Diff
Modified: trunk/Source/WebInspectorUI/ChangeLog (185637 => 185638)
--- trunk/Source/WebInspectorUI/ChangeLog 2015-06-17 03:33:26 UTC (rev 185637)
+++ trunk/Source/WebInspectorUI/ChangeLog 2015-06-17 05:11:49 UTC (rev 185638)
@@ -1,3 +1,35 @@
+2015-06-16 Joseph Pecoraro <pecor...@apple.com>
+
+ Web Inspector: Inspector Scripts evaluated in the page should not be searchable
+ https://bugs.webkit.org/show_bug.cgi?id=146040
+
+ Reviewed by Darin Adler.
+
+ Any script with a __WebInspector source URL will be hidden by the tools.
+ There were a number of ways the inspector could evaluate script on the page
+ without getting the sourceURL and therefore not getting hidden. Audit
+ all cases of Runtime.evaluate, Runtime.callFunctionOn, and
+ Debugger.evaluateOnCallFrame, to ensure we have an appropriate source URL.
+
+ * UserInterface/Base/Utilities.js:
+ (appendWebInspectorSourceURL):
+ Helper to append a __WebInspectorInternal__ sourceURL to a string that may
+ be evaluated directly on the inspected context.
+
+ * UserInterface/Controllers/DOMTreeManager.js:
+ (WebInspector.DOMTreeManager.domNodeResolved):
+ * UserInterface/Controllers/_javascript_LogViewController.js:
+ (WebInspector._javascript_LogViewController.prototype.consolePromptTextCommitted): Deleted.
+ * UserInterface/Controllers/RuntimeManager.js:
+ * UserInterface/Models/DOMTree.js:
+ (WebInspector.DOMTree.prototype._requestRootDOMNode):
+ * UserInterface/Protocol/RemoteObject.js:
+ (WebInspector.RemoteObject.):
+ * UserInterface/Views/SourceCodeTextEditor.js:
+ (WebInspector.SourceCodeTextEditor.prototype._tokenTrackingControllerHighlightedJavaScriptExpression):
+ Ensure all cases that evaluate directly on the inspected page / context
+ have the intenral source URL.
+
2015-06-16 Matt Baker <mattba...@apple.com>
Web Inspector: REGRESSION (r171645): up/down key navigation of timeline sidebar tree elements is broken when scope bar filters are applied
Modified: trunk/Source/WebInspectorUI/UserInterface/Base/Utilities.js (185637 => 185638)
--- trunk/Source/WebInspectorUI/UserInterface/Base/Utilities.js 2015-06-17 03:33:26 UTC (rev 185637)
+++ trunk/Source/WebInspectorUI/UserInterface/Base/Utilities.js 2015-06-17 05:11:49 UTC (rev 185638)
@@ -1007,6 +1007,11 @@
}
});
+function appendWebInspectorSourceURL(string)
+{
+ return string + "\n//# sourceURL=__WebInspectorInternal__\n";
+}
+
function isFunctionStringNativeCode(str)
{
return str.endsWith("{\n [native code]\n}");
Modified: trunk/Source/WebInspectorUI/UserInterface/Controllers/DOMTreeManager.js (185637 => 185638)
--- trunk/Source/WebInspectorUI/UserInterface/Controllers/DOMTreeManager.js 2015-06-17 03:33:26 UTC (rev 185637)
+++ trunk/Source/WebInspectorUI/UserInterface/Controllers/DOMTreeManager.js 2015-06-17 05:11:49 UTC (rev 185638)
@@ -597,7 +597,7 @@
// passing the DOMNode as the "this" reference.
var evalParameters = {
objectId: remoteObject.objectId,
- functionDeclaration: backendFunction.toString(),
+ functionDeclaration: appendWebInspectorSourceURL(backendFunction.toString()),
doNotPauseOnExceptionsAndMuteConsole: true,
returnByValue: false,
generatePreview: false
Modified: trunk/Source/WebInspectorUI/UserInterface/Controllers/_javascript_LogViewController.js (185637 => 185638)
--- trunk/Source/WebInspectorUI/UserInterface/Controllers/_javascript_LogViewController.js 2015-06-17 03:33:26 UTC (rev 185637)
+++ trunk/Source/WebInspectorUI/UserInterface/Controllers/_javascript_LogViewController.js 2015-06-17 05:11:49 UTC (rev 185638)
@@ -232,8 +232,6 @@
this._appendConsoleMessageView(commandResultMessageView, true);
}
- text += "\n//# sourceURL=__WebInspectorConsole__\n";
-
WebInspector.runtimeManager.evaluateInInspectedWindow(text, "console", true, false, false, true, true, printResult.bind(this));
}
Modified: trunk/Source/WebInspectorUI/UserInterface/Controllers/RuntimeManager.js (185637 => 185638)
--- trunk/Source/WebInspectorUI/UserInterface/Controllers/RuntimeManager.js 2015-06-17 03:33:26 UTC (rev 185637)
+++ trunk/Source/WebInspectorUI/UserInterface/Controllers/RuntimeManager.js 2015-06-17 05:11:49 UTC (rev 185638)
@@ -43,6 +43,8 @@
_expression_ = "this";
}
+ _expression_ = appendWebInspectorSourceURL(_expression_);
+
function evalCallback(error, result, wasThrown, savedResultIndex)
{
this.dispatchEventToListeners(WebInspector.RuntimeManager.Event.DidEvaluate);
Modified: trunk/Source/WebInspectorUI/UserInterface/Models/DOMTree.js (185637 => 185638)
--- trunk/Source/WebInspectorUI/UserInterface/Models/DOMTree.js 2015-06-17 03:33:26 UTC (rev 185637)
+++ trunk/Source/WebInspectorUI/UserInterface/Models/DOMTree.js 2015-06-17 05:11:49 UTC (rev 185638)
@@ -210,7 +210,7 @@
// COMPATIBILITY (iOS 6): Execution context identifiers (contextId) did not exist
// in iOS 6. Fallback to including the frame identifier (frameId).
var contextId = this._frame.pageExecutionContext ? this._frame.pageExecutionContext.id : undefined;
- RuntimeAgent.evaluate.invoke({_expression_: "document", objectGroup: "", includeCommandLineAPI: false, doNotPauseOnExceptionsAndMuteConsole: true, contextId, frameId: this._frame.id, returnByValue: false, generatePreview: false}, rootObjectAvailable.bind(this));
+ RuntimeAgent.evaluate.invoke({_expression_: appendWebInspectorSourceURL("document"), objectGroup: "", includeCommandLineAPI: false, doNotPauseOnExceptionsAndMuteConsole: true, contextId, frameId: this._frame.id, returnByValue: false, generatePreview: false}, rootObjectAvailable.bind(this));
}
}
Modified: trunk/Source/WebInspectorUI/UserInterface/Protocol/RemoteObject.js (185637 => 185638)
--- trunk/Source/WebInspectorUI/UserInterface/Protocol/RemoteObject.js 2015-06-17 03:33:26 UTC (rev 185637)
+++ trunk/Source/WebInspectorUI/UserInterface/Protocol/RemoteObject.js 2015-06-17 05:11:49 UTC (rev 185638)
@@ -306,7 +306,8 @@
return;
}
- RuntimeAgent.evaluate.invoke({_expression_:value, doNotPauseOnExceptionsAndMuteConsole:true}, evaluatedCallback.bind(this));
+ // FIXME: It doesn't look like setPropertyValue is used yet. This will need to be tested when it is again (editable ObjectTrees).
+ RuntimeAgent.evaluate.invoke({_expression_:appendWebInspectorSourceURL(value), doNotPauseOnExceptionsAndMuteConsole:true}, evaluatedCallback.bind(this));
function evaluatedCallback(error, result, wasThrown)
{
@@ -322,7 +323,7 @@
delete result.description; // Optimize on traffic.
- RuntimeAgent.callFunctionOn(this._objectId, setPropertyValue.toString(), [{value:name}, result], true, undefined, propertySetCallback.bind(this));
+ RuntimeAgent.callFunctionOn(this._objectId, appendWebInspectorSourceURL(setPropertyValue.toString()), [{value:name}, result], true, undefined, propertySetCallback.bind(this));
if (result._objectId)
RuntimeAgent.releaseObject(result._objectId);
@@ -406,7 +407,7 @@
if (args)
args = args.map(WebInspector.RemoteObject.createCallArgument);
- RuntimeAgent.callFunctionOn(this._objectId, functionDeclaration.toString(), args, true, undefined, generatePreview, mycallback);
+ RuntimeAgent.callFunctionOn(this._objectId, appendWebInspectorSourceURL(functionDeclaration.toString()), args, true, undefined, generatePreview, mycallback);
}
callFunctionJSON(functionDeclaration, args, callback)
@@ -416,7 +417,7 @@
callback((error || wasThrown) ? null : result.value);
}
- RuntimeAgent.callFunctionOn(this._objectId, functionDeclaration.toString(), args, true, true, mycallback);
+ RuntimeAgent.callFunctionOn(this._objectId, appendWebInspectorSourceURL(functionDeclaration.toString()), args, true, true, mycallback);
}
invokeGetter(getterRemoteObject, callback)
Modified: trunk/Source/WebInspectorUI/UserInterface/Views/SourceCodeTextEditor.js (185637 => 185638)
--- trunk/Source/WebInspectorUI/UserInterface/Views/SourceCodeTextEditor.js 2015-06-17 03:33:26 UTC (rev 185637)
+++ trunk/Source/WebInspectorUI/UserInterface/Views/SourceCodeTextEditor.js 2015-06-17 05:11:49 UTC (rev 185638)
@@ -1384,13 +1384,15 @@
}
}
+ var _expression_ = appendWebInspectorSourceURL(candidate._expression_);
+
if (WebInspector.debuggerManager.activeCallFrame) {
- DebuggerAgent.evaluateOnCallFrame.invoke({callFrameId: WebInspector.debuggerManager.activeCallFrame.id, _expression_: candidate._expression_, objectGroup: "popover", doNotPauseOnExceptionsAndMuteConsole: true}, populate.bind(this));
+ DebuggerAgent.evaluateOnCallFrame.invoke({callFrameId: WebInspector.debuggerManager.activeCallFrame.id, _expression_, objectGroup: "popover", doNotPauseOnExceptionsAndMuteConsole: true}, populate.bind(this));
return;
}
// No call frame available. Use the main page's context.
- RuntimeAgent.evaluate.invoke({_expression_: candidate._expression_, objectGroup: "popover", doNotPauseOnExceptionsAndMuteConsole: true}, populate.bind(this));
+ RuntimeAgent.evaluate.invoke({_expression_, objectGroup: "popover", doNotPauseOnExceptionsAndMuteConsole: true}, populate.bind(this));
}
_tokenTrackingControllerHighlightedJavaScriptTypeInformation(candidate)