Title: [258855] branches/safari-609-branch
- Revision
- 258855
- Author
- [email protected]
- Date
- 2020-03-23 10:00:12 -0700 (Mon, 23 Mar 2020)
Log Message
Cherry-pick r258741. rdar://problem/60756641
Sanitize suggested download filename received from web process
https://bugs.webkit.org/show_bug.cgi?id=209300
<rdar://problem/59487723>
Patch by Alex Christensen <[email protected]> on 2020-03-19
Reviewed by Chris Dumez.
Source/WebKit:
* UIProcess/Downloads/DownloadProxy.cpp:
(WebKit::DownloadProxy::decideDestinationWithSuggestedFilenameAsync):
LayoutTests:
* fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-backslash-expected.txt:
* fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-backslash.html:
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@258741 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Modified Paths
Diff
Modified: branches/safari-609-branch/LayoutTests/ChangeLog (258854 => 258855)
--- branches/safari-609-branch/LayoutTests/ChangeLog 2020-03-23 17:00:08 UTC (rev 258854)
+++ branches/safari-609-branch/LayoutTests/ChangeLog 2020-03-23 17:00:12 UTC (rev 258855)
@@ -1,46 +1,5 @@
-b"2020-03-23 Russell Epstein <[email protected]>\n\n Cherry-pick r258711. rdar://problem/60756645\n\n Source/WebCore:\n AX: VO and safari: can't press the play button\n https://bugs.webkit.org/show_bug.cgi?id=209249\n \n Reviewed by Darin Adler.\n \n Test: accessibility/ios-simulator/has-touch-event-listener-with-shadow.html\n \n If a node is in a shadowRoot, going up the node parent tree will stop and not check the entire tree for touch event listeners\n and a touch event won't be dispatched. We need to change to use the parentInComposedTree instead to go up the chain.\n \n * accessibility/ios/AccessibilityObjectIOS.mm:\n (WebCore::AccessibilityObject::hasTouchEventListener const):\n \n LayoutTests:\n AX: VO and safari: caan't press the play button\n https://bugs.webkit.org/show_bug.cgi?id=209249\n \n Reviewed by Darin Adler.\n \n * accessibility/ios-simulator/has-touch-event-listener-wi
th-shadow-expected.txt: Added.\n * accessibility/ios-simulator/has-touch-event-listener-with-shadow.html: Added.\n \n \n git-svn-id: https://svn.webkit.org/repository/webkit/trunk@258711 268f45cc-cd09-0410-ab3c-d52691b4dbfc\n\n 2020-03-19 Chris Fleizach <[email protected]>\n\n AX: VO and safari: caan't press the play button\n https://bugs.webkit.org/show_bug.cgi?id=209249\n\n Reviewed by Darin Adler.\n\n * accessibility/ios-simulator/has-touch-event-listener-with-shadow-expected.txt: Added.\n * accessibility/ios-simulator/has-touch-event-listener-with-shadow.html: Added.\n\n"2020-03-17 Alan Coon <[email protected]>
+b'2020-03-23 Russell Epstein <[email protected]>\n\n Cherry-pick r258741. rdar://problem/60756641\n\n Sanitize suggested download filename received from web process\n https://bugs.webkit.org/show_bug.cgi?id=209300\n <rdar://problem/59487723>\n \n Patch by Alex Christensen <[email protected]> on 2020-03-19\n Reviewed by Chris Dumez.\n \n Source/WebKit:\n \n * UIProcess/Downloads/DownloadProxy.cpp:\n (WebKit::DownloadProxy::decideDestinationWithSuggestedFilenameAsync):\n \n LayoutTests:\n \n * fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-backslash-expected.txt:\n * fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-backslash.html:\n \n git-svn-id: https://svn.webkit.org/repository/webkit/trunk@258741 268f45cc-cd09-0410-ab3c-d52691b4dbfc\n\n 2020-03-19 Alex Christensen <[email protected]>\n\n Sanitize suggested download filename rece
ived from web process\n https://bugs.webkit.org/show_bug.cgi?id=209300\n <rdar://problem/59487723>\n\n Reviewed by Chris Dumez.\n\n * fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-backslash-expected.txt:\n * fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-backslash.html:\n\n b"2020-03-23 Russell Epstein <[email protected]>\\n\\n Cherry-pick r258711. rdar://problem/60756645\\n\\n Source/WebCore:\\n AX: VO and safari: can\'t press the play button\\n https://bugs.webkit.org/show_bug.cgi?id=209249\\n \\n Reviewed by Darin Adler.\\n \\n Test: accessibility/ios-simulator/has-touch-event-listener-with-shadow.html\\n \\n If a node is in a shadowRoot, going up the node parent tree will stop and not check the entire tree for touch event listeners\\n and a touch event won\'t be dispatched. We need to change to use the parentInComposedTree instead to g
o up the chain.\\n \\n * accessibility/ios/AccessibilityObjectIOS.mm:\\n (WebCore::AccessibilityObject::hasTouchEventListener const):\\n \\n LayoutTests:\\n AX: VO and safari: caan\'t press the play button\\n https://bugs.webkit.org/show_bug.cgi?id=209249\\n \\n Reviewed by Darin Adler.\\n \\n * accessibility/ios-simulator/has-touch-event-listener-with-shadow-expected.txt: Added.\\n * accessibility/ios-simulator/has-touch-event-listener-with-shadow.html: Added.\\n \\n \\n git-svn-id: https://svn.webkit.org/repository/webkit/trunk@258711 268f45cc-cd09-0410-ab3c-d52691b4dbfc\\n\\n 2020-03-19 Chris Fleizach <[email protected]>\\n\\n AX: VO and safari: caan\'t press the play button\\n https://bugs.webkit.org/show_bug.cgi?id=209249\\n\\n Reviewed by Darin Adler.\\n\\n * accessibility/ios-simulator/has-touch-event-listener-with-shadow-expected.txt: Added.\\n * accessibility/ios
-simulator/has-touch-event-listener-with-shadow.html: Added.\\n\\n"2020-03-17 Alan Coon <[email protected]>\n\n Cherry-pick r258459. rdar://problem/60539192\n\n SVGMatrix should have the access right of its owner SVGTransform always\n https://bugs.webkit.org/show_bug.cgi?id=207462\n\n Reviewed by Simon Fraser.\n\n Source/WebCore:\n\n The SVGMatrix needs to be reattached to its owner SVGTransform when the\n access right of this owner changes. The access right of the owner changes\n when it gets attached to or detached from a higher level owner.\n\n Test: svg/dom/SVGTransformList-anim-read-only.html\n\n * svg/SVGTransform.h:\n * svg/properties/SVGProperty.h:\n (WebCore::SVGProperty::attach):\n (WebCore::SVGProperty::detach):\n (WebCore::SVGProperty::reattach):\n\n LayoutTests:\n\n * svg/dom/SVGTransformList-anim-read-only-expected.txt: Added.\n * svg
/dom/SVGTransformList-anim-read-only.html: Added.\n\n\n git-svn-id: https://svn.webkit.org/repository/webkit/trunk@258459 268f45cc-cd09-0410-ab3c-d52691b4dbfc\n\n 2020-03-13 Said Abou-Hallawa <[email protected]>\n\n SVGMatrix should have the access right of its owner SVGTransform always\n https://bugs.webkit.org/show_bug.cgi?id=207462\n\n Reviewed by Simon Fraser.\n\n * svg/dom/SVGTransformList-anim-read-only-expected.txt: Added.\n * svg/dom/SVGTransformList-anim-read-only.html: Added.\n\n'2020-03-17 Alan Coon <[email protected]>
- Cherry-pick r258459. rdar://problem/60539192
-
- SVGMatrix should have the access right of its owner SVGTransform always
- https://bugs.webkit.org/show_bug.cgi?id=207462
-
- Reviewed by Simon Fraser.
-
- Source/WebCore:
-
- The SVGMatrix needs to be reattached to its owner SVGTransform when the
- access right of this owner changes. The access right of the owner changes
- when it gets attached to or detached from a higher level owner.
-
- Test: svg/dom/SVGTransformList-anim-read-only.html
-
- * svg/SVGTransform.h:
- * svg/properties/SVGProperty.h:
- (WebCore::SVGProperty::attach):
- (WebCore::SVGProperty::detach):
- (WebCore::SVGProperty::reattach):
-
- LayoutTests:
-
- * svg/dom/SVGTransformList-anim-read-only-expected.txt: Added.
- * svg/dom/SVGTransformList-anim-read-only.html: Added.
-
-
- git-svn-id: https://svn.webkit.org/repository/webkit/trunk@258459 268f45cc-cd09-0410-ab3c-d52691b4dbfc
-
- 2020-03-13 Said Abou-Hallawa <[email protected]>
-
- SVGMatrix should have the access right of its owner SVGTransform always
- https://bugs.webkit.org/show_bug.cgi?id=207462
-
- Reviewed by Simon Fraser.
-
- * svg/dom/SVGTransformList-anim-read-only-expected.txt: Added.
- * svg/dom/SVGTransformList-anim-read-only.html: Added.
-
-2020-03-17 Alan Coon <[email protected]>
-
Cherry-pick r258455. rdar://problem/60539179
[Tree building] Block::attachIgnoringContinuation should allow inline tables as before child container
Modified: branches/safari-609-branch/LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-backslash-expected.txt (258854 => 258855)
--- branches/safari-609-branch/LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-backslash-expected.txt 2020-03-23 17:00:08 UTC (rev 258854)
+++ branches/safari-609-branch/LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-backslash-expected.txt 2020-03-23 17:00:12 UTC (rev 258855)
@@ -1,6 +1,6 @@
Download started.
-Downloading URL with suggested filename "*\.png"
+Downloading URL with suggested filename "*.png"
Download completed.
-The suggested filename above should be "*\.png" and the download should succeed.
+The suggested filename above should be "*.png" and the download should succeed.
File backed blob URL
Modified: branches/safari-609-branch/LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-backslash.html (258854 => 258855)
--- branches/safari-609-branch/LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-backslash.html 2020-03-23 17:00:08 UTC (rev 258854)
+++ branches/safari-609-branch/LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-backslash.html 2020-03-23 17:00:12 UTC (rev 258855)
@@ -12,7 +12,7 @@
</script>
</head>
<body>
-<p>The suggested filename above should be "*\.png" and the download should succeed.</p>
+<p>The suggested filename above should be "*.png" and the download should succeed.</p>
<a id="blob-url" download="*\">File backed blob URL</a>
<script>
function click(elmt)
Modified: branches/safari-609-branch/Source/WebKit/ChangeLog (258854 => 258855)
--- branches/safari-609-branch/Source/WebKit/ChangeLog 2020-03-23 17:00:08 UTC (rev 258854)
+++ branches/safari-609-branch/Source/WebKit/ChangeLog 2020-03-23 17:00:12 UTC (rev 258855)
@@ -1,4 +1,4 @@
-2020-03-23 Russell Epstein <[email protected]>
+b'2020-03-23 Russell Epstein <[email protected]>\n\n Cherry-pick r258741. rdar://problem/60756641\n\n Sanitize suggested download filename received from web process\n https://bugs.webkit.org/show_bug.cgi?id=209300\n <rdar://problem/59487723>\n \n Patch by Alex Christensen <[email protected]> on 2020-03-19\n Reviewed by Chris Dumez.\n \n Source/WebKit:\n \n * UIProcess/Downloads/DownloadProxy.cpp:\n (WebKit::DownloadProxy::decideDestinationWithSuggestedFilenameAsync):\n \n LayoutTests:\n \n * fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-backslash-expected.txt:\n * fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-backslash.html:\n \n git-svn-id: https://svn.webkit.org/repository/webkit/trunk@258741 268f45cc-cd09-0410-ab3c-d52691b4dbfc\n\n 2020-03-19 Alex Christensen <[email protected]>\n\n Sanitize suggested download filename rece
ived from web process\n https://bugs.webkit.org/show_bug.cgi?id=209300\n <rdar://problem/59487723>\n\n Reviewed by Chris Dumez.\n\n * UIProcess/Downloads/DownloadProxy.cpp:\n (WebKit::DownloadProxy::decideDestinationWithSuggestedFilenameAsync):\n\n'2020-03-23 Russell Epstein <[email protected]>
Apply patch. rdar://problem/60756683
2020-03-23 John Wilander <[email protected]>
Modified: branches/safari-609-branch/Source/WebKit/UIProcess/Downloads/DownloadProxy.cpp (258854 => 258855)
--- branches/safari-609-branch/Source/WebKit/UIProcess/Downloads/DownloadProxy.cpp 2020-03-23 17:00:08 UTC (rev 258854)
+++ branches/safari-609-branch/Source/WebKit/UIProcess/Downloads/DownloadProxy.cpp 2020-03-23 17:00:12 UTC (rev 258855)
@@ -40,6 +40,7 @@
#include "WebProcessPool.h"
#include "WebProtectionSpace.h"
#include <WebCore/MIMETypeRegistry.h>
+#include <WebCore/ResourceResponseBase.h>
#include <wtf/FileSystem.h>
#include <wtf/text/CString.h>
#include <wtf/text/WTFString.h>
@@ -178,7 +179,7 @@
if (!m_processPool)
return;
- m_processPool->downloadClient().decideDestinationWithSuggestedFilename(*this, suggestedFilename, [this, protectedThis = makeRef(*this), downloadID = downloadID] (AllowOverwrite allowOverwrite, String destination) {
+ m_processPool->downloadClient().decideDestinationWithSuggestedFilename(*this, ResourceResponseBase::sanitizeSuggestedFilename(suggestedFilename), [this, protectedThis = makeRef(*this), downloadID = downloadID] (AllowOverwrite allowOverwrite, String destination) {
SandboxExtension::Handle sandboxExtensionHandle;
if (!destination.isNull())
SandboxExtension::createHandle(destination, SandboxExtension::Type::ReadWrite, sandboxExtensionHandle);
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
