Diff
Modified: trunk/Source/WebCore/ChangeLog (258979 => 258980)
--- trunk/Source/WebCore/ChangeLog 2020-03-25 14:05:23 UTC (rev 258979)
+++ trunk/Source/WebCore/ChangeLog 2020-03-25 15:05:52 UTC (rev 258980)
@@ -1,3 +1,38 @@
+2020-03-25 Wenson Hsieh <wenson_hs...@apple.com>
+
+ Avoid querying pasteboard strings while dragging content over a potential drop target
+ https://bugs.webkit.org/show_bug.cgi?id=209531
+
+ Reviewed by Tim Horton and Ryosuke Niwa.
+
+ A couple of places in WebCore currently use PasteboardStrategy::stringForType() to query for pasteboard URL
+ strings. These call sites attempt to read URL strings (using both readString and stringForType) for the purposes
+ of checking whether or not we should avoid exposing the URL string to web content (note that in the case of
+ containsPlainText, we actually check whether or not the string is empty, which depends on whether or not the
+ string is safe to expose to the web -- e.g., not a file URL).
+
+ This is incompatible with some changes in the near future which will prevent the web content process from
+ reading any data from the pasteboard, if a paste or drop action has not yet been performed. To address this
+ issue, we introduce an alternate PasteboardStrategy method, containsStringSafeForDOMToReadForType, which returns
+ (for a given platform pasteboard type) whether or not a string that can be safely exposed to bindings exists.
+
+ Rather than allow the web process to read the entire string, limit it to just this true/false answer.
+
+ * platform/PasteboardStrategy.h:
+ * platform/PlatformPasteboard.h:
+ * platform/cocoa/DragDataCocoa.mm:
+ (WebCore::DragData::containsPlainText const):
+
+ Use containsStringSafeForDOMToReadForType instead of stringForType.
+
+ * platform/cocoa/PasteboardCocoa.mm:
+ (WebCore::Pasteboard::fileContentState):
+
+ Use containsStringSafeForDOMToReadForType instead of readString.
+
+ * platform/cocoa/PlatformPasteboardCocoa.mm:
+ (WebCore::PlatformPasteboard::containsStringSafeForDOMToReadForType const):
+
2020-03-25 Ting-Wei Lan <lant...@gmail.com>
[GTK] Add user agent quirk for auth.mayohr.com
Modified: trunk/Source/WebCore/platform/PasteboardStrategy.h (258979 => 258980)
--- trunk/Source/WebCore/platform/PasteboardStrategy.h 2020-03-25 14:05:23 UTC (rev 258979)
+++ trunk/Source/WebCore/platform/PasteboardStrategy.h 2020-03-25 15:05:52 UTC (rev 258980)
@@ -75,6 +75,7 @@
virtual Vector<String> typesSafeForDOMToReadAndWrite(const String& pasteboardName, const String& origin) = 0;
virtual int64_t writeCustomData(const Vector<PasteboardCustomData>&, const String& pasteboardName) = 0;
+ virtual bool containsStringSafeForDOMToReadForType(const String&, const String& pasteboardName) = 0;
#if PLATFORM(GTK)
virtual void writeToClipboard(const String& pasteboardName, const SelectionData&) = 0;
Modified: trunk/Source/WebCore/platform/PlatformPasteboard.h (258979 => 258980)
--- trunk/Source/WebCore/platform/PlatformPasteboard.h 2020-03-25 14:05:23 UTC (rev 258979)
+++ trunk/Source/WebCore/platform/PlatformPasteboard.h 2020-03-25 15:05:52 UTC (rev 258980)
@@ -99,6 +99,7 @@
WEBCORE_EXPORT int64_t write(const Vector<PasteboardCustomData>&);
WEBCORE_EXPORT int64_t write(const PasteboardCustomData&);
WEBCORE_EXPORT Vector<String> typesSafeForDOMToReadAndWrite(const String& origin) const;
+ WEBCORE_EXPORT bool containsStringSafeForDOMToReadForType(const String&) const;
#if PLATFORM(GTK)
WEBCORE_EXPORT void writeToClipboard(const SelectionData&, WTF::Function<void()>&& primarySelectionCleared);
Modified: trunk/Source/WebCore/platform/cocoa/DragDataCocoa.mm (258979 => 258980)
--- trunk/Source/WebCore/platform/cocoa/DragDataCocoa.mm 2020-03-25 14:05:23 UTC (rev 258979)
+++ trunk/Source/WebCore/platform/cocoa/DragDataCocoa.mm 2020-03-25 15:05:52 UTC (rev 258980)
@@ -198,7 +198,7 @@
#if PLATFORM(MAC)
|| types.contains(String(legacyFilenamesPasteboardType()))
#endif
- || platformStrategies()->pasteboardStrategy()->stringForType(urlPasteboardType(), m_pasteboardName).length();
+ || platformStrategies()->pasteboardStrategy()->containsStringSafeForDOMToReadForType(urlPasteboardType(), m_pasteboardName);
}
String DragData::asPlainText() const
Modified: trunk/Source/WebCore/platform/cocoa/PasteboardCocoa.mm (258979 => 258980)
--- trunk/Source/WebCore/platform/cocoa/PasteboardCocoa.mm 2020-03-25 14:05:23 UTC (rev 258979)
+++ trunk/Source/WebCore/platform/cocoa/PasteboardCocoa.mm 2020-03-25 15:05:52 UTC (rev 258980)
@@ -159,7 +159,7 @@
if (cocoaTypes.findMatching([](const String& cocoaType) { return shouldTreatCocoaTypeAsFile(cocoaType); }) == notFound)
return FileContentState::NoFileOrImageData;
- bool containsURL = notFound != cocoaTypes.findMatching([] (auto& cocoaType) {
+ auto indexOfURL = cocoaTypes.findMatching([](auto& cocoaType) {
#if PLATFORM(MAC)
if (cocoaType == String(legacyURLPasteboardType()))
return true;
@@ -166,7 +166,7 @@
#endif
return cocoaType == String(kUTTypeURL);
});
- mayContainFilePaths = containsURL && !Pasteboard::canExposeURLToDOMWhenPasteboardContainsFiles(readString("text/uri-list"_s));
+ mayContainFilePaths = indexOfURL != notFound && !platformStrategies()->pasteboardStrategy()->containsStringSafeForDOMToReadForType(cocoaTypes[indexOfURL], m_pasteboardName);
}
// Enforce changeCount ourselves for security. We check after reading instead of before to be
Modified: trunk/Source/WebCore/platform/cocoa/PlatformPasteboardCocoa.mm (258979 => 258980)
--- trunk/Source/WebCore/platform/cocoa/PlatformPasteboardCocoa.mm 2020-03-25 14:05:23 UTC (rev 258979)
+++ trunk/Source/WebCore/platform/cocoa/PlatformPasteboardCocoa.mm 2020-03-25 15:05:52 UTC (rev 258980)
@@ -52,4 +52,9 @@
return itemInfo;
}
+bool PlatformPasteboard::containsStringSafeForDOMToReadForType(const String& type) const
+{
+ return !stringForType(type).isEmpty();
+}
+
} // namespace WebCore
Modified: trunk/Source/WebKit/ChangeLog (258979 => 258980)
--- trunk/Source/WebKit/ChangeLog 2020-03-25 14:05:23 UTC (rev 258979)
+++ trunk/Source/WebKit/ChangeLog 2020-03-25 15:05:52 UTC (rev 258980)
@@ -1,3 +1,22 @@
+2020-03-25 Wenson Hsieh <wenson_hs...@apple.com>
+
+ Avoid querying pasteboard strings while dragging content over a potential drop target
+ https://bugs.webkit.org/show_bug.cgi?id=209531
+
+ Reviewed by Tim Horton and Ryosuke Niwa.
+
+ Add PasteboardStrategy and WebPasteboardProxy (IPC) plumbing; see WebCore for more details.
+
+ * UIProcess/Cocoa/WebPasteboardProxyCocoa.mm:
+ (WebKit::WebPasteboardProxy::containsStringSafeForDOMToReadForType):
+ * UIProcess/WebPasteboardProxy.cpp:
+ (WebKit::WebPasteboardProxy::containsStringSafeForDOMToReadForType):
+ * UIProcess/WebPasteboardProxy.h:
+ * UIProcess/WebPasteboardProxy.messages.in:
+ * WebProcess/WebCoreSupport/WebPlatformStrategies.cpp:
+ (WebKit::WebPlatformStrategies::containsStringSafeForDOMToReadForType):
+ * WebProcess/WebCoreSupport/WebPlatformStrategies.h:
+
2020-03-24 Daniel Bates <daba...@apple.com>
Unreviewed, reverting r258945.
Modified: trunk/Source/WebKit/UIProcess/Cocoa/WebPasteboardProxyCocoa.mm (258979 => 258980)
--- trunk/Source/WebKit/UIProcess/Cocoa/WebPasteboardProxyCocoa.mm 2020-03-25 14:05:23 UTC (rev 258979)
+++ trunk/Source/WebKit/UIProcess/Cocoa/WebPasteboardProxyCocoa.mm 2020-03-25 15:05:52 UTC (rev 258980)
@@ -259,6 +259,11 @@
completionHandler(WTFMove(handle), size);
}
+void WebPasteboardProxy::containsStringSafeForDOMToReadForType(const String& type, const String& pasteboardName, CompletionHandler<void(bool)>&& completionHandler)
+{
+ completionHandler(PlatformPasteboard(pasteboardName).containsStringSafeForDOMToReadForType(type));
+}
+
#if PLATFORM(IOS_FAMILY)
void WebPasteboardProxy::writeURLToPasteboard(const PasteboardURL& url, const String& pasteboardName)
Modified: trunk/Source/WebKit/UIProcess/WebPasteboardProxy.cpp (258979 => 258980)
--- trunk/Source/WebKit/UIProcess/WebPasteboardProxy.cpp 2020-03-25 14:05:23 UTC (rev 258979)
+++ trunk/Source/WebKit/UIProcess/WebPasteboardProxy.cpp 2020-03-25 15:05:52 UTC (rev 258980)
@@ -114,6 +114,11 @@
#endif // !USE(LIBWPE)
+void WebPasteboardProxy::containsStringSafeForDOMToReadForType(const String&, const String&, CompletionHandler<void(bool)>&& completionHandler)
+{
+ completionHandler(false);
+}
+
#endif // !PLATFORM(COCOA)
} // namespace WebKit
Modified: trunk/Source/WebKit/UIProcess/WebPasteboardProxy.h (258979 => 258980)
--- trunk/Source/WebKit/UIProcess/WebPasteboardProxy.h 2020-03-25 14:05:23 UTC (rev 258979)
+++ trunk/Source/WebKit/UIProcess/WebPasteboardProxy.h 2020-03-25 15:05:52 UTC (rev 258980)
@@ -103,6 +103,7 @@
void writeCustomData(const Vector<WebCore::PasteboardCustomData>&, const String& pasteboardName, CompletionHandler<void(int64_t)>&&);
void typesSafeForDOMToReadAndWrite(const String& pasteboardName, const String& origin, CompletionHandler<void(Vector<String>&&)>&&);
+ void containsStringSafeForDOMToReadForType(const String&, const String& pasteboardName, CompletionHandler<void(bool)>&&);
#if PLATFORM(GTK)
void writeToClipboard(const String& pasteboardName, const WebSelectionData&);
Modified: trunk/Source/WebKit/UIProcess/WebPasteboardProxy.messages.in (258979 => 258980)
--- trunk/Source/WebKit/UIProcess/WebPasteboardProxy.messages.in 2020-03-25 14:05:23 UTC (rev 258979)
+++ trunk/Source/WebKit/UIProcess/WebPasteboardProxy.messages.in 2020-03-25 15:05:52 UTC (rev 258980)
@@ -37,6 +37,7 @@
ReadStringFromPasteboard(uint64_t index, String pasteboardType, String pasteboardName) -> (String string) Synchronous
ReadURLFromPasteboard(uint64_t index, String pasteboardName) -> (String url, String title) Synchronous
ReadBufferFromPasteboard(uint64_t index, String pasteboardType, String pasteboardName) -> (WebKit::SharedMemory::Handle handle, uint64_t size) Synchronous
+ ContainsStringSafeForDOMToReadForType(String type, String pasteboardName) -> (bool result) Synchronous
#if PLATFORM(COCOA)
# Pasteboard messages.
Modified: trunk/Source/WebKit/WebProcess/WebCoreSupport/WebPlatformStrategies.cpp (258979 => 258980)
--- trunk/Source/WebKit/WebProcess/WebCoreSupport/WebPlatformStrategies.cpp 2020-03-25 14:05:23 UTC (rev 258979)
+++ trunk/Source/WebKit/WebProcess/WebCoreSupport/WebPlatformStrategies.cpp 2020-03-25 15:05:52 UTC (rev 258980)
@@ -328,6 +328,13 @@
return newChangeCount;
}
+bool WebPlatformStrategies::containsStringSafeForDOMToReadForType(const String& type, const String& pasteboardName)
+{
+ bool result = false;
+ WebProcess::singleton().parentProcessConnection()->sendSync(Messages::WebPasteboardProxy::ContainsStringSafeForDOMToReadForType(type, pasteboardName), Messages::WebPasteboardProxy::ContainsStringSafeForDOMToReadForType::Reply(result), 0);
+ return result;
+}
+
int WebPlatformStrategies::getPasteboardItemsCount(const String& pasteboardName)
{
uint64_t itemsCount { 0 };
Modified: trunk/Source/WebKit/WebProcess/WebCoreSupport/WebPlatformStrategies.h (258979 => 258980)
--- trunk/Source/WebKit/WebProcess/WebCoreSupport/WebPlatformStrategies.h 2020-03-25 14:05:23 UTC (rev 258979)
+++ trunk/Source/WebKit/WebProcess/WebCoreSupport/WebPlatformStrategies.h 2020-03-25 15:05:52 UTC (rev 258980)
@@ -89,6 +89,7 @@
Optional<Vector<WebCore::PasteboardItemInfo>> allPasteboardItemInfo(const String& pasteboardName, int64_t changeCount) override;
Vector<String> typesSafeForDOMToReadAndWrite(const String& pasteboardName, const String& origin) override;
int64_t writeCustomData(const Vector<WebCore::PasteboardCustomData>&, const String&) override;
+ bool containsStringSafeForDOMToReadForType(const String&, const String& pasteboardName) override;
};
} // namespace WebKit
Modified: trunk/Source/WebKitLegacy/mac/ChangeLog (258979 => 258980)
--- trunk/Source/WebKitLegacy/mac/ChangeLog 2020-03-25 14:05:23 UTC (rev 258979)
+++ trunk/Source/WebKitLegacy/mac/ChangeLog 2020-03-25 15:05:52 UTC (rev 258980)
@@ -1,3 +1,16 @@
+2020-03-25 Wenson Hsieh <wenson_hs...@apple.com>
+
+ Avoid querying pasteboard strings while dragging content over a potential drop target
+ https://bugs.webkit.org/show_bug.cgi?id=209531
+
+ Reviewed by Tim Horton and Ryosuke Niwa.
+
+ Add PasteboardStrategy plumbing; see WebCore for more details.
+
+ * WebCoreSupport/WebPlatformStrategies.h:
+ * WebCoreSupport/WebPlatformStrategies.mm:
+ (WebPlatformStrategies::containsStringSafeForDOMToReadForType):
+
2020-03-23 Wenson Hsieh <wenson_hs...@apple.com>
Remove the unused method PasteboardStrategy::uniqueName()
Modified: trunk/Source/WebKitLegacy/mac/WebCoreSupport/WebPlatformStrategies.h (258979 => 258980)
--- trunk/Source/WebKitLegacy/mac/WebCoreSupport/WebPlatformStrategies.h 2020-03-25 14:05:23 UTC (rev 258979)
+++ trunk/Source/WebKitLegacy/mac/WebCoreSupport/WebPlatformStrategies.h 2020-03-25 15:05:52 UTC (rev 258980)
@@ -79,5 +79,6 @@
int64_t setURL(const WebCore::PasteboardURL&, const String& pasteboardName) override;
int64_t setColor(const WebCore::Color&, const String& pasteboardName) override;
int64_t setStringForType(const String&, const String& pasteboardType, const String& pasteboardName) override;
+ bool containsStringSafeForDOMToReadForType(const String&, const String& pasteboardName) override;
};
Modified: trunk/Source/WebKitLegacy/mac/WebCoreSupport/WebPlatformStrategies.mm (258979 => 258980)
--- trunk/Source/WebKitLegacy/mac/WebCoreSupport/WebPlatformStrategies.mm 2020-03-25 14:05:23 UTC (rev 258979)
+++ trunk/Source/WebKitLegacy/mac/WebCoreSupport/WebPlatformStrategies.mm 2020-03-25 15:05:52 UTC (rev 258980)
@@ -197,6 +197,11 @@
return PlatformPasteboard(pasteboardName).write(data);
}
+bool WebPlatformStrategies::containsStringSafeForDOMToReadForType(const String& pasteboardName, const String& type)
+{
+ return PlatformPasteboard(pasteboardName).containsStringSafeForDOMToReadForType(type);
+}
+
Optional<WebCore::PasteboardItemInfo> WebPlatformStrategies::informationForItemAtIndex(size_t index, const String& pasteboardName, int64_t changeCount)
{
return PlatformPasteboard(pasteboardName).informationForItemAtIndex(index, changeCount);
