Title: [258744] trunk/Source/WebCore
- Revision
- 258744
- Author
- commit-qu...@webkit.org
- Date
- 2020-03-19 16:48:18 -0700 (Thu, 19 Mar 2020)
Log Message
ScriptDisallowedScope should disable isEventAllowedInMainThread and isEventDispatchAllowedInSubtree asserts in WebKit1
https://bugs.webkit.org/show_bug.cgi?id=209165
Patch by Sunny He <sunny...@apple.com> on 2020-03-19
Reviewed by Ryosuke Niwa.
Under very intricate sequences of event dispatch in WebKit1, it is
possible for security asserts to be triggered even if there is no
underlying security issue soley due to the design patterns of
WebKit1.
No new tests since the conditions for reproduction are very delicate
and difficult to reliably capture in a test case.
* dom/ScriptDisallowedScope.h:
(WebCore::ScriptDisallowedScope::isEventAllowedInMainThread):
(WebCore::ScriptDisallowedScope::InMainThread::isEventDispatchAllowedInSubtree):
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (258743 => 258744)
--- trunk/Source/WebCore/ChangeLog 2020-03-19 23:41:31 UTC (rev 258743)
+++ trunk/Source/WebCore/ChangeLog 2020-03-19 23:48:18 UTC (rev 258744)
@@ -1,3 +1,22 @@
+2020-03-19 Sunny He <sunny...@apple.com>
+
+ ScriptDisallowedScope should disable isEventAllowedInMainThread and isEventDispatchAllowedInSubtree asserts in WebKit1
+ https://bugs.webkit.org/show_bug.cgi?id=209165
+
+ Reviewed by Ryosuke Niwa.
+
+ Under very intricate sequences of event dispatch in WebKit1, it is
+ possible for security asserts to be triggered even if there is no
+ underlying security issue soley due to the design patterns of
+ WebKit1.
+
+ No new tests since the conditions for reproduction are very delicate
+ and difficult to reliably capture in a test case.
+
+ * dom/ScriptDisallowedScope.h:
+ (WebCore::ScriptDisallowedScope::isEventAllowedInMainThread):
+ (WebCore::ScriptDisallowedScope::InMainThread::isEventDispatchAllowedInSubtree):
+
2020-03-19 Tim Horton <timothy_hor...@apple.com>
Upstream the definition of HAVE_READ_ONLY_SYSTEM_VOLUME
Modified: trunk/Source/WebCore/dom/ScriptDisallowedScope.h (258743 => 258744)
--- trunk/Source/WebCore/dom/ScriptDisallowedScope.h 2020-03-19 23:41:31 UTC (rev 258743)
+++ trunk/Source/WebCore/dom/ScriptDisallowedScope.h 2020-03-19 23:48:18 UTC (rev 258744)
@@ -24,6 +24,7 @@
#pragma once
#include "ContainerNode.h"
+#include "RuntimeApplicationChecks.h"
#include <wtf/MainThread.h>
#if PLATFORM(IOS_FAMILY)
@@ -62,7 +63,7 @@
static bool isEventAllowedInMainThread()
{
- return !isMainThread() || !s_count;
+ return !isInWebProcess() || !isMainThread() || !s_count;
}
class InMainThread {
@@ -85,7 +86,7 @@
static bool isEventDispatchAllowedInSubtree(Node& node)
{
#if ASSERT_ENABLED || ENABLE(SECURITY_ASSERTIONS)
- return isScriptAllowed() || EventAllowedScope::isAllowedNode(node);
+ return !isInWebProcess() || isScriptAllowed() || EventAllowedScope::isAllowedNode(node);
#else
UNUSED_PARAM(node);
return true;
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes