Changeset 199795 in webkit
- Timestamp:
- Apr 20, 2016 3:56:40 PM (8 years ago)
- Location:
- trunk
- Files:
-
- 6 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebKit2/ChangeLog
r199779 r199795 1 2016-04-20 Dustin Falgout <dustin@falgout.us> 2 3 [GTK] Expose AllowUniversalAccessFromFileURLs preference now that calling localStorage.getItem() results in SecurityError: DOM Exception 18 4 5 Reviewed by Michael Catanzaro. 6 7 As of r197858 JavaScript loaded in the context of a file scheme url cannot access local storage. That is a major 8 breaking change as many applications that serve files locally rely on having access to local storage. The point 9 of that security fix is to avoid cases of downloaded HTML content (such as e-mail attachments or JS injected 10 into local contexts) from having access to your local file system and arbitrary local storage. If you are serving 11 local files in your applications, you can use the WebKitAllowUniversalAccessFromFileURLs preference key to tell 12 Webkit that you are approve of these kinds of interactions. 13 14 https://bugs.webkit.org/show_bug.cgi?id=156651 15 16 * UIProcess/API/gtk/WebKitSettings.cpp: 17 (webKitSettingsSetProperty): 18 (webKitSettingsGetProperty): 19 (webkit_settings_class_init): 20 (webkit_settings_get_allow_universal_access_from_file_urls): 21 (webkit_settings_set_allow_universal_access_from_file_urls): 22 * UIProcess/API/gtk/WebKitSettings.h: 23 * UIProcess/API/gtk/docs/webkit2gtk-4.0-sections.txt: 24 1 25 2016-04-20 Brady Eidson <beidson@apple.com> 2 26 -
trunk/Source/WebKit2/UIProcess/API/gtk/WebKitSettings.cpp
r196767 r199795 145 145 PROP_ENABLE_SPATIAL_NAVIGATION, 146 146 PROP_ENABLE_MEDIASOURCE, 147 PROP_ALLOW_FILE_ACCESS_FROM_FILE_URLS 147 PROP_ALLOW_FILE_ACCESS_FROM_FILE_URLS, 148 PROP_ALLOW_UNIVERSAL_ACCESS_FROM_FILE_URLS 148 149 }; 149 150 … … 314 315 webkit_settings_set_allow_file_access_from_file_urls(settings, g_value_get_boolean(value)); 315 316 break; 317 case PROP_ALLOW_UNIVERSAL_ACCESS_FROM_FILE_URLS: 318 webkit_settings_set_allow_universal_access_from_file_urls(settings, g_value_get_boolean(value)); 319 break; 316 320 default: 317 321 G_OBJECT_WARN_INVALID_PROPERTY_ID(object, propId, paramSpec); … … 471 475 case PROP_ALLOW_FILE_ACCESS_FROM_FILE_URLS: 472 476 g_value_set_boolean(value, webkit_settings_get_allow_file_access_from_file_urls(settings)); 477 break; 478 case PROP_ALLOW_UNIVERSAL_ACCESS_FROM_FILE_URLS: 479 g_value_set_boolean(value, webkit_settings_get_allow_universal_access_from_file_urls(settings)); 473 480 break; 474 481 default: … … 1243 1250 FALSE, 1244 1251 readWriteConstructParamFlags)); 1252 1253 /** 1254 * WebKitSettings:allow-universal-access-from-file-urls: 1255 * 1256 * Whether or not JavaScript running in the context of a file scheme URL 1257 * should be allowed to access content from any origin. By default, when 1258 * something is loaded in a #WebKitWebView using a file scheme URL, 1259 * access to the local file system and arbitrary local storage is not 1260 * allowed. This setting allows you to change that behaviour, so that 1261 * it would be possible to use local storage, for example. 1262 * 1263 * Since: 2.14 1264 */ 1265 g_object_class_install_property(gObjectClass, 1266 PROP_ALLOW_UNIVERSAL_ACCESS_FROM_FILE_URLS, 1267 g_param_spec_boolean("allow-universal-access-from-file-urls", 1268 _("Allow universal access from the context of file scheme URLs"), 1269 _("Whether or not universal access is allowed from the context of file scheme URLs"), 1270 FALSE, 1271 readWriteConstructParamFlags)); 1245 1272 } 1246 1273 … … 3063 3090 g_object_notify(G_OBJECT(settings), "allow-file-access-from-file-urls"); 3064 3091 } 3092 3093 /** 3094 * webkit_settings_get_allow_universal_access_from_file_urls: 3095 * @settings: a #WebKitSettings 3096 * 3097 * Get the #WebKitSettings:allow-universal-access-from-file-urls property. 3098 * 3099 * Returns: %TRUE If universal access from file URLs is allowed or %FALSE otherwise. 3100 * 3101 * Since: 2.14 3102 */ 3103 gboolean webkit_settings_get_allow_universal_access_from_file_urls(WebKitSettings* settings) 3104 { 3105 g_return_val_if_fail(WEBKIT_IS_SETTINGS(settings), FALSE); 3106 3107 return settings->priv->preferences->allowUniversalAccessFromFileURLs(); 3108 } 3109 3110 /** 3111 * webkit_settings_set_allow_universal_access_from_file_urls: 3112 * @settings: a #WebKitSettings 3113 * @allowed: Value to be set 3114 * 3115 * Set the #WebKitSettings:allow-universal-access-from-file-urls property. 3116 * 3117 * Since: 2.14 3118 */ 3119 void webkit_settings_set_allow_universal_access_from_file_urls(WebKitSettings* settings, gboolean allowed) 3120 { 3121 g_return_if_fail(WEBKIT_IS_SETTINGS(settings)); 3122 3123 WebKitSettingsPrivate* priv = settings->priv; 3124 if (priv->preferences->allowUniversalAccessFromFileURLs() == allowed) 3125 return; 3126 3127 priv->preferences->setAllowUniversalAccessFromFileURLs(allowed); 3128 g_object_notify(G_OBJECT(settings), "allow-universal-access-from-file-urls"); 3129 } -
trunk/Source/WebKit2/UIProcess/API/gtk/WebKitSettings.h
r183992 r199795 422 422 gboolean allowed); 423 423 424 WEBKIT_API gboolean 425 webkit_settings_get_allow_universal_access_from_file_urls (WebKitSettings *settings); 426 427 WEBKIT_API void 428 webkit_settings_set_allow_universal_access_from_file_urls (WebKitSettings *settings, 429 gboolean allowed); 430 424 431 G_END_DECLS 425 432 -
trunk/Source/WebKit2/UIProcess/API/gtk/docs/webkit2gtk-4.0-sections.txt
r194579 r199795 454 454 webkit_settings_get_allow_file_access_from_file_urls 455 455 webkit_settings_set_allow_file_access_from_file_urls 456 webkit_settings_get_allow_universal_access_from_file_urls 457 webkit_settings_set_allow_universal_access_from_file_urls 456 458 457 459 <SUBSECTION Standard> -
trunk/Tools/ChangeLog
r199779 r199795 1 2016-04-20 Dustin Falgout <dustin@falgout.us> 2 3 [GTK] Expose AllowUniversalAccessFromFileURLs preference now that calling localStorage.getItem() results in SecurityError: DOM Exception 18 4 https://bugs.webkit.org/show_bug.cgi?id=156651 5 6 Reviewed by Michael Catanzaro. 7 8 * TestWebKitAPI/Tests/WebKit2Gtk/TestWebKitSettings.cpp: 9 (testWebKitSettings): 10 1 11 2016-04-20 Brady Eidson <beidson@apple.com> 2 12 -
trunk/Tools/TestWebKitAPI/Tests/WebKit2Gtk/TestWebKitSettings.cpp
r185502 r199795 279 279 g_assert(webkit_settings_get_allow_file_access_from_file_urls(settings)); 280 280 281 // Universal access from file URLs is not allowed by default. 282 g_assert(!webkit_settings_get_allow_universal_access_from_file_urls(settings)); 283 webkit_settings_set_allow_universal_access_from_file_urls(settings, TRUE); 284 g_assert(webkit_settings_get_allow_universal_access_from_file_urls(settings)); 285 281 286 g_object_unref(G_OBJECT(settings)); 282 287 }
Note: See TracChangeset
for help on using the changeset viewer.