Diff
Modified: branches/safari-603.1.30.0-branch/Source/WebCore/ChangeLog (213077 => 213078)
--- branches/safari-603.1.30.0-branch/Source/WebCore/ChangeLog 2017-02-27 17:39:10 UTC (rev 213077)
+++ branches/safari-603.1.30.0-branch/Source/WebCore/ChangeLog 2017-02-27 17:39:16 UTC (rev 213078)
@@ -1,5 +1,25 @@
2017-02-27 Matthew Hanson <matthew_han...@apple.com>
+ Merge r213010. rdar://problem/30704432
+
+ 2017-02-26 Chris Dumez <cdu...@apple.com>
+
+ HitTestResult's linkSuggestedFilename should sanitize download attribute
+ https://bugs.webkit.org/show_bug.cgi?id=168856
+ <rdar://problem/30683109>
+
+ Reviewed by Antti Koivisto.
+
+ HitTestResult's linkSuggestedFilename should sanitize download attribute.
+ This is used by the context menu's "Download Linked File" & "Download Linked
+ File As..." actions.
+
+ * rendering/HitTestResult.cpp:
+ (WebCore::HitTestResult::linkSuggestedFilename):
+ * rendering/HitTestResult.h:
+
+2017-02-27 Matthew Hanson <matthew_han...@apple.com>
+
Merge r212987. rdar://problem/30704432
2017-02-24 Chris Dumez <cdu...@apple.com>
Modified: branches/safari-603.1.30.0-branch/Source/WebCore/rendering/HitTestResult.cpp (213077 => 213078)
--- branches/safari-603.1.30.0-branch/Source/WebCore/rendering/HitTestResult.cpp 2017-02-27 17:39:10 UTC (rev 213077)
+++ branches/safari-603.1.30.0-branch/Source/WebCore/rendering/HitTestResult.cpp 2017-02-27 17:39:16 UTC (rev 213078)
@@ -785,12 +785,12 @@
return node->parentElement();
}
-const AtomicString& HitTestResult::URLElementDownloadAttribute() const
+String HitTestResult::linkSuggestedFilename() const
{
auto* urlElement = URLElement();
if (!is<HTMLAnchorElement>(urlElement))
return nullAtom;
- return urlElement->attributeWithoutSynchronization(HTMLNames::downloadAttr);
+ return ResourceResponse::sanitizeSuggestedFilename(urlElement->attributeWithoutSynchronization(HTMLNames::downloadAttr));
}
bool HitTestResult::mediaSupportsEnhancedFullscreen() const
Modified: branches/safari-603.1.30.0-branch/Source/WebCore/rendering/HitTestResult.h (213077 => 213078)
--- branches/safari-603.1.30.0-branch/Source/WebCore/rendering/HitTestResult.h 2017-02-27 17:39:10 UTC (rev 213077)
+++ branches/safari-603.1.30.0-branch/Source/WebCore/rendering/HitTestResult.h 2017-02-27 17:39:16 UTC (rev 213078)
@@ -62,7 +62,7 @@
Scrollbar* scrollbar() const { return m_scrollbar.get(); }
bool isOverWidget() const { return m_isOverWidget; }
- WEBCORE_EXPORT const AtomicString& URLElementDownloadAttribute() const;
+ WEBCORE_EXPORT String linkSuggestedFilename() const;
// Forwarded from HitTestLocation
bool isRectBasedTest() const { return m_hitTestLocation.isRectBasedTest(); }
Modified: branches/safari-603.1.30.0-branch/Source/WebKit2/ChangeLog (213077 => 213078)
--- branches/safari-603.1.30.0-branch/Source/WebKit2/ChangeLog 2017-02-27 17:39:10 UTC (rev 213077)
+++ branches/safari-603.1.30.0-branch/Source/WebKit2/ChangeLog 2017-02-27 17:39:16 UTC (rev 213078)
@@ -1,3 +1,24 @@
+2017-02-27 Matthew Hanson <matthew_han...@apple.com>
+
+ Merge r213010. rdar://problem/30704432
+
+ 2017-02-26 Chris Dumez <cdu...@apple.com>
+
+ HitTestResult's linkSuggestedFilename should sanitize download attribute
+ https://bugs.webkit.org/show_bug.cgi?id=168856
+ <rdar://problem/30683109>
+
+ Reviewed by Antti Koivisto.
+
+ HitTestResult's linkSuggestedFilename should sanitize download attribute.
+ This is used by the context menu's "Download Linked File" & "Download Linked
+ File As..." actions.
+
+ * Shared/WebHitTestResultData.cpp:
+ (WebKit::WebHitTestResultData::WebHitTestResultData):
+ * WebProcess/InjectedBundle/InjectedBundleHitTestResult.cpp:
+ (WebKit::InjectedBundleHitTestResult::linkSuggestedFilename):
+
2017-02-17 JF Bastien <jfbast...@apple.com>
A/B test concurrent GC
Modified: branches/safari-603.1.30.0-branch/Source/WebKit2/Shared/WebHitTestResultData.cpp (213077 => 213078)
--- branches/safari-603.1.30.0-branch/Source/WebKit2/Shared/WebHitTestResultData.cpp 2017-02-27 17:39:10 UTC (rev 213077)
+++ branches/safari-603.1.30.0-branch/Source/WebKit2/Shared/WebHitTestResultData.cpp 2017-02-27 17:39:16 UTC (rev 213078)
@@ -46,7 +46,7 @@
, absoluteMediaURL(hitTestResult.absoluteMediaURL().string())
, linkLabel(hitTestResult.textContent())
, linkTitle(hitTestResult.titleDisplayString())
- , linkSuggestedFilename(hitTestResult.URLElementDownloadAttribute().string())
+ , linkSuggestedFilename(hitTestResult.linkSuggestedFilename())
, isContentEditable(hitTestResult.isContentEditable())
, elementBoundingBox(elementBoundingBoxInWindowCoordinates(hitTestResult))
, isScrollbar(hitTestResult.scrollbar())
@@ -66,7 +66,7 @@
, absoluteMediaURL(hitTestResult.absoluteMediaURL().string())
, linkLabel(hitTestResult.textContent())
, linkTitle(hitTestResult.titleDisplayString())
- , linkSuggestedFilename(hitTestResult.URLElementDownloadAttribute().string())
+ , linkSuggestedFilename(hitTestResult.linkSuggestedFilename())
, isContentEditable(hitTestResult.isContentEditable())
, elementBoundingBox(elementBoundingBoxInWindowCoordinates(hitTestResult))
, isScrollbar(hitTestResult.scrollbar())
Modified: branches/safari-603.1.30.0-branch/Source/WebKit2/WebProcess/InjectedBundle/InjectedBundleHitTestResult.cpp (213077 => 213078)
--- branches/safari-603.1.30.0-branch/Source/WebKit2/WebProcess/InjectedBundle/InjectedBundleHitTestResult.cpp 2017-02-27 17:39:10 UTC (rev 213077)
+++ branches/safari-603.1.30.0-branch/Source/WebKit2/WebProcess/InjectedBundle/InjectedBundleHitTestResult.cpp 2017-02-27 17:39:16 UTC (rev 213078)
@@ -141,7 +141,7 @@
String InjectedBundleHitTestResult::linkSuggestedFilename() const
{
- return m_hitTestResult.URLElementDownloadAttribute();
+ return m_hitTestResult.linkSuggestedFilename();
}
IntRect InjectedBundleHitTestResult::imageRect() const
Modified: branches/safari-603.1.30.0-branch/Tools/ChangeLog (213077 => 213078)
--- branches/safari-603.1.30.0-branch/Tools/ChangeLog 2017-02-27 17:39:10 UTC (rev 213077)
+++ branches/safari-603.1.30.0-branch/Tools/ChangeLog 2017-02-27 17:39:16 UTC (rev 213078)
@@ -1,3 +1,23 @@
+2017-02-27 Matthew Hanson <matthew_han...@apple.com>
+
+ Merge r213010. rdar://problem/30704432
+
+ 2017-02-26 Chris Dumez <cdu...@apple.com>
+
+ HitTestResult's linkSuggestedFilename should sanitize download attribute
+ https://bugs.webkit.org/show_bug.cgi?id=168856
+ <rdar://problem/30683109>
+
+ Reviewed by Antti Koivisto.
+
+ Add test coverage.
+
+ * TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
+ * TestWebKitAPI/Tests/WebKit2/link-with-download-attribute-with-slashes.html: Added.
+ * TestWebKitAPI/Tests/WebKit2/mac/ContextMenuDownload.mm:
+ (TestWebKitAPI::decideDestinationWithSuggestedFilenameContainingSlashes):
+ (TestWebKitAPI::TEST):
+
2017-02-17 Matthew Hanson <matthew_han...@apple.com>
Rollout r212500. rdar://problem/29904368
Modified: branches/safari-603.1.30.0-branch/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj (213077 => 213078)
--- branches/safari-603.1.30.0-branch/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj 2017-02-27 17:39:10 UTC (rev 213077)
+++ branches/safari-603.1.30.0-branch/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj 2017-02-27 17:39:16 UTC (rev 213078)
@@ -431,6 +431,7 @@
8349D3C21DB96DDE004A9F65 /* ContextMenuDownload.mm in Sources */ = {isa = PBXBuildFile; fileRef = 8349D3C11DB96DDA004A9F65 /* ContextMenuDownload.mm */; };
8349D3C41DB9728E004A9F65 /* link-with-download-attribute.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 8349D3C31DB9724F004A9F65 /* link-with-download-attribute.html */; };
835CF9671D25FCD6001A65D4 /* RestoreSessionStateWithoutNavigation.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 835CF9661D25FCD6001A65D4 /* RestoreSessionStateWithoutNavigation.cpp */; };
+ 8361F1781E610B4E00759B25 /* link-with-download-attribute-with-slashes.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 8361F1771E610B2100759B25 /* link-with-download-attribute-with-slashes.html */; };
837A35F11D9A1E7D00663C57 /* DownloadRequestBlobURL.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 837A35F01D9A1E6400663C57 /* DownloadRequestBlobURL.html */; };
83CF1C301C4F1B8B00688447 /* StringUtilities.mm in Sources */ = {isa = PBXBuildFile; fileRef = 83CF1C2C1C4F19AE00688447 /* StringUtilities.mm */; };
930AD402150698D00067970F /* lots-of-text.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 930AD401150698B30067970F /* lots-of-text.html */; };
@@ -607,6 +608,7 @@
dstPath = TestWebKitAPI.resources;
dstSubfolderSpec = 7;
files = (
+ 8361F1781E610B4E00759B25 /* link-with-download-attribute-with-slashes.html in Copy Resources */,
CD321B041E3A85FA00EB21C8 /* video-with-muted-audio-and-webaudio.html in Copy Resources */,
7AEAD4811E20122700416EFE /* CrossPartitionFileSchemeAccess.html in Copy Resources */,
CDB4115A1E0B00DB00EAD352 /* video-with-muted-audio.html in Copy Resources */,
@@ -1094,6 +1096,7 @@
8349D3C11DB96DDA004A9F65 /* ContextMenuDownload.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = ContextMenuDownload.mm; sourceTree = "<group>"; };
8349D3C31DB9724F004A9F65 /* link-with-download-attribute.html */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.html; path = "link-with-download-attribute.html"; sourceTree = "<group>"; };
835CF9661D25FCD6001A65D4 /* RestoreSessionStateWithoutNavigation.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = RestoreSessionStateWithoutNavigation.cpp; sourceTree = "<group>"; };
+ 8361F1771E610B2100759B25 /* link-with-download-attribute-with-slashes.html */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.html; path = "link-with-download-attribute-with-slashes.html"; sourceTree = "<group>"; };
837A35F01D9A1E6400663C57 /* DownloadRequestBlobURL.html */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.html; path = DownloadRequestBlobURL.html; sourceTree = "<group>"; };
83B88A331C80056D00BB2418 /* HTMLParserIdioms.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = HTMLParserIdioms.cpp; sourceTree = "<group>"; };
83CF1C2C1C4F19AE00688447 /* StringUtilities.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = StringUtilities.mm; sourceTree = "<group>"; };
@@ -1983,6 +1986,7 @@
BCBD372E125ABBE600D2C29F /* icon.png */,
CE3524F51B142BBB0028A7C5 /* input-focus-blur.html */,
8349D3C31DB9724F004A9F65 /* link-with-download-attribute.html */,
+ 8361F1771E610B2100759B25 /* link-with-download-attribute-with-slashes.html */,
378E647816326FDF00B6C676 /* link-with-title.html */,
9361002814DC957B0061379D /* lots-of-iframes.html */,
93AF4ECF1506F123007FD57E /* lots-of-images.html */,
Added: branches/safari-603.1.30.0-branch/Tools/TestWebKitAPI/Tests/WebKit2/link-with-download-attribute-with-slashes.html (0 => 213078)
--- branches/safari-603.1.30.0-branch/Tools/TestWebKitAPI/Tests/WebKit2/link-with-download-attribute-with-slashes.html (rev 0)
+++ branches/safari-603.1.30.0-branch/Tools/TestWebKitAPI/Tests/WebKit2/link-with-download-attribute-with-slashes.html 2017-02-27 17:39:16 UTC (rev 213078)
@@ -0,0 +1,10 @@
+<html>
+ <body>
+ <a id="testAnchor" style="display: block; height: 100%; width: 100%" download="test1/test2/downloadAttributeValue.txt"></a>
+ <script>
+ var blob = new Blob(["Hello world!"], {type: "application/octet-stream"});
+ var link = document.getElementById("testAnchor");
+ link.href = ""
+ </script>
+ </body>
+</html>
Modified: branches/safari-603.1.30.0-branch/Tools/TestWebKitAPI/Tests/WebKit2/mac/ContextMenuDownload.mm (213077 => 213078)
--- branches/safari-603.1.30.0-branch/Tools/TestWebKitAPI/Tests/WebKit2/mac/ContextMenuDownload.mm 2017-02-27 17:39:10 UTC (rev 213077)
+++ branches/safari-603.1.30.0-branch/Tools/TestWebKitAPI/Tests/WebKit2/mac/ContextMenuDownload.mm 2017-02-27 17:39:16 UTC (rev 213078)
@@ -108,4 +108,50 @@
Util::run(&didDecideDownloadDestination);
}
+static WKStringRef decideDestinationWithSuggestedFilenameContainingSlashes(WKContextRef, WKDownloadRef download, WKStringRef suggestedFilename, bool*, const void*)
+{
+ // Make sure the suggested filename is provided and matches the value of the download attribute in the HTML, after sanitization.
+ EXPECT_WK_STREQ("test1_test2_downloadAttributeValue.txt", suggestedFilename);
+
+ WKDownloadCancel(download);
+ didDecideDownloadDestination = true;
+
+ return Util::toWK("/tmp/WebKitAPITest/ContextMenuDownload").leakRef();
}
+
+TEST(WebKit2, ContextMenuDownloadHTMLDownloadAttributeWithSlashes)
+{
+ WKRetainPtr<WKContextRef> context(AdoptWK, Util::createContextWithInjectedBundle());
+
+ WKContextDownloadClientV0 client;
+ memset(&client, 0, sizeof(client));
+ client.base.version = 0;
+ client.decideDestinationWithSuggestedFilename = decideDestinationWithSuggestedFilenameContainingSlashes;
+ WKContextSetDownloadClient(context.get(), &client.base);
+
+ WKRetainPtr<WKPageGroupRef> pageGroup(AdoptWK, WKPageGroupCreateWithIdentifier(Util::toWK("MyGroup").get()));
+ PlatformWebView webView(context.get(), pageGroup.get());
+
+ WKPageLoaderClientV0 loaderClient;
+ memset(&loaderClient, 0, sizeof(loaderClient));
+ loaderClient.base.version = 0;
+ loaderClient.didFinishLoadForFrame = didFinishLoadForFrame;
+ WKPageSetPageLoaderClient(webView.page(), &loaderClient.base);
+
+ WKPageContextMenuClientV3 contextMenuClient;
+ memset(&contextMenuClient, 0, sizeof(contextMenuClient));
+ contextMenuClient.base.version = 3;
+ contextMenuClient.getContextMenuFromProposedMenu = getContextMenuFromProposedMenu;
+ WKPageSetPageContextMenuClient(webView.page(), &contextMenuClient.base);
+
+ WKRetainPtr<WKURLRef> url(AdoptWK, Util::createURLForResource("link-with-download-attribute-with-slashes", "html"));
+
+ WKPageLoadURL(webView.page(), url.get());
+ Util::run(&didFinishLoad);
+
+ // Right click on link.
+ webView.simulateButtonClick(kWKEventMouseButtonRightButton, 50, 50, 0);
+ Util::run(&didDecideDownloadDestination);
+}
+
+}