[webkit-changes] [185638] trunk/Source/WebInspectorUI

Tue, 16 Jun 2015 22:12:07 -0700

Title: [185638] trunk/Source/WebInspectorUI
Revision
185638
Author
commit-qu...@webkit.org
Date
2015-06-16 22:11:49 -0700 (Tue, 16 Jun 2015)

Log Message

Web Inspector: Inspector Scripts evaluated in the page should not be searchable
https://bugs.webkit.org/show_bug.cgi?id=146040

Patch by Joseph Pecoraro <pecor...@apple.com> on 2015-06-16
Reviewed by Darin Adler.

Any script with a __WebInspector source URL will be hidden by the tools.
There were a number of ways the inspector could evaluate script on the page
without getting the sourceURL and therefore not getting hidden. Audit
all cases of Runtime.evaluate, Runtime.callFunctionOn, and
Debugger.evaluateOnCallFrame, to ensure we have an appropriate source URL.

* UserInterface/Base/Utilities.js:
(appendWebInspectorSourceURL):
Helper to append a __WebInspectorInternal__ sourceURL to a string that may
be evaluated directly on the inspected context.

* UserInterface/Controllers/DOMTreeManager.js:
(WebInspector.DOMTreeManager.domNodeResolved):
* UserInterface/Controllers/_javascript_LogViewController.js:
(WebInspector._javascript_LogViewController.prototype.consolePromptTextCommitted): Deleted.
* UserInterface/Controllers/RuntimeManager.js:
* UserInterface/Models/DOMTree.js:
(WebInspector.DOMTree.prototype._requestRootDOMNode):
* UserInterface/Protocol/RemoteObject.js:
(WebInspector.RemoteObject.):
* UserInterface/Views/SourceCodeTextEditor.js:
(WebInspector.SourceCodeTextEditor.prototype._tokenTrackingControllerHighlightedJavaScriptExpression):
Ensure all cases that evaluate directly on the inspected page / context
have the intenral source URL.

Modified Paths

Diff

Modified: trunk/Source/WebInspectorUI/ChangeLog (185637 => 185638)


--- trunk/Source/WebInspectorUI/ChangeLog	2015-06-17 03:33:26 UTC (rev 185637)
+++ trunk/Source/WebInspectorUI/ChangeLog	2015-06-17 05:11:49 UTC (rev 185638)
@@ -1,3 +1,35 @@
+2015-06-16  Joseph Pecoraro  <pecor...@apple.com>
+
+        Web Inspector: Inspector Scripts evaluated in the page should not be searchable
+        https://bugs.webkit.org/show_bug.cgi?id=146040
+
+        Reviewed by Darin Adler.
+
+        Any script with a __WebInspector source URL will be hidden by the tools.
+        There were a number of ways the inspector could evaluate script on the page
+        without getting the sourceURL and therefore not getting hidden. Audit
+        all cases of Runtime.evaluate, Runtime.callFunctionOn, and
+        Debugger.evaluateOnCallFrame, to ensure we have an appropriate source URL.
+
+        * UserInterface/Base/Utilities.js:
+        (appendWebInspectorSourceURL):
+        Helper to append a __WebInspectorInternal__ sourceURL to a string that may
+        be evaluated directly on the inspected context.
+
+        * UserInterface/Controllers/DOMTreeManager.js:
+        (WebInspector.DOMTreeManager.domNodeResolved):
+        * UserInterface/Controllers/_javascript_LogViewController.js:
+        (WebInspector._javascript_LogViewController.prototype.consolePromptTextCommitted): Deleted.
+        * UserInterface/Controllers/RuntimeManager.js:
+        * UserInterface/Models/DOMTree.js:
+        (WebInspector.DOMTree.prototype._requestRootDOMNode):
+        * UserInterface/Protocol/RemoteObject.js:
+        (WebInspector.RemoteObject.):
+        * UserInterface/Views/SourceCodeTextEditor.js:
+        (WebInspector.SourceCodeTextEditor.prototype._tokenTrackingControllerHighlightedJavaScriptExpression):
+        Ensure all cases that evaluate directly on the inspected page / context
+        have the intenral source URL.
+
 2015-06-16  Matt Baker  <mattba...@apple.com>
 
         Web Inspector: REGRESSION (r171645): up/down key navigation of timeline sidebar tree elements is broken when scope bar filters are applied

Modified: trunk/Source/WebInspectorUI/UserInterface/Base/Utilities.js (185637 => 185638)


--- trunk/Source/WebInspectorUI/UserInterface/Base/Utilities.js	2015-06-17 03:33:26 UTC (rev 185637)
+++ trunk/Source/WebInspectorUI/UserInterface/Base/Utilities.js	2015-06-17 05:11:49 UTC (rev 185638)
@@ -1007,6 +1007,11 @@
     }
 });
 
+function appendWebInspectorSourceURL(string)
+{
+    return string + "\n//# sourceURL=__WebInspectorInternal__\n";
+}
+
 function isFunctionStringNativeCode(str)
 {
     return str.endsWith("{\n    [native code]\n}");

Modified: trunk/Source/WebInspectorUI/UserInterface/Controllers/DOMTreeManager.js (185637 => 185638)


--- trunk/Source/WebInspectorUI/UserInterface/Controllers/DOMTreeManager.js	2015-06-17 03:33:26 UTC (rev 185637)
+++ trunk/Source/WebInspectorUI/UserInterface/Controllers/DOMTreeManager.js	2015-06-17 05:11:49 UTC (rev 185638)
@@ -597,7 +597,7 @@
             // passing the DOMNode as the "this" reference.
             var evalParameters = {
                 objectId: remoteObject.objectId,
-                functionDeclaration: backendFunction.toString(),
+                functionDeclaration: appendWebInspectorSourceURL(backendFunction.toString()),
                 doNotPauseOnExceptionsAndMuteConsole: true,
                 returnByValue: false,
                 generatePreview: false

Modified: trunk/Source/WebInspectorUI/UserInterface/Controllers/_javascript_LogViewController.js (185637 => 185638)


--- trunk/Source/WebInspectorUI/UserInterface/Controllers/_javascript_LogViewController.js	2015-06-17 03:33:26 UTC (rev 185637)
+++ trunk/Source/WebInspectorUI/UserInterface/Controllers/_javascript_LogViewController.js	2015-06-17 05:11:49 UTC (rev 185638)
@@ -232,8 +232,6 @@
             this._appendConsoleMessageView(commandResultMessageView, true);
         }
 
-        text += "\n//# sourceURL=__WebInspectorConsole__\n";
-
         WebInspector.runtimeManager.evaluateInInspectedWindow(text, "console", true, false, false, true, true, printResult.bind(this));
     }

Modified: trunk/Source/WebInspectorUI/UserInterface/Controllers/RuntimeManager.js (185637 => 185638)


--- trunk/Source/WebInspectorUI/UserInterface/Controllers/RuntimeManager.js	2015-06-17 03:33:26 UTC (rev 185637)
+++ trunk/Source/WebInspectorUI/UserInterface/Controllers/RuntimeManager.js	2015-06-17 05:11:49 UTC (rev 185638)
@@ -43,6 +43,8 @@
             _expression_ = "this";
         }
 
+        _expression_ = appendWebInspectorSourceURL(_expression_);
+
         function evalCallback(error, result, wasThrown, savedResultIndex)
         {
             this.dispatchEventToListeners(WebInspector.RuntimeManager.Event.DidEvaluate);

Modified: trunk/Source/WebInspectorUI/UserInterface/Models/DOMTree.js (185637 => 185638)


--- trunk/Source/WebInspectorUI/UserInterface/Models/DOMTree.js	2015-06-17 03:33:26 UTC (rev 185637)
+++ trunk/Source/WebInspectorUI/UserInterface/Models/DOMTree.js	2015-06-17 05:11:49 UTC (rev 185638)
@@ -210,7 +210,7 @@
             // COMPATIBILITY (iOS 6): Execution context identifiers (contextId) did not exist
             // in iOS 6. Fallback to including the frame identifier (frameId).
             var contextId = this._frame.pageExecutionContext ? this._frame.pageExecutionContext.id : undefined;
-            RuntimeAgent.evaluate.invoke({_expression_: "document", objectGroup: "", includeCommandLineAPI: false, doNotPauseOnExceptionsAndMuteConsole: true, contextId, frameId: this._frame.id, returnByValue: false, generatePreview: false}, rootObjectAvailable.bind(this));
+            RuntimeAgent.evaluate.invoke({_expression_: appendWebInspectorSourceURL("document"), objectGroup: "", includeCommandLineAPI: false, doNotPauseOnExceptionsAndMuteConsole: true, contextId, frameId: this._frame.id, returnByValue: false, generatePreview: false}, rootObjectAvailable.bind(this));
         }
     }

Modified: trunk/Source/WebInspectorUI/UserInterface/Protocol/RemoteObject.js (185637 => 185638)


--- trunk/Source/WebInspectorUI/UserInterface/Protocol/RemoteObject.js	2015-06-17 03:33:26 UTC (rev 185637)
+++ trunk/Source/WebInspectorUI/UserInterface/Protocol/RemoteObject.js	2015-06-17 05:11:49 UTC (rev 185638)
@@ -306,7 +306,8 @@
             return;
         }
 
-        RuntimeAgent.evaluate.invoke({_expression_:value, doNotPauseOnExceptionsAndMuteConsole:true}, evaluatedCallback.bind(this));
+        // FIXME: It doesn't look like setPropertyValue is used yet. This will need to be tested when it is again (editable ObjectTrees).
+        RuntimeAgent.evaluate.invoke({_expression_:appendWebInspectorSourceURL(value), doNotPauseOnExceptionsAndMuteConsole:true}, evaluatedCallback.bind(this));
 
         function evaluatedCallback(error, result, wasThrown)
         {
@@ -322,7 +323,7 @@
 
             delete result.description; // Optimize on traffic.
 
-            RuntimeAgent.callFunctionOn(this._objectId, setPropertyValue.toString(), [{value:name}, result], true, undefined, propertySetCallback.bind(this));
+            RuntimeAgent.callFunctionOn(this._objectId, appendWebInspectorSourceURL(setPropertyValue.toString()), [{value:name}, result], true, undefined, propertySetCallback.bind(this));
 
             if (result._objectId)
                 RuntimeAgent.releaseObject(result._objectId);
@@ -406,7 +407,7 @@
         if (args)
             args = args.map(WebInspector.RemoteObject.createCallArgument);
 
-        RuntimeAgent.callFunctionOn(this._objectId, functionDeclaration.toString(), args, true, undefined, generatePreview, mycallback);
+        RuntimeAgent.callFunctionOn(this._objectId, appendWebInspectorSourceURL(functionDeclaration.toString()), args, true, undefined, generatePreview, mycallback);
     }
 
     callFunctionJSON(functionDeclaration, args, callback)
@@ -416,7 +417,7 @@
             callback((error || wasThrown) ? null : result.value);
         }
 
-        RuntimeAgent.callFunctionOn(this._objectId, functionDeclaration.toString(), args, true, true, mycallback);
+        RuntimeAgent.callFunctionOn(this._objectId, appendWebInspectorSourceURL(functionDeclaration.toString()), args, true, true, mycallback);
     }
     
     invokeGetter(getterRemoteObject, callback)

Modified: trunk/Source/WebInspectorUI/UserInterface/Views/SourceCodeTextEditor.js (185637 => 185638)


--- trunk/Source/WebInspectorUI/UserInterface/Views/SourceCodeTextEditor.js	2015-06-17 03:33:26 UTC (rev 185637)
+++ trunk/Source/WebInspectorUI/UserInterface/Views/SourceCodeTextEditor.js	2015-06-17 05:11:49 UTC (rev 185638)
@@ -1384,13 +1384,15 @@
             }
         }
 
+        var _expression_ = appendWebInspectorSourceURL(candidate._expression_);
+
         if (WebInspector.debuggerManager.activeCallFrame) {
-            DebuggerAgent.evaluateOnCallFrame.invoke({callFrameId: WebInspector.debuggerManager.activeCallFrame.id, _expression_: candidate._expression_, objectGroup: "popover", doNotPauseOnExceptionsAndMuteConsole: true}, populate.bind(this));
+            DebuggerAgent.evaluateOnCallFrame.invoke({callFrameId: WebInspector.debuggerManager.activeCallFrame.id, _expression_, objectGroup: "popover", doNotPauseOnExceptionsAndMuteConsole: true}, populate.bind(this));
             return;
         }
 
         // No call frame available. Use the main page's context.
-        RuntimeAgent.evaluate.invoke({_expression_: candidate._expression_, objectGroup: "popover", doNotPauseOnExceptionsAndMuteConsole: true}, populate.bind(this));
+        RuntimeAgent.evaluate.invoke({_expression_, objectGroup: "popover", doNotPauseOnExceptionsAndMuteConsole: true}, populate.bind(this));
     }
 
     _tokenTrackingControllerHighlightedJavaScriptTypeInformation(candidate)

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to