Changeset 258986 in webkit


Ignore:
Timestamp:
Mar 25, 2020 9:29:54 AM (4 years ago)
Author:
Kate Cheney
Message:

App-bound domain checks should provide more debugging details at script evaluation sites
https://bugs.webkit.org/show_bug.cgi?id=209521
<rdar://problem/60837954>

Reviewed by Chris Dumez.

Source/WebCore:

  • bindings/js/ScriptController.cpp:

(WebCore::ScriptController::executeScriptInWorld):
Return makeUnexpected object with an error message instead of null to
provide more details as to why the executeScriptInWorld()
call was not completed. Also add console logging and release logging.

  • page/Frame.cpp:

(WebCore::Frame::injectUserScriptImmediately):
There is no option to return an exception here, so this patch adds
console logging and release logging.

Source/WebKit:

Return an exception because that option is available here, and also add
console and release logging for consistency across app-bound domain checks.

  • WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::runJavaScript):

Location:
trunk/Source
Files:
5 edited

Legend:

Unmodified
Added
Removed
  • trunk/Source/WebCore/ChangeLog

    r258985 r258986  
     12020-03-25  Kate Cheney  <katherine_cheney@apple.com>
     2
     3        App-bound domain checks should provide more debugging details at script evaluation sites
     4        https://bugs.webkit.org/show_bug.cgi?id=209521
     5        <rdar://problem/60837954>
     6
     7        Reviewed by Chris Dumez.
     8
     9        * bindings/js/ScriptController.cpp:
     10        (WebCore::ScriptController::executeScriptInWorld):
     11        Return makeUnexpected object with an error message instead of null to
     12        provide more details as to why the executeScriptInWorld()
     13        call was not completed. Also add console logging and release logging.
     14 
     15        * page/Frame.cpp:
     16        (WebCore::Frame::injectUserScriptImmediately):
     17        There is no option to return an exception here, so this patch adds
     18        console logging and release logging.
     19
    1202020-03-25  Simon Fraser  <simon.fraser@apple.com>
    221
  • trunk/Source/WebCore/bindings/js/ScriptController.cpp

    r258476 r258986  
    4141#include "JSExecState.h"
    4242#include "LoadableModuleScript.h"
     43#include "Logging.h"
    4344#include "ModuleFetchFailureKind.h"
    4445#include "ModuleFetchParameters.h"
     
    7879#include <wtf/text/TextPosition.h>
    7980
     81#define RELEASE_LOG_ERROR_IF_ALLOWED(channel, fmt, ...) RELEASE_LOG_ERROR_IF(m_frame.isAlwaysOnLoggingAllowed(), channel, "%p - ScriptController::" fmt, this, ##__VA_ARGS__)
     82
    8083namespace WebCore {
    8184using namespace JSC;
     
    577580ValueOrException ScriptController::executeScriptInWorld(DOMWrapperWorld& world, RunJavaScriptParameters&& parameters)
    578581{
    579     if (m_frame.loader().client().hasNavigatedAwayFromAppBoundDomain() && !m_frame.loader().client().needsInAppBrowserPrivacyQuirks())
    580         return jsNull();
     582    if (m_frame.loader().client().hasNavigatedAwayFromAppBoundDomain() && !m_frame.loader().client().needsInAppBrowserPrivacyQuirks()) {
     583        if (auto* document = m_frame.document())
     584            document->addConsoleMessage(MessageSource::Security, MessageLevel::Warning, "Ignoring user script injection for non-app bound domain.");
     585        RELEASE_LOG_ERROR_IF_ALLOWED(Loading, "executeScriptInWorld: Ignoring user script injection for non app-bound domain");
     586        return makeUnexpected(ExceptionDetails { "Ignoring user script injection for non-app bound domain"_s });
     587    }
    581588
    582589    UserGestureIndicator gestureIndicator(parameters.forceUserGesture == ForceUserGesture::Yes ? Optional<ProcessingUserGestureState>(ProcessingUserGesture) : WTF::nullopt);
     
    861868
    862869} // namespace WebCore
     870
     871#undef RELEASE_LOG_ERROR_IF_ALLOWED
  • trunk/Source/WebCore/page/Frame.cpp

    r258628 r258986  
    108108#include <wtf/text/StringBuilder.h>
    109109
     110#define RELEASE_LOG_ERROR_IF_ALLOWED(channel, fmt, ...) RELEASE_LOG_ERROR_IF(isAlwaysOnLoggingAllowed(), channel, "%p - Frame::" fmt, this, ##__VA_ARGS__)
     111
    110112namespace WebCore {
    111113
     
    625627void Frame::injectUserScriptImmediately(DOMWrapperWorld& world, const UserScript& script)
    626628{
    627     if (loader().client().hasNavigatedAwayFromAppBoundDomain() && !loader().client().needsInAppBrowserPrivacyQuirks())
    628         return;
     629    if (loader().client().hasNavigatedAwayFromAppBoundDomain() && !loader().client().needsInAppBrowserPrivacyQuirks()) {
     630        if (auto* document = this->document())
     631            document->addConsoleMessage(MessageSource::Security, MessageLevel::Warning, "Ignoring user script injection for non-app bound domain."_s);
     632        RELEASE_LOG_ERROR_IF_ALLOWED(Loading, "injectUserScriptImmediately: Ignoring user script injection for non app-bound domain");
     633        return;
     634    }
    629635
    630636    auto* document = this->document();
     
    10481054
    10491055} // namespace WebCore
     1056
     1057#undef RELEASE_LOG_ERROR_IF_ALLOWED
  • trunk/Source/WebKit/ChangeLog

    r258980 r258986  
     12020-03-25  Kate Cheney  <katherine_cheney@apple.com>
     2
     3        App-bound domain checks should provide more debugging details at script evaluation sites
     4        https://bugs.webkit.org/show_bug.cgi?id=209521
     5        <rdar://problem/60837954>
     6
     7        Reviewed by Chris Dumez.
     8
     9        Return an exception because that option is available here, and also add
     10        console and release logging for consistency across app-bound domain checks.
     11
     12        * WebProcess/WebPage/WebPage.cpp:
     13        (WebKit::WebPage::runJavaScript):
     14
    1152020-03-25  Wenson Hsieh  <wenson_hsieh@apple.com>
    216
  • trunk/Source/WebKit/WebProcess/WebPage/WebPage.cpp

    r258873 r258986  
    34493449    if (hasNavigatedAwayFromAppBoundDomain() == NavigatedAwayFromAppBoundDomain::Yes && !m_needsInAppBrowserPrivacyQuirks) {
    34503450        send(Messages::WebPageProxy::ScriptValueCallback({ }, ExceptionDetails { "Unable to execute JavaScript"_s }, callbackID));
     3451        if (auto* document = m_page->mainFrame().document())
     3452            document->addConsoleMessage(MessageSource::Security, MessageLevel::Warning, "Ignoring user script injection for non-app bound domain.");
     3453        RELEASE_LOG_ERROR_IF_ALLOWED(Loading, "runJavaScript: Ignoring user script injection for non app-bound domain");
    34513454        return;
    34523455    }
Note: See TracChangeset for help on using the changeset viewer.