Changeset 191211 in webkit


Ignore:
Timestamp:
Oct 16, 2015 2:25:52 PM (8 years ago)
Author:
Brent Fulgham
Message:

Hide all plugin names except Flash, Java, and QuickTime
https://bugs.webkit.org/show_bug.cgi?id=149014

Reviewed by Darin Adler.

Source/WebCore:

Revise plugin interface so that sites cannot iterate over all plugins to obtain
a list of installed plugins for fingerprinting purposes. Sites need to ask for
specific plugins by name, rather than iterating and comparing to avoid making
this information accessible for fingerprinting purposes.

  • plugins/DOMPluginArray.cpp:

(WebCore::DOMPluginArray::length): Only return length of the plugins we are
allowing to be seen.
(WebCore::DOMPluginArray::item): Only iterate through the plugins we are
allowing to be seen.

  • plugins/PluginData.cpp:

(WebCore::PluginData::publiclyVisiblePlugins): Added.

  • plugins/PluginData.h:

LayoutTests:

Update tests to notify internals that all plugins should be shown, not
just the publicly available ones.

  • plugins/plugin-javascript-access.html:
  • plugins/script-tests/navigator-mimeTypes-length.js:
Location:
trunk
Files:
11 edited

Legend:

Unmodified
Added
Removed
  • trunk/LayoutTests/ChangeLog

    r191206 r191211  
     12015-10-16  Brent Fulgham  <bfulgham@apple.com>
     2
     3        Hide all plugin names except Flash, Java, and QuickTime
     4        https://bugs.webkit.org/show_bug.cgi?id=149014
     5
     6        Reviewed by Darin Adler.
     7
     8        Update tests to notify internals that all plugins should be shown, not
     9        just the publicly available ones.
     10
     11        * plugins/plugin-javascript-access.html:
     12        * plugins/script-tests/navigator-mimeTypes-length.js:
     13
    1142015-10-16  Michael Saboff  <msaboff@apple.com>
    215
  • trunk/LayoutTests/plugins/plugin-javascript-access.html

    r120417 r191211  
    88if (window.testRunner)
    99    testRunner.dumpAsText()
     10
     11if (window.internals)
     12    internals.setShowAllPlugins(true);
    1013
    1114navigator.plugins.refresh(false); // Supposedly helps if new plug-ins were added.
  • trunk/LayoutTests/plugins/script-tests/navigator-mimeTypes-length.js

    r71651 r191211  
    22"Test for bug 10038: REGRESSION: Length of navigator.mimeTypes collection returns number of installed plugins, not number of registered mime types."
    33);
     4
     5if (window.internals)
     6    internals.setShowAllPlugins(true);
    47
    58var numberOfMimeTypes = 0;
  • trunk/Source/WebCore/ChangeLog

    r191210 r191211  
     12015-10-16  Brent Fulgham  <bfulgham@apple.com>
     2
     3        Hide all plugin names except Flash, Java, and QuickTime
     4        https://bugs.webkit.org/show_bug.cgi?id=149014
     5
     6        Reviewed by Darin Adler.
     7
     8        Revise plugin interface so that sites cannot iterate over all plugins to obtain
     9        a list of installed plugins for fingerprinting purposes. Sites need to ask for
     10        specific plugins by name, rather than iterating and comparing to avoid making
     11        this information accessible for fingerprinting purposes.
     12
     13        * plugins/DOMPluginArray.cpp:
     14        (WebCore::DOMPluginArray::length): Only return length of the plugins we are
     15        allowing to be seen.
     16        (WebCore::DOMPluginArray::item): Only iterate through the plugins we are
     17        allowing to be seen.
     18        * plugins/PluginData.cpp:
     19        (WebCore::PluginData::publiclyVisiblePlugins): Added.
     20        * plugins/PluginData.h:
     21
    1222015-10-16  Brady Eidson  <beidson@apple.com>
    223
  • trunk/Source/WebCore/page/Page.h

    r191063 r191211  
    472472#endif
    473473
     474    void setShowAllPlugins(bool showAll) { m_showAllPlugins = showAll; }
     475    bool showAllPlugins() const { return m_showAllPlugins; }
     476
    474477private:
    475478    WEBCORE_EXPORT void initGroup();
     
    635638   
    636639    bool m_allowsMediaDocumentInlinePlayback { false };
     640    bool m_showAllPlugins { false };
    637641};
    638642
  • trunk/Source/WebCore/plugins/DOMPluginArray.cpp

    r190280 r191211  
    11/*
    22 *  Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies)
    3  *  Copyright (C) 2008 Apple Inc. All rights reserved.
     3 *  Copyright (C) 2008, 2015 Apple Inc. All rights reserved.
    44 *
    55 *  This library is free software; you can redistribute it and/or
     
    5050        return 0;
    5151
    52     return data->webVisiblePlugins().size();
     52    return data->publiclyVisiblePlugins().size();
    5353}
    5454
     
    5959        return nullptr;
    6060
    61     const Vector<PluginInfo>& plugins = data->webVisiblePlugins();
     61    const Vector<PluginInfo>& plugins = data->publiclyVisiblePlugins();
    6262    if (index >= plugins.size())
    6363        return nullptr;
  • trunk/Source/WebCore/plugins/PluginData.cpp

    r190547 r191211  
    2525#include "PluginData.h"
    2626
     27#include "Page.h"
    2728#include "PlatformStrategies.h"
    2829#include "PluginStrategy.h"
     
    4243    Vector<PluginInfo> plugins;
    4344    platformStrategies()->pluginStrategy()->getWebVisiblePluginInfo(m_page, plugins);
     45    return plugins;
     46}
     47
     48static bool shouldBePubliclyVisible(const PluginInfo& plugin)
     49{
     50    // For practical website compatibility, there are a few plugins that need to be
     51    // visible. We are matching the set of plugins that Mozilla has been using since
     52    // there is a good track record that this does not harm compatibility.
     53    return plugin.name.containsIgnoringASCIICase("Shockwave")
     54        || plugin.name.containsIgnoringASCIICase("QuickTime")
     55        || plugin.name.containsIgnoringASCIICase("Java");
     56}
     57
     58Vector<PluginInfo> PluginData::publiclyVisiblePlugins() const
     59{
     60    if (m_page->showAllPlugins())
     61        return webVisiblePlugins();
     62   
     63    Vector<PluginInfo> allPlugins;
     64    platformStrategies()->pluginStrategy()->getWebVisiblePluginInfo(m_page, allPlugins);
     65
     66    Vector<PluginInfo> plugins;
     67    for (auto&& plugin : allPlugins) {
     68        if (shouldBePubliclyVisible(plugin))
     69            plugins.append(WTF::move(plugin));
     70    }
     71
     72    std::sort(plugins.begin(), plugins.end(), [](const PluginInfo& a, const PluginInfo& b) {
     73        return codePointCompareLessThan(a.name, b.name);
     74    });
    4475    return plugins;
    4576}
  • trunk/Source/WebCore/plugins/PluginData.h

    r190547 r191211  
    11/*
    22    Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies)
     3    Copyright (C) 2015 Apple Inc. All rights reserved.
    34
    45    This library is free software; you can redistribute it and/or
     
    9091    const Vector<PluginInfo>& plugins() const { return m_plugins; }
    9192    Vector<PluginInfo> webVisiblePlugins() const;
     93    Vector<PluginInfo> publiclyVisiblePlugins() const;
    9294    WEBCORE_EXPORT void getWebVisibleMimesAndPluginIndices(Vector<MimeClassInfo>&, Vector<size_t>&) const;
    9395
  • trunk/Source/WebCore/testing/Internals.cpp

    r190845 r191211  
    386386    MockContentFilterSettings::reset();
    387387#endif
     388
     389    page->setShowAllPlugins(false);
    388390}
    389391
     
    31493151#endif
    31503152
    3151 }
     3153void Internals::setShowAllPlugins(bool show)
     3154{
     3155    Document* document = contextDocument();
     3156    if (!document)
     3157        return;
     3158   
     3159    Page* page = document->page();
     3160    if (!page)
     3161        return;
     3162
     3163    page->setShowAllPlugins(show);
     3164}
     3165
     3166}
  • trunk/Source/WebCore/testing/Internals.h

    r190604 r191211  
    437437
    438438    String userVisibleString(const DOMURL*);
     439    void setShowAllPlugins(bool);
    439440
    440441private:
  • trunk/Source/WebCore/testing/Internals.idl

    r190604 r191211  
    11/*
    22 * Copyright (C) 2012 Google Inc. All rights reserved.
    3  * Copyright (C) 2013, 2014 Apple Inc. All rights reserved.
     3 * Copyright (C) 2013-2015 Apple Inc. All rights reserved.
    44 *
    55 * Redistribution and use in source and binary forms, with or without
     
    407407
    408408    DOMString userVisibleString(DOMURL url);
    409 };
     409
     410    void setShowAllPlugins(boolean showAll);
     411};
Note: See TracChangeset for help on using the changeset viewer.