Disallow alert/confirm/prompt in cross-origin-domain subframes

https://bugs.webkit.org/show_bug.cgi?id=221568 Reviewed by Geoff Garen. Source/WebCore: Disallow alert/confirm/prompt in cross-origin-domain subframes as per the latest HTML specification: - whatwg/html#6297 Tests: http/tests/security/cross-origin-js-prompt-forbidden.html http/tests/security/same-origin-different-domain-js-prompt-forbidden.html * page/DOMWindow.cpp: (WebCore::DOMWindow::alert): (WebCore::DOMWindow::confirmForBindings): (WebCore::DOMWindow::prompt): * page/SecurityOrigin.cpp: * page/SecurityOrigin.h: LayoutTests: Add layout test coverage and update existing tests to stop using alert() in cross-origin iframes. * fast/events/popup-blocked-from-unique-frame-via-window-open-named-sibling-frame-expected.txt: * fast/events/popup-blocked-from-unique-frame-via-window-open-named-sibling-frame.html: * fast/events/popup-when-select-change-expected.txt: * fast/events/popup-when-select-change.html: * fast/events/resize-subframe-expected.txt: * fast/events/resize-subframe.html: * fast/forms/autofocus-in-sandbox-with-allow-scripts-expected.txt: * fast/forms/autofocus-in-sandbox-with-allow-scripts.html: * fast/frames/resources/navigate-top-by-name-to-fail.html: * fast/frames/sandboxed-iframe-navigation-top-by-name-denied-expected.txt: * http/tests/cookies/resources/third-party-cookie-relaxing-iframe.html: * http/tests/cookies/third-party-cookie-relaxing-expected.txt: * http/tests/history/cross-origin-replace-history-object-child-expected.txt: * http/tests/history/cross-origin-replace-history-object-expected.txt: * http/tests/history/resources/cross-origin-replaces-history-object-child-iframe.html: * http/tests/history/resources/cross-origin-replaces-history-object-iframe.html: * http/tests/plugins/resources/third-party-cookie-accept-policy-iframe.html: * http/tests/plugins/third-party-cookie-accept-policy-expected.txt: * http/tests/security/contentSecurityPolicy/embed-redirect-allowed-expected.txt: * http/tests/security/contentSecurityPolicy/embed-redirect-allowed2-expected.txt: * http/tests/security/contentSecurityPolicy/frame-src-cross-origin-load-expected.txt: * http/tests/security/contentSecurityPolicy/iframe-allowed-when-loaded-via-javascript-url-expected.txt: * http/tests/security/contentSecurityPolicy/iframe-inside-csp-expected.txt: * http/tests/security/contentSecurityPolicy/iframe-redirect-allowed-by-child-src-expected.txt: * http/tests/security/contentSecurityPolicy/iframe-redirect-allowed-by-child-src2-expected.txt: * http/tests/security/contentSecurityPolicy/iframe-redirect-allowed-by-frame-src-expected.txt: * http/tests/security/contentSecurityPolicy/iframe-redirect-allowed-by-frame-src2-expected.txt: * http/tests/security/contentSecurityPolicy/object-redirect-allowed-expected.txt: * http/tests/security/contentSecurityPolicy/object-redirect-allowed2-expected.txt: * http/tests/security/contentSecurityPolicy/resources/alert-fail.html: * http/tests/security/contentSecurityPolicy/resources/alert-fail.js: (catch): * http/tests/security/contentSecurityPolicy/resources/alert-pass.html: * http/tests/security/contentSecurityPolicy/resources/alert-pass.js: (catch): * http/tests/security/contentSecurityPolicy/resources/sandbox.php: * http/tests/security/contentSecurityPolicy/resources/sandboxed-eval.php: * http/tests/security/contentSecurityPolicy/sandbox-allow-scripts-in-http-header-control-expected.txt: * http/tests/security/contentSecurityPolicy/sandbox-allow-scripts-in-http-header-expected.txt: * http/tests/security/contentSecurityPolicy/sandbox-report-only-expected.txt: * http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/proper-nested-upgrades-expected.txt: * http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrades-mixed-content-expected.txt: * http/tests/security/cross-origin-js-prompt-forbidden-expected.txt: Added. * http/tests/security/cross-origin-js-prompt-forbidden.html: Added. * http/tests/security/dataURL/resources/foreign-domain-data-url-accessor-iframe.html: * http/tests/security/dataURL/resources/foreign-domain-data-url-accessor-opened-frame.html: * http/tests/security/dataURL/xss-DENIED-from-data-url-in-foreign-domain-subframe-expected.txt: * http/tests/security/dataURL/xss-DENIED-from-data-url-in-foreign-domain-window-open-expected.txt: * http/tests/security/mixedContent/resources/frame-with-insecure-websocket.html: * http/tests/security/mixedContent/websocket/insecure-websocket-in-iframe-expected.txt: * http/tests/security/resources/cross-origin-js-prompt-forbidden.html: Added. * http/tests/security/same-origin-different-domain-js-prompt-forbidden-expected.txt: Added. * http/tests/security/same-origin-different-domain-js-prompt-forbidden.html: Added. * http/tests/security/xssAuditor/base-href-control-char-expected.txt: * http/tests/security/xssAuditor/base-href-direct-expected.txt: * http/tests/security/xssAuditor/base-href-expected.txt: * http/tests/security/xssAuditor/base-href-null-char-expected.txt: * http/tests/security/xssAuditor/base-href-safe-expected.txt: * http/tests/security/xssAuditor/base-href-safe2-expected.txt: * http/tests/security/xssAuditor/base-href-safe3-expected.txt: * http/tests/security/xssAuditor/base-href-scheme-relative-expected.txt: * http/tests/security/xssAuditor/cached-frame-expected.txt: * http/tests/security/xssAuditor/cached-frame.html: * http/tests/security/xssAuditor/cookie-injection-expected.txt: * http/tests/security/xssAuditor/data-urls-work-expected.txt: * http/tests/security/xssAuditor/data-urls-work.html: * http/tests/security/xssAuditor/dom-write-innerHTML-expected.txt: * http/tests/security/xssAuditor/dom-write-innerHTML.html: * http/tests/security/xssAuditor/form-action-expected.txt: * http/tests/security/xssAuditor/formaction-on-button-expected.txt: * http/tests/security/xssAuditor/formaction-on-input-expected.txt: * http/tests/security/xssAuditor/javascript-link-safe-expected.txt: * http/tests/security/xssAuditor/javascript-link-safe.html: * http/tests/security/xssAuditor/property-escape-noquotes-expected.txt: * http/tests/security/xssAuditor/property-escape-noquotes-tab-slash-chars-expected.txt: * http/tests/security/xssAuditor/property-escape-noquotes-tab-slash-chars.html: * http/tests/security/xssAuditor/property-escape-noquotes.html: * http/tests/security/xssAuditor/property-inject-expected.txt: * http/tests/security/xssAuditor/property-inject.html: * http/tests/security/xssAuditor/resources/base-href/really-safe-script.js: * http/tests/security/xssAuditor/resources/base-href/safe-script.js: * http/tests/security/xssAuditor/resources/echo-intertag.pl: * http/tests/security/xssAuditor/resources/javascript-link-safe.html: * http/tests/security/xssAuditor/resources/nph-cached.pl: * http/tests/security/xssAuditor/resources/safe-script-noquotes.js: * http/tests/security/xssAuditor/resources/safe-script.js: * http/tests/security/xssAuditor/resources/script-tag-safe2.html: * http/tests/security/xssAuditor/script-tag-near-start-expected.txt: * http/tests/security/xssAuditor/script-tag-near-start.html: * http/tests/security/xssAuditor/script-tag-safe2-expected.txt: * http/tests/security/xssAuditor/script-tag-safe2.html: * http/tests/security/xssAuditor/script-tag-safe3-expected.txt: * http/tests/security/xssAuditor/script-tag-safe3.html: * http/tests/security/xssAuditor/script-tag-src-redirect-safe-expected.txt: * http/tests/security/xssAuditor/script-tag-with-injected-comment-expected.txt: * http/tests/security/xssAuditor/script-tag-with-injected-comment.html: * http/tests/security/xssAuditor/script-tag-with-source-same-host-expected.txt: * platform/wk2/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/proper-nested-upgrades-expected.txt: git-svn-id: http://svn.webkit.org/repository/webkit/trunk@272607 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Igalia · Feb 9, 2021 · 02562e3 · 02562e3
1 parent 1ea0e89
commit 02562e3
Show file tree

Hide file tree

Showing 137 changed files with 658 additions and 410 deletions.
diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
@@ -1,3 +1,111 @@
+2021-02-09  Chris Dumez  <cdumez@apple.com>
+
+        Disallow alert/confirm/prompt in cross-origin-domain subframes
+        https://bugs.webkit.org/show_bug.cgi?id=221568
+
+        Reviewed by Geoff Garen.
+
+        Add layout test coverage and update existing tests to stop using alert() in cross-origin iframes.
+
+        * fast/events/popup-blocked-from-unique-frame-via-window-open-named-sibling-frame-expected.txt:
+        * fast/events/popup-blocked-from-unique-frame-via-window-open-named-sibling-frame.html:
+        * fast/events/popup-when-select-change-expected.txt:
+        * fast/events/popup-when-select-change.html:
+        * fast/events/resize-subframe-expected.txt:
+        * fast/events/resize-subframe.html:
+        * fast/forms/autofocus-in-sandbox-with-allow-scripts-expected.txt:
+        * fast/forms/autofocus-in-sandbox-with-allow-scripts.html:
+        * fast/frames/resources/navigate-top-by-name-to-fail.html:
+        * fast/frames/sandboxed-iframe-navigation-top-by-name-denied-expected.txt:
+        * http/tests/cookies/resources/third-party-cookie-relaxing-iframe.html:
+        * http/tests/cookies/third-party-cookie-relaxing-expected.txt:
+        * http/tests/history/cross-origin-replace-history-object-child-expected.txt:
+        * http/tests/history/cross-origin-replace-history-object-expected.txt:
+        * http/tests/history/resources/cross-origin-replaces-history-object-child-iframe.html:
+        * http/tests/history/resources/cross-origin-replaces-history-object-iframe.html:
+        * http/tests/plugins/resources/third-party-cookie-accept-policy-iframe.html:
+        * http/tests/plugins/third-party-cookie-accept-policy-expected.txt:
+        * http/tests/security/contentSecurityPolicy/embed-redirect-allowed-expected.txt:
+        * http/tests/security/contentSecurityPolicy/embed-redirect-allowed2-expected.txt:
+        * http/tests/security/contentSecurityPolicy/frame-src-cross-origin-load-expected.txt:
+        * http/tests/security/contentSecurityPolicy/iframe-allowed-when-loaded-via-javascript-url-expected.txt:
+        * http/tests/security/contentSecurityPolicy/iframe-inside-csp-expected.txt:
+        * http/tests/security/contentSecurityPolicy/iframe-redirect-allowed-by-child-src-expected.txt:
+        * http/tests/security/contentSecurityPolicy/iframe-redirect-allowed-by-child-src2-expected.txt:
+        * http/tests/security/contentSecurityPolicy/iframe-redirect-allowed-by-frame-src-expected.txt:
+        * http/tests/security/contentSecurityPolicy/iframe-redirect-allowed-by-frame-src2-expected.txt:
+        * http/tests/security/contentSecurityPolicy/object-redirect-allowed-expected.txt:
+        * http/tests/security/contentSecurityPolicy/object-redirect-allowed2-expected.txt:
+        * http/tests/security/contentSecurityPolicy/resources/alert-fail.html:
+        * http/tests/security/contentSecurityPolicy/resources/alert-fail.js:
+        (catch):
+        * http/tests/security/contentSecurityPolicy/resources/alert-pass.html:
+        * http/tests/security/contentSecurityPolicy/resources/alert-pass.js:
+        (catch):
+        * http/tests/security/contentSecurityPolicy/resources/sandbox.php:
+        * http/tests/security/contentSecurityPolicy/resources/sandboxed-eval.php:
+        * http/tests/security/contentSecurityPolicy/sandbox-allow-scripts-in-http-header-control-expected.txt:
+        * http/tests/security/contentSecurityPolicy/sandbox-allow-scripts-in-http-header-expected.txt:
+        * http/tests/security/contentSecurityPolicy/sandbox-report-only-expected.txt:
+        * http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/proper-nested-upgrades-expected.txt:
+        * http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrades-mixed-content-expected.txt:
+        * http/tests/security/cross-origin-js-prompt-forbidden-expected.txt: Added.
+        * http/tests/security/cross-origin-js-prompt-forbidden.html: Added.
+        * http/tests/security/dataURL/resources/foreign-domain-data-url-accessor-iframe.html:
+        * http/tests/security/dataURL/resources/foreign-domain-data-url-accessor-opened-frame.html:
+        * http/tests/security/dataURL/xss-DENIED-from-data-url-in-foreign-domain-subframe-expected.txt:
+        * http/tests/security/dataURL/xss-DENIED-from-data-url-in-foreign-domain-window-open-expected.txt:
+        * http/tests/security/mixedContent/resources/frame-with-insecure-websocket.html:
+        * http/tests/security/mixedContent/websocket/insecure-websocket-in-iframe-expected.txt:
+        * http/tests/security/resources/cross-origin-js-prompt-forbidden.html: Added.
+        * http/tests/security/same-origin-different-domain-js-prompt-forbidden-expected.txt: Added.
+        * http/tests/security/same-origin-different-domain-js-prompt-forbidden.html: Added.
+        * http/tests/security/xssAuditor/base-href-control-char-expected.txt:
+        * http/tests/security/xssAuditor/base-href-direct-expected.txt:
+        * http/tests/security/xssAuditor/base-href-expected.txt:
+        * http/tests/security/xssAuditor/base-href-null-char-expected.txt:
+        * http/tests/security/xssAuditor/base-href-safe-expected.txt:
+        * http/tests/security/xssAuditor/base-href-safe2-expected.txt:
+        * http/tests/security/xssAuditor/base-href-safe3-expected.txt:
+        * http/tests/security/xssAuditor/base-href-scheme-relative-expected.txt:
+        * http/tests/security/xssAuditor/cached-frame-expected.txt:
+        * http/tests/security/xssAuditor/cached-frame.html:
+        * http/tests/security/xssAuditor/cookie-injection-expected.txt:
+        * http/tests/security/xssAuditor/data-urls-work-expected.txt:
+        * http/tests/security/xssAuditor/data-urls-work.html:
+        * http/tests/security/xssAuditor/dom-write-innerHTML-expected.txt:
+        * http/tests/security/xssAuditor/dom-write-innerHTML.html:
+        * http/tests/security/xssAuditor/form-action-expected.txt:
+        * http/tests/security/xssAuditor/formaction-on-button-expected.txt:
+        * http/tests/security/xssAuditor/formaction-on-input-expected.txt:
+        * http/tests/security/xssAuditor/javascript-link-safe-expected.txt:
+        * http/tests/security/xssAuditor/javascript-link-safe.html:
+        * http/tests/security/xssAuditor/property-escape-noquotes-expected.txt:
+        * http/tests/security/xssAuditor/property-escape-noquotes-tab-slash-chars-expected.txt:
+        * http/tests/security/xssAuditor/property-escape-noquotes-tab-slash-chars.html:
+        * http/tests/security/xssAuditor/property-escape-noquotes.html:
+        * http/tests/security/xssAuditor/property-inject-expected.txt:
+        * http/tests/security/xssAuditor/property-inject.html:
+        * http/tests/security/xssAuditor/resources/base-href/really-safe-script.js:
+        * http/tests/security/xssAuditor/resources/base-href/safe-script.js:
+        * http/tests/security/xssAuditor/resources/echo-intertag.pl:
+        * http/tests/security/xssAuditor/resources/javascript-link-safe.html:
+        * http/tests/security/xssAuditor/resources/nph-cached.pl:
+        * http/tests/security/xssAuditor/resources/safe-script-noquotes.js:
+        * http/tests/security/xssAuditor/resources/safe-script.js:
+        * http/tests/security/xssAuditor/resources/script-tag-safe2.html:
+        * http/tests/security/xssAuditor/script-tag-near-start-expected.txt:
+        * http/tests/security/xssAuditor/script-tag-near-start.html:
+        * http/tests/security/xssAuditor/script-tag-safe2-expected.txt:
+        * http/tests/security/xssAuditor/script-tag-safe2.html:
+        * http/tests/security/xssAuditor/script-tag-safe3-expected.txt:
+        * http/tests/security/xssAuditor/script-tag-safe3.html:
+        * http/tests/security/xssAuditor/script-tag-src-redirect-safe-expected.txt:
+        * http/tests/security/xssAuditor/script-tag-with-injected-comment-expected.txt:
+        * http/tests/security/xssAuditor/script-tag-with-injected-comment.html:
+        * http/tests/security/xssAuditor/script-tag-with-source-same-host-expected.txt:
+        * platform/wk2/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/proper-nested-upgrades-expected.txt:
+
 2021-02-09  Peng Liu  <peng.liu6@apple.com>
 
         [GPUP] Test media/track/audio-track-add-remove.html crashes on debug bots

diff --git a/...t/events/popup-blocked-from-unique-frame-via-window-open-named-sibling-frame-expected.txt b/...t/events/popup-blocked-from-unique-frame-via-window-open-named-sibling-frame-expected.txt
@@ -1,4 +1,4 @@
-CONSOLE MESSAGE: Unsafe JavaScript attempt to initiate navigation for frame with URL 'about:blank' from frame with URL 'data:text/html,<script>alert(window.open('about:blank', 'A') ?%20'FAIL'%20:%20'PASS');%3C/script%3E'. The frame attempting navigation is neither same-origin with the target, nor is it the target's parent or opener.
+CONSOLE MESSAGE: Unsafe JavaScript attempt to initiate navigation for frame with URL 'about:blank' from frame with URL 'data:text/html,<script>console.log(window.open('about:blank', 'A') ?%20'FAIL'%20:%20'PASS');%3C/script%3E'. The frame attempting navigation is neither same-origin with the target, nor is it the target's parent or opener.
 
-ALERT: PASS
+CONSOLE MESSAGE: PASS
 
diff --git a/...ests/fast/events/popup-blocked-from-unique-frame-via-window-open-named-sibling-frame.html b/...ests/fast/events/popup-blocked-from-unique-frame-via-window-open-named-sibling-frame.html
@@ -11,6 +11,6 @@
 </head>
 <body>
 <iframe name="A"></iframe>
-<iframe name="B" src="data:text/html,<script>alert(window.open('about:blank', 'A') ? 'FAIL' : 'PASS');</script>"></iframe>
+<iframe name="B" src="data:text/html,<script>console.log(window.open('about:blank', 'A') ? 'FAIL' : 'PASS');</script>"></iframe>
 </body>
 </html>
diff --git a/LayoutTests/fast/events/popup-when-select-change-expected.txt b/LayoutTests/fast/events/popup-when-select-change-expected.txt
@@ -1,4 +1,4 @@
-ALERT: PASSED
+CONSOLE MESSAGE: PASSED
  If the pop-up was not blocked then there will be an PASS message. Otherwise, the test fails.
 
 

diff --git a/LayoutTests/fast/events/popup-when-select-change.html b/LayoutTests/fast/events/popup-when-select-change.html
@@ -38,7 +38,7 @@
 <body onload="test()">
 <select onchange="onpopup()" id="control1"><option value="0">abcd</option><option value="0">efgh</option></select>
 If the pop-up was not blocked then there will be an PASS message. Otherwise, the test fails.
-<form id="form" action="data:text/html,<script>alert('PASSED')</script>" target="target">
+<form id="form" action="data:text/html,<script>console.log('PASSED')</script>" target="target">
 <input id="control2" type="submit" value="Submit to new window"/>
 </form>
 <form id="form2" action="data:text/html,<b>hello!</b><script>window.testRunner && testRunner.notifyDone()</script>" target="panel">

diff --git a/LayoutTests/fast/events/resize-subframe-expected.txt b/LayoutTests/fast/events/resize-subframe-expected.txt
@@ -1,2 +1,2 @@
-ALERT: PASS
+CONSOLE MESSAGE: PASS
 
diff --git a/LayoutTests/fast/events/resize-subframe.html b/LayoutTests/fast/events/resize-subframe.html
@@ -18,7 +18,7 @@
                 {
                     if (window.testRunner)
                     {
-                        alert('PASS');
+                        console.log('PASS');
                         testRunner.notifyDone();
                     }
                     else

diff --git a/LayoutTests/fast/forms/autofocus-in-sandbox-with-allow-scripts-expected.txt b/LayoutTests/fast/forms/autofocus-in-sandbox-with-allow-scripts-expected.txt
@@ -1,2 +1,2 @@
-ALERT: INPUT
+CONSOLE MESSAGE: INPUT
 This test passes if the activeElement is the input element rather than the body (which it would be if the sandbox didn't allow autofocus although allow-scripts flag is set).
diff --git a/LayoutTests/fast/forms/autofocus-in-sandbox-with-allow-scripts.html b/LayoutTests/fast/forms/autofocus-in-sandbox-with-allow-scripts.html
@@ -5,4 +5,4 @@
 This test passes if the activeElement is the input element rather than the body
 (which it would be if the sandbox didn't allow autofocus although allow-scripts flag is set).
 <iframe sandbox="allow-scripts allow-modals"
-    src="data:text/html,<input autofocus onfocus><script>window.onload = function() { alert(document.activeElement.tagName) }</script>"></iframe>
+    src="data:text/html,<input autofocus onfocus><script>window.onload = function() { console.log(document.activeElement.tagName) }</script>"></iframe>
diff --git a/LayoutTests/fast/frames/resources/navigate-top-by-name-to-fail.html b/LayoutTests/fast/frames/resources/navigate-top-by-name-to-fail.html
@@ -1,11 +1,11 @@
 <script>
 if (window.open("fail-and-notify-done.html", "target"))
-    alert("FAIL");
+    console.log("FAIL");
 if (window.open("fail-and-notify-done.html", "_top"))
-    alert("FAIL");
+    console.log("FAIL");
 if (window.open("fail-and-notify-done.html", "_parent"))
-    alert("FAIL");
+    console.log("FAIL");
 if (window.open("fail-and-notify-done.html", "_blank"))
-    alert("FAIL");
-alert("PASS");
+    console.log("FAIL");
+console.log("PASS");
 </script>
diff --git a/LayoutTests/fast/frames/sandboxed-iframe-navigation-top-by-name-denied-expected.txt b/LayoutTests/fast/frames/sandboxed-iframe-navigation-top-by-name-denied-expected.txt
@@ -6,7 +6,7 @@ CONSOLE MESSAGE: Unsafe JavaScript attempt to initiate navigation for frame with
 CONSOLE MESSAGE: Unsafe JavaScript attempt to initiate navigation for frame with URL 'navigate-top-by-name-to-fail.html'. The frame attempting navigation of the top-level window is sandboxed, but the 'allow-top-navigation' flag is not set.
 
 CONSOLE MESSAGE: Blocked opening 'fail-and-notify-done.html' in a new window because the request was made in a sandboxed frame whose 'allow-popups' permission is not set.
-ALERT: PASS
+CONSOLE MESSAGE: PASS
 This test verifies that a sandboxed IFrame cannot navigate the top-level frame without allow-top-navigation. This test passes if the navigation does not occur.
 
 
diff --git a/LayoutTests/fast/frames/sandboxed-iframe-parsing-space-characters-expected.txt b/LayoutTests/fast/frames/sandboxed-iframe-parsing-space-characters-expected.txt
@@ -1,11 +1,11 @@
-ALERT: PASS: Form feed is a delimiter.
+CONSOLE MESSAGE: PASS: Form feed is a delimiter.
 CONSOLE MESSAGE: Error while parsing the 'sandbox' attribute: 'allow-scriptsallow-forms' is an invalid sandbox flag.
-CONSOLE MESSAGE: Blocked script execution in 'data:text/html,<script>alert('FAIL: Vertical tab is not a delimiter.');</script>' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
-ALERT: PASS: Newline is a delimiter.
-ALERT: PASS: Return is a delimiter.
+CONSOLE MESSAGE: Blocked script execution in 'data:text/html,<script>console.log('FAIL: Vertical tab is not a delimiter.');</script>' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
+CONSOLE MESSAGE: PASS: Newline is a delimiter.
+CONSOLE MESSAGE: PASS: Return is a delimiter.
 CONSOLE MESSAGE: Error while parsing the 'sandbox' attribute: 'allow-scriptsxallow-forms' is an invalid sandbox flag.
-CONSOLE MESSAGE: Blocked script execution in 'data:text/html,<script>alert('FAIL: x is not a delimiter.');</script>' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
-ALERT: PASS: Tab is a delimiter.
-ALERT: PASS: Space is a delimiter character.
+CONSOLE MESSAGE: Blocked script execution in 'data:text/html,<script>console.log('FAIL: x is not a delimiter.');</script>' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
+CONSOLE MESSAGE: PASS: Tab is a delimiter.
+CONSOLE MESSAGE: PASS: Space is a delimiter character.
 This tests whether we correct parse various space characters in the sandbox attribute.
 
diff --git a/LayoutTests/fast/frames/sandboxed-iframe-parsing-space-characters.html b/LayoutTests/fast/frames/sandboxed-iframe-parsing-space-characters.html
@@ -25,7 +25,7 @@
     var policy = "allow-modals allow-scripts" + possibleDelimiter + "allow-forms";
     var iframe = document.createElement('iframe');
     iframe.sandbox = policy;
-    iframe.src = "data:text/html,<script>alert('" + message + "');<\/script>";
+    iframe.src = "data:text/html,<script>console.log('" + message + "');<\/script>";
     iframe.onload = next;
     document.body.appendChild(iframe);
 }

diff --git a/LayoutTests/fast/frames/sandboxed-iframe-scripting-02-expected.txt b/LayoutTests/fast/frames/sandboxed-iframe-scripting-02-expected.txt
@@ -1,4 +1,4 @@
-ALERT: PASS: Executed script in data URL
+CONSOLE MESSAGE: PASS: Executed script in data URL
 Verify that sandboxed frames with sandbox='allow-scripts' can execute script from data: URLs.
 
 On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".

diff --git a/LayoutTests/fast/frames/sandboxed-iframe-scripting-02.html b/LayoutTests/fast/frames/sandboxed-iframe-scripting-02.html
@@ -24,7 +24,7 @@
 </head>
 <body>
     <iframe sandbox="allow-same-origin allow-scripts allow-modals"
-            src="data:text/html,<script>alert('PASS: Executed script in data URL');window.parent.postMessage({'pass': true}, '*');</script>">
+            src="data:text/html,<script>console.log('PASS: Executed script in data URL');window.parent.postMessage({'pass': true}, '*');</script>">
     </iframe>
     <script>
         description("Verify that sandboxed frames with sandbox='allow-scripts' can execute script from data: URLs.");

diff --git a/LayoutTests/http/tests/cookies/resources/third-party-cookie-relaxing-iframe.html b/LayoutTests/http/tests/cookies/resources/third-party-cookie-relaxing-iframe.html
@@ -18,7 +18,7 @@
         resetCookiesAndNotifyDone();
         return;
     } else
-        alert("Unknown message.");
+        console.log("Unknown message.");
 }
 
 function sortCookie(cookie)
@@ -31,23 +31,23 @@
 var stage = 1;
 function showCookies()
 {
-    alert("Test stage " + stage++ + " document.cookie is: " + sortCookie(document.cookie));
+    console.log("Test stage " + stage++ + " document.cookie is: " + sortCookie(document.cookie));
     parent.window.postMessage("done", "*");
 }
 
 function sendXHR(queryCommand)
 {
     var baseurl = "http://localhost:8000/cookies/resources/cookie-utility.php";
     var url = queryCommand ? baseurl + "?queryfunction=" + queryCommand : baseurl;
-    alert(url);
+    console.log(url);
     var req = new XMLHttpRequest();
     req.open('GET', url, false);
     req.send();
 
     if (req.status == 200)
-        alert("XHR response - " + req.responseText);
+        console.log("XHR response - " + req.responseText);
     else
-        alert("xhr error");
+        console.log("xhr error");
 
     parent.window.postMessage("done", "*");    
 }