Changeset 258863 in webkit


Ignore:
Timestamp:
Mar 23, 2020 11:47:48 AM (4 years ago)
Author:
Kate Cheney
Message:

Add checks for app-bound navigations when evaluating user style sheets
https://bugs.webkit.org/show_bug.cgi?id=209368
<rdar://problem/60204230>

Reviewed by Brent Fulgham.

Source/WebCore:

  • page/Page.cpp:

(WebCore::Page::injectUserStyleSheet):
If the style sheet is for a specific WebView, it will have a pageID
and we can check for app-bound navigation in the page object.

  • style/StyleScopeRuleSets.cpp:

(WebCore::Style::ScopeRuleSets::initializeUserStyle):
If the user style sheet is being applied to all WebViews, we can check for
for a page's existence and navigation state here before the style sheet is
updated.

Tools:

Tested cases based on those in UserContentController.mm.

  • TestWebKitAPI/Tests/WebKitCocoa/InAppBrowserPrivacy.mm:

(-[InAppBrowserSchemeHandler webView:startURLSchemeTask:]):
(expectScriptEvaluatesToColor):
(TEST):

Location:
trunk
Files:
5 edited

Legend:

Unmodified
Added
Removed
  • trunk/Source/WebCore/ChangeLog

    r258858 r258863  
     12020-03-23  Kate Cheney  <katherine_cheney@apple.com>
     2
     3        Add checks for app-bound navigations when evaluating user style sheets
     4        https://bugs.webkit.org/show_bug.cgi?id=209368
     5        <rdar://problem/60204230>
     6
     7        Reviewed by Brent Fulgham.
     8
     9        * page/Page.cpp:
     10        (WebCore::Page::injectUserStyleSheet):
     11        If the style sheet is for a specific WebView, it will have a pageID
     12        and we can check for app-bound navigation in the page object.
     13
     14        * style/StyleScopeRuleSets.cpp:
     15        (WebCore::Style::ScopeRuleSets::initializeUserStyle):
     16        If the user style sheet is being applied to all WebViews, we can check for
     17        for a page's existence and navigation state here before the style sheet is
     18        updated.
     19
    1202020-03-23  Antoine Quint  <graouts@apple.com>
    221
  • trunk/Source/WebCore/page/Page.cpp

    r258679 r258863  
    30763076void Page::injectUserStyleSheet(UserStyleSheet& userStyleSheet)
    30773077{
     3078    if (m_mainFrame->loader().client().hasNavigatedAwayFromAppBoundDomain()) {
     3079        if (auto* document = m_mainFrame->document())
     3080            document->addConsoleMessage(MessageSource::Security, MessageLevel::Warning, "Ignoring user style sheet for non-app bound domain."_s);
     3081        return;
     3082    }
     3083
    30783084    // We need to wait until we're no longer displaying the initial empty document before we can inject the stylesheets.
    30793085    if (m_mainFrame->loader().stateMachine().isDisplayingInitialEmptyDocument()) {
  • trunk/Source/WebCore/style/StyleScopeRuleSets.cpp

    r258321 r258863  
    3232#include "CSSStyleSheet.h"
    3333#include "ExtensionStyleSheets.h"
     34#include "Frame.h"
     35#include "FrameLoader.h"
     36#include "FrameLoaderClient.h"
    3437#include "MediaQueryEvaluator.h"
     38#include "Page.h"
    3539#include "StyleResolver.h"
    3640#include "StyleSheetContents.h"
     
    8892    if (CSSStyleSheet* pageUserSheet = extensionStyleSheets.pageUserSheet())
    8993        tempUserStyle->addRulesFromSheet(pageUserSheet->contents(), nullptr, mediaQueryEvaluator, m_styleResolver);
    90     collectRulesFromUserStyleSheets(extensionStyleSheets.injectedUserStyleSheets(), tempUserStyle.get(), mediaQueryEvaluator);
     94    auto* page = m_styleResolver.document().page();
     95    if (page && page->mainFrame().loader().client().hasNavigatedAwayFromAppBoundDomain())
     96        m_styleResolver.document().addConsoleMessage(MessageSource::Security, MessageLevel::Warning, "Ignoring user style sheet for non-app bound domain."_s);
     97    else
     98        collectRulesFromUserStyleSheets(extensionStyleSheets.injectedUserStyleSheets(), tempUserStyle.get(), mediaQueryEvaluator);
    9199    collectRulesFromUserStyleSheets(extensionStyleSheets.documentUserStyleSheets(), tempUserStyle.get(), mediaQueryEvaluator);
    92100    if (tempUserStyle->ruleCount() > 0 || tempUserStyle->pageRules().size() > 0)
  • trunk/Tools/ChangeLog

    r258862 r258863  
     12020-03-23  Kate Cheney  <katherine_cheney@apple.com>
     2
     3        Add checks for app-bound navigations when evaluating user style sheets
     4        https://bugs.webkit.org/show_bug.cgi?id=209368
     5        <rdar://problem/60204230>
     6
     7        Reviewed by Brent Fulgham.
     8
     9        Tested cases based on those in UserContentController.mm.
     10
     11        * TestWebKitAPI/Tests/WebKitCocoa/InAppBrowserPrivacy.mm:
     12        (-[InAppBrowserSchemeHandler webView:startURLSchemeTask:]):
     13        (expectScriptEvaluatesToColor):
     14        (TEST):
     15
     16
    1172020-03-23  Alex Christensen  <achristensen@webkit.org>
    218
  • trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/InAppBrowserPrivacy.mm

    r258616 r258863  
    3535#import <WebKit/WKUserContentControllerPrivate.h>
    3636#import <WebKit/WKWebsiteDataStorePrivate.h>
     37#import <WebKit/_WKUserContentWorld.h>
     38#import <WebKit/_WKUserStyleSheet.h>
    3739#import <wtf/RunLoop.h>
    3840#import <wtf/text/WTFString.h>
     
    6971    else if ([task.request.URL.path isEqualToString:@"/in-app-browser-privacy-test-user-agent-script"])
    7072        response = @"<script> window.wkUserScriptInjected = true; </script>";
     73    else if ([task.request.URL.path isEqualToString:@"/in-app-browser-privacy-test-user-style-sheets"])
     74        response = @"<body style='background-color: red;'></body>";
     75    else if ([task.request.URL.path isEqualToString:@"/in-app-browser-privacy-test-user-style-sheets-iframe"])
     76        response = @"<body style='background-color: red;'><iframe src='in-app-browser:///in-app-browser-privacy-test-user-style-sheets'></iframe></body>";
    7177
    7278    [task didReceiveResponse:[[[NSURLResponse alloc] initWithURL:task.request.URL MIMEType:@"text/html" expectedContentLength:response.length textEncodingName:nil] autorelease]];
     
    412418}
    413419
     420static NSString *styleSheetSource = @"body { background-color: green !important; }";
     421static NSString *backgroundColorScript = @"window.getComputedStyle(document.body, null).getPropertyValue('background-color')";
     422static NSString *frameBackgroundColorScript = @"window.getComputedStyle(document.getElementsByTagName('iframe')[0].contentDocument.body, null).getPropertyValue('background-color')";
     423static const char* redInRGB = "rgb(255, 0, 0)";
     424
     425static void expectScriptEvaluatesToColor(WKWebView *webView, NSString *script, const char* color)
     426{
     427    static bool didCheckBackgroundColor;
     428
     429    [webView evaluateJavaScript:script completionHandler:^(id value, NSError * error) {
     430        EXPECT_TRUE([value isKindOfClass:[NSString class]]);
     431        EXPECT_WK_STREQ(color, value);
     432        didCheckBackgroundColor = true;
     433    }];
     434
     435    TestWebKitAPI::Util::run(&didCheckBackgroundColor);
     436    didCheckBackgroundColor = false;
     437}
     438
     439TEST(InAppBrowserPrivacy, NonAppBoundUserStyleSheetForSpecificWebViewFails)
     440{
     441    initializeInAppBrowserPrivacyTestSettings();
     442
     443    RetainPtr<WKWebViewConfiguration> configuration = adoptNS([[WKWebViewConfiguration alloc] init]);
     444
     445    auto schemeHandler = adoptNS([[InAppBrowserSchemeHandler alloc] init]);
     446    [configuration setURLSchemeHandler:schemeHandler.get() forURLScheme:@"in-app-browser"];
     447    [[configuration preferences] _setInAppBrowserPrivacyEnabled:YES];
     448
     449    auto webView = adoptNS([[TestWKWebView alloc] initWithFrame:CGRectZero configuration:configuration.get()]);
     450    NSURLRequest *request = [NSURLRequest requestWithURL:[NSURL URLWithString:@"in-app-browser:///in-app-browser-privacy-test-user-style-sheets"]];
     451    [webView loadRequest:request];
     452    [webView _test_waitForDidFinishNavigation];
     453
     454    RetainPtr<_WKUserContentWorld> world = [_WKUserContentWorld worldWithName:@"TestWorld"];
     455    RetainPtr<_WKUserStyleSheet> styleSheet = adoptNS([[_WKUserStyleSheet alloc] initWithSource:styleSheetSource forWKWebView:webView.get() forMainFrameOnly:YES userContentWorld:world.get()]);
     456    [[configuration userContentController] _addUserStyleSheet:styleSheet.get()];
     457
     458    expectScriptEvaluatesToColor(webView.get(), backgroundColorScript, redInRGB);
     459}
     460
     461TEST(InAppBrowserPrivacy, NonAppBoundUserStyleSheetForAllWebViewsFails)
     462{
     463    initializeInAppBrowserPrivacyTestSettings();
     464
     465    RetainPtr<WKWebViewConfiguration> configuration = adoptNS([[WKWebViewConfiguration alloc] init]);
     466
     467    auto schemeHandler = adoptNS([[InAppBrowserSchemeHandler alloc] init]);
     468    [configuration setURLSchemeHandler:schemeHandler.get() forURLScheme:@"in-app-browser"];
     469    [[configuration preferences] _setInAppBrowserPrivacyEnabled:YES];
     470
     471    auto webView = adoptNS([[TestWKWebView alloc] initWithFrame:CGRectZero configuration:configuration.get()]);
     472    NSURLRequest *request = [NSURLRequest requestWithURL:[NSURL URLWithString:@"in-app-browser:///in-app-browser-privacy-test-user-style-sheets"]];
     473    [webView loadRequest:request];
     474    [webView _test_waitForDidFinishNavigation];
     475
     476    RetainPtr<_WKUserStyleSheet> styleSheet = adoptNS([[_WKUserStyleSheet alloc] initWithSource:styleSheetSource forMainFrameOnly:YES]);
     477    [[configuration userContentController] _addUserStyleSheet:styleSheet.get()];
     478
     479    expectScriptEvaluatesToColor(webView.get(), backgroundColorScript, redInRGB);
     480}
     481
     482TEST(InAppBrowserPrivacy, NonAppBoundUserStyleSheetAffectingAllFramesFails)
     483{
     484    initializeInAppBrowserPrivacyTestSettings();
     485
     486    RetainPtr<WKWebViewConfiguration> configuration = adoptNS([[WKWebViewConfiguration alloc] init]);
     487
     488    auto schemeHandler = adoptNS([[InAppBrowserSchemeHandler alloc] init]);
     489    [configuration setURLSchemeHandler:schemeHandler.get() forURLScheme:@"in-app-browser"];
     490    [[configuration preferences] _setInAppBrowserPrivacyEnabled:YES];
     491
     492    auto webView = adoptNS([[TestWKWebView alloc] initWithFrame:CGRectZero configuration:configuration.get()]);
     493    NSURLRequest *request = [NSURLRequest requestWithURL:[NSURL URLWithString:@"in-app-browser:///in-app-browser-privacy-test-user-style-sheets-iframe"]];
     494    [webView loadRequest:request];
     495    [webView _test_waitForDidFinishNavigation];
     496
     497    RetainPtr<_WKUserStyleSheet> styleSheet = adoptNS([[_WKUserStyleSheet alloc] initWithSource:styleSheetSource forMainFrameOnly:NO]);
     498    [[configuration userContentController] _addUserStyleSheet:styleSheet.get()];
     499
     500    // The main frame should be affected.
     501    expectScriptEvaluatesToColor(webView.get(), backgroundColorScript, redInRGB);
     502
     503    // The subframe should also be affected.
     504    expectScriptEvaluatesToColor(webView.get(), frameBackgroundColorScript, redInRGB);
     505}
     506
    414507#endif // USE(APPLE_INTERNAL_SDK)
    415508
Note: See TracChangeset for help on using the changeset viewer.