Changeset 255961 in webkit
- Timestamp:
- Feb 6, 2020 9:32:18 AM (4 years ago)
- Location:
- trunk
- Files:
-
- 4 added
- 43 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r255960 r255961 1 2020-02-06 Brent Fulgham <bfulgham@apple.com> 2 3 Prevent navigating top level frames to Data URLs 4 https://bugs.webkit.org/show_bug.cgi?id=206962 5 <rdar://problem/56770676> 6 7 Reviewed by Youenn Fablet." 8 9 Revise our loading behavior to match Chrome and Firefox by blocking 10 top level frame navigations to Data URLs. 11 12 * fast/loader/data-url-frame-allowed.html: Added. 13 * fast/loader/data-url-frame-allowed-expected.txt : Added. 14 * fast/loader/data-url-load-denied.html: Added. 15 * fast/loader/data-url-load-denied-expected.txt: Added. 16 1 17 2020-02-06 Truitt Savell <tsavell@apple.com> 2 18 -
trunk/Source/WebCore/ChangeLog
r255957 r255961 1 2020-02-06 Brent Fulgham <bfulgham@apple.com> 2 3 Prevent navigating top level frames to Data URLs 4 https://bugs.webkit.org/show_bug.cgi?id=206962 5 <rdar://problem/56770676> 6 7 Reviewed by Youenn Fablet. 8 9 Revise our loading behavior to match Chrome and Firefox by blocking 10 top level frame navigations to Data URLs. 11 12 Test: fast/loader/data-url-frame-allowed.html, fast/loader/data-url-load-denied.html 13 14 * loader/DocumentLoader.cpp: 15 (WebCore::DocumentLoader::disallowDataRequest const): Added, 16 (WebCore::DocumentLoader::continueAfterContentPolicy): Validate whether the load should 17 continue if it is a Data URL. 18 * loader/DocumentLoader.h: 19 (WebCore::DocumentLoader::setAllowsDataURLForMainFrame): Added. 20 (WebCore::DocumentLoader::allowsDataURLForMainFrame const): Added. 21 * loader/FrameLoader.cpp: 22 (WebCore::FrameLoader::load): If the main frame loader as triggered by user action, or 23 direct call to the client API, allow top-frame navigation to Data URLs. 24 (WebCore::FrameLoader::reload): If the original load allowed top-frame navigation to Data 25 URLs, continue to do so in the reload. 26 * loader/FrameLoader.h: 27 1 28 2020-02-06 Cathie Chen <cathiechen@igalia.com> 2 29 -
trunk/Source/WebCore/loader/DocumentLoader.cpp
r254983 r255961 1 1 /* 2 * Copyright (C) 2006-20 18Apple Inc. All rights reserved.2 * Copyright (C) 2006-2020 Apple Inc. All rights reserved. 3 3 * Copyright (C) 2011 Google Inc. All rights reserved. 4 4 * … … 909 909 } 910 910 911 // Prevent data URIs from loading as the main frame unless the result of user action. 912 bool DocumentLoader::disallowDataRequest() const 913 { 914 if (!m_response.url().protocolIsData()) 915 return false; 916 917 if (!frame() || !frame()->isMainFrame() || m_allowsDataURLsForMainFrame || frame()->settings().allowTopNavigationToDataURLs()) 918 return false; 919 920 if (auto* currentDocument = frame()->document()) { 921 unsigned long identifier = m_identifierForLoadWithoutResourceLoader ? m_identifierForLoadWithoutResourceLoader : m_mainResource->identifier(); 922 ASSERT(identifier); 923 924 currentDocument->addConsoleMessage(MessageSource::Security, MessageLevel::Error, makeString("Not allowed to navigate top frame to data URL '", m_response.url().stringCenterEllipsizedToLength(), "'."), identifier); 925 } 926 RELEASE_LOG_IF_ALLOWED("continueAfterContentPolicy: cannot show URL (frame = %p, main = %d)", m_frame, m_frame->isMainFrame()); 927 928 return true; 929 } 930 911 931 void DocumentLoader::continueAfterContentPolicy(PolicyAction policy) 912 932 { … … 923 943 switch (policy) { 924 944 case PolicyAction::Use: { 925 if (!frameLoader()->client().canShowMIMEType(m_response.mimeType()) || disallowWebArchive() ) {945 if (!frameLoader()->client().canShowMIMEType(m_response.mimeType()) || disallowWebArchive() || disallowDataRequest()) { 926 946 frameLoader()->policyChecker().cannotShowMIMEType(m_response); 927 947 // Check reachedTerminalState since the load may have already been canceled inside of _handleUnimplementablePolicyWithErrorCode::. -
trunk/Source/WebCore/loader/DocumentLoader.h
r254983 r255961 1 1 /* 2 * Copyright (C) 2006-20 17Apple Inc. All rights reserved.2 * Copyright (C) 2006-2020 Apple Inc. All rights reserved. 3 3 * Copyright (C) 2011 Google Inc. All rights reserved. 4 4 * … … 395 395 bool allowsWebArchiveForMainFrame() const { return m_allowsWebArchiveForMainFrame; } 396 396 397 void setAllowsDataURLsForMainFrame(bool allowsDataURLsForMainFrame) { m_allowsDataURLsForMainFrame = allowsDataURLsForMainFrame; } 398 bool allowsDataURLsForMainFrame() const { return m_allowsDataURLsForMainFrame; } 399 397 400 void setDownloadAttribute(const String& attribute) { m_downloadAttribute = attribute; } 398 401 const String& downloadAttribute() const { return m_downloadAttribute; } … … 503 506 504 507 bool disallowWebArchive() const; 508 bool disallowDataRequest() const; 505 509 506 510 Ref<CachedResourceLoader> m_cachedResourceLoader; … … 641 645 642 646 bool m_allowsWebArchiveForMainFrame { false }; 647 bool m_allowsDataURLsForMainFrame { false }; 643 648 String m_downloadAttribute; 644 649 }; -
trunk/Source/WebCore/loader/FrameLoader.cpp
r254179 r255961 1480 1480 Ref<DocumentLoader> loader = m_client.createDocumentLoader(request.resourceRequest(), request.substituteData()); 1481 1481 loader->setAllowsWebArchiveForMainFrame(request.isRequestFromClientOrUserInput()); 1482 loader->setAllowsDataURLsForMainFrame(request.isRequestFromClientOrUserInput()); 1482 1483 addSameSiteInfoToRequestIfNeeded(loader->request()); 1483 1484 applyShouldOpenExternalURLsPolicyToNewDocumentLoader(m_frame, loader, request); … … 1780 1781 Ref<DocumentLoader> loader = m_client.createDocumentLoader(initialRequest, defaultSubstituteDataForURL(initialRequest.url())); 1781 1782 loader->setAllowsWebArchiveForMainFrame(m_documentLoader->allowsWebArchiveForMainFrame()); 1783 loader->setAllowsDataURLsForMainFrame(m_documentLoader->allowsDataURLsForMainFrame()); 1782 1784 applyShouldOpenExternalURLsPolicyToNewDocumentLoader(m_frame, loader, InitiatedByMainFrame::Unknown, m_documentLoader->shouldOpenExternalURLsPolicyToPropagate()); 1783 1785 -
trunk/Source/WebCore/page/Settings.yaml
r255388 r255961 108 108 allowCrossOriginSubresourcesToAskForCredentials: 109 109 initial: false 110 allowTopNavigationToDataURLs: 111 initial: false 110 112 needsStorageAccessFromFileURLsQuirk: 111 113 initial: true -
trunk/Source/WebKit/ChangeLog
r255958 r255961 1 2020-02-06 Brent Fulgham <bfulgham@apple.com> 2 3 Prevent navigating top level frames to Data URLs 4 https://bugs.webkit.org/show_bug.cgi?id=206962 5 <rdar://problem/56770676> 6 7 Reviewed by Youenn Fablet. 8 9 Expose a new off-by-default preference to allow top-level navigation to Data URIs. 10 11 Tests: fast/loader/data-url-frame-allowed.html, fast/loader/data-url-load-denied.html 12 13 * Shared/WebPreferences.yaml: 14 * UIProcess/API/C/WKPreferences.cpp: 15 (WKPreferencesSetTopNavigationToDataURLsAllowed): 16 (WKPreferencesGetTopNavigationToDataURLsAllowed): 17 * UIProcess/API/C/WKPreferencesRefPrivate.h: 18 * UIProcess/API/Cocoa/WKPreferences.mm: 19 (-[WKPreferences _setTopNavigationToDataURLsAllowed:]): 20 (-[WKPreferences _topNavigationToDataURLsAllowed]): 21 * UIProcess/API/Cocoa/WKPreferencesPrivate.h: 22 * UIProcess/API/Cocoa/WKWebView.mm: 23 (-[WKWebView _setupPageConfiguration:]): 24 * UIProcess/API/Cocoa/WKWebViewConfiguration.mm: 25 (-[WKWebViewConfiguration init]): 26 (-[WKWebViewConfiguration copyWithZone:]): 27 (-[WKWebViewConfiguration _allowTopNavigationToDataURLs]): 28 (-[WKWebViewConfiguration _setAllowTopNavigationToDataURLs:]): 29 * UIProcess/API/Cocoa/WKWebViewConfigurationPrivate.h: 30 * UIProcess/Inspector/mac/WKInspectorViewController.mm: 31 (-[WKInspectorViewController configuration]): 32 1 33 2020-02-06 Alex Christensen <achristensen@webkit.org> 2 34 -
trunk/Source/WebKit/Shared/WebPreferences.yaml
r255241 r255961 217 217 218 218 AllowCrossOriginSubresourcesToAskForCredentials: 219 type: bool 220 defaultValue: false 221 222 AllowTopNavigationToDataURLs: 219 223 type: bool 220 224 defaultValue: false -
trunk/Source/WebKit/UIProcess/API/C/WKPreferences.cpp
r255158 r255961 1 1 /* 2 * Copyright (C) 2010-20 18Apple Inc. All rights reserved.2 * Copyright (C) 2010-2020 Apple Inc. All rights reserved. 3 3 * 4 4 * Redistribution and use in source and binary forms, with or without … … 739 739 } 740 740 741 void WKPreferencesSetTopNavigationToDataURLsAllowed(WKPreferencesRef preferencesRef, bool allowed) 742 { 743 toImpl(preferencesRef)->setAllowTopNavigationToDataURLs(allowed); 744 } 745 746 bool WKPreferencesGetTopNavigationToDataURLsAllowed(WKPreferencesRef preferencesRef) 747 { 748 return toImpl(preferencesRef)->allowTopNavigationToDataURLs(); 749 } 750 741 751 void WKPreferencesSetNeedsStorageAccessFromFileURLsQuirk(WKPreferencesRef preferencesRef, bool needsQuirk) 742 752 { -
trunk/Source/WebKit/UIProcess/API/C/WKPreferencesRefPrivate.h
r255158 r255961 1 1 /* 2 * Copyright (C) 2010-20 16Apple Inc. All rights reserved.2 * Copyright (C) 2010-2020 Apple Inc. All rights reserved. 3 3 * 4 4 * Redistribution and use in source and binary forms, with or without … … 155 155 WK_EXPORT bool WKPreferencesGetFileAccessFromFileURLsAllowed(WKPreferencesRef preferences); 156 156 157 // Defaults to false. 158 WK_EXPORT void WKPreferencesSetTopNavigationToDataURLsAllowed(WKPreferencesRef preferences, bool allowed); 159 WK_EXPORT bool WKPreferencesGetTopNavigationToDataURLsAllowed(WKPreferencesRef preferences); 160 157 161 // Defaults to true 158 162 WK_EXPORT void WKPreferencesSetNeedsStorageAccessFromFileURLsQuirk(WKPreferencesRef preferences, bool needsQuirk); -
trunk/Source/WebKit/UIProcess/API/Cocoa/WKPreferences.mm
r254397 r255961 1 1 /* 2 * Copyright (C) 2014-20 17Apple Inc. All rights reserved.2 * Copyright (C) 2014-2020 Apple Inc. All rights reserved. 3 3 * 4 4 * Redistribution and use in source and binary forms, with or without … … 1029 1029 } 1030 1030 1031 - (void)_setTopNavigationToDataURLsAllowed:(BOOL)enabled 1032 { 1033 _preferences->setAllowTopNavigationToDataURLs(enabled); 1034 } 1035 1036 - (BOOL)_topNavigationToDataURLsAllowed 1037 { 1038 return _preferences->allowTopNavigationToDataURLs(); 1039 } 1040 1031 1041 - (void)_setSuppressesIncrementalRendering:(BOOL)enabled 1032 1042 { -
trunk/Source/WebKit/UIProcess/API/Cocoa/WKPreferencesPrivate.h
r254836 r255961 179 179 @property (nonatomic, setter=_setWebSecurityEnabled:) BOOL _webSecurityEnabled WK_API_AVAILABLE(macos(10.13.4)); 180 180 @property (nonatomic, setter=_setUniversalAccessFromFileURLsAllowed:) BOOL _universalAccessFromFileURLsAllowed WK_API_AVAILABLE(macos(10.13.4)); 181 @property (nonatomic, setter=_setTopNavigationToDataURLsAllowed:) BOOL _topNavigationToDataURLsAllowed WK_API_AVAILABLE(macos(WK_MAC_TBA), ios(WK_IOS_TBA)); 181 182 @property (nonatomic, setter=_setSuppressesIncrementalRendering:) BOOL _suppressesIncrementalRendering WK_API_AVAILABLE(macos(10.13.4)); 182 183 @property (nonatomic, setter=_setAsynchronousPluginInitializationEnabled:) BOOL _asynchronousPluginInitializationEnabled WK_API_AVAILABLE(macos(10.13.4)); -
trunk/Source/WebKit/UIProcess/API/Cocoa/WKWebView.mm
r255784 r255961 438 438 pageConfiguration->preferenceValues().set(WebKit::WebPreferencesKey::httpEquivEnabledKey(), WebKit::WebPreferencesStore::Value(!![_configuration _allowsMetaRefresh])); 439 439 pageConfiguration->preferenceValues().set(WebKit::WebPreferencesKey::allowUniversalAccessFromFileURLsKey(), WebKit::WebPreferencesStore::Value(!![_configuration _allowUniversalAccessFromFileURLs])); 440 pageConfiguration->preferenceValues().set(WebKit::WebPreferencesKey::allowTopNavigationToDataURLsKey(), WebKit::WebPreferencesStore::Value(!![_configuration _allowTopNavigationToDataURLs])); 440 441 pageConfiguration->setWaitsForPaintAfterViewDidMoveToWindow([_configuration _waitsForPaintAfterViewDidMoveToWindow]); 441 442 pageConfiguration->setDrawsBackground([_configuration _drawsBackground]); -
trunk/Source/WebKit/UIProcess/API/Cocoa/WKWebViewConfiguration.mm
r255958 r255961 1 1 /* 2 * Copyright (C) 2014-20 17Apple Inc. All rights reserved.2 * Copyright (C) 2014-2020 Apple Inc. All rights reserved. 3 3 * 4 4 * Redistribution and use in source and binary forms, with or without … … 132 132 BOOL _allowsMetaRefresh; 133 133 BOOL _allowUniversalAccessFromFileURLs; 134 BOOL _allowTopNavigationToDataURLs; 134 135 135 136 #if PLATFORM(IOS_FAMILY) … … 236 237 _allowsMetaRefresh = YES; 237 238 _allowUniversalAccessFromFileURLs = NO; 239 _allowTopNavigationToDataURLs = NO; 238 240 _needsStorageAccessFromFileURLsQuirk = YES; 239 241 … … 383 385 configuration->_allowsMetaRefresh = self->_allowsMetaRefresh; 384 386 configuration->_allowUniversalAccessFromFileURLs = self->_allowUniversalAccessFromFileURLs; 387 configuration->_allowTopNavigationToDataURLs = self->_allowTopNavigationToDataURLs; 385 388 386 389 configuration->_invisibleAutoplayNotPermitted = self->_invisibleAutoplayNotPermitted; … … 672 675 } 673 676 677 - (BOOL)_allowTopNavigationToDataURLs 678 { 679 return _allowTopNavigationToDataURLs; 680 } 681 682 - (void)_setAllowTopNavigationToDataURLs:(BOOL)allowTopNavigationToDataURLs 683 { 684 _allowTopNavigationToDataURLs = allowTopNavigationToDataURLs; 685 } 686 674 687 - (BOOL)_convertsPositionStyleOnCopy 675 688 { -
trunk/Source/WebKit/UIProcess/API/Cocoa/WKWebViewConfigurationPrivate.h
r255958 r255961 1 1 /* 2 * Copyright (C) 2014 , 2015Apple Inc. All rights reserved.2 * Copyright (C) 2014-2020 Apple Inc. All rights reserved. 3 3 * 4 4 * Redistribution and use in source and binary forms, with or without … … 65 65 @property (nonatomic, setter=_setAllowsMetaRefresh:) BOOL _allowsMetaRefresh WK_API_AVAILABLE(macos(10.12), ios(10.0)); 66 66 @property (nonatomic, setter=_setAllowUniversalAccessFromFileURLs:) BOOL _allowUniversalAccessFromFileURLs WK_API_AVAILABLE(macos(10.12), ios(10.0)); 67 @property (nonatomic, setter=_setAllowTopNavigationToDataURLs:) BOOL _allowTopNavigationToDataURLs WK_API_AVAILABLE(macos(WK_MAC_TBA), ios(WK_IOS_TBA)); 67 68 @property (nonatomic, setter=_setNeedsStorageAccessFromFileURLsQuirk:) BOOL _needsStorageAccessFromFileURLsQuirk WK_API_AVAILABLE(macos(10.12.3), ios(10.3)); 68 69 @property (nonatomic, setter=_setMainContentUserGestureOverrideEnabled:) BOOL _mainContentUserGestureOverrideEnabled WK_API_AVAILABLE(macos(10.12), ios(10.0)); -
trunk/Source/WebKit/UIProcess/Inspector/mac/WKInspectorViewController.mm
r255214 r255961 1 1 /* 2 * Copyright (C) 2017 Apple Inc. All rights reserved.2 * Copyright (C) 2017-2020 Apple Inc. All rights reserved. 3 3 * 4 4 * Redistribution and use in source and binary forms, with or without … … 112 112 preferences._allowFileAccessFromFileURLs = YES; 113 113 [configuration _setAllowUniversalAccessFromFileURLs:YES]; 114 [configuration _setAllowTopNavigationToDataURLs:YES]; 114 115 preferences._storageBlockingPolicy = _WKStorageBlockingPolicyAllowAll; 115 116 preferences._javaScriptRuntimeFlags = 0; -
trunk/Source/WebKitLegacy/mac/ChangeLog
r255547 r255961 1 2020-02-06 Brent Fulgham <bfulgham@apple.com> 2 3 Prevent navigating top level frames to Data URLs 4 https://bugs.webkit.org/show_bug.cgi?id=206962 5 <rdar://problem/56770676> 6 7 Reviewed by Youenn Fablet. 8 9 Expose a new off-by-default preference to allow top-level navigation to Data URIs. 10 11 Tests: fast/loader/data-url-frame-allowed.html, fast/loader/data-url-load-denied.html 12 13 * WebCoreSupport/WebInspectorClient.mm: 14 (-[WebInspectorWindowController init]): 15 * WebView/WebPreferenceKeysPrivate.h: 16 * WebView/WebPreferences.mm: 17 (+[WebPreferences initialize]): 18 (-[WebPreferences allowTopNavigationToDataURLs]): 19 (-[WebPreferences setAllowTopNavigationToDataURLs:]): 20 * WebView/WebPreferencesPrivate.h: 21 * WebView/WebView.mm: 22 (-[WebView _preferencesChanged:]): 23 1 24 2020-02-01 Devin Rousso <drousso@apple.com> 2 25 -
trunk/Source/WebKitLegacy/mac/WebCoreSupport/WebInspectorClient.mm
r255547 r255961 1 1 /* 2 * Copyright (C) 2006-20 08, 2015Apple Inc. All rights reserved.2 * Copyright (C) 2006-2020 Apple Inc. All rights reserved. 3 3 * 4 4 * Redistribution and use in source and binary forms, with or without … … 451 451 [preferences setAllowFileAccessFromFileURLs:YES]; 452 452 [preferences setAllowUniversalAccessFromFileURLs:YES]; 453 [preferences setAllowTopNavigationToDataURLs:YES]; 453 454 [preferences setStorageBlockingPolicy:WebAllowAllStorage]; 454 455 -
trunk/Source/WebKitLegacy/mac/WebView/WebPreferenceKeysPrivate.h
r255234 r255961 1 1 /* 2 * Copyright (C) 2005-20 17Apple Inc. All rights reserved.2 * Copyright (C) 2005-2020 Apple Inc. All rights reserved. 3 3 * 4 4 * Redistribution and use in source and binary forms, with or without … … 62 62 #define WebKitAllowFileAccessFromFileURLsPreferenceKey @"WebKitAllowFileAccessFromFileURLs" 63 63 #define WebKitAllowCrossOriginSubresourcesToAskForCredentialsKey @"WebKitAllowCrossOriginSubresourcesToAskForCredentials" 64 #define WebKitAllowTopNavigationToDataURLsPreferenceKey @"WebKitAllowTopNavigationToDataURLs" 64 65 #define WebKitNeedsStorageAccessFromFileURLsQuirkKey @"WebKitNeedsStorageAccessFromFileURLsQuirk" 65 66 #define WebKitJavaScriptCanOpenWindowsAutomaticallyPreferenceKey @"WebKitJavaScriptCanOpenWindowsAutomatically" -
trunk/Source/WebKitLegacy/mac/WebView/WebPreferences.mm
r255494 r255961 1 1 /* 2 * Copyright (C) 2005-20 17Apple Inc. All rights reserved.2 * Copyright (C) 2005-2020 Apple Inc. All rights reserved. 3 3 * (C) 2006 Graham Dennis (graham.dennis@gmail.com) 4 4 * … … 434 434 @YES, WebKitAllowUniversalAccessFromFileURLsPreferenceKey, 435 435 @YES, WebKitAllowFileAccessFromFileURLsPreferenceKey, 436 @YES, WebKitAllowTopNavigationToDataURLsPreferenceKey, 436 437 #if PLATFORM(IOS_FAMILY) 437 438 @NO, WebKitJavaScriptCanOpenWindowsAutomaticallyPreferenceKey, … … 1571 1572 } 1572 1573 1574 - (BOOL)allowTopNavigationToDataURLs 1575 { 1576 return [self _boolValueForKey: WebKitAllowTopNavigationToDataURLsPreferenceKey]; 1577 } 1578 1579 - (void)setAllowTopNavigationToDataURLs:(BOOL)flag 1580 { 1581 [self _setBoolValue: flag forKey: WebKitAllowTopNavigationToDataURLsPreferenceKey]; 1582 } 1583 1573 1584 - (BOOL)allowCrossOriginSubresourcesToAskForCredentials 1574 1585 { -
trunk/Source/WebKitLegacy/mac/WebView/WebPreferencesPrivate.h
r255234 r255961 1 1 /* 2 * Copyright (C) 2005-20 17Apple Inc. All rights reserved.2 * Copyright (C) 2005-2020 Apple Inc. All rights reserved. 3 3 * 4 4 * Redistribution and use in source and binary forms, with or without … … 153 153 - (BOOL)allowFileAccessFromFileURLs; 154 154 - (void)setAllowFileAccessFromFileURLs:(BOOL)flag; 155 156 - (BOOL)allowTopNavigationToDataURLs; 157 - (void)setAllowTopNavigationToDataURLs:(BOOL)flag; 155 158 156 159 - (BOOL)allowCrossOriginSubresourcesToAskForCredentials; -
trunk/Source/WebKitLegacy/mac/WebView/WebView.mm
r255461 r255961 1 1 /* 2 * Copyright (C) 2005-20 19Apple Inc. All rights reserved.2 * Copyright (C) 2005-2020 Apple Inc. All rights reserved. 3 3 * Copyright (C) 2006 David Smith (catfish.man@gmail.com) 4 4 * Copyright (C) 2010 Igalia S.L … … 2888 2888 settings.setAllowFileAccessFromFileURLs([preferences allowFileAccessFromFileURLs]); 2889 2889 settings.setAllowCrossOriginSubresourcesToAskForCredentials([preferences allowCrossOriginSubresourcesToAskForCredentials]); 2890 settings.setAllowTopNavigationToDataURLs([preferences allowTopNavigationToDataURLs]); 2890 2891 settings.setNeedsStorageAccessFromFileURLsQuirk([preferences needsStorageAccessFromFileURLsQuirk]); 2891 2892 settings.setMinimumFontSize([preferences minimumFontSize]); -
trunk/Source/WebKitLegacy/win/ChangeLog
r255532 r255961 1 2020-02-06 Brent Fulgham <bfulgham@apple.com> 2 3 Prevent navigating top level frames to Data URLs 4 https://bugs.webkit.org/show_bug.cgi?id=206962 5 <rdar://problem/56770676> 6 7 Reviewed by Youenn Fablet. 8 9 Expose a new off-by-default preference to allow top-level navigation to Data URIs. 10 11 * Interfaces/WebKit.idl: Touch file to trigger a build. 12 * Interfaces/IWebPreferences.idl: Ditto. 13 * Interfaces/IWebPreferencesPrivate.idl: Expose new API version to avoid breaking shipping binaries. 14 * WebPreferenceKeysPrivate.h: 15 * WebPreferences.cpp: 16 (WebPreferences::initializeDefaultSettings): Update for new setting. 17 (WebPreferences::QueryInterface): Add support for IWebPreferencesPrivate8 interface. 18 (WebPreferences::allowTopNavigationToDataURLs): Added. 19 (WebPreferences::setAllowTopNavigationToDataURLs): Added. 20 * WebPreferences.h: 21 * WebView.cpp: 22 (WebView::notifyPreferencesChanged): Update to handle Data URL setting. 23 1 24 2020-01-31 Wenson Hsieh <wenson_hsieh@apple.com> 2 25 -
trunk/Source/WebKitLegacy/win/Interfaces/IWebPreferences.idl
r181064 r255961 1 1 /* 2 * Copyright (C) 2006 , 2007, 2008Apple Inc. All rights reserved.2 * Copyright (C) 2006-2020 Apple Inc. All rights reserved. 3 3 * 4 4 * Redistribution and use in source and binary forms, with or without -
trunk/Source/WebKitLegacy/win/Interfaces/IWebPreferencesPrivate.idl
r255234 r255961 262 262 HRESULT renderingUpdateThrottlingEnabled([out, retval] BOOL* enabled); 263 263 } 264 265 [uuid(04D4AAE1-5D01-4CCD-B46E-C022F10A6826)] 266 interface IWebPreferencesPrivate8 : IWebPreferencesPrivate7 267 { 268 HRESULT allowTopNavigationToDataURLs([out, retval] BOOL* enabled); 269 HRESULT setAllowTopNavigationToDataURLs([in] BOOL enabled); 270 } -
trunk/Source/WebKitLegacy/win/Interfaces/WebKit.idl
r219684 r255961 1 1 /* 2 * Copyright (C) 2006-20 10, 2015Apple Inc. All rights reserved.2 * Copyright (C) 2006-2020 Apple Inc. All rights reserved. 3 3 * 4 4 * Redistribution and use in source and binary forms, with or without -
trunk/Source/WebKitLegacy/win/WebPreferenceKeysPrivate.h
r255234 r255961 53 53 #define WebKitJavaScriptRuntimeFlagsPreferenceKey "WebKitJavaScriptRuntimeFlags" 54 54 #define WebKitWebSecurityEnabledPreferenceKey "WebKitWebSecurityEnabled" 55 #define WebKitAllowTopNavigationToDataURLsPreferenceKey "WebKitAllowTopNavigationToDataURLs" 55 56 #define WebKitAllowUniversalAccessFromFileURLsPreferenceKey "WebKitAllowUniversalAccessFromFileURLs" 56 57 #define WebKitAllowFileAccessFromFileURLsPreferenceKey "WebKitAllowFileAccessFromFileURLs" … … 229 230 230 231 #define WebKitRenderingUpdateThrottlingEnabledPreferenceKey "WebKitRenderingUpdateThrottlingEnabled" 232 233 #define WebKitRenderingUpdateThrottlingEnabledPreferenceKey "WebKitRenderingUpdateThrottlingEnabled" -
trunk/Source/WebKitLegacy/win/WebPreferences.cpp
r255234 r255961 1 1 /* 2 * Copyright (C) 2006-20 11, 2014-2015Apple Inc. All rights reserved.2 * Copyright (C) 2006-2020 Apple Inc. All rights reserved. 3 3 * 4 4 * Redistribution and use in source and binary forms, with or without … … 232 232 CFDictionaryAddValue(defaults, CFSTR(WebKitJavaScriptRuntimeFlagsPreferenceKey), CFSTR("0")); 233 233 CFDictionaryAddValue(defaults, CFSTR(WebKitWebSecurityEnabledPreferenceKey), kCFBooleanTrue); 234 CFDictionaryAddValue(defaults, CFSTR(WebKitAllowTopNavigationToDataURLsPreferenceKey), kCFBooleanFalse); 234 235 CFDictionaryAddValue(defaults, CFSTR(WebKitAllowUniversalAccessFromFileURLsPreferenceKey), kCFBooleanFalse); 235 236 CFDictionaryAddValue(defaults, CFSTR(WebKitAllowFileAccessFromFileURLsPreferenceKey), kCFBooleanTrue); … … 647 648 else if (IsEqualGUID(riid, IID_IWebPreferencesPrivate7)) 648 649 *ppvObject = static_cast<IWebPreferencesPrivate7*>(this); 650 else if (IsEqualGUID(riid, IID_IWebPreferencesPrivate8)) 651 *ppvObject = static_cast<IWebPreferencesPrivate8*>(this); 649 652 else if (IsEqualGUID(riid, CLSID_WebPreferences)) 650 653 *ppvObject = this; … … 2484 2487 } 2485 2488 2489 HRESULT WebPreferences::allowTopNavigationToDataURLs(_Out_ BOOL* allowAccess) 2490 { 2491 if (!allowAccess) 2492 return E_POINTER; 2493 *allowAccess = boolValueForKey(WebKitAllowTopNavigationToDataURLsPreferenceKey); 2494 return S_OK; 2495 } 2496 2497 HRESULT WebPreferences::setAllowTopNavigationToDataURLs(BOOL allowAccess) 2498 { 2499 setBoolValue(WebKitAllowTopNavigationToDataURLsPreferenceKey, allowAccess); 2500 return S_OK; 2501 } -
trunk/Source/WebKitLegacy/win/WebPreferences.h
r255234 r255961 1 1 /* 2 * Copyright (C) 2006-20 09, 2015Apple Inc. All rights reserved.2 * Copyright (C) 2006-2020 Apple Inc. All rights reserved. 3 3 * 4 4 * Redistribution and use in source and binary forms, with or without … … 31 31 #include <wtf/RetainPtr.h> 32 32 33 class WebPreferences final : public IWebPreferences, public IWebPreferencesPrivate 7{33 class WebPreferences final : public IWebPreferences, public IWebPreferencesPrivate8 { 34 34 public: 35 35 static WebPreferences* createInstance(); … … 307 307 virtual HRESULT STDMETHODCALLTYPE setRenderingUpdateThrottlingEnabled(BOOL); 308 308 309 // IWebPreferencesPrivate8 310 virtual HRESULT STDMETHODCALLTYPE allowTopNavigationToDataURLs(_Out_ BOOL*); 311 virtual HRESULT STDMETHODCALLTYPE setAllowTopNavigationToDataURLs(BOOL); 312 309 313 // WebPreferences 310 314 -
trunk/Source/WebKitLegacy/win/WebView.cpp
r255532 r255961 5178 5178 #endif 5179 5179 5180 COMPtr<IWebPreferencesPrivate 7> prefsPrivate { Query, preferences };5180 COMPtr<IWebPreferencesPrivate8> prefsPrivate { Query, preferences }; 5181 5181 if (prefsPrivate) { 5182 5182 hr = prefsPrivate->localStorageDatabasePath(&str); … … 5487 5487 return hr; 5488 5488 settings.setWebSecurityEnabled(!!enabled); 5489 5490 hr = prefsPrivate->allowTopNavigationToDataURLs(&enabled); 5491 if (FAILED(hr)) 5492 return hr; 5493 settings.setAllowTopNavigationToDataURLs(!!enabled); 5489 5494 5490 5495 hr = prefsPrivate->allowUniversalAccessFromFileURLs(&enabled); -
trunk/Source/cmake/OptionsAppleWin.cmake
r255475 r255961 2 2 # being compiled with a static runtime. 3 3 set(MSVC_STATIC_RUNTIME ON) 4 5 if (DEFINED ENV{AppleApplicationSupportSDK}) 6 file(TO_CMAKE_PATH "$ENV{AppleApplicationSupportSDK}/AppleInternal" WEBKIT_LIBRARIES_DIR) 7 set(WEBKIT_LIBRARIES_INCLUDE_DIR "${WEBKIT_LIBRARIES_DIR}/include") 8 include_directories(${WEBKIT_LIBRARIES_INCLUDE_DIR}) 9 set(APPLE_BUILD 1) 10 endif () 11 12 if (NOT WEBKIT_LIBRARIES_DIR) 13 if (DEFINED ENV{WEBKIT_LIBRARIES}) 14 file(TO_CMAKE_PATH "$ENV{WEBKIT_LIBRARIES}" WEBKIT_LIBRARIES_DIR) 15 else () 16 file(TO_CMAKE_PATH "${CMAKE_SOURCE_DIR}/WebKitLibraries/win" WEBKIT_LIBRARIES_DIR) 17 endif () 18 endif () 4 19 5 20 include(OptionsWin) -
trunk/Tools/ChangeLog
r255907 r255961 1 2020-02-06 Brent Fulgham <bfulgham@apple.com> 2 3 Prevent navigating top level frames to Data URLs 4 https://bugs.webkit.org/show_bug.cgi?id=206962 5 <rdar://problem/56770676> 6 7 Reviewed by Youenn Fablet. 8 9 Revise test running code to allow data URL navigations by default, since they are so frequently 10 used in testing. However, provide a flag to turn this off in tests so we can confirm proper 11 function. 12 13 * DumpRenderTree/TestOptions.cpp: 14 (TestOptions::TestOptions): 15 * DumpRenderTree/TestOptions.h: 16 * DumpRenderTree/mac/DumpRenderTree.mm: 17 (setWebPreferencesForTestOptions): 18 * TestWebKitAPI/Tests/WebKitCocoa/Download.mm: 19 (DownloadAttributeDoesNotStartDownloads): Revise configuration to allow script navigation of the main frame to a Data URL. 20 (StartDownloadWithDownloadAttribute): Ditto. 21 * TestWebKitAPI/Tests/WebKitCocoa/Navigation.mm: 22 (WebViewWillPerformClientRedirect): Ditto. 23 (WebViewDidCancelClientRedirect): Ditto. 24 * TestWebKitAPI/Tests/WebKitCocoa/ProcessSwapOnNavigation.mm: 25 (NavigateToDataURLThenBack): Ditto. 26 (ContentExtensionBlocksMainLoadThenReloadWithoutExtensions): Ditto. 27 * WebKitTestRunner/TestController.cpp: 28 (WTR::TestController::resetPreferencesToConsistentValues): 29 (WTR::updateTestOptionsFromTestHeader): 30 * WebKitTestRunner/TestOptions.h: 31 (WTR::TestOptions::hasSameInitializationOptions const): 32 * WebKitTestRunner/cocoa/TestControllerCocoa.mm: 33 (WTR::initializeWebViewConfiguration): 34 (WTR::TestController::platformCreateWebView): 35 1 36 2020-02-05 Wenson Hsieh <wenson_hsieh@apple.com> 2 37 -
trunk/Tools/DumpRenderTree/TestOptions.cpp
r254790 r255961 1 1 /* 2 * Copyright (C) 2016-20 18Apple Inc. All rights reserved.2 * Copyright (C) 2016-2020 Apple Inc. All rights reserved. 3 3 * 4 4 * Redistribution and use in source and binary forms, with or without … … 155 155 else if (key == "experimental:AspectRatioOfImgFromWidthAndHeightEnabled") 156 156 enableAspectRatioOfImgFromWidthAndHeight = parseBooleanTestHeaderValue(value); 157 else if (key == "allowTopNavigationToDataURLs") 158 allowTopNavigationToDataURLs = parseBooleanTestHeaderValue(value); 157 159 pairStart = pairEnd + 1; 158 160 } -
trunk/Tools/DumpRenderTree/TestOptions.h
r255117 r255961 1 1 /* 2 * Copyright (C) 2016-20 18Apple Inc. All rights reserved.2 * Copyright (C) 2016-2020 Apple Inc. All rights reserved. 3 3 * 4 4 * Redistribution and use in source and binary forms, with or without … … 58 58 bool enableAspectRatioOfImgFromWidthAndHeight { false }; 59 59 bool enableWebSQL { true }; 60 bool allowTopNavigationToDataURLs { true }; 60 61 std::string jscOptions; 61 62 std::string additionalSupportedImageTypes; -
trunk/Tools/DumpRenderTree/mac/DumpRenderTree.mm
r255234 r255961 1 1 /* 2 * Copyright (C) 2005-20 19Apple Inc. All rights reserved.2 * Copyright (C) 2005-2020 Apple Inc. All rights reserved. 3 3 * (C) 2007 Graham Dennis (graham.dennis@gmail.com) 4 4 * … … 1045 1045 preferences.layoutFormattingContextIntegrationEnabled = options.layoutFormattingContextIntegrationEnabled; 1046 1046 preferences.aspectRatioOfImgFromWidthAndHeightEnabled = options.enableAspectRatioOfImgFromWidthAndHeight; 1047 preferences.allowTopNavigationToDataURLs = options.allowTopNavigationToDataURLs; 1047 1048 } 1048 1049 -
trunk/Tools/DumpRenderTree/win/DumpRenderTree.cpp
r255234 r255961 1 1 /* 2 * Copyright (C) 2005-20 15Apple Inc. All rights reserved.2 * Copyright (C) 2005-2020 Apple Inc. All rights reserved. 3 3 * 4 4 * Redistribution and use in source and binary forms, with or without … … 815 815 preferences->setAutosaves(FALSE); 816 816 817 COMPtr<IWebPreferencesPrivate 6> prefsPrivate(Query, preferences);817 COMPtr<IWebPreferencesPrivate8> prefsPrivate(Query, preferences); 818 818 ASSERT(prefsPrivate); 819 819 prefsPrivate->setFullScreenEnabled(TRUE); … … 835 835 #endif 836 836 837 prefsPrivate->setAllowTopNavigationToDataURLs(TRUE); 837 838 prefsPrivate->setAllowUniversalAccessFromFileURLs(TRUE); 838 839 prefsPrivate->setAllowFileAccessFromFileURLs(TRUE); … … 908 909 static void setWebPreferencesForTestOptions(IWebPreferences* preferences, const TestOptions& options) 909 910 { 910 COMPtr<IWebPreferencesPrivate 7> prefsPrivate { Query, preferences };911 COMPtr<IWebPreferencesPrivate8> prefsPrivate { Query, preferences }; 911 912 912 913 prefsPrivate->setWebAnimationsCSSIntegrationEnabled(options.enableWebAnimationsCSSIntegration); … … 919 920 prefsPrivate->setAsyncClipboardAPIEnabled(options.enableAsyncClipboardAPI); 920 921 prefsPrivate->setWebSQLEnabled(options.enableWebSQL); 922 prefsPrivate->setAllowTopNavigationToDataURLs(options.allowTopNavigationToDataURLs); 921 923 preferences->setPrivateBrowsingEnabled(options.useEphemeralSession); 922 924 preferences->setUsesPageCache(options.enableBackForwardCache); -
trunk/Tools/DumpRenderTree/win/TestRunnerWin.cpp
r248856 r255961 1 1 /* 2 * Copyright (C) 2006-20 14Apple Inc. All rights reserved.2 * Copyright (C) 2006-2020 Apple Inc. All rights reserved. 3 3 * 4 4 * Redistribution and use in source and binary forms, with or without -
trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/Download.mm
r255845 r255961 1 1 /* 2 * Copyright (C) 2014 Apple Inc. All rights reserved.2 * Copyright (C) 2014-2020 Apple Inc. All rights reserved. 3 3 * 4 4 * Redistribution and use in source and binary forms, with or without … … 41 41 #import <WebKit/WKWebView.h> 42 42 #import <WebKit/WKWebViewConfiguration.h> 43 #import <WebKit/WKWebViewConfigurationPrivate.h> 43 44 #import <WebKit/WKWebsiteDataStorePrivate.h> 44 45 #import <WebKit/_WKDownload.h> … … 717 718 { 718 719 auto delegate = adoptNS([[DownloadAttributeTestDelegate alloc] init]); 719 auto webView = adoptNS([[WKWebView alloc] initWithFrame:NSMakeRect(0, 0, 800, 600)]); 720 721 auto configuration = adoptNS([[WKWebViewConfiguration alloc] init]); 722 configuration.get()._allowTopNavigationToDataURLs = YES; 723 auto webView = adoptNS([[WKWebView alloc] initWithFrame:NSMakeRect(0, 0, 800, 600) configuration:configuration.get()]); 724 720 725 [webView setNavigationDelegate:delegate.get()]; 721 726 [webView configuration].processPool._downloadDelegate = delegate.get(); … … 732 737 { 733 738 auto delegate = adoptNS([[DownloadAttributeTestDelegate alloc] init]); 734 auto webView = adoptNS([[WKWebView alloc] initWithFrame:NSMakeRect(0, 0, 800, 600)]); 739 740 auto configuration = adoptNS([[WKWebViewConfiguration alloc] init]); 741 configuration.get()._allowTopNavigationToDataURLs = YES; 742 auto webView = adoptNS([[WKWebView alloc] initWithFrame:NSMakeRect(0, 0, 800, 600) configuration:configuration.get()]); 743 735 744 [webView setNavigationDelegate:delegate.get()]; 736 745 [webView configuration].processPool._downloadDelegate = delegate.get(); -
trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/Navigation.mm
r247026 r255961 1 1 /* 2 * Copyright (C) 2014 Apple Inc. All rights reserved.2 * Copyright (C) 2014-2020 Apple Inc. All rights reserved. 3 3 * 4 4 * Redistribution and use in source and binary forms, with or without … … 31 31 #import <WebKit/WKNavigationPrivate.h> 32 32 #import <WebKit/WKWebView.h> 33 #import <WebKit/WKWebViewConfigurationPrivate.h> 33 34 #import <wtf/RetainPtr.h> 34 35 #import "PlatformUtilities.h" … … 274 275 TEST(WKNavigation, WebViewWillPerformClientRedirect) 275 276 { 276 auto webView = adoptNS([[WKWebView alloc] initWithFrame:NSMakeRect(0, 0, 800, 600)]); 277 auto configuration = adoptNS([[WKWebViewConfiguration alloc] init]); 278 configuration.get()._allowTopNavigationToDataURLs = YES; 279 auto webView = adoptNS([[WKWebView alloc] initWithFrame:NSMakeRect(0, 0, 800, 600) configuration:configuration.get()]); 277 280 278 281 auto delegate = adoptNS([[ClientRedirectNavigationDelegate alloc] init]); … … 303 306 TEST(WKNavigation, WebViewDidCancelClientRedirect) 304 307 { 305 auto webView = adoptNS([[WKWebView alloc] initWithFrame:NSMakeRect(0, 0, 800, 600)]); 308 auto configuration = adoptNS([[WKWebViewConfiguration alloc] init]); 309 configuration.get()._allowTopNavigationToDataURLs = YES; 310 auto webView = adoptNS([[WKWebView alloc] initWithFrame:NSMakeRect(0, 0, 800, 600) configuration:configuration.get()]); 306 311 307 312 auto delegate = adoptNS([[ClientRedirectNavigationDelegate alloc] init]); -
trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/ProcessSwapOnNavigation.mm
r254005 r255961 1 1 /* 2 * Copyright (C) 2017-20 19Apple Inc. All rights reserved.2 * Copyright (C) 2017-2020 Apple Inc. All rights reserved. 3 3 * 4 4 * Redistribution and use in source and binary forms, with or without … … 4362 4362 auto webViewConfiguration = adoptNS([[WKWebViewConfiguration alloc] init]); 4363 4363 [webViewConfiguration setProcessPool:processPool.get()]; 4364 webViewConfiguration.get()._allowTopNavigationToDataURLs = YES; 4364 4365 auto handler = adoptNS([[PSONScheme alloc] initWithBytes:navigateToDataURLThenBackBytes]); 4365 4366 [webViewConfiguration setURLSchemeHandler:handler.get() forURLScheme:@"PSON"]; … … 6180 6181 auto webViewConfiguration = adoptNS([[WKWebViewConfiguration alloc] init]); 6181 6182 [webViewConfiguration setProcessPool:processPool.get()]; 6183 webViewConfiguration.get()._allowTopNavigationToDataURLs = YES; 6182 6184 6183 6185 RetainPtr<PSONMessageHandler> messageHandler = adoptNS([[PSONMessageHandler alloc] init]); -
trunk/Tools/WebKitTestRunner/TestController.cpp
r255271 r255961 1 1 /* 2 * Copyright (C) 2010-20 19Apple Inc. All rights reserved.2 * Copyright (C) 2010-2020 Apple Inc. All rights reserved. 3 3 * 4 4 * Redistribution and use in source and binary forms, with or without … … 853 853 WKPreferencesSetUniversalAccessFromFileURLsAllowed(preferences, true); 854 854 WKPreferencesSetFileAccessFromFileURLsAllowed(preferences, true); 855 WKPreferencesSetTopNavigationToDataURLsAllowed(preferences, options.allowTopNavigationToDataURLs); 855 856 #if ENABLE(FULLSCREEN_API) 856 857 WKPreferencesSetFullScreenEnabled(preferences, true); … … 1490 1491 else if (key == "enableCaptureAudioInGPUProcess") 1491 1492 testOptions.enableCaptureAudioInGPUProcess = parseBooleanTestHeaderValue(value); 1493 else if (key == "allowTopNavigationToDataURLs") 1494 testOptions.allowTopNavigationToDataURLs = parseBooleanTestHeaderValue(value); 1495 1492 1496 pairStart = pairEnd + 1; 1493 1497 } -
trunk/Tools/WebKitTestRunner/TestOptions.h
r254341 r255961 1 1 /* 2 * Copyright (C) 2015-20 18Apple Inc. All rights reserved.2 * Copyright (C) 2015-2020 Apple Inc. All rights reserved. 3 3 * 4 4 * Redistribution and use in source and binary forms, with or without … … 103 103 bool enableCaptureVideoInGPUProcess { false }; 104 104 bool enableCaptureAudioInGPUProcess { false }; 105 bool allowTopNavigationToDataURLs { true }; 105 106 106 107 double contentInsetTop { 0 }; … … 167 168 || enableCaptureVideoInUIProcess != options.enableCaptureVideoInUIProcess 168 169 || enableCaptureVideoInGPUProcess != options.enableCaptureVideoInGPUProcess 169 || enableCaptureAudioInGPUProcess != options.enableCaptureAudioInGPUProcess) 170 || enableCaptureAudioInGPUProcess != options.enableCaptureAudioInGPUProcess 171 || allowTopNavigationToDataURLs != options.allowTopNavigationToDataURLs) 170 172 return false; 171 173 -
trunk/Tools/WebKitTestRunner/cocoa/TestControllerCocoa.mm
r255466 r255961 68 68 globalWebViewConfiguration.websiteDataStore = (__bridge WKWebsiteDataStore *)TestController::websiteDataStore(); 69 69 globalWebViewConfiguration._allowUniversalAccessFromFileURLs = YES; 70 globalWebViewConfiguration._allowTopNavigationToDataURLs = YES; 70 71 globalWebViewConfiguration._applePayEnabled = YES; 71 72 … … 154 155 if (options.useEphemeralSession) 155 156 [copiedConfiguration setWebsiteDataStore:[WKWebsiteDataStore nonPersistentDataStore]]; 157 158 [copiedConfiguration _setAllowTopNavigationToDataURLs:options.allowTopNavigationToDataURLs]; 156 159 157 160 configureContentMode(copiedConfiguration.get(), options);
Note: See TracChangeset
for help on using the changeset viewer.