Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 3c089e68eb066333c057a99dd3a511fd3495e5bf https://github.com/WebKit/WebKit/commit/3c089e68eb066333c057a99dd3a511fd3495e5bf Author: Aditya Keerthi <akeer...@apple.com> Date: 2023-01-24 (Tue, 24 Jan 2023)
Changed paths: M Source/WebKit/UIProcess/Cocoa/WKShareSheet.mm Log Message: ----------- Cherry-pick 252432.840@safari-7614-branch (56f36c096a15). rdar://104609397 Share Sheet may parse complex image formats https://bugs.webkit.org/show_bug.cgi?id=248097 rdar://99294213 Reviewed by Jonathan Bedard and Tim Horton. When a URL is given to the Share Sheet, the Share Sheet displays a thumbnail defined by the URL, in the UIProcess. The Web Share API allows the URL to be handed to the UIProcess from the WebProcess, via IPC. Consequently, there exists a way to trigger image decoding in the UIProcess from a compromised WebProcess, or one-click from a user. To fix, display a placeholder icon rather than showing a thumbnail defined by the URL in the Share Sheet. This behavior is achieved by specifying partial `LPLinkMetadata`. * Source/WebKit/UIProcess/Cocoa/WKShareSheet.mm: (-[WKShareSheetURLItemProvider initWithURL:]): Mark the metadata as incomplete so that it may be refetched when the URL is actually shared. (-[WKShareSheetURLItemProvider item]): (-[WKShareSheetURLItemProvider activityViewControllerLinkMetadata:]): (-[WKShareSheet presentWithParameters:inRect:completionHandler:]): Only apply this mitigation when the Share Sheet is invoked using the Web Share API. Other contexts require more significant user interaction and are not done through IPC from the WebProcess. Canonical link: https://commits.webkit.org/252432.840@safari-7614-branch Canonical link: https://commits.webkit.org/259328@main _______________________________________________ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes