Closed Bug 1595216 Opened 5 years ago Closed 5 years ago

[wpt-sync] Sync PR 20188 - [NativeFileSystem] getSystemDirectory() must reject in sandboxed windows

Categories

(Testing :: web-platform-tests, task, P4)

Product:
Testing
Component:
web-platform-tests
Type:
task

Tracking

(firefox72 fixed)

Status:
RESOLVED FIXED
Milestone:
mozilla72
Tracking Flags:
Tracking Status
firefox72 --- fixed

People

(Reporter: wpt-sync, Unassigned)

References

(
URL
)

Details

(Whiteboard: [wptsync downstream])

Sync web-platform-tests PR 20188 into mozilla-central (this bug is closed when the sync is complete).

PR: https://github.com/web-platform-tests/wpt/pull/20188
Details from upstream follow.

Steve Becker <stevebe@microsoft.com> wrote:

[NativeFileSystem] getSystemDirectory() must reject in sandboxed windows

Updates FileSystemDirectoryHandle.getSystemDirectory() to reject with a
SecurityError when called by a sandboxed window. The other
NativeFileSystem entry point, chooseFileSystemEntries(), already
has an origin check that rejects with a SecurityError for sandboxed
windows before this change.

This change also adds a WPT test that accesses the NativeFileSystem from
opaque origins. The test includes a data URI iframe, sandboxed iframe
and a sandboxed opened window. Unlike sandboxed iframes, for data URI
iframes, the NativeFileSystem API is undefined because data URI iframes
do not provide a secure context.

This change gives the NativeFileSystem the same behavior as other web
platform storage with write operations. LocalStorage, indexedDB, and
cacheStorage all fail with SecurityErrors when accessed from a sandbox.
However, sandboxes can read files using \<input type=file> and
drag&drop. In the future, if a read-only sandbox scenario emerges, we
can consider loosening this policy for the NativeFileSystem.

Bug: 1014248
Change-Id: Ibeafcdbf102275f2cd45f3cd7dbd8ed592c850c6
Reviewed-on: https://chromium-review.googlesource.com/1907278
WPT-Export-Revision: 1bf0d4edb379759a39c68c7b65b3a4618f932903

PR 20188 applied with additional changes from upstream: 474923949524b5c05a9e6f28ec082fdca87078de
There were infrastructure failures for the Try push (https://treeherder.mozilla.org/#/jobs?repo=try&revision=2491848514e590eeed89aa590af105e10b511f60): build-android-x86_64/debug build-win32/debug build-win64/debug build-android-x86_64/opt build-win64/opt build-win32/opt
Pushed by wptsync@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/f2c455618a4d [wpt PR 20188] - [NativeFileSystem] must reject in sandboxed windows, a=testonly
Test result changes from PR not available.

https://hg.mozilla.org/mozilla-central/rev/f2c455618a4d

Status: NEW → RESOLVED
Closed: 5 years ago
status-firefox72: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla72
You need to log in before you can comment on or make changes to this bug.