Diff
Modified: branches/safari-609-branch/LayoutTests/ChangeLog (261517 => 261518)
--- branches/safari-609-branch/LayoutTests/ChangeLog 2020-05-12 00:21:45 UTC (rev 261517)
+++ branches/safari-609-branch/LayoutTests/ChangeLog 2020-05-12 00:21:50 UTC (rev 261518)
@@ -1,5 +1,52 @@
2020-05-07 Russell Epstein <repst...@apple.com>
+ Cherry-pick r260598. rdar://problem/62978929
+
+ Allow credentials for same-origin css mask images
+ https://bugs.webkit.org/show_bug.cgi?id=210895
+ <rdar://problem/60093888>
+
+ Patch by Alex Christensen <achristen...@webkit.org> on 2020-04-23
+ Reviewed by Brent Fulgham.
+
+ Source/WebCore:
+
+ Test: http/tests/security/css-mask-image-credentials.html
+
+ r230006 went a step too far in restricting what is allowed with css mask images.
+ Basic authentication credentials should be allowed with such requests as they are in Chrome and Firefox.
+ This can be seen by doing run-webkit-httpd then opening http://127.0.0.1:8000/security/css-mask-image-credentials.html
+ In Chrome and Firefox you'll see it forward to a page that has a blue square.
+ In Safari before this change you'll see a yellow square and a basic authentication prompt.
+ In Safari after this change you'll see the same blue square you see in Chrome and Firefox.
+
+ * style/StylePendingResources.cpp:
+ (WebCore::Style::loadPendingImage):
+
+ LayoutTests:
+
+ * http/tests/security/css-mask-image-credentials-expected.html: Added.
+ * http/tests/security/css-mask-image-credentials.html: Added.
+ * http/tests/security/resources/css-mask-image-credentials-2.html: Added.
+ * http/tests/security/resources/image-credential-check.php: Added.
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@260598 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2020-04-23 Alex Christensen <achristen...@webkit.org>
+
+ Allow credentials for same-origin css mask images
+ https://bugs.webkit.org/show_bug.cgi?id=210895
+ <rdar://problem/60093888>
+
+ Reviewed by Brent Fulgham.
+
+ * http/tests/security/css-mask-image-credentials-expected.html: Added.
+ * http/tests/security/css-mask-image-credentials.html: Added.
+ * http/tests/security/resources/css-mask-image-credentials-2.html: Added.
+ * http/tests/security/resources/image-credential-check.php: Added.
+
+2020-05-07 Russell Epstein <repst...@apple.com>
+
Cherry-pick r260528. rdar://problem/62978914
REGRESSION (r249160): Deleting newline after pasting text ending in a newline results in a discontinuity
Added: branches/safari-609-branch/LayoutTests/http/tests/security/css-mask-image-credentials-expected.html (0 => 261518)
--- branches/safari-609-branch/LayoutTests/http/tests/security/css-mask-image-credentials-expected.html (rev 0)
+++ branches/safari-609-branch/LayoutTests/http/tests/security/css-mask-image-credentials-expected.html 2020-05-12 00:21:50 UTC (rev 261518)
@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<html>
+<head>
+<style>
+.square {
+ width: 128px;
+ height: 128px;
+}
+</style>
+</head>
+<body _onload_="window.testRunner.notifyDone()">
+<div class="square" style="background-color: blue">
+</div>
+</body>
+</html>
Added: branches/safari-609-branch/LayoutTests/http/tests/security/css-mask-image-credentials.html (0 => 261518)
--- branches/safari-609-branch/LayoutTests/http/tests/security/css-mask-image-credentials.html (rev 0)
+++ branches/safari-609-branch/LayoutTests/http/tests/security/css-mask-image-credentials.html 2020-05-12 00:21:50 UTC (rev 261518)
@@ -0,0 +1,12 @@
+<script>
+ if (window.testRunner) { testRunner.waitUntilDone() }
+
+ function reqListener () {
+ window.location.href = ""
+ }
+
+ var oReq = new XMLHttpRequest();
+ oReq.addEventListener("load", reqListener);
+ oReq.open("GET", "http://testusername:testpassword@127.0.0.1:8000/security/resources/image-credential-check.php");
+ oReq.send();
+</script>
Added: branches/safari-609-branch/LayoutTests/http/tests/security/resources/css-mask-image-credentials-2.html (0 => 261518)
--- branches/safari-609-branch/LayoutTests/http/tests/security/resources/css-mask-image-credentials-2.html (rev 0)
+++ branches/safari-609-branch/LayoutTests/http/tests/security/resources/css-mask-image-credentials-2.html 2020-05-12 00:21:50 UTC (rev 261518)
@@ -0,0 +1,27 @@
+<!DOCTYPE html>
+<html>
+<head>
+<style>
+.square {
+ width: 128px;
+ height: 128px;
+}
+
+.blue-background {
+ background-color: blue;
+}
+
+.check-credentials {
+ mask-image: url("/security/resources/image-credential-check.php");
+ mask-size: 128px 128px;
+ -webkit-mask-image: url("/security/resources/image-credential-check.php");
+ -webkit-mask-size: 128px 128px;
+}
+</style>
+</head>
+<body _onload_="window.testRunner.notifyDone()">
+<div class="square" style="background-color: yellow">
+ <div class="square blue-background check-credentials"></div>
+</div>
+</body>
+</html>
Added: branches/safari-609-branch/LayoutTests/http/tests/security/resources/image-credential-check.php (0 => 261518)
--- branches/safari-609-branch/LayoutTests/http/tests/security/resources/image-credential-check.php (rev 0)
+++ branches/safari-609-branch/LayoutTests/http/tests/security/resources/image-credential-check.php 2020-05-12 00:21:50 UTC (rev 261518)
@@ -0,0 +1,12 @@
+<?php
+if ($_SERVER['PHP_AUTH_USER'] == 'testusername' && $_SERVER['PHP_AUTH_PW'] == 'testpassword') {
+ $fp = fopen('black-square.png', 'rb');
+ header("Content-Type: image/png");
+ header("Content-Length: " . filesize('black-square.png'));
+ fpassthru($fp);
+ exit;
+}
+header('HTTP/1.0 401 Unauthorized');
+header('WWW-Authenticate: Basic realm="test realm"');
+exit;
+?>
Modified: branches/safari-609-branch/Source/WebCore/ChangeLog (261517 => 261518)
--- branches/safari-609-branch/Source/WebCore/ChangeLog 2020-05-12 00:21:45 UTC (rev 261517)
+++ branches/safari-609-branch/Source/WebCore/ChangeLog 2020-05-12 00:21:50 UTC (rev 261518)
@@ -1,5 +1,59 @@
2020-05-07 Russell Epstein <repst...@apple.com>
+ Cherry-pick r260598. rdar://problem/62978929
+
+ Allow credentials for same-origin css mask images
+ https://bugs.webkit.org/show_bug.cgi?id=210895
+ <rdar://problem/60093888>
+
+ Patch by Alex Christensen <achristen...@webkit.org> on 2020-04-23
+ Reviewed by Brent Fulgham.
+
+ Source/WebCore:
+
+ Test: http/tests/security/css-mask-image-credentials.html
+
+ r230006 went a step too far in restricting what is allowed with css mask images.
+ Basic authentication credentials should be allowed with such requests as they are in Chrome and Firefox.
+ This can be seen by doing run-webkit-httpd then opening http://127.0.0.1:8000/security/css-mask-image-credentials.html
+ In Chrome and Firefox you'll see it forward to a page that has a blue square.
+ In Safari before this change you'll see a yellow square and a basic authentication prompt.
+ In Safari after this change you'll see the same blue square you see in Chrome and Firefox.
+
+ * style/StylePendingResources.cpp:
+ (WebCore::Style::loadPendingImage):
+
+ LayoutTests:
+
+ * http/tests/security/css-mask-image-credentials-expected.html: Added.
+ * http/tests/security/css-mask-image-credentials.html: Added.
+ * http/tests/security/resources/css-mask-image-credentials-2.html: Added.
+ * http/tests/security/resources/image-credential-check.php: Added.
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@260598 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2020-04-23 Alex Christensen <achristen...@webkit.org>
+
+ Allow credentials for same-origin css mask images
+ https://bugs.webkit.org/show_bug.cgi?id=210895
+ <rdar://problem/60093888>
+
+ Reviewed by Brent Fulgham.
+
+ Test: http/tests/security/css-mask-image-credentials.html
+
+ r230006 went a step too far in restricting what is allowed with css mask images.
+ Basic authentication credentials should be allowed with such requests as they are in Chrome and Firefox.
+ This can be seen by doing run-webkit-httpd then opening http://127.0.0.1:8000/security/css-mask-image-credentials.html
+ In Chrome and Firefox you'll see it forward to a page that has a blue square.
+ In Safari before this change you'll see a yellow square and a basic authentication prompt.
+ In Safari after this change you'll see the same blue square you see in Chrome and Firefox.
+
+ * style/StylePendingResources.cpp:
+ (WebCore::Style::loadPendingImage):
+
+2020-05-07 Russell Epstein <repst...@apple.com>
+
Cherry-pick r260528. rdar://problem/62978914
REGRESSION (r249160): Deleting newline after pasting text ending in a newline results in a discontinuity
Modified: branches/safari-609-branch/Source/WebCore/style/StylePendingResources.cpp (261517 => 261518)
--- branches/safari-609-branch/Source/WebCore/style/StylePendingResources.cpp 2020-05-12 00:21:45 UTC (rev 261517)
+++ branches/safari-609-branch/Source/WebCore/style/StylePendingResources.cpp 2020-05-12 00:21:50 UTC (rev 261518)
@@ -43,7 +43,7 @@
namespace Style {
// <https://html.spec.whatwg.org/multipage/urls-and-fetching.html#cors-settings-attributes>
-enum class LoadPolicy { NoCORS, Anonymous };
+enum class LoadPolicy { CORS, NoCORS, Anonymous };
static void loadPendingImage(Document& document, const StyleImage* styleImage, const Element* element, LoadPolicy loadPolicy = LoadPolicy::NoCORS)
{
if (!styleImage || !styleImage->isPending())
@@ -53,11 +53,19 @@
ResourceLoaderOptions options = CachedResourceLoader::defaultCachedResourceOptions();
options.contentSecurityPolicyImposition = isInUserAgentShadowTree ? ContentSecurityPolicyImposition::SkipPolicyCheck : ContentSecurityPolicyImposition::DoPolicyCheck;
- if (loadPolicy == LoadPolicy::Anonymous && !isInUserAgentShadowTree && document.settings().useAnonymousModeWhenFetchingMaskImages()) {
- options.mode = FetchOptions::Mode::Cors;
- options.credentials = FetchOptions::Credentials::SameOrigin;
- options.storedCredentialsPolicy = StoredCredentialsPolicy::DoNotUse;
- options.sameOriginDataURLFlag = SameOriginDataURLFlag::Set;
+ if (!isInUserAgentShadowTree && document.settings().useAnonymousModeWhenFetchingMaskImages()) {
+ switch (loadPolicy) {
+ case LoadPolicy::Anonymous:
+ options.storedCredentialsPolicy = StoredCredentialsPolicy::DoNotUse;
+ FALLTHROUGH;
+ case LoadPolicy::CORS:
+ options.mode = FetchOptions::Mode::Cors;
+ options.credentials = FetchOptions::Credentials::SameOrigin;
+ options.sameOriginDataURLFlag = SameOriginDataURLFlag::Set;
+ break;
+ case LoadPolicy::NoCORS:
+ break;
+ }
}
const_cast<StyleImage&>(*styleImage).load(document.cachedResourceLoader(), options);
@@ -91,7 +99,7 @@
// the image used as the mask. As a means to mitigate such attacks CSS mask images and shape-outside
// images are retreived in "Anonymous" mode, which uses a potentially CORS-enabled fetch.
for (auto* maskLayer = &style.maskLayers(); maskLayer; maskLayer = maskLayer->next())
- loadPendingImage(document, maskLayer->image(), element, LoadPolicy::Anonymous);
+ loadPendingImage(document, maskLayer->image(), element, LoadPolicy::CORS);
if (style.shapeOutside())
loadPendingImage(document, style.shapeOutside()->image(), element, LoadPolicy::Anonymous);
