Changeset 283593 in webkit


Ignore:
Timestamp:
Oct 5, 2021 5:46:43 PM (10 months ago)
Author:
wilander@apple.com
Message:

PCM: Allow measurement of links in nested, cross-site iframes
https://bugs.webkit.org/show_bug.cgi?id=229204
<rdar://problem/82310386>

Reviewed by Alex Christensen.

Developers have said it would be great to allow measurement of links served in
nested, cross-site iframes on the click source. The click still count as if it
happened on the first party click source site, and any attribution report still
goes to that first party. This change enables the *serving* of measurable links
in nested, cross-site iframes.

The standards issue where this was discussed:
https://github.com/privacycg/private-click-measurement/issues/7

Source/WebCore:

Test: http/tests/privateClickMeasurement/store-private-click-measurement-nested.html

  • html/HTMLAnchorElement.cpp:

(WebCore::HTMLAnchorElement::parsePrivateClickMeasurement const):

Removed the block for nested, cross-site iframes.

LayoutTests:

  • http/tests/privateClickMeasurement/resources/nestedTargetLink.html: Added.
  • http/tests/privateClickMeasurement/store-private-click-measurement-nested-expected.txt: Added.
  • http/tests/privateClickMeasurement/store-private-click-measurement-nested.html: Added.
Location:
trunk
Files:
3 added
3 edited

Legend:

Unmodified
Added
Removed

  • trunk/LayoutTests/ChangeLog

    r283591 r283593  
     12021-10-05  John Wilander  <wilander@apple.com>
     2
     3        PCM: Allow measurement of links in nested, cross-site iframes
     4        https://bugs.webkit.org/show_bug.cgi?id=229204
     5        <rdar://problem/82310386>
     6
     7        Reviewed by Alex Christensen.
     8
     9        Developers have said it would be great to allow measurement of links served in
     10        nested, cross-site iframes on the click source. The click still count as if it
     11        happened on the first party click source site, and any attribution report still
     12        goes to that first party. This change enables the *serving* of measurable links
     13        in nested, cross-site iframes.
     14
     15        The standards issue where this was discussed:
     16        https://github.com/privacycg/private-click-measurement/issues/7
     17
     18        * http/tests/privateClickMeasurement/resources/nestedTargetLink.html: Added.
     19        * http/tests/privateClickMeasurement/store-private-click-measurement-nested-expected.txt: Added.
     20        * http/tests/privateClickMeasurement/store-private-click-measurement-nested.html: Added.
     21
    1222021-10-05  Fujii Hironori  <Hironori.Fujii@sony.com>
    223

  • trunk/Source/WebCore/ChangeLog

    r283592 r283593  
     12021-10-05  John Wilander  <wilander@apple.com>
     2
     3        PCM: Allow measurement of links in nested, cross-site iframes
     4        https://bugs.webkit.org/show_bug.cgi?id=229204
     5        <rdar://problem/82310386>
     6
     7        Reviewed by Alex Christensen.
     8
     9        Developers have said it would be great to allow measurement of links served in
     10        nested, cross-site iframes on the click source. The click still count as if it
     11        happened on the first party click source site, and any attribution report still
     12        goes to that first party. This change enables the *serving* of measurable links
     13        in nested, cross-site iframes.
     14
     15        The standards issue where this was discussed:
     16        https://github.com/privacycg/private-click-measurement/issues/7
     17
     18        Test: http/tests/privateClickMeasurement/store-private-click-measurement-nested.html
     19
     20        * html/HTMLAnchorElement.cpp:
     21        (WebCore::HTMLAnchorElement::parsePrivateClickMeasurement const):
     22            Removed the block for nested, cross-site iframes.
     23
    1242021-10-05  Aditya Keerthi  <akeerthi@apple.com>
    225

  • trunk/Source/WebCore/html/HTMLAnchorElement.cpp

    r283313 r283593  
    403403    using AttributionDestinationSite = PrivateClickMeasurement::AttributionDestinationSite;
    404404
     405    RefPtr<Frame> frame = document().frame();
    405406    auto* page = document().page();
    406     if (!page || page->sessionID().isEphemeral()
     407    if (!frame ||!page || page->sessionID().isEphemeral()
    407408        || !document().settings().privateClickMeasurementEnabled()
    408409        || !UserGestureIndicator::processingUserGesture())
     
    422423    }
    423424
    424     RefPtr<Frame> frame = document().frame();
    425     if (!frame || !frame->isMainFrame()) {
    426         document().addConsoleMessage(MessageSource::Other, MessageLevel::Warning, "Private Click Measurement is only supported in the main frame."_s);
    427         return std::nullopt;
    428     }
    429    
    430425    auto attributionSourceID = parseHTMLNonNegativeInteger(attributionSourceIDAttr);
    431426    if (!attributionSourceID) {
     
    445440    }
    446441
    447     RegistrableDomain documentRegistrableDomain { document().url() };
    448     if (documentRegistrableDomain.matches(destinationURL)) {
     442    RegistrableDomain mainDocumentRegistrableDomain;
     443    if (auto mainDocument = frame->mainFrame().document())
     444        mainDocumentRegistrableDomain = RegistrableDomain { mainDocument->url() };
     445    else {
     446        document().addConsoleMessage(MessageSource::Other, MessageLevel::Warning, "Could not find a main document to use as source site for Private Click Measurement."_s);
     447        return std::nullopt;
     448    }
     449
     450    if (mainDocumentRegistrableDomain.matches(destinationURL)) {
    449451        document().addConsoleMessage(MessageSource::Other, MessageLevel::Warning, "attributiondestination can not be the same site as the current website."_s);
    450452        return std::nullopt;
     
    456458    String bundleID;
    457459#endif
    458     auto privateClickMeasurement = PrivateClickMeasurement { SourceID(attributionSourceID.value()), SourceSite(WTFMove(documentRegistrableDomain)), AttributionDestinationSite(destinationURL), bundleID, WallTime::now(), PrivateClickMeasurement::AttributionEphemeral::No };
     460    auto privateClickMeasurement = PrivateClickMeasurement { SourceID(attributionSourceID.value()), SourceSite(WTFMove(mainDocumentRegistrableDomain)), AttributionDestinationSite(destinationURL), bundleID, WallTime::now(), PrivateClickMeasurement::AttributionEphemeral::No };
    459461
    460462    auto attributionSourceNonceAttr = attributeWithoutSynchronization(attributionsourcenonceAttr);
Note: See TracChangeset for help on using the changeset viewer.