Skip to site navigation (Press enter)

[webkit-changes] [237947] trunk

aestes Wed, 07 Nov 2018 15:51:02 -0800

Title: [237947] trunk

Revision: 237947
Author: aes...@apple.com
Date: 2018-11-07 15:49:29 -0800 (Wed, 07 Nov 2018)

Log Message

Crash in WebCore::PaymentRequest::canMakePayment when Apple Pay payment method data is missing
https://bugs.webkit.org/show_bug.cgi?id=191331


Reviewed by Alexey Proskuryakov.

Source/WebCore:

Apple Pay requires merchants specify an ApplePayRequest (which contains several required
fields) as payment method data when constructing a new PaymentRequest. If the
ApplePayRequest is missing required fields, or is missing entirely, canMakePayment() should
resolve to false.

We would properly resolve to false when an ApplePayRequest was specified with missing
required fields, but we would crash when the ApplePayRequest was missing entirely.

This patch fixes the crash by checking for an empty JSValue before trying to convert it to
an ApplePayRequest struct. Because we stringify ApplePayRequests in the PaymentRequest
constructor then parse them again in canMakePayments, an undefined or null payment method
data stringifies to a null String, which then parses to an empty JSValue.

Added test case to http/tests/paymentrequest/payment-request-canmakepayment-method.https.html.

* Modules/applepay/paymentrequest/ApplePayPaymentHandler.cpp:
(WebCore::ApplePayPaymentHandler::convertData):
* Modules/paymentrequest/PaymentRequest.cpp:
(WebCore::PaymentRequest::canMakePayment):

LayoutTests:

* http/tests/paymentrequest/payment-request-canmakepayment-method.https.html:

Modified Paths

trunk/LayoutTests/ChangeLog
trunk/LayoutTests/http/tests/paymentrequest/payment-request-canmakepayment-method.https.html
trunk/Source/WebCore/ChangeLog
trunk/Source/WebCore/Modules/applepay/paymentrequest/ApplePayPaymentHandler.cpp
trunk/Source/WebCore/Modules/paymentrequest/PaymentRequest.cpp

Diff

Modified: trunk/LayoutTests/ChangeLog (237946 => 237947)


--- trunk/LayoutTests/ChangeLog	2018-11-07 23:02:37 UTC (rev 237946)
+++ trunk/LayoutTests/ChangeLog	2018-11-07 23:49:29 UTC (rev 237947)
@@ -1,3 +1,12 @@
+2018-11-07  Andy Estes  <aes...@apple.com>
+
+        Crash in WebCore::PaymentRequest::canMakePayment when Apple Pay payment method data is missing
+        https://bugs.webkit.org/show_bug.cgi?id=191331
+
+        Reviewed by Alexey Proskuryakov.
+
+        * http/tests/paymentrequest/payment-request-canmakepayment-method.https.html:
+
 2018-11-07  Simon Fraser  <simon.fra...@apple.com>
 
         Revert 237849: it breaks MotionMark

Modified: trunk/LayoutTests/http/tests/paymentrequest/payment-request-canmakepayment-method.https.html (237946 => 237947)


--- trunk/LayoutTests/http/tests/paymentrequest/payment-request-canmakepayment-method.https.html	2018-11-07 23:02:37 UTC (rev 237946)
+++ trunk/LayoutTests/http/tests/paymentrequest/payment-request-canmakepayment-method.https.html	2018-11-07 23:49:29 UTC (rev 237947)
@@ -26,6 +26,9 @@
     data: {
     }
 });
+const secondInvalidApplePay = Object.freeze({
+    supportedMethods: "https://apple.com/apple-pay",
+});
 const defaultMethods = Object.freeze([applePay]);
 const defaultDetails = Object.freeze({
   total: {
@@ -104,7 +107,7 @@
 }, `If payment method identifier and serialized parts are supported, resolve promise with true.`);
 
 promise_test(async t => {
-  const request = new PaymentRequest([invalidApplePay], defaultDetails);
+  const request = new PaymentRequest([invalidApplePay, secondInvalidApplePay], defaultDetails);
   assert_false(await request.canMakePayment(), "Apple Pay with invalid data should not be supported");
 }, `If a payment method identifier is supported but its serialized parts are not, resolve promise with false.`);

Modified: trunk/Source/WebCore/ChangeLog (237946 => 237947)


--- trunk/Source/WebCore/ChangeLog	2018-11-07 23:02:37 UTC (rev 237946)
+++ trunk/Source/WebCore/ChangeLog	2018-11-07 23:49:29 UTC (rev 237947)
@@ -1,3 +1,30 @@
+2018-11-07  Andy Estes  <aes...@apple.com>
+
+        Crash in WebCore::PaymentRequest::canMakePayment when Apple Pay payment method data is missing
+        https://bugs.webkit.org/show_bug.cgi?id=191331
+
+        Reviewed by Alexey Proskuryakov.
+
+        Apple Pay requires merchants specify an ApplePayRequest (which contains several required
+        fields) as payment method data when constructing a new PaymentRequest. If the
+        ApplePayRequest is missing required fields, or is missing entirely, canMakePayment() should
+        resolve to false.
+
+        We would properly resolve to false when an ApplePayRequest was specified with missing
+        required fields, but we would crash when the ApplePayRequest was missing entirely.
+
+        This patch fixes the crash by checking for an empty JSValue before trying to convert it to
+        an ApplePayRequest struct. Because we stringify ApplePayRequests in the PaymentRequest
+        constructor then parse them again in canMakePayments, an undefined or null payment method
+        data stringifies to a null String, which then parses to an empty JSValue.
+
+        Added test case to http/tests/paymentrequest/payment-request-canmakepayment-method.https.html.
+
+        * Modules/applepay/paymentrequest/ApplePayPaymentHandler.cpp:
+        (WebCore::ApplePayPaymentHandler::convertData):
+        * Modules/paymentrequest/PaymentRequest.cpp:
+        (WebCore::PaymentRequest::canMakePayment):
+
 2018-11-07  Simon Fraser  <simon.fra...@apple.com>
 
         Revert 237849: it breaks MotionMark

Modified: trunk/Source/WebCore/Modules/applepay/paymentrequest/ApplePayPaymentHandler.cpp (237946 => 237947)


--- trunk/Source/WebCore/Modules/applepay/paymentrequest/ApplePayPaymentHandler.cpp	2018-11-07 23:02:37 UTC (rev 237946)
+++ trunk/Source/WebCore/Modules/applepay/paymentrequest/ApplePayPaymentHandler.cpp	2018-11-07 23:49:29 UTC (rev 237947)
@@ -169,6 +169,9 @@
 
 ExceptionOr<void> ApplePayPaymentHandler::convertData(JSC::JSValue&& data)
 {
+    if (data.isEmpty())
+        return Exception { TypeError, "Missing payment method data." };
+
     auto& context = *scriptExecutionContext();
     auto throwScope = DECLARE_THROW_SCOPE(context.vm());
     auto applePayRequest = convertDictionary<ApplePayRequest>(*context.execState(), WTFMove(data));

Modified: trunk/Source/WebCore/Modules/paymentrequest/PaymentRequest.cpp (237946 => 237947)


--- trunk/Source/WebCore/Modules/paymentrequest/PaymentRequest.cpp	2018-11-07 23:02:37 UTC (rev 237946)
+++ trunk/Source/WebCore/Modules/paymentrequest/PaymentRequest.cpp	2018-11-07 23:49:29 UTC (rev 237947)
@@ -515,7 +515,6 @@
             continue;
 
         auto exception = handler->convertData(data.releaseReturnValue());
-        ASSERT(!!scope.exception() == exception.hasException());
         if (exception.hasException()) {
             scope.clearException();
             continue;

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes