Fix the set of sandbox tokens recognized by iframe.sandbox.supports()

Two tokens were missing from the list: allow-orientation-lock and allow-presentation. In addition, allow-downloads was reported as being supported, when it actually depends on a runtime flag which is off by default. Bug: 739787 Change-Id: Iadea9ebf45c7c0b63e8775f5c10aaa0c764a6807 Reviewed-on: https://chromium-review.googlesource.com/1005414 Commit-Queue: Ian Clelland <iclelland@chromium.org> Reviewed-by: Mike West <mkwst@chromium.org> Cr-Commit-Position: refs/heads/master@{#550673}

Fix the set of sandbox tokens recognized by iframe.sandbox.supports()
Two tokens were missing from the list: allow-orientation-lock and allow-presentation. In addition, allow-downloads was reported as being supported, when it actually depends on a runtime flag which is off by default. Bug: 739787 Change-Id: Iadea9ebf45c7c0b63e8775f5c10aaa0c764a6807 Reviewed-on: https://chromium-review.googlesource.com/1005414 Commit-Queue: Ian Clelland <iclelland@chromium.org> Reviewed-by: Mike West <mkwst@chromium.org> Cr-Commit-Position: refs/heads/master@{#550673}
763d8cc7 · Ian Clelland · Commit Bot · af8607be · 763d8cc7 · 763d8cc7
Commit 763d8cc7 authored Apr 13, 2018 by Ian Clelland Committed by Commit Bot Apr 13, 2018
2 changed files
--- a/third_party/WebKit/LayoutTests/fast/dom/HTMLIFrameElement/sandbox-feature-detection.html
+++ b/third_party/WebKit/LayoutTests/fast/dom/HTMLIFrameElement/sandbox-feature-detection.html
@@ -18,9 +18,11 @@
        assert_false(iframe.sandbox.supports("allow-formssss"));
        assert_true(iframe.sandbox.supports("allow-forms"));
        assert_true(iframe.sandbox.supports("allow-modals"));
+        assert_true(iframe.sandbox.supports("allow-orientation-lock"));
        assert_true(iframe.sandbox.supports("allow-pointer-lock"));
        assert_true(iframe.sandbox.supports("allow-popups"));
        assert_true(iframe.sandbox.supports("allow-popups-to-escape-sandbox"));
+        assert_true(iframe.sandbox.supports("allow-presentation"));
        assert_true(iframe.sandbox.supports("allow-same-origin"));
        assert_true(iframe.sandbox.supports("allow-scripts"));
        assert_true(iframe.sandbox.supports("allow-top-navigation"));

--- a/third_party/blink/renderer/core/html/html_iframe_element_sandbox.cc
+++ b/third_party/blink/renderer/core/html/html_iframe_element_sandbox.cc
@@ -10,18 +10,31 @@ namespace blink {

 namespace {

+// These are the sandbox tokens which are always supported. If a new token is
+// only available behind a runtime flag, it should be checked separately in
+// IsTokenSupported below.
 const char* const kSupportedSandboxTokens[] = {
-    "allow-downloads",      "allow-forms",
-    "allow-modals",         "allow-pointer-lock",
-    "allow-popups",         "allow-popups-to-escape-sandbox",
-    "allow-same-origin",    "allow-scripts",
-    "allow-top-navigation", "allow-top-navigation-by-user-activation"};
+    "allow-forms",
+    "allow-modals",
+    "allow-orientation-lock",
+    "allow-pointer-lock",
+    "allow-popups",
+    "allow-popups-to-escape-sandbox",
+    "allow-presentation",
+    "allow-same-origin",
+    "allow-scripts",
+    "allow-top-navigation",
+    "allow-top-navigation-by-user-activation"};

 bool IsTokenSupported(const AtomicString& token) {
  for (const char* supported_token : kSupportedSandboxTokens) {
    if (token == supported_token)
      return true;
  }
+  if (token == "allow-downloads" &&
+      RuntimeEnabledFeatures::BlockingDownloadsInSandboxEnabled()) {
+    return true;
+  }
  return false;
 }