Title: [256925] trunk/Source
- Revision
- 256925
- Author
- bfulg...@apple.com
- Date
- 2020-02-19 10:36:44 -0800 (Wed, 19 Feb 2020)
Log Message
Re-disable top-level data URL navigations
https://bugs.webkit.org/show_bug.cgi?id=207917
<rdar://problem/59568037>
Reviewed by Darin Adler.
Source/WebCore:
Calls to WKPage and WKWebView API used to load data and strings directly should be recognized by
the loading code as being from client API calls. This brings these API behaviors into alignment
with similar API for loading URLs and URLRequests directly. This change also allows us to enforce
stricter handling of Data URLs, and to remove the need to explicitly permit top-level data URL
navigation when client APIs are used.
Tested by TestWebKitAPI Navigation tests.
* page/Settings.yaml:
Source/WebKit:
In Bug 207719 we allowed top-level navigations to data URLs by default. This
patch updates client loading API calls so that we can go back to a default
block of these loads without breaking WebKit clients.
* UIProcess/API/Cocoa/WKWebViewConfiguration.mm:
(-[WKWebViewConfiguration init]):
* WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::loadDataImpl): Recognize direct data loads started from client API.
* WebProcess/WebPage/WebPage.h:
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (256924 => 256925)
--- trunk/Source/WebCore/ChangeLog 2020-02-19 18:15:02 UTC (rev 256924)
+++ trunk/Source/WebCore/ChangeLog 2020-02-19 18:36:44 UTC (rev 256925)
@@ -1,3 +1,21 @@
+2020-02-19 Brent Fulgham <bfulg...@apple.com>
+
+ Re-disable top-level data URL navigations
+ https://bugs.webkit.org/show_bug.cgi?id=207917
+ <rdar://problem/59568037>
+
+ Reviewed by Darin Adler.
+
+ Calls to WKPage and WKWebView API used to load data and strings directly should be recognized by
+ the loading code as being from client API calls. This brings these API behaviors into alignment
+ with similar API for loading URLs and URLRequests directly. This change also allows us to enforce
+ stricter handling of Data URLs, and to remove the need to explicitly permit top-level data URL
+ navigation when client APIs are used.
+
+ Tested by TestWebKitAPI Navigation tests.
+
+ * page/Settings.yaml:
+
2020-02-19 Zalan Bujtas <za...@apple.com>
[LFC][IFC] Anonymous inline text box container is not the only type of anonymous containers
Modified: trunk/Source/WebCore/page/Settings.yaml (256924 => 256925)
--- trunk/Source/WebCore/page/Settings.yaml 2020-02-19 18:15:02 UTC (rev 256924)
+++ trunk/Source/WebCore/page/Settings.yaml 2020-02-19 18:36:44 UTC (rev 256925)
@@ -108,7 +108,7 @@
allowCrossOriginSubresourcesToAskForCredentials:
initial: false
allowTopNavigationToDataURLs:
- initial: true
+ initial: false
needsStorageAccessFromFileURLsQuirk:
initial: true
needsFrameNameFallbackToIdQuirk:
Modified: trunk/Source/WebKit/ChangeLog (256924 => 256925)
--- trunk/Source/WebKit/ChangeLog 2020-02-19 18:15:02 UTC (rev 256924)
+++ trunk/Source/WebKit/ChangeLog 2020-02-19 18:36:44 UTC (rev 256925)
@@ -1,3 +1,21 @@
+2020-02-19 Brent Fulgham <bfulg...@apple.com>
+
+ Re-disable top-level data URL navigations
+ https://bugs.webkit.org/show_bug.cgi?id=207917
+ <rdar://problem/59568037>
+
+ Reviewed by Darin Adler.
+
+ In Bug 207719 we allowed top-level navigations to data URLs by default. This
+ patch updates client loading API calls so that we can go back to a default
+ block of these loads without breaking WebKit clients.
+
+ * UIProcess/API/Cocoa/WKWebViewConfiguration.mm:
+ (-[WKWebViewConfiguration init]):
+ * WebProcess/WebPage/WebPage.cpp:
+ (WebKit::WebPage::loadDataImpl): Recognize direct data loads started from client API.
+ * WebProcess/WebPage/WebPage.h:
+
2020-02-19 Megan Gardner <megan_gard...@apple.com>
Ensure that contenteditable carets on macCatalyst are the right color, especially in Dark Mode
Modified: trunk/Source/WebKit/UIProcess/API/Cocoa/WKWebViewConfiguration.mm (256924 => 256925)
--- trunk/Source/WebKit/UIProcess/API/Cocoa/WKWebViewConfiguration.mm 2020-02-19 18:15:02 UTC (rev 256924)
+++ trunk/Source/WebKit/UIProcess/API/Cocoa/WKWebViewConfiguration.mm 2020-02-19 18:36:44 UTC (rev 256925)
@@ -236,7 +236,7 @@
_convertsPositionStyleOnCopy = NO;
_allowsMetaRefresh = YES;
_allowUniversalAccessFromFileURLs = NO;
- _allowTopNavigationToDataURLs = YES;
+ _allowTopNavigationToDataURLs = NO;
_needsStorageAccessFromFileURLsQuirk = YES;
#if PLATFORM(IOS_FAMILY)
Modified: trunk/Source/WebKit/WebProcess/WebPage/WebPage.cpp (256924 => 256925)
--- trunk/Source/WebKit/WebProcess/WebPage/WebPage.cpp 2020-02-19 18:15:02 UTC (rev 256924)
+++ trunk/Source/WebKit/WebProcess/WebPage/WebPage.cpp 2020-02-19 18:36:44 UTC (rev 256925)
@@ -1622,6 +1622,7 @@
// Initate the load in WebCore.
FrameLoadRequest frameLoadRequest(*m_mainFrame->coreFrame(), request, shouldOpenExternalURLsPolicy, substituteData);
frameLoadRequest.setShouldTreatAsContinuingLoad(shouldTreatAsContinuingLoad);
+ frameLoadRequest.setIsRequestFromClientOrUserInput();
m_mainFrame->coreFrame()->loader().load(WTFMove(frameLoadRequest));
}
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes