document.implementation.createHTMLDocuments incorrectly throw origin errors |
|||||||
Issue description
var doc = document.implementation.createHTMLDocument("");
doc.open();
Uncaught SecurityError: Failed to execute 'open' on 'Document': Can only call open() on same-origin documents.(anonymous function) @ domparser.html:26
doc.write(el);
Uncaught SecurityError: Failed to execute 'write' on 'Document': Can only call write() on same-origin documents.(anonymous function) @ domparser.html:27
This worked in M49 and was broken in M50 which is pretty bad. This is high priority since it's not clear to me the breakage is not much deeper and bad origin checks might also be causing badness in other things placed in an DOMImplementation created document.
,
Apr 20 2016
Ah, it looks like this only fails for things with unique origins... Sigh.
,
Apr 21 2016
This is a regression from: commit 5ff185ee69963f7e749130dce11205021b9f1671 Author: jochen <jochen@chromium.org> Date: Fri Jan 29 03:29:07 2016 -0800 Require the entry document to have the same origin as the open()d document This implements step 3) of https://html.spec.whatwg.org/#dom-document-open BUG= 579493 R=philipj@opera.com,mkwst@chromium.org Review URL: https://codereview.chromium.org/1611523002 Cr-Commit-Position: refs/heads/master@{#372330} It's unclear (to me) how to fix it: since we make a copy of the original SecurityOrigin, the canAccess() check will always fail =/ I've attached a simple test case as well. In Firefox, this works, but I didn't check if it implemented step 3 of the document.open algorithm in the spec.
,
Apr 21 2016
they do implement the spec, looking
,
Apr 21 2016
I wonder why we copy the security origin. the spec doesn't require that.
,
Apr 21 2016
so issue 282415 changed createHTMLDocument to create its own origin, saying that IE does this (while FF doesn't). The WhatWG spec says to use FF's behavior. I'd claim we should do the same (which would trivially fix this bug).
,
Apr 21 2016
,
Apr 21 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/bf4336081aeccae3fd46a747fb6cbfeb291e11d1 commit bf4336081aeccae3fd46a747fb6cbfeb291e11d1 Author: jochen <jochen@chromium.org> Date: Thu Apr 21 13:06:51 2016 Don't copy the security origin when creating a document The spec doesn't say we'd need to do this. BUG= 605203 R=dcheng@chromium.org Review URL: https://codereview.chromium.org/1911493004 Cr-Commit-Position: refs/heads/master@{#388754} [modify] https://crrev.com/bf4336081aeccae3fd46a747fb6cbfeb291e11d1/third_party/WebKit/LayoutTests/http/tests/security/create-document-change-domain.html [add] https://crrev.com/bf4336081aeccae3fd46a747fb6cbfeb291e11d1/third_party/WebKit/LayoutTests/http/tests/security/create-document-unique-origin-expected.txt [add] https://crrev.com/bf4336081aeccae3fd46a747fb6cbfeb291e11d1/third_party/WebKit/LayoutTests/http/tests/security/create-document-unique-origin.html [modify] https://crrev.com/bf4336081aeccae3fd46a747fb6cbfeb291e11d1/third_party/WebKit/Source/core/dom/DOMImplementation.cpp
,
Apr 22 2016
,
Apr 22 2016
Your change meets the bar and is auto-approved for M51 (branch: 2704)
,
Apr 22 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/5a54b468776ddb510a2f487d4b058d2da7636a3c commit 5a54b468776ddb510a2f487d4b058d2da7636a3c Author: Jochen Eisinger <jochen@chromium.org> Date: Fri Apr 22 12:22:18 2016 Don't copy the security origin when creating a document The spec doesn't say we'd need to do this. BUG= 605203 R=dcheng@chromium.org Review URL: https://codereview.chromium.org/1911493004 Cr-Commit-Position: refs/heads/master@{#388754} (cherry picked from commit bf4336081aeccae3fd46a747fb6cbfeb291e11d1) Review URL: https://codereview.chromium.org/1907253003 . Cr-Commit-Position: refs/branch-heads/2704@{#180} Cr-Branched-From: 6e53600def8f60d8c632fadc70d7c1939ccea347-refs/heads/master@{#386251} [modify] https://crrev.com/5a54b468776ddb510a2f487d4b058d2da7636a3c/third_party/WebKit/LayoutTests/http/tests/security/create-document-change-domain.html [add] https://crrev.com/5a54b468776ddb510a2f487d4b058d2da7636a3c/third_party/WebKit/LayoutTests/http/tests/security/create-document-unique-origin-expected.txt [add] https://crrev.com/5a54b468776ddb510a2f487d4b058d2da7636a3c/third_party/WebKit/LayoutTests/http/tests/security/create-document-unique-origin.html [modify] https://crrev.com/5a54b468776ddb510a2f487d4b058d2da7636a3c/third_party/WebKit/Source/core/dom/DOMImplementation.cpp
,
Jun 23 2016
Renaming Blink>Architecture to Blink>Internals |
|||||||
►
Sign in to add a comment |
|||||||
Comment 1 by dcheng@chromium.org
, Apr 20 2016