Restrict browsing context lookup by name to frames that are related t…

…o one another

https://bugs.webkit.org/show_bug.cgi?id=190475

Reviewed by Alex Christensen.

Source/WebCore:

Update our frame lookup by name logic to take in the active / requesting frame and
only a return a frame that is related to it. By related to it, I mean:
- Ancestor <-> Descendant relationship
- Opener <-> Openee relationship

Being able to look up unrelated frames makes process swapping difficult so we need
to be stricter.

This change is being discussed at:
- whatwg/html#313

Tests: http/tests/dom/new-window-can-target-opener.html
       http/tests/dom/noopener-window-cannot-target-opener.html
       http/tests/dom/noopener-window-not-targetable.html
       http/tests/dom/noopener-window-not-targetable2.html
       http/tests/dom/noreferrer-window-not-targetable.html
       http/tests/dom/opened-window-not-targetable-after-disowning-opener.html

* loader/FrameLoader.cpp:
(WebCore::FrameLoader::findFrameForNavigation):
* page/FrameTree.cpp:
(WebCore::isFrameFamiliarWith):
(WebCore::FrameTree::find const):
* page/FrameTree.h:
* rendering/HitTestResult.cpp:
(WebCore::HitTestResult::targetFrame const):

Source/WebKit:

* WebProcess/Plugins/PluginView.cpp:
(WebKit::PluginView::performJavaScriptURLRequest):

Source/WebKitLegacy/mac:

* WebView/WebFrame.mm:
(-[WebFrame findFrameNamed:]):

LayoutTests:

* http/tests/dom/new-window-can-target-opener-expected.txt: Added.
* http/tests/dom/new-window-can-target-opener.html: Added.
* http/tests/dom/noopener-window-cannot-target-opener-expected.txt: Added.
* http/tests/dom/noopener-window-cannot-target-opener.html: Added.
* http/tests/dom/noopener-window-not-targetable-expected.txt: Added.
* http/tests/dom/noopener-window-not-targetable.html: Added.
* http/tests/dom/noopener-window-not-targetable2-expected.txt: Added.
* http/tests/dom/noopener-window-not-targetable2.html: Added.
* http/tests/dom/noreferrer-window-not-targetable-expected.txt: Added.
* http/tests/dom/noreferrer-window-not-targetable.html: Added.
* http/tests/dom/opened-window-not-targetable-after-disowning-opener-expected.txt: Added.
* http/tests/dom/opened-window-not-targetable-after-disowning-opener.html: Added.
* http/tests/dom/resources/new-window-can-target-opener-win.html: Added.
* http/tests/dom/resources/noopener-window-cannot-target-opener-win.html: Added.
Add layout test coverage.

* fast/dom/Window/a-rel-noopener-expected.txt:
* fast/dom/Window/area-rel-noopener-expected.txt:
* fast/dom/Window/resources/rel-noopener.js:
* http/tests/navigation/no-referrer-target-blank-expected.txt:
* http/tests/navigation/resources/no-referrer-helper.php:
* platform/mac-wk1/imported/w3c/web-platform-tests/html/browsers/windows/noreferrer-window-name-expected.txt:
* platform/wk2/imported/w3c/web-platform-tests/html/browsers/windows/noreferrer-window-name-expected.txt:
Update / rebaseline existing tests to reflect behavior change.


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@237112 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/ChangeLog

@@ -1,3 +1,35 @@
+2018-10-15  Chris Dumez  <cdumez@apple.com>
+
+        Restrict browsing context lookup by name to frames that are related to one another
+        https://bugs.webkit.org/show_bug.cgi?id=190475
+
+        Reviewed by Alex Christensen.
+
+        * http/tests/dom/new-window-can-target-opener-expected.txt: Added.
+        * http/tests/dom/new-window-can-target-opener.html: Added.
+        * http/tests/dom/noopener-window-cannot-target-opener-expected.txt: Added.
+        * http/tests/dom/noopener-window-cannot-target-opener.html: Added.
+        * http/tests/dom/noopener-window-not-targetable-expected.txt: Added.
+        * http/tests/dom/noopener-window-not-targetable.html: Added.
+        * http/tests/dom/noopener-window-not-targetable2-expected.txt: Added.
+        * http/tests/dom/noopener-window-not-targetable2.html: Added.
+        * http/tests/dom/noreferrer-window-not-targetable-expected.txt: Added.
+        * http/tests/dom/noreferrer-window-not-targetable.html: Added.
+        * http/tests/dom/opened-window-not-targetable-after-disowning-opener-expected.txt: Added.
+        * http/tests/dom/opened-window-not-targetable-after-disowning-opener.html: Added.
+        * http/tests/dom/resources/new-window-can-target-opener-win.html: Added.
+        * http/tests/dom/resources/noopener-window-cannot-target-opener-win.html: Added.
+        Add layout test coverage.
+
+        * fast/dom/Window/a-rel-noopener-expected.txt:
+        * fast/dom/Window/area-rel-noopener-expected.txt:
+        * fast/dom/Window/resources/rel-noopener.js:
+        * http/tests/navigation/no-referrer-target-blank-expected.txt:
+        * http/tests/navigation/resources/no-referrer-helper.php:
+        * platform/mac-wk1/imported/w3c/web-platform-tests/html/browsers/windows/noreferrer-window-name-expected.txt:
+        * platform/wk2/imported/w3c/web-platform-tests/html/browsers/windows/noreferrer-window-name-expected.txt:
+        Update / rebaseline existing tests to reflect behavior change.
+
 2018-10-15  YUHAN WU  <yuhan_wu@apple.com>
 
         Implement error handler of MediaRecorder

LayoutTests/fast/dom/Window/a-rel-noopener-expected.txt

@@ -1,3 +1,4 @@
+CONSOLE MESSAGE: line 11: PASS: window.opener is null
 Test that window.opener is null when a new window is opened from an anchor element with rel='noopener'.
 
-PASS: window.opener is null
+

LayoutTests/fast/dom/Window/area-rel-noopener-expected.txt

@@ -1,4 +1,5 @@
+CONSOLE MESSAGE: line 11: PASS: window.opener is null
 Test that window.opener is null when a new window is opened from an area element with rel='noopener'.
 
 
-PASS: window.opener is null
+

LayoutTests/fast/dom/Window/resources/rel-noopener.js

@@ -5,11 +5,10 @@ if (window.testRunner) {
 }
 
 if (document.location.hash === "#new-window") {
-    var console = window.open("", "originalWindow").document.getElementById("console");
     if (window.opener)
-        console.innerText = "FAIL: window.opener is non-null";
+        console.log("FAIL: window.opener is non-null");
     else
-        console.innerText = "PASS: window.opener is null";
+        console.log("PASS: window.opener is null");
     testRunner.notifyDone();
 } else {
     window.name = "originalWindow";

LayoutTests/http/tests/dom/new-window-can-target-opener-expected.txt

@@ -0,0 +1,9 @@
+CONSOLE MESSAGE: line 15: PASS: New window should have an opener
+CONSOLE MESSAGE: line 21: PASS: New window should be able to look up opener by name
+CONSOLE MESSAGE: line 27: PASS: New window should have URL 'http://127.0.0.1:8000/dom/new-window-can-target-opener.html'
+Make sure that windows opened via window.open can target their opener
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+

LayoutTests/http/tests/dom/new-window-can-target-opener.html

@@ -0,0 +1,20 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script src="/js-test-resources/js-test.js"></script>
+</head>
+<body>
+<script>
+description("Make sure that windows opened via window.open can target their opener");
+jsTestIsAsync = true;
+
+if (window.testRunner)
+    testRunner.setCanOpenWindows();    
+
+onload = function() {
+    window.name = "opener";
+    w = open("resources/new-window-can-target-opener-win.html", "");
+}    
+</script>
+</body>
+</html>

LayoutTests/http/tests/dom/noopener-window-cannot-target-opener-expected.txt

@@ -0,0 +1,9 @@
+CONSOLE MESSAGE: line 17: PASS: New window should not have an opener
+CONSOLE MESSAGE: line 21: PASS: New window should have URL 'about:blank'
+Make sure that windows opened with 'noopener' via window.open cannot target their opener.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS w is null
+

LayoutTests/http/tests/dom/noopener-window-cannot-target-opener.html

@@ -0,0 +1,21 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script src="/js-test-resources/js-test.js"></script>
+</head>
+<body>
+<script>
+description("Make sure that windows opened with 'noopener' via window.open cannot target their opener.");
+jsTestIsAsync = true;
+
+if (window.testRunner)
+    testRunner.setCanOpenWindows();    
+
+onload = function() {
+    window.name = "opener";
+    w = open("resources/noopener-window-cannot-target-opener-win.html", "", "noopener");
+    shouldBeNull("w");
+}    
+</script>
+</body>
+</html>

LayoutTests/http/tests/dom/noopener-window-not-targetable-expected.txt

@@ -0,0 +1,11 @@
+Make sure that windows opened with 'noopener' via an anchor are not targetable. If testing manually, you should see 2 tabs open.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS w.location.href is "about:blank"
+PASS testRunner.windowCount() is 3
+PASS successfullyParsed is true
+
+TEST COMPLETE
+

LayoutTests/http/tests/dom/noopener-window-not-targetable.html

@@ -0,0 +1,30 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script src="/js-test-resources/js-test.js"></script>
+</head>
+<body>
+<a id="testLink" target="foo" rel="noopener" href="/navigation/resources/otherpage.html"></a>
+<script>
+description("Make sure that windows opened with 'noopener' via an anchor are not targetable. If testing manually, you should see 2 tabs open.");
+jsTestIsAsync = true;
+
+if (window.testRunner)
+    testRunner.setCanOpenWindows();    
+
+onload = function() {
+    testLink.click();
+
+    setTimeout(function() {
+        w = open("/navigation/resources/otherpage.html", "foo"); // Should create a new window.
+        shouldBeEqualToString("w.location.href", "about:blank");
+        w.onload = function() {
+            if (window.testRunner)
+                shouldBe("testRunner.windowCount()", "3");
+            finishJSTest();
+        }
+    }, 100);
+}    
+</script>
+</body>
+</html>

LayoutTests/http/tests/dom/noopener-window-not-targetable2-expected.txt

@@ -0,0 +1,12 @@
+Make sure that windows opened with 'noopener' via window.open are not targetable. If testing manually, you should see 2 tabs open.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS w is null
+PASS w.location.href is "about:blank"
+PASS testRunner.windowCount() is 3
+PASS successfullyParsed is true
+
+TEST COMPLETE
+

LayoutTests/http/tests/dom/noopener-window-not-targetable2.html

@@ -0,0 +1,30 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script src="/js-test-resources/js-test.js"></script>
+</head>
+<body>
+<script>
+description("Make sure that windows opened with 'noopener' via window.open are not targetable. If testing manually, you should see 2 tabs open.");
+jsTestIsAsync = true;
+
+if (window.testRunner)
+    testRunner.setCanOpenWindows();    
+
+onload = function() {
+    w = window.open("/navigation/resources/otherpage.html", "foo", "noopener");
+    shouldBeNull("w");
+
+    setTimeout(function() {
+        w = open("/navigation/resources/otherpage.html", "foo"); // Should create a new window.
+        shouldBeEqualToString("w.location.href", "about:blank");
+        w.onload = function() {
+            if (window.testRunner)
+                shouldBe("testRunner.windowCount()", "3");
+            finishJSTest();
+        }
+    }, 100);
+}    
+</script>
+</body>
+</html>

LayoutTests/http/tests/dom/noreferrer-window-not-targetable-expected.txt

@@ -0,0 +1,11 @@
+Make sure that windows opened with 'noreferrer' are not targetable. If testing manually, you should see 2 tabs open.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS w.location.href is "about:blank"
+PASS testRunner.windowCount() is 3
+PASS successfullyParsed is true
+
+TEST COMPLETE
+

LayoutTests/http/tests/dom/noreferrer-window-not-targetable.html

@@ -0,0 +1,29 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script src="/js-test-resources/js-test.js"></script>
+</head>
+<body>
+<a id="testLink" target="foo" rel="noreferrer" href="/navigation/resources/otherpage.html"></a>
+<script>
+description("Make sure that windows opened with 'noreferrer' are not targetable. If testing manually, you should see 2 tabs open.");
+jsTestIsAsync = true;
+
+if (window.testRunner)
+    testRunner.setCanOpenWindows();    
+
+onload = function() {
+    testLink.click();
+    setTimeout(function() {
+        w = open("/navigation/resources/otherpage.html", "foo"); // Should create a new window.
+        shouldBeEqualToString("w.location.href", "about:blank");
+        w.onload = function() {
+            if (window.testRunner)
+                shouldBe("testRunner.windowCount()", "3");
+            finishJSTest();
+        }
+    }, 100);
+}    
+</script>
+</body>
+</html>

LayoutTests/http/tests/dom/opened-window-not-targetable-after-disowning-opener-expected.txt

@@ -0,0 +1,11 @@
+Make sure that windows opened via window.open are not targetable by their opener after it is disowned. If testing manually, you should see 2 tabs open.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS w.location.href is "about:blank"
+PASS testRunner.windowCount() is 3
+PASS successfullyParsed is true
+
+TEST COMPLETE
+

LayoutTests/http/tests/dom/opened-window-not-targetable-after-disowning-opener.html

@@ -0,0 +1,30 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script src="/js-test-resources/js-test.js"></script>
+</head>
+<body>
+<script>
+description("Make sure that windows opened via window.open are not targetable by their opener after it is disowned. If testing manually, you should see 2 tabs open.");
+jsTestIsAsync = true;
+
+if (window.testRunner)
+    testRunner.setCanOpenWindows();    
+
+onload = function() {
+    w = window.open("/navigation/resources/otherpage.html", "foo");
+    w.opener = null;
+
+    setTimeout(function() {
+        w = open("/navigation/resources/otherpage.html", "foo"); // Should create a new window.
+        shouldBeEqualToString("w.location.href", "about:blank");
+        w.onload = function() {
+            if (window.testRunner)
+                shouldBe("testRunner.windowCount()", "3");
+            finishJSTest();
+        }
+    }, 100);
+}    
+</script>
+</body>
+</html>

LayoutTests/http/tests/dom/resources/new-window-can-target-opener-win.html

@@ -0,0 +1,35 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script src="/js-test-resources/js-test.js"></script>
+</head>
+<body>
+<script>
+jsTestIsAsync = true;
+
+if (window.testRunner)
+    testRunner.setCanOpenWindows();
+
+onload = function() {
+    if (window.opener)
+        console.log("PASS: New window should have an opener");
+    else
+        console.log("FAIL: New window should have an opener");
+
+    openerByName = open("", "opener"); // Should return the opener.
+    if (openerByName === opener)
+        console.log("PASS: New window should be able to look up opener by name");
+    else
+        console.log("FAIL: New window should be able to look up opener by name");
+
+    const expectedOpenerURL = "http://127.0.0.1:8000/dom/new-window-can-target-opener.html";
+    if (openerByName.location.href == expectedOpenerURL)
+        console.log("PASS: New window should have URL '" + expectedOpenerURL + "'");
+    else
+        console.log("FAIL: New window should have URL '" + expectedOpenerURL + "' but got '" + openerByName.location.href + "'");
+
+    finishJSTest();
+};
+</script>
+</body>
+</html>

LayoutTests/http/tests/dom/resources/noopener-window-cannot-target-opener-win.html

@@ -0,0 +1,29 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script src="/js-test-resources/js-test.js"></script>
+</head>
+<body>
+<script>
+jsTestIsAsync = true;
+
+if (window.testRunner)
+    testRunner.setCanOpenWindows();
+
+onload = function() {
+    if (window.opener)
+        console.log("FAIL: New window should not have an opener");
+    else
+        console.log("PASS: New window should not have an opener");
+
+    opener = open("", "opener"); // Should open a new window.
+    if (opener.location.href == "about:blank")
+        console.log("PASS: New window should have URL 'about:blank'");
+    else
+        console.log("FAIL: New window should have URL 'about:blank' but got '" + opener.location.href + "'");
+
+    finishJSTest();
+};
+</script>
+</body>
+</html>

LayoutTests/http/tests/navigation/no-referrer-reset-expected.txt

@@ -1,3 +1,5 @@
+CONSOLE MESSAGE: line 15: Referrer: http://127.0.0.1:8000/navigation/resources/no-referrer-reset-helper.php
+CONSOLE MESSAGE: line 16: window.opener: http://127.0.0.1:8000/navigation/no-referrer-reset.html
 This tests whether referrer information gets properly set and reset when "noreferrer" links are present. We do the following:
 1. Open a link in a new window: referrer is sent and window.opener is sent.
 2. Click a rel="noreferrer" link: referrer is null, but window.opener remains set since the link was not opened with target="_blank".
@@ -7,5 +9,3 @@ Referrer: http://127.0.0.1:8000/navigation/no-referrer-reset.html
 window.opener: http://127.0.0.1:8000/navigation/no-referrer-reset.html
 Referrer:
 window.opener: http://127.0.0.1:8000/navigation/no-referrer-reset.html
-Referrer: http://127.0.0.1:8000/navigation/resources/no-referrer-reset-helper.php
-window.opener: http://127.0.0.1:8000/navigation/no-referrer-reset.html

LayoutTests/http/tests/navigation/no-referrer-subframe-expected.txt

@@ -1,4 +1,5 @@
+CONSOLE MESSAGE: line 15: Referrer:
+CONSOLE MESSAGE: line 16: window.opener: 
 This tests behavior of "noreferrer" links in subframes. A referrer should not be sent and window.opener should remain null.
 Load subframe 
-Referrer:
-window.opener:
+

LayoutTests/http/tests/navigation/no-referrer-target-blank-expected.txt

@@ -1,4 +1,5 @@
+CONSOLE MESSAGE: line 15: Referrer:
+CONSOLE MESSAGE: line 16: window.opener: 
 This tests the functionality of the "noreferrer" link relation on anchor tags. The link below should not send an http referrer, and the resulting window should have its opener attribute set to null. The values of the referrer and window.opener should be empty below.
 Start no referrer test
-Referrer:
-window.opener:
+