Title: [249156] trunk
- Revision
- 249156
- Author
- cdu...@apple.com
- Date
- 2019-08-27 11:38:41 -0700 (Tue, 27 Aug 2019)
Log Message
Crash under WebCore::jsNotificationConstructorPermission
https://bugs.webkit.org/show_bug.cgi?id=201186
<rdar://problem/53962833>
Reviewed by Youenn Fablet.
Source/WebCore:
Update the Notification API implementation to null-check the page before using. The page becomes null
when using the API in a frame that gets detached from its parent while in the middle of running
script.
Test: http/tests/notifications/request-in-detached-frame.html
* Modules/notifications/Notification.cpp:
(WebCore::Notification::permission):
(WebCore::Notification::requestPermission):
LayoutTests:
Add layout test coverage.
* http/tests/notifications/request-in-detached-frame-expected.txt: Added.
* http/tests/notifications/request-in-detached-frame.html: Added.
* http/tests/notifications/resources/request-in-detached-frame-subframe.html: Added.
Modified Paths
Added Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (249155 => 249156)
--- trunk/LayoutTests/ChangeLog 2019-08-27 18:22:12 UTC (rev 249155)
+++ trunk/LayoutTests/ChangeLog 2019-08-27 18:38:41 UTC (rev 249156)
@@ -1,3 +1,17 @@
+2019-08-27 Chris Dumez <cdu...@apple.com>
+
+ Crash under WebCore::jsNotificationConstructorPermission
+ https://bugs.webkit.org/show_bug.cgi?id=201186
+ <rdar://problem/53962833>
+
+ Reviewed by Youenn Fablet.
+
+ Add layout test coverage.
+
+ * http/tests/notifications/request-in-detached-frame-expected.txt: Added.
+ * http/tests/notifications/request-in-detached-frame.html: Added.
+ * http/tests/notifications/resources/request-in-detached-frame-subframe.html: Added.
+
2019-08-27 Ryan Haddad <ryanhad...@apple.com>
Unreviewed test gardening, land expectation for rdar://54317204.
Added: trunk/LayoutTests/http/tests/notifications/request-in-detached-frame-expected.txt (0 => 249156)
--- trunk/LayoutTests/http/tests/notifications/request-in-detached-frame-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/notifications/request-in-detached-frame-expected.txt 2019-08-27 18:38:41 UTC (rev 249156)
@@ -0,0 +1,10 @@
+This test checks accessing Notification.permission in a detached iframe.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS Notification.permission is "default"
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
Added: trunk/LayoutTests/http/tests/notifications/request-in-detached-frame.html (0 => 249156)
--- trunk/LayoutTests/http/tests/notifications/request-in-detached-frame.html (rev 0)
+++ trunk/LayoutTests/http/tests/notifications/request-in-detached-frame.html 2019-08-27 18:38:41 UTC (rev 249156)
@@ -0,0 +1,19 @@
+<!DOCTYPE html>
+<script src=""
+<script src=""
+<p id="description"></p>
+<div id="console"></div>
+<iframe id="testFrame" src=""
+<script>
+description("This test checks accessing Notification.permission in a detached iframe.");
+
+if (window.testRunner)
+ testRunner.waitUntilDone();
+
+_onload_ = () => {
+ testFrame.contentWindow.postMessage("foo", "*");
+ setTimeout(() => {
+ testCompleted();
+ }, 100);
+};
+</script>
Added: trunk/LayoutTests/http/tests/notifications/resources/request-in-detached-frame-subframe.html (0 => 249156)
--- trunk/LayoutTests/http/tests/notifications/resources/request-in-detached-frame-subframe.html (rev 0)
+++ trunk/LayoutTests/http/tests/notifications/resources/request-in-detached-frame-subframe.html 2019-08-27 18:38:41 UTC (rev 249156)
@@ -0,0 +1,10 @@
+<script>
+_onmessage_ = function(msg) {
+ let p = parent;
+ p.testFrame.remove();
+ p.shouldBeEqualToString("Notification.permission", "default");
+ Notification.requestPermission((result) => {
+ p.testFailed("Permission handler should not have been called");
+ });
+}
+</script>
Modified: trunk/Source/WebCore/ChangeLog (249155 => 249156)
--- trunk/Source/WebCore/ChangeLog 2019-08-27 18:22:12 UTC (rev 249155)
+++ trunk/Source/WebCore/ChangeLog 2019-08-27 18:38:41 UTC (rev 249156)
@@ -1,3 +1,21 @@
+2019-08-27 Chris Dumez <cdu...@apple.com>
+
+ Crash under WebCore::jsNotificationConstructorPermission
+ https://bugs.webkit.org/show_bug.cgi?id=201186
+ <rdar://problem/53962833>
+
+ Reviewed by Youenn Fablet.
+
+ Update the Notification API implementation to null-check the page before using. The page becomes null
+ when using the API in a frame that gets detached from its parent while in the middle of running
+ script.
+
+ Test: http/tests/notifications/request-in-detached-frame.html
+
+ * Modules/notifications/Notification.cpp:
+ (WebCore::Notification::permission):
+ (WebCore::Notification::requestPermission):
+
2019-08-27 Youenn Fablet <you...@apple.com>
Disabled devices should not be taken into account when searching for a capture device
Modified: trunk/Source/WebCore/Modules/notifications/Notification.cpp (249155 => 249156)
--- trunk/Source/WebCore/Modules/notifications/Notification.cpp 2019-08-27 18:22:12 UTC (rev 249155)
+++ trunk/Source/WebCore/Modules/notifications/Notification.cpp 2019-08-27 18:38:41 UTC (rev 249156)
@@ -166,12 +166,20 @@
auto Notification::permission(Document& document) -> Permission
{
+ auto* page = document.page();
+ if (!page)
+ return Permission::Default;
+
return NotificationController::from(document.page())->client().checkPermission(&document);
}
void Notification::requestPermission(Document& document, RefPtr<NotificationPermissionCallback>&& callback)
{
- NotificationController::from(document.page())->client().requestPermission(&document, WTFMove(callback));
+ auto* page = document.page();
+ if (!page)
+ return;
+
+ NotificationController::from(page)->client().requestPermission(&document, WTFMove(callback));
}
} // namespace WebCore
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
