Three navigation layout tests failing on Site Isolation FYI bots |
|||||
Issue descriptionAffected tests: http/tests/security/frameNavigation/xss-ALLOWED-parent-navigation-change.html http/tests/security/xss-DENIED-window-open-parent.html http/tests/security/frameNavigation/xss-DENIED-top-navigation-without-user-gesture.html First build failure: https://build.chromium.org/p/chromium.fyi/builders/Site%20Isolation%20Linux/builds/11044 Looking at the blamelist, looks like this is due to Nate's framebusting CL (https://codereview.chromium.org/2092293002). Nate, can you take a look? You can reproduce the failures by running the layout tests with --additional-drt-flag=--site-per-process. Looks like xss-ALLOWED-parent-navigation-change.html is timing out, and the other two (new) tests fail with a text diff like this: -CONSOLE ERROR: line 7: Unsafe JavaScript attempt to initiate navigation for frame with URL 'http://127.0.0.1:8000/security/frameNavigation/xss-DENIED-top-navigation-without-user-gesture.html' from frame with URL 'http://localhost:8000/security/frameNavigation/resources/iframe-that-performs-top-navigation-without-user-gesture.html'. The frame attempting navigation is targeting its top-level window, but is neither same-origin with its target nor is it processing a user gesture. See https://www.chromestatus.com/features/5851021045661696. +CONSOLE ERROR: line 7: Unsafe JavaScript attempt to initiate navigation for frame with origin 'http://127.0.0.1:8000' from frame with URL 'http://localhost:8000/security/frameNavigation/resources/iframe-that-performs-top-navigation-without-user-gesture.html'. The frame attempting navigation is targeting its top-level window, but is neither same-origin with its target nor is it processing a user gesture. See https://www.chromestatus.com/features/5851021045661696. The new message with just the origin is what's used when a remote frame is navigated, since it doesn't have a URL. Is it possible to maintain test coverage without checking this message in the output, since it will be different with and without --site-per-process? (We've seen this problem before, e.g. in r398423.)
,
Sep 8 2016
,
Sep 8 2016
AFAIR, layout tests can opt out of logging all console messages by calling testRunner.setDumpConsoleMessages(false) from javascript.
,
Sep 9 2016
I'm disabling these tests on site isolation bots for now to get them green, but let's make sure to address this as soon as possible. I haven't had time to triage it myself, but I'd especially like to understand the timeout in xss-ALLOWED-parent-navigation-change.html.
,
Sep 9 2016
Not sure why there was no bugdroid comment, but the tests are now disabled by r417458.
,
Sep 14 2016
Two of these are trivial to fix, but http/tests/security/frameNavigation/xss-ALLOWED-parent-navigation-change.html is looking like it might not be so simple. That test requires using eventSender to clink a button in a cross-origin iframe. Because the iframe doesn't have access to the absolute coordinates that eventSender uses, the top frame uses postMessage() to leak the iframe's absolute coordinates to the child frame, and that part is working correctly in --site-per-process. However, the button is never receiving the click, so either eventSender's mouseMoveTo or mouseDown/mouseUp isn't correctly registering. Are there known issues with --site-per-process in this area that I might be tripping over?
,
Sep 14 2016
Yes, EventSender doesn't work in OOPIFs today. I'll try to dust-off https://codereview.chromium.org/2036873002 and see if I can make more progress. This is also tracked by issue 616608 .
,
Sep 15 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/f5f808cd6066592cddca4f4a12eb48c043c714e8 commit f5f808cd6066592cddca4f4a12eb48c043c714e8 Author: japhet <japhet@chromium.org> Date: Thu Sep 15 18:56:18 2016 Fix framebusting tests for --site-per-process BUG= 644997 Review-Url: https://codereview.chromium.org/2346643002 Cr-Commit-Position: refs/heads/master@{#418923} [modify] https://crrev.com/f5f808cd6066592cddca4f4a12eb48c043c714e8/third_party/WebKit/LayoutTests/FlagExpectations/site-per-process [modify] https://crrev.com/f5f808cd6066592cddca4f4a12eb48c043c714e8/third_party/WebKit/LayoutTests/http/tests/security/frameNavigation/xss-DENIED-top-navigation-without-user-gesture-expected.txt [modify] https://crrev.com/f5f808cd6066592cddca4f4a12eb48c043c714e8/third_party/WebKit/LayoutTests/http/tests/security/frameNavigation/xss-DENIED-top-navigation-without-user-gesture.html [modify] https://crrev.com/f5f808cd6066592cddca4f4a12eb48c043c714e8/third_party/WebKit/LayoutTests/http/tests/security/xss-DENIED-window-open-parent-expected.txt [modify] https://crrev.com/f5f808cd6066592cddca4f4a12eb48c043c714e8/third_party/WebKit/LayoutTests/http/tests/security/xss-DENIED-window-open-parent.html
,
Sep 15 2016
I updated the test expection for http/tests/security/frameNavigation/xss-ALLOWED-parent-navigation-change.html to refer to issue 616608 . The tests that are failing because of console message mismatches should now be fixed. |
|||||
►
Sign in to add a comment |
|||||
Comment 1 Deleted