Context Navigation

← Previous Changeset
Next Changeset →

Changeset 60957 in webkit

Timestamp:

Jun 10, 2010 7:31:34 AM (14 years ago)

Author:

eric@webkit.org

Message:

2010-06-10 Daniel Cheng <dcheng@chromium.org>

Reviewed by Jian Li.

Don't convert filenames to URLs in edit drags.
https://bugs.webkit.org/show_bug.cgi?id=38826

For security reasons, we don't want to expose file system paths to web
content, so we filter them out of edit drags.

editing/pasteboard/file-drag-to-editable-expected.txt: Added.
editing/pasteboard/file-drag-to-editable.html: Added.
editing/pasteboard/script-tests/file-drag-to-editable.js: Added.
platform/gtk/Skipped:
platform/mac/Skipped:
platform/qt/Skipped:
platform/win/Skipped:

2010-06-10 Daniel Cheng <dcheng@chromium.org>

Reviewed by Jian Li.

Don't convert filenames to URLs in edit drags.
https://bugs.webkit.org/show_bug.cgi?id=38826

For security reasons, we don't want to expose file system paths to web
content, so we filter them out of edit drags.

Test: editing/pasteboard/file-drag-to-editable.html

page/DragController.cpp: (WebCore::documentFragmentFromDragData):
platform/DragData.h: (WebCore::DragData::):
platform/android/DragDataAndroid.cpp: (WebCore::DragData::containsURL): (WebCore::DragData::asURL):
platform/chromium/DragDataChromium.cpp: (WebCore::DragData::containsURL): (WebCore::DragData::asURL):
platform/efl/DragDataEfl.cpp: (WebCore::DragData::containsURL): (WebCore::DragData::asURL):
platform/gtk/DragDataGtk.cpp: (WebCore::DragData::containsURL): (WebCore::DragData::asURL):
platform/haiku/DragDataHaiku.cpp: (WebCore::DragData::containsURL): (WebCore::DragData::asURL):
platform/mac/DragDataMac.mm: (WebCore::DragData::containsURL): (WebCore::DragData::asURL):
platform/qt/DragDataQt.cpp: (WebCore::DragData::asPlainText): (WebCore::DragData::containsURL): (WebCore::DragData::asURL):
platform/win/ClipboardUtilitiesWin.cpp: (WebCore::getURL): (WebCore::getPlainText):
platform/win/ClipboardUtilitiesWin.h:
platform/win/ClipboardWin.cpp: (WebCore::ClipboardWin::getData):
platform/win/DragDataWin.cpp: (WebCore::DragData::containsURL): (WebCore::DragData::asURL):
platform/wince/DragDataWince.cpp: (WebCore::DragData::containsURL): (WebCore::DragData::asURL):
platform/wx/DragDataWx.cpp: (WebCore::DragData::containsURL): (WebCore::DragData::asURL):

Location:

trunk

Files:

: 3 added
: 21 edited

LayoutTests/ChangeLog (modified) (1 diff)
LayoutTests/editing/pasteboard/file-drag-to-editable-expected.txt (added)
LayoutTests/editing/pasteboard/file-drag-to-editable.html (added)
LayoutTests/editing/pasteboard/script-tests/file-drag-to-editable.js (added)
LayoutTests/platform/gtk/Skipped (modified) (1 diff)
LayoutTests/platform/mac/Skipped (modified) (1 diff)
LayoutTests/platform/qt/Skipped (modified) (1 diff)
LayoutTests/platform/win/Skipped (modified) (1 diff)
WebCore/ChangeLog (modified) (1 diff)
WebCore/page/DragController.cpp (modified) (1 diff)
WebCore/platform/DragData.h (modified) (2 diffs)
WebCore/platform/android/DragDataAndroid.cpp (modified) (1 diff)
WebCore/platform/chromium/DragDataChromium.cpp (modified) (1 diff)
WebCore/platform/efl/DragDataEfl.cpp (modified) (1 diff)
WebCore/platform/gtk/DragDataGtk.cpp (modified) (1 diff)
WebCore/platform/haiku/DragDataHaiku.cpp (modified) (2 diffs)
WebCore/platform/mac/DragDataMac.mm (modified) (1 diff)
WebCore/platform/qt/DragDataQt.cpp (modified) (3 diffs)
WebCore/platform/win/ClipboardUtilitiesWin.cpp (modified) (4 diffs)
WebCore/platform/win/ClipboardUtilitiesWin.h (modified) (2 diffs)
WebCore/platform/win/ClipboardWin.cpp (modified) (1 diff)
WebCore/platform/win/DragDataWin.cpp (modified) (1 diff)
WebCore/platform/wince/DragDataWince.cpp (modified) (1 diff)
WebCore/platform/wx/DragDataWx.cpp (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

trunk/LayoutTests/ChangeLog

-                      r60956
+                      r60957
+-06-10  Daniel Cheng  <dcheng@chromium.org>
+        Reviewed by Jian Li.
+        Don't convert filenames to URLs in edit drags.
+        https://bugs.webkit.org/show_bug.cgi?id=38826
+        For security reasons, we don't want to expose file system paths to web
+        content, so we filter them out of edit drags.
+        * editing/pasteboard/file-drag-to-editable-expected.txt: Added.
+        * editing/pasteboard/file-drag-to-editable.html: Added.
+        * editing/pasteboard/script-tests/file-drag-to-editable.js: Added.
+        * platform/gtk/Skipped:
+        * platform/mac/Skipped:
+        * platform/qt/Skipped:
+        * platform/win/Skipped:
 -06-10  Marcus Bulach  <bulach@google.com>

trunk/LayoutTests/platform/gtk/Skipped

r60936	r60957
666	666	editing/pasteboard/copy-in-password-field.html
667	667	editing/pasteboard/drag-image-in-about-blank-frame.html
	668	editing/pasteboard/file-drag-to-editable.html
668	669	editing/pasteboard/file-input-files-access.html
669	670	editing/pasteboard/get-data-text-plain-drop.html

trunk/LayoutTests/platform/mac/Skipped

r60911	r60957
295	295	fast/dom/Geolocation/reentrant-error.html
296	296	fast/dom/Geolocation/reentrant-success.html
	297
	298	# Filenames aren't filtered out from edit drags yet, see https://bugs.wekit.org/show_bug.cgi?id=38826
	299	editing/pasteboard/file-drag-to-editable.html

trunk/LayoutTests/platform/qt/Skipped

r60936	r60957
830	830	# ------- missing eventSender.beginDragWithFiles
831	831	editing/pasteboard/dataTransfer-setData-getData.html
	832	editing/pasteboard/file-drag-to-editable.html
832	833	editing/pasteboard/file-input-files-access.html
833	834	fast/dom/Window/window-postmessage-clone.html

trunk/LayoutTests/platform/win/Skipped

r60822	r60957
193	193	# <rdar://problem/5230396> eventSender.beginDragWithFiles is unimplemented
194	194	editing/pasteboard/dataTransfer-setData-getData.html
	195	editing/pasteboard/file-drag-to-editable.html
195	196	editing/pasteboard/file-input-files-access.html
196	197	fast/events/drag-to-navigate.html

trunk/WebCore/ChangeLog

-                      r60955
+                      r60957
+-06-10  Daniel Cheng  <dcheng@chromium.org>
+        Reviewed by Jian Li.
+        Don't convert filenames to URLs in edit drags.
+        https://bugs.webkit.org/show_bug.cgi?id=38826
+        For security reasons, we don't want to expose file system paths to web
+        content, so we filter them out of edit drags.
+        Test: editing/pasteboard/file-drag-to-editable.html
+        * page/DragController.cpp:
+        (WebCore::documentFragmentFromDragData):
+        * platform/DragData.h:
+        (WebCore::DragData::):
+        * platform/android/DragDataAndroid.cpp:
+        (WebCore::DragData::containsURL):
+        (WebCore::DragData::asURL):
+        * platform/chromium/DragDataChromium.cpp:
+        (WebCore::DragData::containsURL):
+        (WebCore::DragData::asURL):
+        * platform/efl/DragDataEfl.cpp:
+        (WebCore::DragData::containsURL):
+        (WebCore::DragData::asURL):
+        * platform/gtk/DragDataGtk.cpp:
+        (WebCore::DragData::containsURL):
+        (WebCore::DragData::asURL):
+        * platform/haiku/DragDataHaiku.cpp:
+        (WebCore::DragData::containsURL):
+        (WebCore::DragData::asURL):
+        * platform/mac/DragDataMac.mm:
+        (WebCore::DragData::containsURL):
+        (WebCore::DragData::asURL):
+        * platform/qt/DragDataQt.cpp:
+        (WebCore::DragData::asPlainText):
+        (WebCore::DragData::containsURL):
+        (WebCore::DragData::asURL):
+        * platform/win/ClipboardUtilitiesWin.cpp:
+        (WebCore::getURL):
+        (WebCore::getPlainText):
+        * platform/win/ClipboardUtilitiesWin.h:
+        * platform/win/ClipboardWin.cpp:
+        (WebCore::ClipboardWin::getData):
+        * platform/win/DragDataWin.cpp:
+        (WebCore::DragData::containsURL):
+        (WebCore::DragData::asURL):
+        * platform/wince/DragDataWince.cpp:
+        (WebCore::DragData::containsURL):
+        (WebCore::DragData::asURL):
+        * platform/wx/DragDataWx.cpp:
+        (WebCore::DragData::containsURL):
+        (WebCore::DragData::asURL):
 -06-10  Mike Belshe  <mbelshe@chromium.org>

trunk/WebCore/page/DragController.cpp

-                      r60943
+                      r60957
             return fragment;
         if (dragData->containsURL()) {
+        if (dragData->containsURL(DragData::DoNotConvertFilenames)) {
             String title;
             String url = dragData->asURL(&title);
+            String url = dragData->asURL(DragData::DoNotConvertFilenames, &title);
             if (!url.isEmpty()) {
                 RefPtr<HTMLAnchorElement> anchor = HTMLAnchorElement::create(document);

trunk/WebCore/platform/DragData.h

-                      r60025
+                      r60957
     class DragData {
     public:
+        enum FilenameConversionPolicy { DoNotConvertFilenames, ConvertFilenames };
 #if PLATFORM(MAC)
         //FIXME: In the future the WebKit functions provided by the helper class should be moved into WebCore,
 …
         DragOperation draggingSourceOperationMask() const { return m_draggingSourceOperationMask; }
         PassRefPtr<Clipboard> createClipboard(ClipboardAccessPolicy) const;
         bool containsURL() const;
+        bool containsURL(FilenameConversionPolicy filenamePolicy = ConvertFilenames) const;
         bool containsPlainText() const;
         bool containsCompatibleContent() const;
         String asURL(String* title = 0) const;
+        String asURL(FilenameConversionPolicy filenamePolicy = ConvertFilenames, String* title = 0) const;
         String asPlainText() const;
         void asFilenames(Vector<String>&) const;

trunk/WebCore/platform/android/DragDataAndroid.cpp

r44580	r60957
69	69	}
70	70
71		bool DragData::containsURL() const
	71	bool DragData::containsURL(FilenameConversionPolicy) const
72	72	{
73	73	return false;
74	74	}
75	75
76		String DragData::asURL(String*) const
	76	String DragData::asURL(FilenameConversionPolicy, String*) const
77	77	{
78	78	return String();

trunk/WebCore/platform/chromium/DragDataChromium.cpp

r59689	r60957
57	57	}
58	58
59		bool DragData::containsURL() const
	59	bool DragData::containsURL(FilenameConversionPolicy filenamePolicy) const
60	60	{
61		return !asURL().isEmpty();
	61	return !asURL(filenamePolicy).isEmpty();
62	62	}
63	63
64		String DragData::asURL(String* title) const
	64	String DragData::asURL(FilenameConversionPolicy filenamePolicy, String* title) const
65	65	{
66	66	String url;
67	67	if (m_platformDragData->hasValidURL())
68	68	url = m_platformDragData->getURL().string();
69		else if (!m_platformDragData->filenames.isEmpty()) {
	69	else if (filenamePolicy == ConvertFilenames && !m_platformDragData->filenames.isEmpty()) {
70	70	String fileName = m_platformDragData->filenames[0];
71	71	fileName = ChromiumBridge::getAbsolutePath(fileName);

trunk/WebCore/platform/efl/DragDataEfl.cpp

r55342	r60957
72	72	}
73	73
74		bool DragData::containsURL() const
	74	bool DragData::containsURL(FilenameConversionPolicy filenamePolicy) const
75	75	{
76	76	return false;
77	77	}
78	78
79		String DragData::asURL(String* title) const
	79	String DragData::asURL(FilenameConversionPolicy filenamePolicy, String* title) const
80	80	{
81	81	return String();

trunk/WebCore/platform/gtk/DragDataGtk.cpp

r34554	r60957
68	68	}
69	69
70		bool DragData::containsURL() const
	70	bool DragData::containsURL(FilenameConversionPolicy filenamePolicy) const
71	71	{
72	72	return false;
73	73	}
74	74
75		String DragData::asURL(String* title) const
	75	String DragData::asURL(FilenameConversionPolicy filenamePolicy, String* title) const
76	76	{
77	77	return String();

trunk/WebCore/platform/haiku/DragDataHaiku.cpp

r47068	r60957
87	87	}
88	88
89		bool DragData::containsURL() const
	89	bool DragData::containsURL(FilenameConversionPolicy filenamePolicy) const
90	90	{
91	91	notImplemented();
…	…
93	93	}
94	94
95		String DragData::asURL(String* title) const
	95	String DragData::asURL(FilenameConversionPolicy filenamePolicy, String* title) const
96	96	{
97	97	notImplemented();

trunk/WebCore/platform/mac/DragDataMac.mm

r48426	r60957
114	114	}
115	115
116		bool DragData::containsURL() const
	116	bool DragData::containsURL(FilenameConversionPolicy filenamePolicy) const
117	117	{
118		return !asURL().isEmpty();
	118	return !asURL(filenamePolicy).isEmpty();
119	119	}
120	120
121		String DragData::asURL(String* title) const
	121	String DragData::asURL(FilenameConversionPolicy filenamePolicy, String* title) const
122	122	{
	123	// FIXME: Use filenamePolicy.
	124	(void)filenamePolicy;
123	125	return m_pasteboardHelper->urlFromPasteboard([m_platformDragData draggingPasteboard], title);
124	126	}

trunk/WebCore/platform/qt/DragDataQt.cpp

r60749	r60957
91	91
92	92	// FIXME: Should handle rich text here
93		return asURL(0);
	93	return asURL(DoNotConvertFilenames, 0);
94	94	}
95	95
…	…
113	113	}
114	114
115		bool DragData::containsURL() const
	115	bool DragData::containsURL(FilenameConversionPolicy filenamePolicy) const
116	116	{
	117	// FIXME: Use filenamePolicy.
117	118	if (!m_platformDragData)
118	119	return false;
…	…
120	121	}
121	122
122		String DragData::asURL(String*) const
	123	String DragData::asURL(FilenameConversionPolicy filenamePolicy, String*) const
123	124	{
	125	// FIXME: Use filenamePolicy.
124	126	if (!m_platformDragData)
125	127	return String();

trunk/WebCore/platform/win/ClipboardUtilitiesWin.cpp

-                      r59917
+                      r60957
+}
 String getURL(IDataObject* dataObject, bool& success, String* title)
+String getURL(IDataObject* dataObject, DragData::FilenameConversionPolicy filenamePolicy, bool& success, String* title)
+{
     STGMEDIUM store;
 …
         ReleaseStgMedium(&store);
         success = true;
+    } else if (SUCCEEDED(dataObject->GetData(filenameWFormat(), &store))) {
+        //file using unicode
+        wchar_t* data = (wchar_t*)GlobalLock(store.hGlobal);
+        if (data && data[0] && (PathFileExists(data) || PathIsUNC(data))) {
+            RetainPtr<CFStringRef> pathAsCFString(AdoptCF, CFStringCreateWithCharacters(kCFAllocatorDefault, (const UniChar*)data, wcslen(data)));
+            if (urlFromPath(pathAsCFString.get(), url)) {
+                if (title)
+                    *title = url;
+                success = true;
+    } else if (filenamePolicy == DragData::ConvertFilenames) {
+        if (SUCCEEDED(dataObject->GetData(filenameWFormat(), &store))) {
+            // file using unicode
+            wchar_t* data = (wchar_t*)GlobalLock(store.hGlobal);
+            if (data && data[0] && (PathFileExists(data) || PathIsUNC(data))) {
+                RetainPtr<CFStringRef> pathAsCFString(AdoptCF, CFStringCreateWithCharacters(kCFAllocatorDefault, (const UniChar*)data, wcslen(data)));
+                if (urlFromPath(pathAsCFString.get(), url)) {
+                    if (title)
+                        *title = url;
+                    success = true;
+                }
+            }
+            GlobalUnlock(store.hGlobal);
+            ReleaseStgMedium(&store);
+        } else if (SUCCEEDED(dataObject->GetData(filenameFormat(), &store))) {
+            // filename using ascii
+            char* data = (char*)GlobalLock(store.hGlobal);
+            if (data && data[0] && (PathFileExistsA(data) || PathIsUNCA(data))) {
+                RetainPtr<CFStringRef> pathAsCFString(AdoptCF, CFStringCreateWithCString(kCFAllocatorDefault, data, kCFStringEncodingASCII));
+                if (urlFromPath(pathAsCFString.get(), url)) {
+                    if (title)
+                        *title = url;
+                    success = true;
+                }
+            }
+            GlobalUnlock(store.hGlobal);
+            ReleaseStgMedium(&store);
+        }
-        GlobalUnlock(store.hGlobal);
-        ReleaseStgMedium(&store);
-    } else if (SUCCEEDED(dataObject->GetData(filenameFormat(), &store))) {
-        //filename using ascii
-        char* data = (char*)GlobalLock(store.hGlobal);
-        if (data && data[0] && (PathFileExistsA(data) || PathIsUNCA(data))) {
-            RetainPtr<CFStringRef> pathAsCFString(AdoptCF, CFStringCreateWithCString(kCFAllocatorDefault, data, kCFStringEncodingASCII));
-            if (urlFromPath(pathAsCFString.get(), url)) {
-                if (title)
-                    *title = url;
-                success = true;
+            }
+        }
-        GlobalUnlock(store.hGlobal);
-        ReleaseStgMedium(&store);
+    }
     return url;
 …
         UChar* data = (UChar*)GlobalLock(store.hGlobal);
         text = String(data);
         GlobalUnlock(store.hGlobal);
+        GlobalUnlock(store.hGlobal);
         ReleaseStgMedium(&store);
         success = true;
 …
         char* data = (char*)GlobalLock(store.hGlobal);
         text = String(data);
         GlobalUnlock(store.hGlobal);
+        GlobalUnlock(store.hGlobal);
         ReleaseStgMedium(&store);
         success = true;
     } else {
+        //If a file is dropped on the window, it does not provide either of the
+        //plain text formats, so here we try to forcibly get a url.
+        text = getURL(dataObject, success);
+        // FIXME: Originally, we called getURL() here because dragging and dropping files doesn't
+        // populate the drag with text data. Per https://bugs.webkit.org/show_bug.cgi?id=38826, this
+        // is undesirable, so maybe this line can be removed.
+        text = getURL(dataObject, DragData::DoNotConvertFilenames, success);
         success = true;
+    }

trunk/WebCore/platform/win/ClipboardUtilitiesWin.h

-                      r59917
+                      r60957
 PassRefPtr<DocumentFragment> fragmentFromCF_HTML(Document*, const String& cf_html);
 String getURL(IDataObject*, bool& success, String* title = 0);
+String getURL(IDataObject*, DragData::FilenameConversionPolicy, bool& success, String* title = 0);
 String getPlainText(IDataObject*, bool& success);
 …
 #endif // ClipboardUtilitiesWin_h

trunk/WebCore/platform/win/ClipboardWin.cpp

r56825	r60957
500	500	return getPlainText(m_dataObject.get(), success);
501	501	else if (dataType == ClipboardDataTypeURL)
502		return getURL(m_dataObject.get(), success);
	502	return getURL(m_dataObject.get(), DragData::DoNotConvertFilenames, success);
503	503
504	504	return "";

trunk/WebCore/platform/win/DragDataWin.cpp

r34544	r60957
45	45	}
46	46
47		bool DragData::containsURL() const
	47	bool DragData::containsURL(FilenameConversionPolicy filenamePolicy) const
48	48	{
49	49	return SUCCEEDED(m_platformDragData->QueryGetData(urlWFormat()))
50	50	\|\| SUCCEEDED(m_platformDragData->QueryGetData(urlFormat()))
51		\|\| SUCCEEDED(m_platformDragData->QueryGetData(filenameWFormat()))
52		\|\| SUCCEEDED(m_platformDragData->QueryGetData(filenameFormat()));
	51	\|\| (filenamePolicy == ConvertFilenames
	52	&& (SUCCEEDED(m_platformDragData->QueryGetData(filenameWFormat()))
	53	\|\| SUCCEEDED(m_platformDragData->QueryGetData(filenameFormat()))));
53	54	}
54	55
55		String DragData::asURL(String* title) const
	56	String DragData::asURL(FilenameConversionPolicy filenamePolicy, String* title) const
56	57	{
57	58	bool success;
58		return getURL(m_platformDragData, success, title);
	59	return getURL(m_platformDragData, filenamePolicy, success, title);
59	60	}
60	61

trunk/WebCore/platform/wince/DragDataWince.cpp

r47137	r60957
33	33	}
34	34
35		bool DragData::containsURL() const
	35	bool DragData::containsURL(FilenameConversionPolicy filenamePolicy) const
36	36	{
37	37	return false;
38	38	}
39	39
40		String DragData::asURL(String* title) const
	40	String DragData::asURL(FilenameConversionPolicy filenamePolicy, String* title) const
41	41	{
42	42	return String();

trunk/WebCore/platform/wx/DragDataWx.cpp

r34554	r60957
77	77	}
78	78
79		bool DragData::containsURL() const
	79	bool DragData::containsURL(FilenameConversionPolicy filenamePolicy) const
80	80	{
81	81	return false;
82	82	}
83	83
84		String DragData::asURL(String* title) const
	84	String DragData::asURL(FilenameConversionPolicy filenamePolicy, String* title) const
85	85	{
86	86	return String();

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 60957 in webkit

Legend:

Download in other formats: