[webkit-changes] [256925] trunk/Source

[bfulgham]

Title: [256925] trunk/Source

Revision

256925

Author

bfulg...@apple.com

Date

2020-02-19 10:36:44 -0800 (Wed, 19 Feb 2020)

Log Message

Re-disable top-level data URL navigations
https://bugs.webkit.org/show_bug.cgi?id=207917
<rdar://problem/59568037>

Reviewed by Darin Adler.

Source/WebCore:

Calls to WKPage and WKWebView API used to load data and strings directly should be recognized by
the loading code as being from client API calls. This brings these API behaviors into alignment
with similar API for loading URLs and URLRequests directly. This change also allows us to enforce
stricter handling of Data URLs, and to remove the need to explicitly permit top-level data URL
navigation when client APIs are used.

Tested by TestWebKitAPI Navigation tests.

* page/Settings.yaml:

Source/WebKit:

In Bug 207719 we allowed top-level navigations to data URLs by default. This
patch updates client loading API calls so that we can go back to a default
block of these loads without breaking WebKit clients.

* UIProcess/API/Cocoa/WKWebViewConfiguration.mm:
(-[WKWebViewConfiguration init]):
* WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::loadDataImpl): Recognize direct data loads started from client API.
* WebProcess/WebPage/WebPage.h:

Modified Paths

• trunk/Source/WebCore/ChangeLog
• trunk/Source/WebCore/page/Settings.yaml
• trunk/Source/WebKit/ChangeLog
• trunk/Source/WebKit/UIProcess/API/Cocoa/WKWebViewConfiguration.mm
• trunk/Source/WebKit/WebProcess/WebPage/WebPage.cpp

Diff

Modified: trunk/Source/WebCore/ChangeLog (256924 => 256925)

--- trunk/Source/WebCore/ChangeLog	2020-02-19 18:15:02 UTC (rev 256924)
+++ trunk/Source/WebCore/ChangeLog	2020-02-19 18:36:44 UTC (rev 256925)
@@ -1,3 +1,21 @@
+2020-02-19  Brent Fulgham  <bfulg...@apple.com>
+
+        Re-disable top-level data URL navigations
+        https://bugs.webkit.org/show_bug.cgi?id=207917
+        <rdar://problem/59568037>
+
+        Reviewed by Darin Adler.
+
+        Calls to WKPage and WKWebView API used to load data and strings directly should be recognized by
+        the loading code as being from client API calls. This brings these API behaviors into alignment
+        with similar API for loading URLs and URLRequests directly. This change also allows us to enforce
+        stricter handling of Data URLs, and to remove the need to explicitly permit top-level data URL
+        navigation when client APIs are used.
+
+        Tested by TestWebKitAPI Navigation tests.
+
+        * page/Settings.yaml:
+
 2020-02-19  Zalan Bujtas  <za...@apple.com>
 
         [LFC][IFC] Anonymous inline text box container is not the only type of anonymous containers

Modified: trunk/Source/WebCore/page/Settings.yaml (256924 => 256925)

--- trunk/Source/WebCore/page/Settings.yaml	2020-02-19 18:15:02 UTC (rev 256924)
+++ trunk/Source/WebCore/page/Settings.yaml	2020-02-19 18:36:44 UTC (rev 256925)
@@ -108,7 +108,7 @@
 allowCrossOriginSubresourcesToAskForCredentials:
   initial: false
 allowTopNavigationToDataURLs:
-  initial: true
+  initial: false
 needsStorageAccessFromFileURLsQuirk:
   initial: true
 needsFrameNameFallbackToIdQuirk:

Modified: trunk/Source/WebKit/ChangeLog (256924 => 256925)

--- trunk/Source/WebKit/ChangeLog	2020-02-19 18:15:02 UTC (rev 256924)
+++ trunk/Source/WebKit/ChangeLog	2020-02-19 18:36:44 UTC (rev 256925)
@@ -1,3 +1,21 @@
+2020-02-19  Brent Fulgham  <bfulg...@apple.com>
+
+        Re-disable top-level data URL navigations
+        https://bugs.webkit.org/show_bug.cgi?id=207917
+        <rdar://problem/59568037>
+
+        Reviewed by Darin Adler.
+
+        In Bug 207719 we allowed top-level navigations to data URLs by default. This
+        patch updates client loading API calls so that we can go back to a default
+        block of these loads without breaking WebKit clients.
+
+        * UIProcess/API/Cocoa/WKWebViewConfiguration.mm:
+        (-[WKWebViewConfiguration init]):
+        * WebProcess/WebPage/WebPage.cpp:
+        (WebKit::WebPage::loadDataImpl): Recognize direct data loads started from client API.
+        * WebProcess/WebPage/WebPage.h:
+
 2020-02-19  Megan Gardner  <megan_gard...@apple.com>
 
         Ensure that contenteditable carets on macCatalyst are the right color, especially in Dark Mode

Modified: trunk/Source/WebKit/UIProcess/API/Cocoa/WKWebViewConfiguration.mm (256924 => 256925)

--- trunk/Source/WebKit/UIProcess/API/Cocoa/WKWebViewConfiguration.mm	2020-02-19 18:15:02 UTC (rev 256924)
+++ trunk/Source/WebKit/UIProcess/API/Cocoa/WKWebViewConfiguration.mm	2020-02-19 18:36:44 UTC (rev 256925)
@@ -236,7 +236,7 @@
     _convertsPositionStyleOnCopy = NO;
     _allowsMetaRefresh = YES;
     _allowUniversalAccessFromFileURLs = NO;
-    _allowTopNavigationToDataURLs = YES;
+    _allowTopNavigationToDataURLs = NO;
     _needsStorageAccessFromFileURLsQuirk = YES;
 
 #if PLATFORM(IOS_FAMILY)

Modified: trunk/Source/WebKit/WebProcess/WebPage/WebPage.cpp (256924 => 256925)

--- trunk/Source/WebKit/WebProcess/WebPage/WebPage.cpp	2020-02-19 18:15:02 UTC (rev 256924)
+++ trunk/Source/WebKit/WebProcess/WebPage/WebPage.cpp	2020-02-19 18:36:44 UTC (rev 256925)
@@ -1622,6 +1622,7 @@
     // Initate the load in WebCore.
     FrameLoadRequest frameLoadRequest(*m_mainFrame->coreFrame(), request, shouldOpenExternalURLsPolicy, substituteData);
     frameLoadRequest.setShouldTreatAsContinuingLoad(shouldTreatAsContinuingLoad);
+    frameLoadRequest.setIsRequestFromClientOrUserInput();
     m_mainFrame->coreFrame()->loader().load(WTFMove(frameLoadRequest));
 }
 

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes