RESOLVED FIXED 120595
[Qt] REGRESSION(r154444): xss-DENIED test results changed 
https://bugs.webkit.org/show_bug.cgi?id=120595
Summary [Qt] REGRESSION(r154444): xss-DENIED test results changed
Zoltan Arvai
Reported 2013-09-02 01:37:57 PDT
Created attachment 210268 [details] layout-test-results-debug-r154875 Some tests results changed after the patch in http://trac.webkit.org/changeset/154444. After unsuccessful bisecting with applied patch in range r154300 and r154444, I applied the patch to r154291 and turned out the patch caused the failure. On release bots: http://build.webkit.sed.hu/results/x86-32%20Linux%20Qt%20Release%20NRWT/r154873%20%2836388%29/results.html http/tests/security/aboutBlank/xss-DENIED-navigate-opener-javascript-url.html http/tests/security/aboutBlank/xss-DENIED-set-opener.html http/tests/security/dataURL/xss-DENIED-from-data-url-in-foreign-domain-window-open.html http/tests/security/dataURL/xss-DENIED-to-data-url-in-foreign-domain-window-open.html On my local machine additionally fails with release: http/tests/security/javascriptURL/xss-DENIED-from-javascript-url-in-foreign-domain-window-open.html http/tests/security/xss-DENIED-defineProperty.html on debug bots: http://build.webkit.sed.hu/results/x86-64%20Linux%20Qt%20Debug/r154870%20%2830291%29/results.html same as release http/tests/security/aboutBlank/xss-DENIED-navigate-opener-javascript-url.html http/tests/security/aboutBlank/xss-DENIED-set-opener.html http/tests/security/dataURL/xss-DENIED-from-data-url-in-foreign-domain-window-open.html http/tests/security/dataURL/xss-DENIED-to-data-url-in-foreign-domain-window-open.html additionally failes http/tests/security/dataURL/xss-DENIED-from-data-url-to-data-url.html http/tests/security/dataURL/xss-DENIED-to-data-url-in-foreign-domain-subframe-location-change.html http/tests/security/dataURL/xss-DENIED-to-data-url-in-foreign-domain-subframe.html http/tests/security/dataURL/xss-DENIED-to-data-url-sub-frame-2-level.html Debug r154875 test results are attached. One example: --- /home/azbest/webkit/WebKit/layout-test-results/http/tests/security/aboutBlank/xss-DENIED-navigate-opener-javascript-url-expected.txt +++ /home/azbest/webkit/WebKit/layout-test-results/http/tests/security/aboutBlank/xss-DENIED-navigate-opener-javascript-url-actual.txt @@ -1,5 +1,3 @@ -CONSOLE MESSAGE: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a frame with origin "http://localhost:8000". Protocols, domains, and ports must match. -CONSOLE MESSAGE: line 1: TypeError: undefined is not an object (evaluating 'target.document.body') This page opens a window to "", injects malicious code, and then navigates its opener to the victim. The opened window then tries to scripts its opener after reloading itself as a javascript URL. Code injected into window: <script>window.location = 'javascript:\'<script>function write(target, message) { target.document.body.innerHTML = message; }setTimeout(function() {write(window.opener, \\\'FAIL: XSS was allowed.\\\');}, 100);setTimeout(function() {write(window.opener.top.frames[1], \\\'SUCCESS: Window remained in original SecurityOrigin.\\\');}, 200);setTimeout(function() { if (window.testRunner) testRunner.globalFlag = true; }, 300);<\\\/script>\''</script> @@ -13,4 +11,4 @@ -------- Frame: '<!--framePath //<!--frame1-->-->' -------- -SUCCESS: Window remained in original SecurityOrigin. +This page doesn't do anything special.
Attachments
layout-test-results-debug-r154875 (596.16 KB, application/zip)
2013-09-02 01:37 PDT, Zoltan Arvai 		no flags
Details
Patch (4.47 KB, patch)
2013-09-11 07:27 PDT, Allan Sandfeld Jensen 		jturcotte: review+
buildbot: commit-queue-
DetailsFormatted DiffDiff
Archive of layout-test-results from webkit-ews-13 for mac-mountainlion-wk2 (656.33 KB, application/zip)
2013-09-11 08:15 PDT, Build Bot 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Zoltan Arvai
Comment 1 2013-09-02 08:11:07 PDT
Skipped on Qt in http://trac.webkit.org/changeset/154952.
Allan Sandfeld Jensen
Comment 2 2013-09-11 07:27:11 PDT
Created attachment 211312 [details] Patch
WebKit Commit Bot
Comment 3 2013-09-11 07:28:43 PDT
Attachment 211312 [details] did not pass style-queue: Failed to run "['Tools/Scripts/check-webkit-style', '--diff-files', u'LayoutTests/ChangeLog', u'LayoutTests/platform/qt/TestExpectations', u'Tools/ChangeLog', u'Tools/DumpRenderTree/qt/DumpRenderTreeQt.cpp']" exit_code: 1 Tools/DumpRenderTree/qt/DumpRenderTreeQt.cpp:776: Weird number of spaces at line-start. Are you using a 4-space indent? [whitespace/indent] [3] Total errors found: 1 in 3 files If any of these errors are false positives, please file a bug against check-webkit-style.
Build Bot
Comment 4 2013-09-11 08:15:21 PDT
Comment on attachment 211312 [details] Patch Attachment 211312 [details] did not pass mac-wk2-ews (mac-wk2): Output: http://webkit-queues.appspot.com/results/1787051 New failing tests: compositing/reflections/load-video-in-reflection.html
Build Bot
Comment 5 2013-09-11 08:15:22 PDT
Created attachment 211315 [details] Archive of layout-test-results from webkit-ews-13 for mac-mountainlion-wk2 The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews. Bot: webkit-ews-13 Port: mac-mountainlion-wk2 Platform: Mac OS X 10.8.4
Allan Sandfeld Jensen
Comment 6 2013-09-11 08:29:55 PDT
(In reply to comment #4) > (From update of attachment 211312 [details]) > Attachment 211312 [details] did not pass mac-wk2-ews (mac-wk2): > Output: http://webkit-queues.appspot.com/results/1787051 > > New failing tests: > compositing/reflections/load-video-in-reflection.html The bot must be flaky, only Qt code was changed.
Jocelyn Turcotte
Comment 7 2013-09-13 07:55:34 PDT
Comment on attachment 211312 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=211312&action=review > Tools/ChangeLog:3 > + [Qt] REGRESSION(r154444): xss-DENIED test results changed Need a short description (OOPS!) Please fix.
Allan Sandfeld Jensen
Comment 8 2013-09-13 08:14:17 PDT
Committed r155699: <http://trac.webkit.org/changeset/155699>
Note You need to log in before you can comment on or make changes to this bug.