Changeset 244573 in webkit

Timestamp:

Apr 23, 2019 5:24:27 PM (5 years ago)

Author:

aestes@apple.com

Message:

[iOS] QuickLook documents loaded from file: URLs should be allowed to perform same-document navigations
​https://bugs.webkit.org/show_bug.cgi?id=196749
<rdar://problem/35773454>

Reviewed by Daniel Bates.

Source/WebCore:

QuickLook previews are in a non-local origin defined by a unique x-apple-ql-id: URL, which
isolates the origin that hosted the document from the document preview itself. When a
QuickLook document is loaded as a file: URL, SecurityOrigin's protections against loading
local resources from non-local origins prevented navigations like location.reload() and
fragment navigations.

To allow reloads and same-document navigations in QuickLook documents loaded from file: URLs,
we should grant the QuickLook document's SecurityOrigin access to the file path that loaded
the preview.

Added a new API test.

• dom/Document.cpp:

(WebCore::Document::applyQuickLookSandbox):

• page/SecurityOrigin.cpp:

(WebCore::SecurityOrigin::createNonLocalWithAllowedFilePath):
(WebCore::SecurityOrigin::canDisplay const):

• page/SecurityOrigin.h:

Tools:

Added a new QuickLook API test and added new expectations to existing QuickLook tests.

• TestWebKitAPI/Tests/WebKitCocoa/QuickLook.mm:

(-[QuickLookDelegate webView:didStartProvisionalNavigation:]):
(-[QuickLookDelegate webView:didFinishNavigation:]):
(-[QuickLookDelegate _webView:didFailNavigation:withError:userInfo:]):
(-[QuickLookDelegate webView:didFailProvisionalNavigation:withError:]):
(runTest):
(runTestDecideBeforeLoading):
(runTestDecideAfterLoading):
(TEST):

Location:

trunk

Files:

• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/dom/Document.cpp (modified) (1 diff)
• Source/WebCore/page/SecurityOrigin.cpp (modified) (2 diffs)
• Source/WebCore/page/SecurityOrigin.h (modified) (1 diff)
• Tools/ChangeLog (modified) (1 diff)
• Tools/TestWebKitAPI/Tests/WebKitCocoa/QuickLook.mm (modified) (15 diffs)

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2019-04-23  Andy Estes  <aestes@apple.com>
+
+        [iOS] QuickLook documents loaded from file: URLs should be allowed to perform same-document navigations
+        https://bugs.webkit.org/show_bug.cgi?id=196749
+        <rdar://problem/35773454>
+
+        Reviewed by Daniel Bates.
+
+        QuickLook previews are in a non-local origin defined by a unique x-apple-ql-id: URL, which
+        isolates the origin that hosted the document from the document preview itself. When a
+        QuickLook document is loaded as a file: URL, SecurityOrigin's protections against loading
+        local resources from non-local origins prevented navigations like location.reload() and
+        fragment navigations.
+
+        To allow reloads and same-document navigations in QuickLook documents loaded from file: URLs,
+        we should grant the QuickLook document's SecurityOrigin access to the file path that loaded
+        the preview.
+
+        Added a new API test.
+
+        * dom/Document.cpp:
+        (WebCore::Document::applyQuickLookSandbox):
+        * page/SecurityOrigin.cpp:
+        (WebCore::SecurityOrigin::createNonLocalWithAllowedFilePath):
+        (WebCore::SecurityOrigin::canDisplay const):
+        * page/SecurityOrigin.h:
+
 2019-04-23  Devin Rousso  <drousso@apple.com>
 

trunk/Source/WebCore/dom/Document.cpp

@@ -7226 +7226 @@
 void Document::applyQuickLookSandbox()
 {
-    const URL& responseURL = m_frame->loader().activeDocumentLoader()->responseURL();
+    auto& documentLoader = *m_frame->loader().activeDocumentLoader();
+    auto documentURL = documentLoader.documentURL();
+    auto& responseURL = documentLoader.responseURL();
+    ASSERT(!documentURL.protocolIs(QLPreviewProtocol));
     ASSERT(responseURL.protocolIs(QLPreviewProtocol));
 
-    auto securityOrigin = SecurityOrigin::create(responseURL);
+    auto securityOrigin = SecurityOrigin::createNonLocalWithAllowedFilePath(responseURL, documentURL.fileSystemPath());
     securityOrigin->setStorageBlockingPolicy(SecurityOrigin::BlockAllStorage);
     setSecurityOriginPolicy(SecurityOriginPolicy::create(WTFMove(securityOrigin)));

trunk/Source/WebCore/page/SecurityOrigin.cpp

@@ -206 +206 @@
 }
 
+Ref<SecurityOrigin> SecurityOrigin::createNonLocalWithAllowedFilePath(const URL& url, const String& filePath)
+{
+    ASSERT(!url.isLocalFile());
+    auto securityOrigin = SecurityOrigin::create(url);
+    securityOrigin->m_filePath = filePath;
+    return securityOrigin;
+}
+
 Ref<SecurityOrigin> SecurityOrigin::isolatedCopy() const
 {
@@ -363 +371 @@
         return equalIgnoringASCIICase(m_data.protocol, protocol) || SecurityPolicy::isAccessToURLWhiteListed(this, url);
 
-    if (SecurityPolicy::restrictAccessToLocal() && SchemeRegistry::shouldTreatURLSchemeAsLocal(protocol))
+    if (!SecurityPolicy::restrictAccessToLocal())
+        return true;
+
+    if (url.isLocalFile() && url.fileSystemPath() == m_filePath)
+        return true;
+
+    if (SchemeRegistry::shouldTreatURLSchemeAsLocal(protocol))
         return canLoadLocalResources() || SecurityPolicy::isAccessToURLWhiteListed(this, url);
 

trunk/Source/WebCore/page/SecurityOrigin.h

@@ -55 +55 @@
     WEBCORE_EXPORT static Ref<SecurityOrigin> create(const String& protocol, const String& host, Optional<uint16_t> port);
 
+    // QuickLook documents are in non-local origins even when loaded from file: URLs. They need to
+    // be allowed to display their own file: URLs in order to perform reloads and same-document
+    // navigations. This lets those documents specify the file path that should be allowed to be
+    // displayed from their non-local origin.
+    static Ref<SecurityOrigin> createNonLocalWithAllowedFilePath(const URL&, const String& filePath);
+
     // Some URL schemes use nested URLs for their security context. For example,
     // filesystem URLs look like the following:

trunk/Tools/ChangeLog

@@ +1 @@
+2019-04-23  Andy Estes  <aestes@apple.com>
+
+        [iOS] QuickLook documents loaded from file: URLs should be allowed to perform same-document navigations
+        https://bugs.webkit.org/show_bug.cgi?id=196749
+        <rdar://problem/35773454>
+
+        Reviewed by Daniel Bates.
+
+        Added a new QuickLook API test and added new expectations to existing QuickLook tests.
+
+        * TestWebKitAPI/Tests/WebKitCocoa/QuickLook.mm:
+        (-[QuickLookDelegate webView:didStartProvisionalNavigation:]):
+        (-[QuickLookDelegate webView:didFinishNavigation:]):
+        (-[QuickLookDelegate _webView:didFailNavigation:withError:userInfo:]):
+        (-[QuickLookDelegate webView:didFailProvisionalNavigation:withError:]):
+        (runTest):
+        (runTestDecideBeforeLoading):
+        (runTestDecideAfterLoading):
+        (TEST):
+
 2019-04-23  John Wilander  <wilander@apple.com>
 

trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/QuickLook.mm

@@ -58 +58 @@
 - (void)verifyDownload;
 
-@property (nonatomic) BOOL didStartQuickLookLoad;
-@property (nonatomic) BOOL didFinishQuickLookLoad;
+@property (nonatomic, readonly) BOOL didFailNavigation;
+@property (nonatomic, readonly) BOOL didFinishNavigation;
+@property (nonatomic, readonly) BOOL didFinishQuickLookLoad;
+@property (nonatomic, readonly) BOOL didStartQuickLookLoad;
 
 @end
@@ -108 +110 @@
 }
 
+- (void)webView:(WKWebView *)webView didStartProvisionalNavigation:(WKNavigation *)navigation
+{
+    _didFailNavigation = NO;
+    _didFinishNavigation = NO;
+    _didFinishQuickLookLoad = NO;
+    _didStartQuickLookLoad = NO;
+}
+
 - (void)webView:(WKWebView *)webView decidePolicyForNavigationResponse:(WKNavigationResponse *)navigationResponse decisionHandler:(void (^)(WKNavigationResponsePolicy))decisionHandler
 {
@@ -135 +145 @@
 - (void)webView:(WKWebView *)webView didFinishNavigation:(WKNavigation *)navigation
 {
+    EXPECT_FALSE(_didFailNavigation);
+    EXPECT_FALSE(_didFinishNavigation);
+    _didFinishNavigation = YES;
     isDone = true;
 }
 
+- (void)_webView:(WKWebView *)webView didFailNavigation:(WKNavigation *)navigation withError:(NSError *)error userInfo:(id<NSSecureCoding>)userInfo
+{
+    EXPECT_FALSE(_didFailNavigation);
+    EXPECT_FALSE(_didFinishNavigation);
+    _didFailNavigation = YES;
+    isDone = true;
+}
+
 - (void)webView:(WKWebView *)webView didFailProvisionalNavigation:(WKNavigation *)navigation withError:(NSError *)error
 {
+    EXPECT_FALSE(_didFailNavigation);
+    EXPECT_FALSE(_didFinishNavigation);
+    _didFailNavigation = YES;
     isDone = true;
 }
@@ -207 +231 @@
 @end
 
-static void runTest(QuickLookDelegate *delegate, NSURLRequest *request, BOOL shouldDecidePolicyBeforeLoading)
+static RetainPtr<WKWebView> runTest(QuickLookDelegate *delegate, NSURLRequest *request, BOOL shouldDecidePolicyBeforeLoading)
 {
     auto processPool = adoptNS([[WKProcessPool alloc] init]);
@@ -222 +246 @@
     isDone = false;
     Util::run(&isDone);
-}
-
-static void runTestDecideBeforeLoading(QuickLookDelegate *delegate, NSURLRequest *request)
-{
-    runTest(delegate, request, YES);
-}
-
-static void runTestDecideAfterLoading(QuickLookDelegate *delegate, NSURLRequest *request)
-{
-    runTest(delegate, request, NO);
+
+    return webView;
+}
+
+static RetainPtr<WKWebView> runTestDecideBeforeLoading(QuickLookDelegate *delegate, NSURLRequest *request)
+{
+    return runTest(delegate, request, YES);
+}
+
+static RetainPtr<WKWebView> runTestDecideAfterLoading(QuickLookDelegate *delegate, NSURLRequest *request)
+{
+    return runTest(delegate, request, NO);
 }
 
@@ -238 +264 @@
     auto delegate = adoptNS([[QuickLookDelegate alloc] initWithExpectedFileURL:pagesDocumentURL responsePolicy:WKNavigationResponsePolicyAllow]);
     runTestDecideBeforeLoading(delegate.get(), [NSURLRequest requestWithURL:pagesDocumentURL]);
-    EXPECT_TRUE([delegate didStartQuickLookLoad]);
-    EXPECT_TRUE([delegate didFinishQuickLookLoad]);
+    EXPECT_FALSE([delegate didFailNavigation]);
+    EXPECT_TRUE([delegate didFinishNavigation]);
+    EXPECT_TRUE([delegate didFinishQuickLookLoad]);
+    EXPECT_TRUE([delegate didStartQuickLookLoad]);
 }
 
@@ -246 +274 @@
     auto delegate = adoptNS([[QuickLookDelegate alloc] initWithExpectedFileURL:pagesDocumentURL previewMIMEType:pagesDocumentPreviewMIMEType responsePolicy:WKNavigationResponsePolicyAllow]);
     runTestDecideAfterLoading(delegate.get(), [NSURLRequest requestWithURL:pagesDocumentURL]);
-    EXPECT_TRUE([delegate didStartQuickLookLoad]);
-    EXPECT_TRUE([delegate didFinishQuickLookLoad]);
+    EXPECT_FALSE([delegate didFailNavigation]);
+    EXPECT_TRUE([delegate didFinishNavigation]);
+    EXPECT_TRUE([delegate didFinishQuickLookLoad]);
+    EXPECT_TRUE([delegate didStartQuickLookLoad]);
 }
 
@@ -271 +301 @@
     auto delegate = adoptNS([[QuickLookAsyncDelegate alloc] initWithExpectedFileURL:pagesDocumentURL responsePolicy:WKNavigationResponsePolicyAllow]);
     runTestDecideBeforeLoading(delegate.get(), [NSURLRequest requestWithURL:pagesDocumentURL]);
-    EXPECT_TRUE([delegate didStartQuickLookLoad]);
-    EXPECT_TRUE([delegate didFinishQuickLookLoad]);
+    EXPECT_FALSE([delegate didFailNavigation]);
+    EXPECT_TRUE([delegate didFinishNavigation]);
+    EXPECT_TRUE([delegate didFinishQuickLookLoad]);
+    EXPECT_TRUE([delegate didStartQuickLookLoad]);
 }
 
@@ -279 +311 @@
     auto delegate = adoptNS([[QuickLookAsyncDelegate alloc] initWithExpectedFileURL:pagesDocumentURL previewMIMEType:pagesDocumentPreviewMIMEType responsePolicy:WKNavigationResponsePolicyAllow]);
     runTestDecideAfterLoading(delegate.get(), [NSURLRequest requestWithURL:pagesDocumentURL]);
-    EXPECT_TRUE([delegate didStartQuickLookLoad]);
-    EXPECT_TRUE([delegate didFinishQuickLookLoad]);
+    EXPECT_FALSE([delegate didFailNavigation]);
+    EXPECT_TRUE([delegate didFinishNavigation]);
+    EXPECT_TRUE([delegate didFinishQuickLookLoad]);
+    EXPECT_TRUE([delegate didStartQuickLookLoad]);
 }
 
@@ -287 +321 @@
     auto delegate = adoptNS([[QuickLookDelegate alloc] initWithExpectedFileURL:pagesDocumentURL responsePolicy:WKNavigationResponsePolicyCancel]);
     runTestDecideBeforeLoading(delegate.get(), [NSURLRequest requestWithURL:pagesDocumentURL]);
+    EXPECT_FALSE([delegate didFinishNavigation]);
+    EXPECT_FALSE([delegate didFinishQuickLookLoad]);
     EXPECT_FALSE([delegate didStartQuickLookLoad]);
-    EXPECT_FALSE([delegate didFinishQuickLookLoad]);
+    EXPECT_TRUE([delegate didFailNavigation]);
 }
 
@@ -295 +331 @@
     auto delegate = adoptNS([[QuickLookDelegate alloc] initWithExpectedFileURL:pagesDocumentURL previewMIMEType:pagesDocumentPreviewMIMEType responsePolicy:WKNavigationResponsePolicyCancel]);
     runTestDecideAfterLoading(delegate.get(), [NSURLRequest requestWithURL:pagesDocumentURL]);
-    EXPECT_TRUE([delegate didStartQuickLookLoad]);
-    EXPECT_TRUE([delegate didFinishQuickLookLoad]);
+    EXPECT_FALSE([delegate didFinishNavigation]);
+    EXPECT_TRUE([delegate didFailNavigation]);
+    EXPECT_TRUE([delegate didFinishQuickLookLoad]);
+    EXPECT_TRUE([delegate didStartQuickLookLoad]);
 }
 
@@ -303 +341 @@
     auto delegate = adoptNS([[QuickLookDelegate alloc] initWithExpectedFileURL:pagesDocumentURL responsePolicy:_WKNavigationResponsePolicyBecomeDownload]);
     runTestDecideBeforeLoading(delegate.get(), [NSURLRequest requestWithURL:pagesDocumentURL]);
+    EXPECT_FALSE([delegate didFinishNavigation]);
+    EXPECT_FALSE([delegate didFinishQuickLookLoad]);
     EXPECT_FALSE([delegate didStartQuickLookLoad]);
-    EXPECT_FALSE([delegate didFinishQuickLookLoad]);
+    EXPECT_TRUE([delegate didFailNavigation]);
 
     Util::run(&downloadIsDone);
@@ -314 +354 @@
     auto delegate = adoptNS([[QuickLookDelegate alloc] initWithExpectedFileURL:pagesDocumentURL previewMIMEType:pagesDocumentPreviewMIMEType responsePolicy:_WKNavigationResponsePolicyBecomeDownload]);
     runTestDecideAfterLoading(delegate.get(), [NSURLRequest requestWithURL:pagesDocumentURL]);
-    EXPECT_TRUE([delegate didStartQuickLookLoad]);
-    EXPECT_TRUE([delegate didFinishQuickLookLoad]);
+    EXPECT_FALSE([delegate didFinishNavigation]);
+    EXPECT_TRUE([delegate didFailNavigation]);
+    EXPECT_TRUE([delegate didFinishQuickLookLoad]);
+    EXPECT_TRUE([delegate didStartQuickLookLoad]);
 }
 
@@ -337 +379 @@
     auto delegate = adoptNS([[QuickLookPasswordDelegate alloc] initWithExpectedFileURL:passwordProtectedDocumentURL responsePolicy:WKNavigationResponsePolicyAllow]);
     runTestDecideBeforeLoading(delegate.get(), [NSURLRequest requestWithURL:passwordProtectedDocumentURL]);
+    EXPECT_FALSE([delegate didFailNavigation]);
+    EXPECT_FALSE([delegate didFinishNavigation]);
+    EXPECT_TRUE([delegate didFinishQuickLookLoad]);
     EXPECT_TRUE([delegate didRequestPassword]);
+    EXPECT_TRUE([delegate didStartQuickLookLoad]);
 }
 
@@ -345 +391 @@
     auto delegate = adoptNS([[QuickLookPasswordDelegate alloc] initWithExpectedFileURL:passwordProtectedDocumentURL previewMIMEType:pagesDocumentPreviewMIMEType responsePolicy:WKNavigationResponsePolicyAllow]);
     runTestDecideAfterLoading(delegate.get(), [NSURLRequest requestWithURL:passwordProtectedDocumentURL]);
+    EXPECT_FALSE([delegate didFailNavigation]);
+    EXPECT_FALSE([delegate didFinishNavigation]);
+    EXPECT_TRUE([delegate didFinishQuickLookLoad]);
     EXPECT_TRUE([delegate didRequestPassword]);
+    EXPECT_TRUE([delegate didStartQuickLookLoad]);
+}
+
+TEST(QuickLook, ReloadAndSameDocumentNavigation)
+{
+    auto delegate = adoptNS([[QuickLookDelegate alloc] initWithExpectedFileURL:pagesDocumentURL responsePolicy:WKNavigationResponsePolicyAllow]);
+    auto webView = runTestDecideBeforeLoading(delegate.get(), [NSURLRequest requestWithURL:pagesDocumentURL]);
+    EXPECT_FALSE([delegate didFailNavigation]);
+    EXPECT_TRUE([delegate didFinishNavigation]);
+    EXPECT_TRUE([delegate didFinishQuickLookLoad]);
+    EXPECT_TRUE([delegate didStartQuickLookLoad]);
+
+    isDone = false;
+    [webView evaluateJavaScript:@"window.location.reload()" completionHandler:nil];
+    Util::run(&isDone);
+    EXPECT_FALSE([delegate didFailNavigation]);
+    EXPECT_TRUE([delegate didFinishNavigation]);
+    EXPECT_TRUE([delegate didFinishQuickLookLoad]);
+    EXPECT_TRUE([delegate didStartQuickLookLoad]);
+
+    isDone = false;
+    [webView evaluateJavaScript:@"window.location = '#test'; window.location.hash" completionHandler:^(id _Nullable value, NSError * _Nullable error) {
+        EXPECT_NULL(error);
+        EXPECT_WK_STREQ(@"#test", value);
+        isDone = true;
+    }];
+    Util::run(&isDone);
 }