Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 24d05ed6508910459be7ca081f3d4042a1174f68
https://github.com/WebKit/WebKit/commit/24d05ed6508910459be7ca081f3d4042a1174f68
Author: Timothy Hatcher <timo...@apple.com>
Date: 2024-03-04 (Mon, 04 Mar 2024)
Changed paths:
M Source/WebKit/Platform/cocoa/CocoaHelpers.h
M Source/WebKit/Platform/cocoa/CocoaHelpers.mm
M
Source/WebKit/UIProcess/Extensions/Cocoa/API/WebExtensionContextAPIPortCocoa.mm
M
Source/WebKit/UIProcess/Extensions/Cocoa/API/WebExtensionContextAPIRuntimeCocoa.mm
M Source/WebKit/UIProcess/Extensions/Cocoa/WebExtensionMessagePortCocoa.mm
M Source/WebKit/UIProcess/Extensions/WebExtensionContext.h
M Source/WebKit/UIProcess/Extensions/WebExtensionContext.messages.in
M Source/WebKit/WebProcess/Extensions/API/Cocoa/WebExtensionAPIEventCocoa.mm
M Source/WebKit/WebProcess/Extensions/API/Cocoa/WebExtensionAPIPortCocoa.mm
M
Source/WebKit/WebProcess/Extensions/API/Cocoa/WebExtensionAPIRuntimeCocoa.mm
M Source/WebKit/WebProcess/Extensions/API/WebExtensionAPIObject.h
M Source/WebKit/WebProcess/Extensions/API/WebExtensionAPIPort.h
M Tools/TestWebKitAPI/Tests/WebKitCocoa/WKWebExtensionAPIRuntime.mm
Log Message:
-----------
Return empty port with a delay if destination extension isn't found for
externally_connectable.
https://webkit.org/b/269539
rdar://123060441
Reviewed by Brian Weinstein.
Enhance privacy in web-to-extension messaging by ensuring indistinguishability
between scenarios
where an extension is not found or lacks permission to the page and when
messaging is permitted.
This approach mitigates fingerprinting based on installed extensions.
Accomplish this by introducing a random delay for runtime.sendMessage()
responses in error cases.
Also runtime.connect() now consistently returns a port, which is subsequently
disconnected after
a random delay. Importantly, no errors are reported to the web page in any of
these situations.
Also improved port bookkeeping by always sending the PortRemoved message (was
PortDisconnect)
when the port is disconnected or garbage collected.
* Source/WebKit/Platform/cocoa/CocoaHelpers.h:
* Source/WebKit/Platform/cocoa/CocoaHelpers.mm:
(WebKit::callAfterRandomDelay): Added.
*
Source/WebKit/UIProcess/Extensions/Cocoa/API/WebExtensionContextAPIPortCocoa.mm:
(WebKit::WebExtensionContext::portRemoved): Added.
(WebKit::WebExtensionContext::portDisconnect): Deleted.
*
Source/WebKit/UIProcess/Extensions/Cocoa/API/WebExtensionContextAPIRuntimeCocoa.mm:
(WebKit::WebExtensionContext::runtimeWebPageSendMessage): Added work behind
callAfterRandomDelay().
(WebKit::WebExtensionContext::runtimeWebPageConnect): Ditto.
* Source/WebKit/UIProcess/Extensions/Cocoa/WebExtensionMessagePortCocoa.mm:
(WebKit::WebExtensionMessagePort::disconnect): Move portRemoved() call to
remove().
(WebKit::WebExtensionMessagePort::remove): Add call to portRemoved().
* Source/WebKit/UIProcess/Extensions/WebExtensionContext.h:
* Source/WebKit/UIProcess/Extensions/WebExtensionContext.messages.in:
* Source/WebKit/WebProcess/Extensions/API/Cocoa/WebExtensionAPIEventCocoa.mm:
(WebKit::WebExtensionAPIEvent::addListener): Check hasExtensionContext() before
using extensionContext().
This was needed since the quarantined port has no extensionContext, and events
it created don't as well.
(WebKit::WebExtensionAPIEvent::removeListener): Ditto.
(WebKit::WebExtensionAPIEvent::removeAllListeners): Ditto.
* Source/WebKit/WebProcess/Extensions/API/Cocoa/WebExtensionAPIPortCocoa.mm:
(WebKit::WebExtensionAPIPort::add): ASSERT !isQuarantined(), since it should
not be added to the map.
(WebKit::WebExtensionAPIPort::remove): Return early for isQuarantined(). Send
PortRemoved here.
(WebKit::WebExtensionAPIPort::postMessage): Use renamed isDisconnected().
(WebKit::WebExtensionAPIPort::fireMessageEventIfNeeded): Return early for
isQuarantined().
(WebKit::WebExtensionAPIPort::fireDisconnectEventIfNeeded): Moved
PortDisconnect message to remove().
* Source/WebKit/WebProcess/Extensions/API/Cocoa/WebExtensionAPIRuntimeCocoa.mm:
(WebKit::WebExtensionAPIWebPageRuntime::sendMessage): Respond after a random
delay.
(WebKit::WebExtensionAPIWebPageRuntime::connect): Return a port, and disconnect
after a random delay.
* Source/WebKit/WebProcess/Extensions/API/WebExtensionAPIObject.h:
(WebKit::WebExtensionAPIObject::hasExtensionContext const): Added.
* Source/WebKit/WebProcess/Extensions/API/WebExtensionAPIPort.h:
(WebKit::WebExtensionAPIPort::isDisconnected const): Added.
(WebKit::WebExtensionAPIPort::isQuarantined const): Added.
(WebKit::WebExtensionAPIPort::WebExtensionAPIPort): Added.
(WebKit::WebExtensionAPIPort::disconnected const): Deleted.
* Tools/TestWebKitAPI/Tests/WebKitCocoa/WKWebExtensionAPIRuntime.mm:
(TEST(WKWebExtensionAPIRuntime, ConnectFromWebPageWithWrongIdentifier)): Added.
(TEST(WKWebExtensionAPIRuntime, SendMessageFromWebPageWithWrongIdentifier)):
Added.
Canonical link: https://commits.webkit.org/275637@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
