-write-expected.txt b/webkit/data/layout_test_results/v8/LayoutTests/http/tests/security/aboutBlank/xss-DENIED-navigate-opener-document-write-expected.txt index ee4126b..fb72c2a 100644 --- a/webkit/data/layout_test_results/v8/LayoutTests/http/tests/security/aboutBlank/xss-DENIED-navigate-opener-document-write-expected.txt +++ b/webkit/data/layout_test_results/v8/LayoutTests/http/tests/security/aboutBlank/xss-DENIED-navigate-opener-document-write-expected.txt @@ -1,4 +1,4 @@ -CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/innocent-victim-with-notify.html from frame with URL about:blank. Domains, protocols and ports must match. +CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/innocent-victim-with-notify.html from frame with URL http://127.0.0.1:8000/security/aboutBlank/xss-DENIED-navigate-opener-document-write.html. Domains, protocols and ports must match. CONSOLE MESSAGE: line 1: Uncaught TypeError: Cannot read property 'body' of undefined This page opens a window to "", injects malicious code, and then navigates its opener to the victim. The opened window then tries to scripts its opener after document.writeing a new document. diff --git a/webkit/data/layout_test_results/v8/LayoutTests/http/tests/security/aboutBlank/xss-DENIED-navigate-opener-javascript-url-expected.txt b/webkit/data/layout_test_results/v8/LayoutTests/http/tests/security/aboutBlank/xss-DENIED-navigate-opener-javascript-url-expected.txt index 6a23c08..94f6484 100644 --- a/webkit/data/layout_test_results/v8/LayoutTests/http/tests/security/aboutBlank/xss-DENIED-navigate-opener-javascript-url-expected.txt +++ b/webkit/data/layout_test_results/v8/LayoutTests/http/tests/security/aboutBlank/xss-DENIED-navigate-opener-javascript-url-expected.txt @@ -1,4 +1,4 @@ -CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/innocent-victim-with-notify.html from frame with URL about:blank. Domains, protocols and ports must match. +CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/innocent-victim-with-notify.html from frame with URL http://127.0.0.1:8000/security/aboutBlank/xss-DENIED-navigate-opener-javascript-url.html. Domains, protocols and ports must match. CONSOLE MESSAGE: line 1: Uncaught TypeError: Cannot read property 'body' of undefined This page opens a window to "", injects malicious code, and then navigates its opener to the victim. The opened window then tries to scripts its opener after reloading itself as a javascript URL. diff --git a/webkit/data/layout_test_results/v8/LayoutTests/http/tests/security/aboutBlank/xss-DENIED-set-opener-expected.txt b/webkit/data/layout_test_results/v8/LayoutTests/http/tests/security/aboutBlank/xss-DENIED-set-opener-expected.txt index 28a9215..7bcd3a5 100644 --- a/webkit/data/layout_test_results/v8/LayoutTests/http/tests/security/aboutBlank/xss-DENIED-set-opener-expected.txt +++ b/webkit/data/layout_test_results/v8/LayoutTests/http/tests/security/aboutBlank/xss-DENIED-set-opener-expected.txt @@ -1,6 +1,6 @@ CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/innocent-victim.html from frame with URL http://127.0.0.1:8000/security/aboutBlank/xss-DENIED-set-opener.html. Domains, protocols and ports must match. -CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/innocent-victim.html from frame with URL about:blank. Domains, protocols and ports must match. +CONSOLE MESSAGE: line 1: Unsafe JavaScript attempt to access frame with URL http://localhost:8000/security/resources/innocent-victim.html from frame with URL http://127.0.0.1:8000/security/aboutBlank/xss-DENIED-set-opener.html. Domains, protocols and ports must match. CONSOLE MESSAGE: line 1: Uncaught TypeError: Cannot read property 'body' of undefined This page opens a window to "", injects malicious code, and then uses window.open.call to set its opener to the victim. The opened window then tries to scripts its opener. diff --git a/webkit/tools/layout_tests/test_lists/win/tests_fixable.txt b/webkit/tools/layout_tests/test_lists/win/tests_fixable.txt index 5444fa6..09437e9 100644 --- a/webkit/tools/layout_tests/test_lists/win/tests_fixable.txt +++ b/webkit/tools/layout_tests/test_lists/win/tests_fixable.txt @@ -895,9 +895,6 @@ V8 | KJS # LayoutTests/http/tests/navigation/back-to-slow-frame.html = FAIL V8 | KJS # LayoutTests/http/tests/navigation/metaredirect-basic.html = FAIL V8 | KJS # LayoutTests/http/tests/navigation/post-basic.html = FAIL | PASS V8 | KJS # LayoutTests/http/tests/navigation/post-frames.html = FAIL | PASS -V8 | KJS # LayoutTests/http/tests/security/aboutBlank/xss-DENIED-navigate-opener-document-write.html = FAIL -V8 | KJS # LayoutTests/http/tests/security/aboutBlank/xss-DENIED-navigate-opener-javascript-url.html = FAIL -V8 | KJS # LayoutTests/http/tests/security/aboutBlank/xss-DENIED-set-opener.html = FAIL V8 | KJS # LayoutTests/http/tests/security/cross-frame-access-history-put.html = FAIL | TIMEOUT V8 | KJS # LayoutTests/http/tests/security/listener/xss-JSTargetNode-onclick-addEventListener.html = FAIL V8 | KJS # LayoutTests/http/tests/security/listener/xss-JSTargetNode-onclick-shortcut.html = FAIL |