Changeset 258863 in webkit
- Timestamp:
- Mar 23, 2020 11:47:48 AM (4 years ago)
- Location:
- trunk
- Files:
-
- 5 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebCore/ChangeLog
r258858 r258863 1 2020-03-23 Kate Cheney <katherine_cheney@apple.com> 2 3 Add checks for app-bound navigations when evaluating user style sheets 4 https://bugs.webkit.org/show_bug.cgi?id=209368 5 <rdar://problem/60204230> 6 7 Reviewed by Brent Fulgham. 8 9 * page/Page.cpp: 10 (WebCore::Page::injectUserStyleSheet): 11 If the style sheet is for a specific WebView, it will have a pageID 12 and we can check for app-bound navigation in the page object. 13 14 * style/StyleScopeRuleSets.cpp: 15 (WebCore::Style::ScopeRuleSets::initializeUserStyle): 16 If the user style sheet is being applied to all WebViews, we can check for 17 for a page's existence and navigation state here before the style sheet is 18 updated. 19 1 20 2020-03-23 Antoine Quint <graouts@apple.com> 2 21 -
trunk/Source/WebCore/page/Page.cpp
r258679 r258863 3076 3076 void Page::injectUserStyleSheet(UserStyleSheet& userStyleSheet) 3077 3077 { 3078 if (m_mainFrame->loader().client().hasNavigatedAwayFromAppBoundDomain()) { 3079 if (auto* document = m_mainFrame->document()) 3080 document->addConsoleMessage(MessageSource::Security, MessageLevel::Warning, "Ignoring user style sheet for non-app bound domain."_s); 3081 return; 3082 } 3083 3078 3084 // We need to wait until we're no longer displaying the initial empty document before we can inject the stylesheets. 3079 3085 if (m_mainFrame->loader().stateMachine().isDisplayingInitialEmptyDocument()) { -
trunk/Source/WebCore/style/StyleScopeRuleSets.cpp
r258321 r258863 32 32 #include "CSSStyleSheet.h" 33 33 #include "ExtensionStyleSheets.h" 34 #include "Frame.h" 35 #include "FrameLoader.h" 36 #include "FrameLoaderClient.h" 34 37 #include "MediaQueryEvaluator.h" 38 #include "Page.h" 35 39 #include "StyleResolver.h" 36 40 #include "StyleSheetContents.h" … … 88 92 if (CSSStyleSheet* pageUserSheet = extensionStyleSheets.pageUserSheet()) 89 93 tempUserStyle->addRulesFromSheet(pageUserSheet->contents(), nullptr, mediaQueryEvaluator, m_styleResolver); 90 collectRulesFromUserStyleSheets(extensionStyleSheets.injectedUserStyleSheets(), tempUserStyle.get(), mediaQueryEvaluator); 94 auto* page = m_styleResolver.document().page(); 95 if (page && page->mainFrame().loader().client().hasNavigatedAwayFromAppBoundDomain()) 96 m_styleResolver.document().addConsoleMessage(MessageSource::Security, MessageLevel::Warning, "Ignoring user style sheet for non-app bound domain."_s); 97 else 98 collectRulesFromUserStyleSheets(extensionStyleSheets.injectedUserStyleSheets(), tempUserStyle.get(), mediaQueryEvaluator); 91 99 collectRulesFromUserStyleSheets(extensionStyleSheets.documentUserStyleSheets(), tempUserStyle.get(), mediaQueryEvaluator); 92 100 if (tempUserStyle->ruleCount() > 0 || tempUserStyle->pageRules().size() > 0) -
trunk/Tools/ChangeLog
r258862 r258863 1 2020-03-23 Kate Cheney <katherine_cheney@apple.com> 2 3 Add checks for app-bound navigations when evaluating user style sheets 4 https://bugs.webkit.org/show_bug.cgi?id=209368 5 <rdar://problem/60204230> 6 7 Reviewed by Brent Fulgham. 8 9 Tested cases based on those in UserContentController.mm. 10 11 * TestWebKitAPI/Tests/WebKitCocoa/InAppBrowserPrivacy.mm: 12 (-[InAppBrowserSchemeHandler webView:startURLSchemeTask:]): 13 (expectScriptEvaluatesToColor): 14 (TEST): 15 16 1 17 2020-03-23 Alex Christensen <achristensen@webkit.org> 2 18 -
trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/InAppBrowserPrivacy.mm
r258616 r258863 35 35 #import <WebKit/WKUserContentControllerPrivate.h> 36 36 #import <WebKit/WKWebsiteDataStorePrivate.h> 37 #import <WebKit/_WKUserContentWorld.h> 38 #import <WebKit/_WKUserStyleSheet.h> 37 39 #import <wtf/RunLoop.h> 38 40 #import <wtf/text/WTFString.h> … … 69 71 else if ([task.request.URL.path isEqualToString:@"/in-app-browser-privacy-test-user-agent-script"]) 70 72 response = @"<script> window.wkUserScriptInjected = true; </script>"; 73 else if ([task.request.URL.path isEqualToString:@"/in-app-browser-privacy-test-user-style-sheets"]) 74 response = @"<body style='background-color: red;'></body>"; 75 else if ([task.request.URL.path isEqualToString:@"/in-app-browser-privacy-test-user-style-sheets-iframe"]) 76 response = @"<body style='background-color: red;'><iframe src='in-app-browser:///in-app-browser-privacy-test-user-style-sheets'></iframe></body>"; 71 77 72 78 [task didReceiveResponse:[[[NSURLResponse alloc] initWithURL:task.request.URL MIMEType:@"text/html" expectedContentLength:response.length textEncodingName:nil] autorelease]]; … … 412 418 } 413 419 420 static NSString *styleSheetSource = @"body { background-color: green !important; }"; 421 static NSString *backgroundColorScript = @"window.getComputedStyle(document.body, null).getPropertyValue('background-color')"; 422 static NSString *frameBackgroundColorScript = @"window.getComputedStyle(document.getElementsByTagName('iframe')[0].contentDocument.body, null).getPropertyValue('background-color')"; 423 static const char* redInRGB = "rgb(255, 0, 0)"; 424 425 static void expectScriptEvaluatesToColor(WKWebView *webView, NSString *script, const char* color) 426 { 427 static bool didCheckBackgroundColor; 428 429 [webView evaluateJavaScript:script completionHandler:^(id value, NSError * error) { 430 EXPECT_TRUE([value isKindOfClass:[NSString class]]); 431 EXPECT_WK_STREQ(color, value); 432 didCheckBackgroundColor = true; 433 }]; 434 435 TestWebKitAPI::Util::run(&didCheckBackgroundColor); 436 didCheckBackgroundColor = false; 437 } 438 439 TEST(InAppBrowserPrivacy, NonAppBoundUserStyleSheetForSpecificWebViewFails) 440 { 441 initializeInAppBrowserPrivacyTestSettings(); 442 443 RetainPtr<WKWebViewConfiguration> configuration = adoptNS([[WKWebViewConfiguration alloc] init]); 444 445 auto schemeHandler = adoptNS([[InAppBrowserSchemeHandler alloc] init]); 446 [configuration setURLSchemeHandler:schemeHandler.get() forURLScheme:@"in-app-browser"]; 447 [[configuration preferences] _setInAppBrowserPrivacyEnabled:YES]; 448 449 auto webView = adoptNS([[TestWKWebView alloc] initWithFrame:CGRectZero configuration:configuration.get()]); 450 NSURLRequest *request = [NSURLRequest requestWithURL:[NSURL URLWithString:@"in-app-browser:///in-app-browser-privacy-test-user-style-sheets"]]; 451 [webView loadRequest:request]; 452 [webView _test_waitForDidFinishNavigation]; 453 454 RetainPtr<_WKUserContentWorld> world = [_WKUserContentWorld worldWithName:@"TestWorld"]; 455 RetainPtr<_WKUserStyleSheet> styleSheet = adoptNS([[_WKUserStyleSheet alloc] initWithSource:styleSheetSource forWKWebView:webView.get() forMainFrameOnly:YES userContentWorld:world.get()]); 456 [[configuration userContentController] _addUserStyleSheet:styleSheet.get()]; 457 458 expectScriptEvaluatesToColor(webView.get(), backgroundColorScript, redInRGB); 459 } 460 461 TEST(InAppBrowserPrivacy, NonAppBoundUserStyleSheetForAllWebViewsFails) 462 { 463 initializeInAppBrowserPrivacyTestSettings(); 464 465 RetainPtr<WKWebViewConfiguration> configuration = adoptNS([[WKWebViewConfiguration alloc] init]); 466 467 auto schemeHandler = adoptNS([[InAppBrowserSchemeHandler alloc] init]); 468 [configuration setURLSchemeHandler:schemeHandler.get() forURLScheme:@"in-app-browser"]; 469 [[configuration preferences] _setInAppBrowserPrivacyEnabled:YES]; 470 471 auto webView = adoptNS([[TestWKWebView alloc] initWithFrame:CGRectZero configuration:configuration.get()]); 472 NSURLRequest *request = [NSURLRequest requestWithURL:[NSURL URLWithString:@"in-app-browser:///in-app-browser-privacy-test-user-style-sheets"]]; 473 [webView loadRequest:request]; 474 [webView _test_waitForDidFinishNavigation]; 475 476 RetainPtr<_WKUserStyleSheet> styleSheet = adoptNS([[_WKUserStyleSheet alloc] initWithSource:styleSheetSource forMainFrameOnly:YES]); 477 [[configuration userContentController] _addUserStyleSheet:styleSheet.get()]; 478 479 expectScriptEvaluatesToColor(webView.get(), backgroundColorScript, redInRGB); 480 } 481 482 TEST(InAppBrowserPrivacy, NonAppBoundUserStyleSheetAffectingAllFramesFails) 483 { 484 initializeInAppBrowserPrivacyTestSettings(); 485 486 RetainPtr<WKWebViewConfiguration> configuration = adoptNS([[WKWebViewConfiguration alloc] init]); 487 488 auto schemeHandler = adoptNS([[InAppBrowserSchemeHandler alloc] init]); 489 [configuration setURLSchemeHandler:schemeHandler.get() forURLScheme:@"in-app-browser"]; 490 [[configuration preferences] _setInAppBrowserPrivacyEnabled:YES]; 491 492 auto webView = adoptNS([[TestWKWebView alloc] initWithFrame:CGRectZero configuration:configuration.get()]); 493 NSURLRequest *request = [NSURLRequest requestWithURL:[NSURL URLWithString:@"in-app-browser:///in-app-browser-privacy-test-user-style-sheets-iframe"]]; 494 [webView loadRequest:request]; 495 [webView _test_waitForDidFinishNavigation]; 496 497 RetainPtr<_WKUserStyleSheet> styleSheet = adoptNS([[_WKUserStyleSheet alloc] initWithSource:styleSheetSource forMainFrameOnly:NO]); 498 [[configuration userContentController] _addUserStyleSheet:styleSheet.get()]; 499 500 // The main frame should be affected. 501 expectScriptEvaluatesToColor(webView.get(), backgroundColorScript, redInRGB); 502 503 // The subframe should also be affected. 504 expectScriptEvaluatesToColor(webView.get(), frameBackgroundColorScript, redInRGB); 505 } 506 414 507 #endif // USE(APPLE_INTERNAL_SDK) 415 508
Note: See TracChangeset
for help on using the changeset viewer.