RESOLVED FIXED 101956
We should trigger a console warning when we encounter invalid sandbox flags. 
https://bugs.webkit.org/show_bug.cgi?id=101956
Summary We should trigger a console warning when we encounter invalid sandbox flags.
Mike West
Reported 2012-11-12 11:23:19 PST
<iframe sandbox="allowScripts"> just bit me, and should trigger a warning. Perhaps "'allowScripts' is an invalid sandbox flag." or "'allowScripts', 'allowForms', and 'allowSameOrigin' are invalid sandbox flags." Adam, would you rather I approached this by passing in something that let us write to the console from SecurityContext::parseSandboxPolicy, or by adding an out parameter to enable the caller to do the work?
Attachments
Patch (12.52 KB, patch)
2012-11-12 12:38 PST, Mike West 		no flags
DetailsFormatted DiffDiff
Take 2. (12.74 KB, patch)
2012-11-12 13:47 PST, Mike West 		no flags
DetailsFormatted DiffDiff
Patch (12.80 KB, patch)
2012-11-12 14:16 PST, Mike West 		no flags
DetailsFormatted DiffDiff
Patch for landing (12.79 KB, patch)
2012-11-12 14:25 PST, Mike West 		no flags
DetailsFormatted DiffDiff
Patch. (17.89 KB, patch)
2012-11-15 03:56 PST, Mike West 		no flags
DetailsFormatted DiffDiff
Show Obsolete (4) View All Add attachment proposed patch, testcase, etc.
Adam Barth
Comment 1 2012-11-12 11:25:33 PST
I would go the out parameter approach, but it's up to you.
Mike West
Comment 2 2012-11-12 12:38:19 PST
Created attachment 173690 [details] Patch
Mike West
Comment 3 2012-11-12 12:39:24 PST
Here's a pass at the problem. Not entirely sure whether the StringBuilder is appropriate. WDYT, Adam?
Early Warning System Bot
Comment 4 2012-11-12 12:50:47 PST
Comment on attachment 173690 [details] Patch Attachment 173690 [details] did not pass qt-ews (qt): Output: http://queues.webkit.org/results/14815278
Early Warning System Bot
Comment 5 2012-11-12 12:52:42 PST
Comment on attachment 173690 [details] Patch Attachment 173690 [details] did not pass qt-wk2-ews (qt): Output: http://queues.webkit.org/results/14823084
EFL EWS Bot
Comment 6 2012-11-12 12:55:25 PST
Comment on attachment 173690 [details] Patch Attachment 173690 [details] did not pass efl-ews (efl): Output: http://queues.webkit.org/results/14809532
kov's GTK+ EWS bot
Comment 7 2012-11-12 13:12:48 PST
Comment on attachment 173690 [details] Patch Attachment 173690 [details] did not pass gtk-ews (gtk): Output: http://queues.webkit.org/results/14820232
Adam Barth
Comment 8 2012-11-12 13:14:19 PST
Comment on attachment 173690 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=173690&action=review > Source/WebCore/dom/SecurityContext.cpp:94 > + unsigned numTokenErrors = 0; numTokenErrors -> numberOfTokenErrors > Source/WebCore/dom/SecurityContext.cpp:122 > + tokenErrors.append(", '"); append -> appendLiteral > Source/WebCore/dom/SecurityContext.cpp:134 > + if (numTokenErrors) > + invalidTokensErrorMessage = tokenErrors.toString() + ((numTokenErrors > 1) ? " are invalid sandbox flags." : " is an invalid sandbox flag."); You shouldn't call toString on the StringBuilder until you're done. Instead, you should append these last strings and then call toString at the end. The reason is that the pattern you have here creates an extra allocation and memcpy. The temporary string you create from calling StringBuilder::toString is a waste. > Source/WebCore/page/ContentSecurityPolicy.cpp:1663 > + String message = "Error while parsing the 'sandbox' Content Security Policy directive: " + invalidFlags; > + logToConsole(message); No need to name this temporary.
Mike West
Comment 9 2012-11-12 13:47:28 PST
Created attachment 173713 [details] Take 2.
Adam Barth
Comment 10 2012-11-12 13:59:34 PST
Comment on attachment 173713 [details] Take 2. View in context: https://bugs.webkit.org/attachment.cgi?id=173713&action=review > Source/WebCore/dom/SecurityContext.cpp:125 > + tokenErrors.appendLiteral("'"); I gave you bad advice. You can actually just make this tokenErrors.append('\''), which is slightly more efficient. > Source/WebCore/dom/SecurityContext.cpp:127 > + tokenErrors.appendLiteral("'"); Ditto > Source/WebCore/dom/SecurityContext.cpp:135 > + tokenErrors.append((numberOfTokenErrors > 1) ? " are invalid sandbox flags." : " is an invalid sandbox flag."); This would be more efficient if you had a real if statement and called appendLiteral separately for the two different constants. What's going on here is that appendLiteral uses a compiler trick to figure out the length of the string at compile-time, which means we don't need to call strlen on these constants. The way you've written this code, we can't figure out the length at compile time, so we fall back to strlen. Above, it's better to use character constants rather than strings because then we don't need loops or other nonsense to traverse a one-character string. None of this really matters in this patch. I just mention it so that you know for future patches where it might matter more.
Mike West
Comment 11 2012-11-12 14:14:57 PST
(In reply to comment #10) > None of this really matters in this patch. I just mention it so that you know for future patches where it might matter more. It's good info! I appreciate you taking the time to explain. I'll spin up a new patch with these changes.
Mike West
Comment 12 2012-11-12 14:16:58 PST
Created attachment 173723 [details] Patch
Mike West
Comment 13 2012-11-12 14:25:50 PST
Created attachment 173729 [details] Patch for landing
Adam Barth
Comment 14 2012-11-12 23:03:55 PST
Comment on attachment 173729 [details] Patch for landing Regressions: Unexpected text-only failures (3) fast/frames/sandboxed-iframe-attribute-parsing.html [ Failure ] fast/frames/sandboxed-iframe-parsing-space-characters.html [ Failure ] http/tests/security/sandboxed-iframe-modify-self.html [ Failure ]
Mike West
Comment 15 2012-11-15 03:56:43 PST
Created attachment 174398 [details] Patch.
WebKit Review Bot
Comment 16 2012-11-15 05:05:28 PST
Comment on attachment 174398 [details] Patch. Clearing flags on attachment: 174398 Committed r134766: <http://trac.webkit.org/changeset/134766>
WebKit Review Bot
Comment 17 2012-11-15 05:05:34 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.