[webkit-changes] [207318] trunk/Source/WebCore

Thu, 13 Oct 2016 18:13:54 -0700

Title: [207318] trunk/Source/WebCore
Revision
207318
Author
aes...@apple.com
Date
2016-10-13 18:14:05 -0700 (Thu, 13 Oct 2016)

Log Message

[iOS] Support Web Archive previews generated by QuickLook
https://bugs.webkit.org/show_bug.cgi?id=162951
<rdar://problem/28607920>

Reviewed by Brady Eidson.

QuickLook might generate a Web Archive preview for some resource types, but WebKit would
refuse to load it due to the prohibition on loading remote Web Archives. Even though the
original resource might be from a remote origin, the QuickLook-generated preview is a
trusted local resource, so allow it to be loaded.

No test possible.

* loader/DocumentLoader.cpp:
(WebCore::isRemoteWebArchive): Added. Moved the remote web archive check from
continueAfterContentPolicy() to here, and added a check for responses containing the
QuickLook preview protocol.
(WebCore::DocumentLoader::continueAfterContentPolicy): Called isRemoteWebArchive().

Modified Paths

Diff

Modified: trunk/Source/WebCore/ChangeLog (207317 => 207318)


--- trunk/Source/WebCore/ChangeLog	2016-10-14 01:10:30 UTC (rev 207317)
+++ trunk/Source/WebCore/ChangeLog	2016-10-14 01:14:05 UTC (rev 207318)
@@ -1,3 +1,24 @@
+2016-10-13  Andy Estes  <aes...@apple.com>
+
+        [iOS] Support Web Archive previews generated by QuickLook
+        https://bugs.webkit.org/show_bug.cgi?id=162951
+        <rdar://problem/28607920>
+
+        Reviewed by Brady Eidson.
+
+        QuickLook might generate a Web Archive preview for some resource types, but WebKit would
+        refuse to load it due to the prohibition on loading remote Web Archives. Even though the
+        original resource might be from a remote origin, the QuickLook-generated preview is a
+        trusted local resource, so allow it to be loaded.
+
+        No test possible.
+
+        * loader/DocumentLoader.cpp:
+        (WebCore::isRemoteWebArchive): Added. Moved the remote web archive check from
+        continueAfterContentPolicy() to here, and added a check for responses containing the
+        QuickLook preview protocol.
+        (WebCore::DocumentLoader::continueAfterContentPolicy): Called isRemoteWebArchive().
+
 2016-10-13  Dean Jackson  <d...@apple.com>
 
         CSS parsing should use Color not RGBA32

Modified: trunk/Source/WebCore/loader/DocumentLoader.cpp (207317 => 207318)


--- trunk/Source/WebCore/loader/DocumentLoader.cpp	2016-10-14 01:10:30 UTC (rev 207317)
+++ trunk/Source/WebCore/loader/DocumentLoader.cpp	2016-10-14 01:14:05 UTC (rev 207318)
@@ -81,6 +81,10 @@
 #include "ContentFilter.h"
 #endif
 
+#if USE(QUICK_LOOK)
+#include "QuickLook.h"
+#endif
+
 #define RELEASE_LOG_IF_ALLOWED(fmt, ...) RELEASE_LOG_IF(isAlwaysOnLoggingAllowed(), Network, "%p - DocumentLoader::" fmt, this, ##__VA_ARGS__)
 
 namespace WebCore {
@@ -744,6 +748,32 @@
     });
 }
 
+static bool isRemoteWebArchive(const DocumentLoader& documentLoader)
+{
+    using MIMETypeHashSet = HashSet<String, ASCIICaseInsensitiveHash>;
+    static NeverDestroyed<MIMETypeHashSet> webArchiveMIMETypes {
+        MIMETypeHashSet {
+            ASCIILiteral("application/x-webarchive"),
+            ASCIILiteral("application/x-mimearchive"),
+            ASCIILiteral("multipart/related"),
+#if PLATFORM(GTK)
+            ASCIILiteral("message/rfc822"),
+#endif
+        }
+    };
+
+    const ResourceResponse& response = documentLoader.response();
+    if (!webArchiveMIMETypes.get().contains(response.mimeType()))
+        return false;
+
+#if USE(QUICK_LOOK)
+    if (response.url().protocolIs(QLPreviewProtocol()))
+        return false;
+#endif
+
+    return !documentLoader.substituteData().isValid() && !SchemeRegistry::shouldTreatURLSchemeAsLocal(documentLoader.request().url().protocol());
+}
+
 void DocumentLoader::continueAfterContentPolicy(PolicyAction policy)
 {
     ASSERT(m_waitingForContentPolicy);
@@ -751,20 +781,10 @@
     if (isStopping())
         return;
 
-    URL url = ""
-    const String& mimeType = m_response.mimeType();
-    
     switch (policy) {
     case PolicyUse: {
         // Prevent remote web archives from loading because they can claim to be from any domain and thus avoid cross-domain security checks (4120255).
-        bool isRemoteWebArchive = (equalLettersIgnoringASCIICase(mimeType, "application/x-webarchive")
-            || equalLettersIgnoringASCIICase(mimeType, "application/x-mimearchive")
-#if PLATFORM(GTK)
-            || equalLettersIgnoringASCIICase(mimeType, "message/rfc822")
-#endif
-            || equalLettersIgnoringASCIICase(mimeType, "multipart/related"))
-            && !m_substituteData.isValid() && !SchemeRegistry::shouldTreatURLSchemeAsLocal(url.protocol());
-        if (!frameLoader()->client().canShowMIMEType(mimeType) || isRemoteWebArchive) {
+        if (!frameLoader()->client().canShowMIMEType(m_response.mimeType()) || isRemoteWebArchive(*this)) {
             frameLoader()->policyChecker().cannotShowMIMEType(m_response);
             // Check reachedTerminalState since the load may have already been canceled inside of _handleUnimplementablePolicyWithErrorCode::.
             stopLoadingForPolicyChange();

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to