Changeset 258986 in webkit
- Timestamp:
- Mar 25, 2020 9:29:54 AM (4 years ago)
- Location:
- trunk/Source
- Files:
-
- 5 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebCore/ChangeLog
r258985 r258986 1 2020-03-25 Kate Cheney <katherine_cheney@apple.com> 2 3 App-bound domain checks should provide more debugging details at script evaluation sites 4 https://bugs.webkit.org/show_bug.cgi?id=209521 5 <rdar://problem/60837954> 6 7 Reviewed by Chris Dumez. 8 9 * bindings/js/ScriptController.cpp: 10 (WebCore::ScriptController::executeScriptInWorld): 11 Return makeUnexpected object with an error message instead of null to 12 provide more details as to why the executeScriptInWorld() 13 call was not completed. Also add console logging and release logging. 14 15 * page/Frame.cpp: 16 (WebCore::Frame::injectUserScriptImmediately): 17 There is no option to return an exception here, so this patch adds 18 console logging and release logging. 19 1 20 2020-03-25 Simon Fraser <simon.fraser@apple.com> 2 21 -
trunk/Source/WebCore/bindings/js/ScriptController.cpp
r258476 r258986 41 41 #include "JSExecState.h" 42 42 #include "LoadableModuleScript.h" 43 #include "Logging.h" 43 44 #include "ModuleFetchFailureKind.h" 44 45 #include "ModuleFetchParameters.h" … … 78 79 #include <wtf/text/TextPosition.h> 79 80 81 #define RELEASE_LOG_ERROR_IF_ALLOWED(channel, fmt, ...) RELEASE_LOG_ERROR_IF(m_frame.isAlwaysOnLoggingAllowed(), channel, "%p - ScriptController::" fmt, this, ##__VA_ARGS__) 82 80 83 namespace WebCore { 81 84 using namespace JSC; … … 577 580 ValueOrException ScriptController::executeScriptInWorld(DOMWrapperWorld& world, RunJavaScriptParameters&& parameters) 578 581 { 579 if (m_frame.loader().client().hasNavigatedAwayFromAppBoundDomain() && !m_frame.loader().client().needsInAppBrowserPrivacyQuirks()) 580 return jsNull(); 582 if (m_frame.loader().client().hasNavigatedAwayFromAppBoundDomain() && !m_frame.loader().client().needsInAppBrowserPrivacyQuirks()) { 583 if (auto* document = m_frame.document()) 584 document->addConsoleMessage(MessageSource::Security, MessageLevel::Warning, "Ignoring user script injection for non-app bound domain."); 585 RELEASE_LOG_ERROR_IF_ALLOWED(Loading, "executeScriptInWorld: Ignoring user script injection for non app-bound domain"); 586 return makeUnexpected(ExceptionDetails { "Ignoring user script injection for non-app bound domain"_s }); 587 } 581 588 582 589 UserGestureIndicator gestureIndicator(parameters.forceUserGesture == ForceUserGesture::Yes ? Optional<ProcessingUserGestureState>(ProcessingUserGesture) : WTF::nullopt); … … 861 868 862 869 } // namespace WebCore 870 871 #undef RELEASE_LOG_ERROR_IF_ALLOWED -
trunk/Source/WebCore/page/Frame.cpp
r258628 r258986 108 108 #include <wtf/text/StringBuilder.h> 109 109 110 #define RELEASE_LOG_ERROR_IF_ALLOWED(channel, fmt, ...) RELEASE_LOG_ERROR_IF(isAlwaysOnLoggingAllowed(), channel, "%p - Frame::" fmt, this, ##__VA_ARGS__) 111 110 112 namespace WebCore { 111 113 … … 625 627 void Frame::injectUserScriptImmediately(DOMWrapperWorld& world, const UserScript& script) 626 628 { 627 if (loader().client().hasNavigatedAwayFromAppBoundDomain() && !loader().client().needsInAppBrowserPrivacyQuirks()) 628 return; 629 if (loader().client().hasNavigatedAwayFromAppBoundDomain() && !loader().client().needsInAppBrowserPrivacyQuirks()) { 630 if (auto* document = this->document()) 631 document->addConsoleMessage(MessageSource::Security, MessageLevel::Warning, "Ignoring user script injection for non-app bound domain."_s); 632 RELEASE_LOG_ERROR_IF_ALLOWED(Loading, "injectUserScriptImmediately: Ignoring user script injection for non app-bound domain"); 633 return; 634 } 629 635 630 636 auto* document = this->document(); … … 1048 1054 1049 1055 } // namespace WebCore 1056 1057 #undef RELEASE_LOG_ERROR_IF_ALLOWED -
trunk/Source/WebKit/ChangeLog
r258980 r258986 1 2020-03-25 Kate Cheney <katherine_cheney@apple.com> 2 3 App-bound domain checks should provide more debugging details at script evaluation sites 4 https://bugs.webkit.org/show_bug.cgi?id=209521 5 <rdar://problem/60837954> 6 7 Reviewed by Chris Dumez. 8 9 Return an exception because that option is available here, and also add 10 console and release logging for consistency across app-bound domain checks. 11 12 * WebProcess/WebPage/WebPage.cpp: 13 (WebKit::WebPage::runJavaScript): 14 1 15 2020-03-25 Wenson Hsieh <wenson_hsieh@apple.com> 2 16 -
trunk/Source/WebKit/WebProcess/WebPage/WebPage.cpp
r258873 r258986 3449 3449 if (hasNavigatedAwayFromAppBoundDomain() == NavigatedAwayFromAppBoundDomain::Yes && !m_needsInAppBrowserPrivacyQuirks) { 3450 3450 send(Messages::WebPageProxy::ScriptValueCallback({ }, ExceptionDetails { "Unable to execute JavaScript"_s }, callbackID)); 3451 if (auto* document = m_page->mainFrame().document()) 3452 document->addConsoleMessage(MessageSource::Security, MessageLevel::Warning, "Ignoring user script injection for non-app bound domain."); 3453 RELEASE_LOG_ERROR_IF_ALLOWED(Loading, "runJavaScript: Ignoring user script injection for non app-bound domain"); 3451 3454 return; 3452 3455 }
Note: See TracChangeset
for help on using the changeset viewer.