Diff
Modified: trunk/Source/WebCore/platform/text/StringWithDirection.h (215783 => 215784)
--- trunk/Source/WebCore/platform/text/StringWithDirection.h 2017-04-26 01:45:04 UTC (rev 215783)
+++ trunk/Source/WebCore/platform/text/StringWithDirection.h 2017-04-26 01:53:06 UTC (rev 215784)
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2011 Google Inc. All rights reserved.
+ * Copyright (C) 2017 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are
@@ -62,4 +63,11 @@
return !(a == b);
}
+inline StringWithDirection truncateFromEnd(const StringWithDirection& string, unsigned maxLength)
+{
+ if (string.direction == LTR)
+ return StringWithDirection(string.string.left(maxLength), LTR);
+ return StringWithDirection(string.string.right(maxLength), RTL);
}
+
+}
Modified: trunk/Source/WebKit/mac/ChangeLog (215783 => 215784)
--- trunk/Source/WebKit/mac/ChangeLog 2017-04-26 01:45:04 UTC (rev 215783)
+++ trunk/Source/WebKit/mac/ChangeLog 2017-04-26 01:53:06 UTC (rev 215784)
@@ -1,3 +1,23 @@
+2017-04-25 Brent Fulgham <bfulg...@apple.com>
+
+ Limit allowed size of document.title to avoid locking WebKit clients
+ https://bugs.webkit.org/show_bug.cgi?id=165113
+ <rdar://problem/28324389>
+
+ Reviewed by Darin Adler.
+
+ When a web application attempts to set an extremely long title, truncate the
+ title to a more reasonable size.
+
+ We do this at at the presentation layer, rather than in the DOM, so that we do
+ not affect script function. Instead, we merely limit display to a level that is
+ reasonable for normal GUI widgets. Anything else needs to be truncated in the UI
+ layer, so it is a waste of effort to send across IPC.
+
+ * WebCoreSupport/WebFrameLoaderClient.h:
+ * WebCoreSupport/WebFrameLoaderClient.mm:
+ (WebFrameLoaderClient::dispatchDidReceiveTitle):
+
2017-04-25 Daniel Bates <daba...@apple.com>
[Cocoa][Win] Enable of X-Content-Type-Options: nosniff header
Modified: trunk/Source/WebKit/mac/WebCoreSupport/WebFrameLoaderClient.mm (215783 => 215784)
--- trunk/Source/WebKit/mac/WebCoreSupport/WebFrameLoaderClient.mm 2017-04-26 01:45:04 UTC (rev 215783)
+++ trunk/Source/WebKit/mac/WebCoreSupport/WebFrameLoaderClient.mm 2017-04-26 01:53:06 UTC (rev 215784)
@@ -681,13 +681,17 @@
CallFrameLoadDelegate(implementations->didStartProvisionalLoadForFrameFunc, webView, @selector(webView:didStartProvisionalLoadForFrame:), m_webFrame.get());
}
+static constexpr unsigned maxTitleLength = 1000; // Closest power of 10 above the W3C recommendation for Title length.
+
void WebFrameLoaderClient::dispatchDidReceiveTitle(const StringWithDirection& title)
{
+ auto truncatedTitle = truncateFromEnd(title, maxTitleLength);
+
WebView *webView = getWebView(m_webFrame.get());
WebFrameLoadDelegateImplementationCache* implementations = WebViewGetFrameLoadDelegateImplementations(webView);
if (implementations->didReceiveTitleForFrameFunc) {
// FIXME: Use direction of title.
- CallFrameLoadDelegate(implementations->didReceiveTitleForFrameFunc, webView, @selector(webView:didReceiveTitle:forFrame:), (NSString *)title.string, m_webFrame.get());
+ CallFrameLoadDelegate(implementations->didReceiveTitleForFrameFunc, webView, @selector(webView:didReceiveTitle:forFrame:), (NSString *)truncatedTitle.string, m_webFrame.get());
}
}
Modified: trunk/Source/WebKit2/ChangeLog (215783 => 215784)
--- trunk/Source/WebKit2/ChangeLog 2017-04-26 01:45:04 UTC (rev 215783)
+++ trunk/Source/WebKit2/ChangeLog 2017-04-26 01:53:06 UTC (rev 215784)
@@ -1,3 +1,23 @@
+2017-04-25 Brent Fulgham <bfulg...@apple.com>
+
+ Limit allowed size of document.title to avoid locking WebKit clients
+ https://bugs.webkit.org/show_bug.cgi?id=165113
+ <rdar://problem/28324389>
+
+ Reviewed by Darin Adler.
+
+ When a web application attempts to set an extremely long title, truncate the
+ title to a more reasonable size.
+
+ We do this at at the presentation layer, rather than in the DOM, so that we do
+ not affect script function. Instead, we merely limit display to a level that is
+ reasonable for normal GUI widgets. Anything else needs to be truncated in the UI
+ layer, so it is a waste of effort to send across IPC.
+
+ * WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp:
+ (WebKit::WebFrameLoaderClient::dispatchDidReceiveTitle):
+ * WebProcess/WebCoreSupport/WebFrameLoaderClient.h:
+
2017-04-25 John Wilander <wilan...@apple.com>
Resource Load Statistics: Introduce shorter time-to-live for cookie partition whitelisting
Modified: trunk/Source/WebKit2/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp (215783 => 215784)
--- trunk/Source/WebKit2/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp 2017-04-26 01:45:04 UTC (rev 215783)
+++ trunk/Source/WebKit2/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp 2017-04-26 01:53:06 UTC (rev 215784)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2010-2016 Apple Inc. All rights reserved.
+ * Copyright (C) 2010-2017 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -424,6 +424,8 @@
webPage->send(Messages::WebPageProxy::DidStartProvisionalLoadForFrame(m_frame->frameID(), provisionalLoader.navigationID(), url, unreachableURL, UserData(WebProcess::singleton().transformObjectsToHandles(userData.get()).get())));
}
+static constexpr unsigned maxTitleLength = 1000; // Closest power of 10 above the W3C recommendation for Title length.
+
void WebFrameLoaderClient::dispatchDidReceiveTitle(const StringWithDirection& title)
{
WebPage* webPage = m_frame->page();
@@ -430,14 +432,16 @@
if (!webPage)
return;
+ auto truncatedTitle = truncateFromEnd(title, maxTitleLength);
+
RefPtr<API::Object> userData;
// Notify the bundle client.
// FIXME: Use direction of title.
- webPage->injectedBundleLoaderClient().didReceiveTitleForFrame(webPage, title.string, m_frame, userData);
+ webPage->injectedBundleLoaderClient().didReceiveTitleForFrame(webPage, truncatedTitle.string, m_frame, userData);
// Notify the UIProcess.
- webPage->send(Messages::WebPageProxy::DidReceiveTitleForFrame(m_frame->frameID(), title.string, UserData(WebProcess::singleton().transformObjectsToHandles(userData.get()).get())));
+ webPage->send(Messages::WebPageProxy::DidReceiveTitleForFrame(m_frame->frameID(), truncatedTitle.string, UserData(WebProcess::singleton().transformObjectsToHandles(userData.get()).get())));
}
void WebFrameLoaderClient::dispatchDidCommitLoad(std::optional<HasInsecureContent> hasInsecureContent)
Modified: trunk/Tools/ChangeLog (215783 => 215784)
--- trunk/Tools/ChangeLog 2017-04-26 01:45:04 UTC (rev 215783)
+++ trunk/Tools/ChangeLog 2017-04-26 01:53:06 UTC (rev 215784)
@@ -1,3 +1,16 @@
+2017-04-25 Brent Fulgham <bfulg...@apple.com>
+
+ Limit allowed size of document.title to avoid locking WebKit clients
+ https://bugs.webkit.org/show_bug.cgi?id=165113
+ <rdar://problem/28324389>
+
+ Reviewed by Darin Adler.
+
+ * TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj: Add new files.
+ * TestWebKitAPI/Tests/WebKit2/LimitTitleSize.cpp: Added.
+ * TestWebKitAPI/Tests/WebKit2/set-long-title.html: Added.
+ * TestWebKitAPI/Tests/mac/LimitTitleSize.mm: Added.
+
2017-04-25 John Wilander <wilan...@apple.com>
Resource Load Statistics: Introduce shorter time-to-live for cookie partition whitelisting
Modified: trunk/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj (215783 => 215784)
--- trunk/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj 2017-04-26 01:45:04 UTC (rev 215783)
+++ trunk/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj 2017-04-26 01:53:06 UTC (rev 215784)
@@ -216,8 +216,11 @@
7A010BCB1D877C0500EDE72A /* CoreGraphics.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 7A010BCA1D877C0500EDE72A /* CoreGraphics.framework */; };
7A010BCD1D877C0D00EDE72A /* QuartzCore.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 7A010BCC1D877C0D00EDE72A /* QuartzCore.framework */; };
7A1458FC1AD5C07000E06772 /* mouse-button-listener.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 7A1458FB1AD5C03500E06772 /* mouse-button-listener.html */; };
+ 7A66BDB61EAF14EF00CCC924 /* LimitTitleSize.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 7A66BDB51EAF14D000CCC924 /* LimitTitleSize.cpp */; };
+ 7A66BDB81EAF18D500CCC924 /* set-long-title.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 7A66BDB71EAF150100CCC924 /* set-long-title.html */; };
7A6A2C701DCCFA8C00C0D085 /* LocalStorageQuirkTest.mm in Sources */ = {isa = PBXBuildFile; fileRef = 7A6A2C6F1DCCF87B00C0D085 /* LocalStorageQuirkTest.mm */; };
7A6A2C721DCCFB5200C0D085 /* LocalStorageQuirkEnabled.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 7A6A2C711DCCFB0200C0D085 /* LocalStorageQuirkEnabled.html */; };
+ 7A7B0E7F1EAFE4C3006AB8AE /* LimitTitleSize.mm in Sources */ = {isa = PBXBuildFile; fileRef = 7A7B0E7E1EAFE454006AB8AE /* LimitTitleSize.mm */; };
7A909A7D1D877480007E10F8 /* AffineTransform.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 7A909A6F1D877475007E10F8 /* AffineTransform.cpp */; };
7A909A7E1D877480007E10F8 /* FloatPoint.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 7A909A701D877475007E10F8 /* FloatPoint.cpp */; };
7A909A7F1D877480007E10F8 /* FloatRect.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 7A909A711D877475007E10F8 /* FloatRect.cpp */; };
@@ -823,6 +826,7 @@
F6FDDDD614241C6F004F1729 /* push-state.html in Copy Resources */,
A12DDC001E8373E700CF6CAE /* rendered-image-excluding-overflow.html in Copy Resources */,
52B8CF9815868D9100281053 /* SetDocumentURI.html in Copy Resources */,
+ 7A66BDB81EAF18D500CCC924 /* set-long-title.html in Copy Resources */,
CEBABD491B71687C0051210A /* should-open-external-schemes.html in Copy Resources */,
1ADBEFE3130C6AA100D61D19 /* simple-accelerated-compositing.html in Copy Resources */,
C0ADBE9612FCA79B00D2C129 /* simple-form.html in Copy Resources */,
@@ -1165,8 +1169,11 @@
7A1458FB1AD5C03500E06772 /* mouse-button-listener.html */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.html; path = "mouse-button-listener.html"; sourceTree = "<group>"; };
7A38D7E51C752D5F004F157D /* HashCountedSet.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = HashCountedSet.cpp; sourceTree = "<group>"; };
7A5623101AD5AF3E0096B920 /* MenuTypesForMouseEvents.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = MenuTypesForMouseEvents.cpp; sourceTree = "<group>"; };
+ 7A66BDB51EAF14D000CCC924 /* LimitTitleSize.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = LimitTitleSize.cpp; sourceTree = "<group>"; };
+ 7A66BDB71EAF150100CCC924 /* set-long-title.html */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.html; path = "set-long-title.html"; sourceTree = "<group>"; };
7A6A2C6F1DCCF87B00C0D085 /* LocalStorageQuirkTest.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = LocalStorageQuirkTest.mm; sourceTree = "<group>"; };
7A6A2C711DCCFB0200C0D085 /* LocalStorageQuirkEnabled.html */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.html; path = LocalStorageQuirkEnabled.html; sourceTree = "<group>"; };
+ 7A7B0E7E1EAFE454006AB8AE /* LimitTitleSize.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = LimitTitleSize.mm; sourceTree = "<group>"; };
7A909A6F1D877475007E10F8 /* AffineTransform.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = AffineTransform.cpp; sourceTree = "<group>"; };
7A909A701D877475007E10F8 /* FloatPoint.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = FloatPoint.cpp; sourceTree = "<group>"; };
7A909A711D877475007E10F8 /* FloatRect.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = FloatRect.cpp; sourceTree = "<group>"; };
@@ -2057,6 +2064,7 @@
9B0786A21C58830F00D159E3 /* InjectedBundleMakeAllShadowRootsOpen.cpp */,
9B0786A41C5885C300D159E3 /* InjectedBundleMakeAllShadowRootsOpen_Bundle.cpp */,
93D3D19D17B1A84200C7C415 /* LayoutMilestonesWithAllContentInFrame.cpp */,
+ 7A66BDB51EAF14D000CCC924 /* LimitTitleSize.cpp */,
52CB47401448FB9300873995 /* LoadAlternateHTMLStringWithNonDirectoryURL.cpp */,
33DC8910141953A300747EF7 /* LoadCanceledNoServerRedirectCallback.cpp */,
33DC89131419579F00747EF7 /* LoadCanceledNoServerRedirectCallback_Bundle.cpp */,
@@ -2242,6 +2250,7 @@
C99B675E1E39735C00FC6C80 /* no-autoplay-with-controls.html */,
CEA6CF2719CCF69D0064F5A7 /* open-and-close-window.html */,
F6FDDDD514241C48004F1729 /* push-state.html */,
+ 7A66BDB71EAF150100CCC924 /* set-long-title.html */,
CEBABD481B71687C0051210A /* should-open-external-schemes.html */,
1ADBEFBC130C6A0100D61D19 /* simple-accelerated-compositing.html */,
C0ADBE8412FCA6B600D2C129 /* simple-form.html */,
@@ -2329,6 +2338,7 @@
C507E8A614C6545B005D6B3B /* InspectorBar.mm */,
57F10D921C7E7B3800ECDF30 /* IsNavigationActionTrusted.mm */,
4BB4160116815B2600824238 /* JSWrapperForNodeInWebFrame.mm */,
+ 7A7B0E7E1EAFE454006AB8AE /* LimitTitleSize.mm */,
57901FAE1CAF137100ED64F9 /* LoadInvalidURLRequest.mm */,
E1220D9F155B25480013E2FC /* MemoryCacheDisableWithinResourceLoadDelegate.mm */,
517E7DFB15110EA600D0B008 /* MemoryCachePruneWithinResourceLoadDelegate.mm */,
@@ -2886,6 +2896,7 @@
7CCE7EA51A411A0800447C4C /* _javascript_TestMac.mm in Sources */,
7CCE7EC41A411A7E00447C4C /* JSWrapperForNodeInWebFrame.mm in Sources */,
7CCE7F061A411AE600447C4C /* LayoutMilestonesWithAllContentInFrame.cpp in Sources */,
+ 7A66BDB61EAF14EF00CCC924 /* LimitTitleSize.cpp in Sources */,
7CCE7EDF1A411A9200447C4C /* LayoutUnit.cpp in Sources */,
C25CCA061E51380B0026CB8A /* LineBreaking.mm in Sources */,
37D36ED71AF42ECD00BAF5D9 /* LoadAlternateHTMLString.mm in Sources */,
@@ -3006,6 +3017,7 @@
51714EB81CF8CA17004723C4 /* WebProcessKillIDBCleanup.mm in Sources */,
536770341CC8022800D425B1 /* WebScriptObjectDescription.mm in Sources */,
5120C83D1E6751290025B250 /* WebsiteDataStoreCustomPaths.mm in Sources */,
+ 7A7B0E7F1EAFE4C3006AB8AE /* LimitTitleSize.mm in Sources */,
5C9E56851DF9145400C9EE33 /* WebsitePolicies.mm in Sources */,
7CCE7ED41A411A7E00447C4C /* WebViewCanPasteURL.mm in Sources */,
5C0BF8911DD599A900B00328 /* WebViewCanPasteZeroPng.mm in Sources */,
Added: trunk/Tools/TestWebKitAPI/Tests/WebKit2/LimitTitleSize.cpp (0 => 215784)
--- trunk/Tools/TestWebKitAPI/Tests/WebKit2/LimitTitleSize.cpp (rev 0)
+++ trunk/Tools/TestWebKitAPI/Tests/WebKit2/LimitTitleSize.cpp 2017-04-26 01:53:06 UTC (rev 215784)
@@ -0,0 +1,79 @@
+/*
+ * Copyright (C) 2017 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+
+#if WK_HAVE_C_SPI
+
+#include "PlatformUtilities.h"
+#include "PlatformWebView.h"
+#include "Test.h"
+#include <WebKit/WKRetainPtr.h>
+
+namespace TestWebKitAPI {
+
+static bool waitUntilLongTitleReceived = false;
+static bool didFinishLoad = false;
+static size_t maxTitleLength = 4096;
+
+static void didFinishLoadForFrame(WKPageRef page, WKFrameRef frame, WKTypeRef userData, const void* clientInfo)
+{
+ didFinishLoad = true;
+}
+
+static void didReceiveTitleForFrame(WKPageRef page, WKStringRef title, WKFrameRef, WKTypeRef, const void*)
+{
+ WKStringRef titleString = (WKStringRef)title;
+
+ if (WKStringIsEqualToUTF8CString(titleString, "Original Short Title"))
+ return;
+
+ EXPECT_LE(WKStringGetLength(titleString), maxTitleLength);
+ waitUntilLongTitleReceived = true;
+}
+
+TEST(WebKit2, LimitTitleSize)
+{
+ WKRetainPtr<WKContextRef> context(AdoptWK, WKContextCreate());
+ PlatformWebView webView(context.get());
+
+ WKPageLoaderClientV0 loaderClient;
+ memset(&loaderClient, 0, sizeof(loaderClient));
+
+ loaderClient.base.version = 0;
+ loaderClient.didReceiveTitleForFrame = didReceiveTitleForFrame;
+ loaderClient.didFinishLoadForFrame = didFinishLoadForFrame;
+
+ WKPageSetPageLoaderClient(webView.page(), &loaderClient.base);
+
+ WKRetainPtr<WKURLRef> url(AdoptWK, Util::createURLForResource("set-long-title", "html"));
+
+ WKPageLoadURL(webView.page(), url.get());
+ Util::run(&waitUntilLongTitleReceived);
+}
+
+} // namespace TestWebKitAPI
+
+#endif
Added: trunk/Tools/TestWebKitAPI/Tests/WebKit2/set-long-title.html (0 => 215784)
--- trunk/Tools/TestWebKitAPI/Tests/WebKit2/set-long-title.html (rev 0)
+++ trunk/Tools/TestWebKitAPI/Tests/WebKit2/set-long-title.html 2017-04-26 01:53:06 UTC (rev 215784)
@@ -0,0 +1,10 @@
+<html>
+<head>
+<title>Original Short Title</title>
+</head>
+<body>
+<script>
+document.title = Array(8096).join(String.fromCharCode(0x8181));
+</script>
+</body>
+</html>
\ No newline at end of file
Added: trunk/Tools/TestWebKitAPI/Tests/mac/LimitTitleSize.mm (0 => 215784)
--- trunk/Tools/TestWebKitAPI/Tests/mac/LimitTitleSize.mm (rev 0)
+++ trunk/Tools/TestWebKitAPI/Tests/mac/LimitTitleSize.mm 2017-04-26 01:53:06 UTC (rev 215784)
@@ -0,0 +1,73 @@
+/*
+ * Copyright (C) 2017 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#import "config.h"
+
+#import "PlatformUtilities.h"
+#import "PlatformWebView.h"
+#import <WebKit/DOMPrivate.h>
+#import <WebKit/WebViewPrivate.h>
+#import <wtf/RetainPtr.h>
+
+@interface LimitTitleSizeTest : NSObject <WebFrameLoadDelegate>
+@end
+
+static bool waitUntilLongTitleReceived = false;
+static bool didFinishLoad = false;
+
+@implementation LimitTitleSizeTest
+
+static size_t maxTitleLength = 4096;
+
+- (void)webView:(WebView *)sender didReceiveTitle:(NSString *)title forFrame:(WebFrame *)frame
+{
+ if ([title isEqualToString:@"Original Short Title"])
+ return;
+
+ EXPECT_LE(title.length, maxTitleLength);
+ waitUntilLongTitleReceived = true;
+}
+
+- (void)webView:(WebView *)sender didFinishLoadForFrame:(WebFrame *)frame
+{
+ didFinishLoad = true;
+}
+@end
+
+namespace TestWebKitAPI {
+
+TEST(WebKit1, LimitTitleSize)
+{
+ RetainPtr<WebView> webView = adoptNS([[WebView alloc] initWithFrame:NSMakeRect(0, 0, 120, 200) frameName:nil groupName:nil]);
+ RetainPtr<LimitTitleSizeTest> testController = adoptNS([LimitTitleSizeTest new]);
+
+ webView.get().frameLoadDelegate = testController.get();
+ [[webView.get() mainFrame] loadRequest:[NSURLRequest requestWithURL:[[NSBundle mainBundle]
+ URLForResource:@"set-long-title" withExtension:@"html" subdirectory:@"TestWebKitAPI.resources"]]];
+
+ Util::run(&didFinishLoad);
+}
+
+} // namespace TestWebKitAPI
