Forms in sandboxed iframes without allow-forms incorrectly perform validation
Reported by
bzbar...@mit.edu,
Jul 22 2016
|
||||||
Issue descriptionUserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:50.0) Gecko/20100101 Firefox/50.0 Example URL: Steps to reproduce the problem: 1. Load this nice testcase from https://bugzilla.mozilla.org/show_bug.cgi?id=1287989 : <body> <script> var iframe = document.createElement('iframe'); iframe.sandbox = 'allow-scripts'; iframe.src = 'data:text/html,' + '<form onsubmit="console.log(\'form submit fired\');">' + '<input required oninvalid="console.log(\'input invalid fired\');" />' + '<input type="submit" />' + '</form>' + '<script>document.querySelector("input + input").click()<\/script>'; document.body.appendChild(iframe); </script> What is the expected behavior? Nothing logged to the console, no popup saying the input neds a value. What went wrong? Console shows "input invalid fired" and you get a popup saying the input needs a value. Does it occur on multiple sites: Yes Is it a problem with a plugin? No Did this work before? N/A Does this work in other browsers? N/A Chrome version: 53.0.2785.21 (Official Build) dev (64-bit) Channel: n/a OS Version: OS X 10.10 Flash Version: Shockwave Flash 22.0 r0 https://html.spec.whatwg.org/multipage/forms.html#concept-form-submit step 2 aborts if the sandboxed forms flag is set. This happens before constraint validation (step 4), so there should be no constraint validation happening here.
,
Jul 24 2016
,
Jul 28 2016
Would like to work on this. Added a patch at https://codereview.chromium.org/2191493002/
,
Aug 1 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/fb9cf630dda67c9e09ac6d9b8e14696c12784387 commit fb9cf630dda67c9e09ac6d9b8e14696c12784387 Author: ramya.v <ramya.v@samsung.com> Date: Mon Aug 01 13:10:11 2016 Form submission should abort before constraint validation if sandboxed forms flag is set. BUG= 630628 Review-Url: https://codereview.chromium.org/2191493002 Cr-Commit-Position: refs/heads/master@{#408950} [add] https://crrev.com/fb9cf630dda67c9e09ac6d9b8e14696c12784387/third_party/WebKit/LayoutTests/fast/frames/form-submission-early-return-for-sandboxed-iframes.html [add] https://crrev.com/fb9cf630dda67c9e09ac6d9b8e14696c12784387/third_party/WebKit/LayoutTests/fast/frames/resources/sandboxed-iframe-src.html [modify] https://crrev.com/fb9cf630dda67c9e09ac6d9b8e14696c12784387/third_party/WebKit/Source/core/html/HTMLFormElement.cpp
,
Aug 1 2016
,
Aug 2 2016
Tested the issue on Windows 7, Mac 10.11.5, Ubuntu 14.04 using 54.0.2816.0.Not seen a popup saying the input needs a value but seen "data:text/html,<form onsubmit="console.log('form submit fired');"><input required oninvalid="consol…:1 Blocked form submission to '' because the form's frame is sandboxed and the 'allow-forms' permission is not set." error in console.
Please find attached screenshot.
ramya.v@Could you please check the screenshot and confirm if this is the expected behavior?
,
Aug 2 2016
@ssamanoori - #6 - This is expected behavior
,
Aug 2 2016
As per comment #7, it is working as expected.Hence, marking it as TE-Verified. |
||||||
►
Sign in to add a comment |
||||||
Comment 1 by dtapu...@chromium.org
, Jul 22 2016Components: -Blink Blink>SecurityFeature Blink>Forms