Context Navigation

← Previous Changeset
Next Changeset →

Changeset 207318 in webkit

Timestamp:

Oct 13, 2016 6:14:05 PM (8 years ago)

Author:

aestes@apple.com

Message:

[iOS] Support Web Archive previews generated by QuickLook
https://bugs.webkit.org/show_bug.cgi?id=162951
<rdar://problem/28607920>

Reviewed by Brady Eidson.

QuickLook might generate a Web Archive preview for some resource types, but WebKit would
refuse to load it due to the prohibition on loading remote Web Archives. Even though the
original resource might be from a remote origin, the QuickLook-generated preview is a
trusted local resource, so allow it to be loaded.

No test possible.

loader/DocumentLoader.cpp:

(WebCore::isRemoteWebArchive): Added. Moved the remote web archive check from
continueAfterContentPolicy() to here, and added a check for responses containing the
QuickLook preview protocol.
(WebCore::DocumentLoader::continueAfterContentPolicy): Called isRemoteWebArchive().

Location:

trunk/Source/WebCore

Files:

: 2 edited

ChangeLog (modified) (1 diff)
loader/DocumentLoader.cpp (modified) (3 diffs)

Legend:

: Unmodified
: Added
: Removed

trunk/Source/WebCore/ChangeLog

-                      r207317
+                      r207318
+-10-13  Andy Estes  <aestes@apple.com>
+        [iOS] Support Web Archive previews generated by QuickLook
+        https://bugs.webkit.org/show_bug.cgi?id=162951
+        <rdar://problem/28607920>
+        Reviewed by Brady Eidson.
+        QuickLook might generate a Web Archive preview for some resource types, but WebKit would
+        refuse to load it due to the prohibition on loading remote Web Archives. Even though the
+        original resource might be from a remote origin, the QuickLook-generated preview is a
+        trusted local resource, so allow it to be loaded.
+        No test possible.
+        * loader/DocumentLoader.cpp:
+        (WebCore::isRemoteWebArchive): Added. Moved the remote web archive check from
+        continueAfterContentPolicy() to here, and added a check for responses containing the
+        QuickLook preview protocol.
+        (WebCore::DocumentLoader::continueAfterContentPolicy): Called isRemoteWebArchive().
 -10-13  Dean Jackson  <dino@apple.com>

trunk/Source/WebCore/loader/DocumentLoader.cpp

-                      r206903
+                      r207318
 #endif
+#if USE(QUICK_LOOK)
+#include "QuickLook.h"
+#endif
 #define RELEASE_LOG_IF_ALLOWED(fmt, ...) RELEASE_LOG_IF(isAlwaysOnLoggingAllowed(), Network, "%p - DocumentLoader::" fmt, this, ##__VA_ARGS__)
 …
+}
+static bool isRemoteWebArchive(const DocumentLoader& documentLoader)
+{
+    using MIMETypeHashSet = HashSet<String, ASCIICaseInsensitiveHash>;
+    static NeverDestroyed<MIMETypeHashSet> webArchiveMIMETypes {
+        MIMETypeHashSet {
+            ASCIILiteral("application/x-webarchive"),
+            ASCIILiteral("application/x-mimearchive"),
+            ASCIILiteral("multipart/related"),
+#if PLATFORM(GTK)
+            ASCIILiteral("message/rfc822"),
+#endif
+        }
+    };
+    const ResourceResponse& response = documentLoader.response();
+    if (!webArchiveMIMETypes.get().contains(response.mimeType()))
+        return false;
+#if USE(QUICK_LOOK)
+    if (response.url().protocolIs(QLPreviewProtocol()))
+        return false;
+#endif
+    return !documentLoader.substituteData().isValid() && !SchemeRegistry::shouldTreatURLSchemeAsLocal(documentLoader.request().url().protocol());
+}
 void DocumentLoader::continueAfterContentPolicy(PolicyAction policy)
+{
 …
         return;
-    URL url = m_request.url();
-    const String& mimeType = m_response.mimeType();
     switch (policy) {
     case PolicyUse: {
         // Prevent remote web archives from loading because they can claim to be from any domain and thus avoid cross-domain security checks (4120255).
+        bool isRemoteWebArchive = (equalLettersIgnoringASCIICase(mimeType, "application/x-webarchive")
+            || equalLettersIgnoringASCIICase(mimeType, "application/x-mimearchive")
+#if PLATFORM(GTK)
+            || equalLettersIgnoringASCIICase(mimeType, "message/rfc822")
+#endif
+            || equalLettersIgnoringASCIICase(mimeType, "multipart/related"))
+            && !m_substituteData.isValid() && !SchemeRegistry::shouldTreatURLSchemeAsLocal(url.protocol());
+        if (!frameLoader()->client().canShowMIMEType(mimeType) || isRemoteWebArchive) {
+        if (!frameLoader()->client().canShowMIMEType(m_response.mimeType()) || isRemoteWebArchive(*this)) {
             frameLoader()->policyChecker().cannotShowMIMEType(m_response);
             // Check reachedTerminalState since the load may have already been canceled inside of _handleUnimplementablePolicyWithErrorCode::.

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 207318 in webkit

Legend:

trunk/Source/WebCore/ChangeLog

trunk/Source/WebCore/loader/DocumentLoader.cpp

Download in other formats: