mirror of
https://github.com/mozilla/gecko-dev.git
synced 2025-11-09 12:51:09 +02:00
8e0de43673
Automatic update from web-platform-tests [NativeFileSystem] must reject in sandboxed windows Updates FileSystemDirectoryHandle.getSystemDirectory() and chooseFileSystemEntries() to reject with a SecurityError when called by a sandboxed window. This change also adds a WPT test that accesses the NativeFileSystem from opaque origins. The test includes a data URI iframe, sandboxed iframe and a sandboxed opened window. Unlike sandboxed iframes, for data URI iframes, the NativeFileSystem API is undefined because data URI iframes do not provide a secure context. This change gives the NativeFileSystem the same behavior as other web platform storage with write operations. LocalStorage, indexedDB, and cacheStorage all fail with SecurityErrors when accessed from a sandbox. However, sandboxes can read files using <input type=file> and drag&drop. In the future, if a read-only sandbox scenario emerges, we can consider loosening this policy for the NativeFileSystem. Bug: 1014248 Change-Id: Ibeafcdbf102275f2cd45f3cd7dbd8ed592c850c6 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1907278 Reviewed-by: Marijn Kruisselbrink <mek@chromium.org> Reviewed-by: Olivier Yiptong <oyiptong@chromium.org> Reviewed-by: Dave Tapuska <dtapuska@chromium.org> Commit-Queue: Steve Becker <stevebe@microsoft.com> Cr-Commit-Position: refs/heads/master@{#715119} -- wpt-commits: 1d3fc9cbe0880930a981be27b1d9de785bc71f48 wpt-pr: 20188
82 lines
3 KiB
JavaScript
82 lines
3 KiB
JavaScript
'use strict';
|
|
|
|
const kSandboxWindowUrl = 'resources/opaque-origin-sandbox.html';
|
|
|
|
function add_iframe(test, src, sandbox) {
|
|
const iframe = document.createElement('iframe');
|
|
iframe.src = src;
|
|
if (sandbox !== undefined) {
|
|
iframe.sandbox = sandbox;
|
|
}
|
|
document.body.appendChild(iframe);
|
|
test.add_cleanup(() => {
|
|
iframe.remove();
|
|
});
|
|
}
|
|
|
|
// Creates a data URI iframe that uses postMessage() to provide its parent
|
|
// with the test result. The iframe checks for the existence of
|
|
// |property_name| on the window.
|
|
async function verify_does_not_exist_in_data_uri_iframe(
|
|
test, property_name) {
|
|
const iframe_content =
|
|
'<script>' +
|
|
' const is_property_name_defined = ' +
|
|
` (self.${property_name} !== undefined);` +
|
|
' parent.postMessage({is_property_name_defined}, "*")' +
|
|
'</script>';
|
|
|
|
const data_uri = `data:text/html,${encodeURIComponent(iframe_content)}`;
|
|
add_iframe(test, data_uri);
|
|
|
|
const event_watcher = new EventWatcher(test, self, 'message');
|
|
const message_event = await event_watcher.wait_for('message')
|
|
|
|
assert_false(message_event.data.is_property_name_defined,
|
|
`Data URI iframes must not define '${property_name}'.`);
|
|
}
|
|
|
|
// |kSandboxWindowUrl| sends two messages to this window. The first is the
|
|
// result of chooseFileSystemEntries(). The second is the result of
|
|
// getSystemDirectory(). For windows using sandbox='allow-scripts',
|
|
// both results must produce rejected promises.
|
|
async function verify_results_from_sandboxed_child_window(test) {
|
|
const event_watcher = new EventWatcher(test, self, 'message');
|
|
|
|
const first_message_event = await event_watcher.wait_for('message');
|
|
assert_equals(first_message_event.data,
|
|
'chooseFileSystemEntries(): REJECTED: SecurityError');
|
|
|
|
const second_message_event = await event_watcher.wait_for('message');
|
|
assert_equals(second_message_event.data,
|
|
'getSystemDirectory(): REJECTED: SecurityError');
|
|
}
|
|
|
|
promise_test(async test => {
|
|
await verify_does_not_exist_in_data_uri_iframe(
|
|
test, 'chooseFileSystemEntries');
|
|
}, 'chooseFileSystemEntries() must be undefined for data URI iframes.');
|
|
|
|
promise_test(async test => {
|
|
await verify_does_not_exist_in_data_uri_iframe(
|
|
test, 'FileSystemDirectoryHandle');
|
|
}, 'FileSystemDirectoryHandle must be undefined for data URI iframes.');
|
|
|
|
promise_test(async test => {
|
|
add_iframe(test, kSandboxWindowUrl, /*sandbox=*/'allow-scripts');
|
|
await verify_results_from_sandboxed_child_window(test);
|
|
}, 'FileSystemDirectoryHandle.getSystemDirectory() and ' +
|
|
'chooseFileSystemEntries() must reject in a sandboxed iframe.');
|
|
|
|
promise_test(async test => {
|
|
const child_window_url = kSandboxWindowUrl +
|
|
'?pipe=header(Content-Security-Policy, sandbox allow-scripts)';
|
|
|
|
const child_window = window.open(child_window_url);
|
|
test.add_cleanup(() => {
|
|
child_window.close();
|
|
});
|
|
|
|
await verify_results_from_sandboxed_child_window(test);
|
|
}, 'FileSystemDirectoryHandle.getSystemDirectory() and '
|
|
+ 'chooseFileSystemEntries() must reject in a sandboxed opened window.');
|