Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 24d05ed6508910459be7ca081f3d4042a1174f68 https://github.com/WebKit/WebKit/commit/24d05ed6508910459be7ca081f3d4042a1174f68 Author: Timothy Hatcher <timo...@apple.com> Date: 2024-03-04 (Mon, 04 Mar 2024)
Changed paths: M Source/WebKit/Platform/cocoa/CocoaHelpers.h M Source/WebKit/Platform/cocoa/CocoaHelpers.mm M Source/WebKit/UIProcess/Extensions/Cocoa/API/WebExtensionContextAPIPortCocoa.mm M Source/WebKit/UIProcess/Extensions/Cocoa/API/WebExtensionContextAPIRuntimeCocoa.mm M Source/WebKit/UIProcess/Extensions/Cocoa/WebExtensionMessagePortCocoa.mm M Source/WebKit/UIProcess/Extensions/WebExtensionContext.h M Source/WebKit/UIProcess/Extensions/WebExtensionContext.messages.in M Source/WebKit/WebProcess/Extensions/API/Cocoa/WebExtensionAPIEventCocoa.mm M Source/WebKit/WebProcess/Extensions/API/Cocoa/WebExtensionAPIPortCocoa.mm M Source/WebKit/WebProcess/Extensions/API/Cocoa/WebExtensionAPIRuntimeCocoa.mm M Source/WebKit/WebProcess/Extensions/API/WebExtensionAPIObject.h M Source/WebKit/WebProcess/Extensions/API/WebExtensionAPIPort.h M Tools/TestWebKitAPI/Tests/WebKitCocoa/WKWebExtensionAPIRuntime.mm Log Message: ----------- Return empty port with a delay if destination extension isn't found for externally_connectable. https://webkit.org/b/269539 rdar://123060441 Reviewed by Brian Weinstein. Enhance privacy in web-to-extension messaging by ensuring indistinguishability between scenarios where an extension is not found or lacks permission to the page and when messaging is permitted. This approach mitigates fingerprinting based on installed extensions. Accomplish this by introducing a random delay for runtime.sendMessage() responses in error cases. Also runtime.connect() now consistently returns a port, which is subsequently disconnected after a random delay. Importantly, no errors are reported to the web page in any of these situations. Also improved port bookkeeping by always sending the PortRemoved message (was PortDisconnect) when the port is disconnected or garbage collected. * Source/WebKit/Platform/cocoa/CocoaHelpers.h: * Source/WebKit/Platform/cocoa/CocoaHelpers.mm: (WebKit::callAfterRandomDelay): Added. * Source/WebKit/UIProcess/Extensions/Cocoa/API/WebExtensionContextAPIPortCocoa.mm: (WebKit::WebExtensionContext::portRemoved): Added. (WebKit::WebExtensionContext::portDisconnect): Deleted. * Source/WebKit/UIProcess/Extensions/Cocoa/API/WebExtensionContextAPIRuntimeCocoa.mm: (WebKit::WebExtensionContext::runtimeWebPageSendMessage): Added work behind callAfterRandomDelay(). (WebKit::WebExtensionContext::runtimeWebPageConnect): Ditto. * Source/WebKit/UIProcess/Extensions/Cocoa/WebExtensionMessagePortCocoa.mm: (WebKit::WebExtensionMessagePort::disconnect): Move portRemoved() call to remove(). (WebKit::WebExtensionMessagePort::remove): Add call to portRemoved(). * Source/WebKit/UIProcess/Extensions/WebExtensionContext.h: * Source/WebKit/UIProcess/Extensions/WebExtensionContext.messages.in: * Source/WebKit/WebProcess/Extensions/API/Cocoa/WebExtensionAPIEventCocoa.mm: (WebKit::WebExtensionAPIEvent::addListener): Check hasExtensionContext() before using extensionContext(). This was needed since the quarantined port has no extensionContext, and events it created don't as well. (WebKit::WebExtensionAPIEvent::removeListener): Ditto. (WebKit::WebExtensionAPIEvent::removeAllListeners): Ditto. * Source/WebKit/WebProcess/Extensions/API/Cocoa/WebExtensionAPIPortCocoa.mm: (WebKit::WebExtensionAPIPort::add): ASSERT !isQuarantined(), since it should not be added to the map. (WebKit::WebExtensionAPIPort::remove): Return early for isQuarantined(). Send PortRemoved here. (WebKit::WebExtensionAPIPort::postMessage): Use renamed isDisconnected(). (WebKit::WebExtensionAPIPort::fireMessageEventIfNeeded): Return early for isQuarantined(). (WebKit::WebExtensionAPIPort::fireDisconnectEventIfNeeded): Moved PortDisconnect message to remove(). * Source/WebKit/WebProcess/Extensions/API/Cocoa/WebExtensionAPIRuntimeCocoa.mm: (WebKit::WebExtensionAPIWebPageRuntime::sendMessage): Respond after a random delay. (WebKit::WebExtensionAPIWebPageRuntime::connect): Return a port, and disconnect after a random delay. * Source/WebKit/WebProcess/Extensions/API/WebExtensionAPIObject.h: (WebKit::WebExtensionAPIObject::hasExtensionContext const): Added. * Source/WebKit/WebProcess/Extensions/API/WebExtensionAPIPort.h: (WebKit::WebExtensionAPIPort::isDisconnected const): Added. (WebKit::WebExtensionAPIPort::isQuarantined const): Added. (WebKit::WebExtensionAPIPort::WebExtensionAPIPort): Added. (WebKit::WebExtensionAPIPort::disconnected const): Deleted. * Tools/TestWebKitAPI/Tests/WebKitCocoa/WKWebExtensionAPIRuntime.mm: (TEST(WKWebExtensionAPIRuntime, ConnectFromWebPageWithWrongIdentifier)): Added. (TEST(WKWebExtensionAPIRuntime, SendMessageFromWebPageWithWrongIdentifier)): Added. Canonical link: https://commits.webkit.org/275637@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications _______________________________________________ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes