Closed Bug 1812954 Opened 3 years ago Closed 3 years ago

[wpt-sync] Sync PR 38214 - Fix security issue with iframe resource timing and flaky test

Categories

(Core :: DOM: Performance APIs, task, P4)

Product:
Core
Component:
DOM: Performance APIs
Type:
task

Tracking

()

Status:
RESOLVED FIXED
Milestone:
111 Branch
Tracking Flags:
Tracking Status
firefox111 --- fixed

People

(Reporter: wpt-sync, Unassigned)

References

(
URL
)

Details

(Whiteboard: [wptsync downstream])

Sync web-platform-tests PR 38214 into mozilla-central (this bug is closed when the sync is complete).

PR: https://github.com/web-platform-tests/wpt/pull/38214
Details from upstream follow.

Noam Rosenthal <nrosenthal@chromium.org> wrote:

Fix security issue with iframe resource timing and flaky test

The scenario in the test is:

  • an iframe navigates to a document
  • The document navigates away, sometimes before reporting resource timing

The expected result in the spec is that the navigation is cancelled, so
it doesn't report resource timing at all, even for the first document.

This fixes both the implementation and the test:
In case the reported resource timing is not the container-initiated
URL or is an internal navigation, don't report.

Note that there could still be racy edge cases where wrong reporting would occur, e.g. if an extension cancels an ongoing navigation and navigates to the same URL. Added a TODO.

Bug: 1410705
Bug: 957181
Change-Id: I578e294eac14c6c4c146a35e72b06c99a225cc75
Fixes: 957181

Reviewed-on: https://chromium-review.googlesource.com/4196892
WPT-Export-Revision: a9f8b2652b16787a9124780f6881e28b0776cbf4

Component: web-platform-tests → DOM: Performance
Product: Testing → Core

CI Results

Ran 9 Firefox configurations based on mozilla-central, and Firefox, Chrome, and Safari on GitHub CI

Total 3 tests and 9 subtests

Status Summary

Firefox

OK : 3
PASS : 25[Gecko-android-em-7.0-x86_64-lite-qr-opt-geckoview, Gecko-android-em-7.0-x86_64-qr-debug-geckoview, Gecko-android-em-7.0-x86_64-qr-opt-geckoview, Gecko-linux1804-64-qr-debug, Gecko-linux1804-64-qr-opt, Gecko-windows10-32-2004-qr-debug, Gecko-windows10-32-2004-qr-opt, Gecko-windows10-64-2004-qr-debug, Gecko-windows10-64-2004-qr-opt] 27[GitHub]

Chrome

OK : 3
PASS : 21
FAIL : 6

Safari

OK : 1
PASS : 9
TIMEOUT: 4
NOTRUN : 16

Links

Gecko CI (Treeherder)
GitHub PR Head
GitHub PR Base

Pushed by wptsync@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/2b4d8ef83567 [wpt PR 38214] - Fix race condition with iframe resource timing and flaky test, a=testonly https://hg.mozilla.org/integration/autoland/rev/eedc81c5ade5 [wpt PR 38214] - Update wpt metadata, a=testonly

https://hg.mozilla.org/mozilla-central/rev/2b4d8ef83567
https://hg.mozilla.org/mozilla-central/rev/eedc81c5ade5

Status: NEW → RESOLVED
Closed: 3 years ago
status-firefox111: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 111 Branch
You need to log in before you can comment on or make changes to this bug.