mirror of
https://github.com/servo/servo
synced 2026-05-10 00:52:08 +02:00
e9151ec744
This change makes it so that `<iframe>` sanboxing is equivalent to the one used for Content Security Policy, which is how the specification is written. In addition, these sandboxing flags are passed through to `<iframe>` `Document`s via `LoadData` and stored as `Document::creation_sandboxing_flag_set`. The flags are used to calculate the final `Document::active_sandboxing_flag_set` when loading a `Document`. This change makes it so that `<iframe>`s actually behave in a sandboxed way, the same way that `Document`s with CSP configurations do. For instance, now scripts and popups are blocked by default in `<iframe>`s with the `sandbox` attribute. Testing: This causes many WPT tests to start to pass or to move from ERROR to TIMEOUT or failing later. Some tests start to fail: - `/html/semantics/embedded-content/the-canvas-element/canvas-descendants-focusability-005.html`: This test uses a combination of `<iframe allow>` and Canvas fallback content, which we do not support. - `/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_navigate_other_frame_popup.sub.html`: This test is now failing because the iframe is sanboxed but in the ScriptThread now due to `allow-same-origin`. More implementation is needed to add support for the "one permitted sandbox navigator concept." Fixes: This is part of #31973. --------- Signed-off-by: Martin Robinson <mrobinson@igalia.com> Co-authored-by: Oriol Brufau <obrufau@igalia.com>
138 lines
4.7 KiB
Rust
138 lines
4.7 KiB
Rust
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at https://mozilla.org/MPL/2.0/. */
|
|
|
|
use std::rc::Rc;
|
|
|
|
use data_url::mime::Mime;
|
|
use dom_struct::dom_struct;
|
|
use net_traits::request::InsecureRequestsPolicy;
|
|
use script_bindings::codegen::GenericBindings::WindowBinding::WindowMethods;
|
|
use script_traits::DocumentActivity;
|
|
use servo_url::{MutableOrigin, ServoUrl};
|
|
|
|
use crate::document_loader::DocumentLoader;
|
|
use crate::dom::bindings::codegen::Bindings::DocumentBinding::{
|
|
DocumentMethods, NamedPropertyValue,
|
|
};
|
|
use crate::dom::bindings::codegen::Bindings::XMLDocumentBinding::XMLDocumentMethods;
|
|
use crate::dom::bindings::inheritance::Castable;
|
|
use crate::dom::bindings::reflector::reflect_dom_object;
|
|
use crate::dom::bindings::root::DomRoot;
|
|
use crate::dom::bindings::str::DOMString;
|
|
use crate::dom::customelementregistry::CustomElementReactionStack;
|
|
use crate::dom::document::{Document, DocumentSource, HasBrowsingContext, IsHTMLDocument};
|
|
use crate::dom::location::Location;
|
|
use crate::dom::node::Node;
|
|
use crate::dom::window::Window;
|
|
use crate::script_runtime::CanGc;
|
|
|
|
// https://dom.spec.whatwg.org/#xmldocument
|
|
#[dom_struct]
|
|
pub(crate) struct XMLDocument {
|
|
document: Document,
|
|
}
|
|
|
|
impl XMLDocument {
|
|
#[allow(clippy::too_many_arguments)]
|
|
fn new_inherited(
|
|
window: &Window,
|
|
has_browsing_context: HasBrowsingContext,
|
|
url: Option<ServoUrl>,
|
|
origin: MutableOrigin,
|
|
is_html_document: IsHTMLDocument,
|
|
content_type: Option<Mime>,
|
|
last_modified: Option<String>,
|
|
activity: DocumentActivity,
|
|
source: DocumentSource,
|
|
doc_loader: DocumentLoader,
|
|
inherited_insecure_requests_policy: Option<InsecureRequestsPolicy>,
|
|
has_trustworthy_ancestor_origin: bool,
|
|
custom_element_reaction_stack: Rc<CustomElementReactionStack>,
|
|
) -> XMLDocument {
|
|
XMLDocument {
|
|
document: Document::new_inherited(
|
|
window,
|
|
has_browsing_context,
|
|
url,
|
|
origin,
|
|
is_html_document,
|
|
content_type,
|
|
last_modified,
|
|
activity,
|
|
source,
|
|
doc_loader,
|
|
None,
|
|
None,
|
|
Default::default(),
|
|
false,
|
|
false,
|
|
inherited_insecure_requests_policy,
|
|
has_trustworthy_ancestor_origin,
|
|
custom_element_reaction_stack,
|
|
window.Document().creation_sandboxing_flag_set(),
|
|
),
|
|
}
|
|
}
|
|
|
|
#[allow(clippy::too_many_arguments)]
|
|
pub(crate) fn new(
|
|
window: &Window,
|
|
has_browsing_context: HasBrowsingContext,
|
|
url: Option<ServoUrl>,
|
|
origin: MutableOrigin,
|
|
doctype: IsHTMLDocument,
|
|
content_type: Option<Mime>,
|
|
last_modified: Option<String>,
|
|
activity: DocumentActivity,
|
|
source: DocumentSource,
|
|
doc_loader: DocumentLoader,
|
|
inherited_insecure_requests_policy: Option<InsecureRequestsPolicy>,
|
|
has_trustworthy_ancestor_origin: bool,
|
|
custom_element_reaction_stack: Rc<CustomElementReactionStack>,
|
|
can_gc: CanGc,
|
|
) -> DomRoot<XMLDocument> {
|
|
let doc = reflect_dom_object(
|
|
Box::new(XMLDocument::new_inherited(
|
|
window,
|
|
has_browsing_context,
|
|
url,
|
|
origin,
|
|
doctype,
|
|
content_type,
|
|
last_modified,
|
|
activity,
|
|
source,
|
|
doc_loader,
|
|
inherited_insecure_requests_policy,
|
|
has_trustworthy_ancestor_origin,
|
|
custom_element_reaction_stack,
|
|
)),
|
|
window,
|
|
can_gc,
|
|
);
|
|
{
|
|
let node = doc.upcast::<Node>();
|
|
node.set_owner_doc(&doc.document);
|
|
}
|
|
doc
|
|
}
|
|
}
|
|
|
|
impl XMLDocumentMethods<crate::DomTypeHolder> for XMLDocument {
|
|
// https://html.spec.whatwg.org/multipage/#dom-document-location
|
|
fn GetLocation(&self) -> Option<DomRoot<Location>> {
|
|
self.upcast::<Document>().GetLocation()
|
|
}
|
|
|
|
// https://html.spec.whatwg.org/multipage/#dom-tree-accessors:supported-property-names
|
|
fn SupportedPropertyNames(&self) -> Vec<DOMString> {
|
|
self.upcast::<Document>().SupportedPropertyNames()
|
|
}
|
|
|
|
// https://html.spec.whatwg.org/multipage/#dom-tree-accessors:dom-document-nameditem-filter
|
|
fn NamedGetter(&self, name: DOMString, can_gc: CanGc) -> Option<NamedPropertyValue> {
|
|
self.upcast::<Document>().NamedGetter(name, can_gc)
|
|
}
|
|
}
|