Form submission should abort before constraint validation if sandboxed forms flag is set.

third_party/WebKit/Source/core/html/HTMLFormElement.cpp

Index: third_party/WebKit/Source/core/html/HTMLFormElement.cpp
diff --git a/third_party/WebKit/Source/core/html/HTMLFormElement.cpp b/third_party/WebKit/Source/core/html/HTMLFormElement.cpp
index 74f3f106150e0d12189e8154076f81e77a99dc13..17fb9256c083edd26ec577f6af8f3d1f1d0d6100 100644
--- a/third_party/WebKit/Source/core/html/HTMLFormElement.cpp
+++ b/third_party/WebKit/Source/core/html/HTMLFormElement.cpp
@@ -296,6 +296,12 @@ void HTMLFormElement::prepareForSubmission(Event* event)
     if (!frame || m_isSubmittingOrInUserJSSubmitEvent)
         return;
 
+    if (document().isSandboxed(SandboxForms)) {
+        // FIXME: This message should be moved off the console once a solution to https://bugs.webkit.org/show_bug.cgi?id=103274 exists.

[Mike West, 2016/07/28 09:26:47]

Drop this comment; at this point, I don't think we're going to move these
anywhere. Maybe someone will incorporate them into the security panel at some
point, but no one's actively working on a design for that, and the linked bug is
4 years old.

[ramya.v, 2016/07/28 09:37:15]

Done.

+        document().addConsoleMessage(ConsoleMessage::create(SecurityMessageSource, ErrorMessageLevel, "Blocked form submission to '" + m_attributes.action() + "' because the form's frame is sandboxed and the 'allow-forms' permission is not set."));
+        return;
+    }
+
     bool skipValidation = !document().page() || noValidate();
     ASSERT(event);
     HTMLFormControlElement* submitElement = submitElementFromEvent(event);