[webkit-changes] [199795] trunk

Wed, 20 Apr 2016 15:57:06 -0700

Title: [199795] trunk
Revision
199795
Author
[email protected]
Date
2016-04-20 15:56:40 -0700 (Wed, 20 Apr 2016)

Log Message

[GTK] Expose AllowUniversalAccessFromFileURLs preference now that calling localStorage.getItem() results in SecurityError: DOM Exception 18
Source/WebKit2:

Patch by Dustin Falgout <[email protected]> on 2016-04-20
Reviewed by Michael Catanzaro.

As of r197858 _javascript_ loaded in the context of a file scheme url cannot access local storage. That is a major
breaking change as many applications that serve files locally rely on having access to local storage. The point
of that security fix is to avoid cases of downloaded HTML content (such as e-mail attachments or JS injected
into local contexts) from having access to your local file system and arbitrary local storage. If you are serving
local files in your applications, you can use the WebKitAllowUniversalAccessFromFileURLs preference key to tell
Webkit that you are approve of these kinds of interactions.

https://bugs.webkit.org/show_bug.cgi?id=156651

* UIProcess/API/gtk/WebKitSettings.cpp:
(webKitSettingsSetProperty):
(webKitSettingsGetProperty):
(webkit_settings_class_init):
(webkit_settings_get_allow_universal_access_from_file_urls):
(webkit_settings_set_allow_universal_access_from_file_urls):
* UIProcess/API/gtk/WebKitSettings.h:
* UIProcess/API/gtk/docs/webkit2gtk-4.0-sections.txt:

Tools:

https://bugs.webkit.org/show_bug.cgi?id=156651

Patch by Dustin Falgout <[email protected]> on 2016-04-20
Reviewed by Michael Catanzaro.

* TestWebKitAPI/Tests/WebKit2Gtk/TestWebKitSettings.cpp:
(testWebKitSettings):

Modified Paths

Diff

Modified: trunk/Source/WebKit2/ChangeLog (199794 => 199795)


--- trunk/Source/WebKit2/ChangeLog	2016-04-20 22:51:41 UTC (rev 199794)
+++ trunk/Source/WebKit2/ChangeLog	2016-04-20 22:56:40 UTC (rev 199795)
@@ -1,3 +1,27 @@
+2016-04-20  Dustin Falgout  <[email protected]>
+
+        [GTK] Expose AllowUniversalAccessFromFileURLs preference now that calling localStorage.getItem() results in SecurityError: DOM Exception 18
+        
+        Reviewed by Michael Catanzaro.
+                
+        As of r197858 _javascript_ loaded in the context of a file scheme url cannot access local storage. That is a major 
+        breaking change as many applications that serve files locally rely on having access to local storage. The point  
+        of that security fix is to avoid cases of downloaded HTML content (such as e-mail attachments or JS injected
+        into local contexts) from having access to your local file system and arbitrary local storage. If you are serving 
+        local files in your applications, you can use the WebKitAllowUniversalAccessFromFileURLs preference key to tell 
+        Webkit that you are approve of these kinds of interactions.
+                                              
+        https://bugs.webkit.org/show_bug.cgi?id=156651
+
+        * UIProcess/API/gtk/WebKitSettings.cpp:
+        (webKitSettingsSetProperty):
+        (webKitSettingsGetProperty):
+        (webkit_settings_class_init):
+        (webkit_settings_get_allow_universal_access_from_file_urls):
+        (webkit_settings_set_allow_universal_access_from_file_urls):
+        * UIProcess/API/gtk/WebKitSettings.h:
+        * UIProcess/API/gtk/docs/webkit2gtk-4.0-sections.txt:
+
 2016-04-20  Brady Eidson  <[email protected]>
 
         Modern IDB (Workers): Enable INDEXED_DATABASE_IN_WORKERS compile time flag, but disabled in RuntimeEnabledFeatures.

Modified: trunk/Source/WebKit2/UIProcess/API/gtk/WebKitSettings.cpp (199794 => 199795)


--- trunk/Source/WebKit2/UIProcess/API/gtk/WebKitSettings.cpp	2016-04-20 22:51:41 UTC (rev 199794)
+++ trunk/Source/WebKit2/UIProcess/API/gtk/WebKitSettings.cpp	2016-04-20 22:56:40 UTC (rev 199795)
@@ -144,7 +144,8 @@
     PROP_ENABLE_MEDIA_STREAM,
     PROP_ENABLE_SPATIAL_NAVIGATION,
     PROP_ENABLE_MEDIASOURCE,
-    PROP_ALLOW_FILE_ACCESS_FROM_FILE_URLS
+    PROP_ALLOW_FILE_ACCESS_FROM_FILE_URLS,
+    PROP_ALLOW_UNIVERSAL_ACCESS_FROM_FILE_URLS
 };
 
 static void webKitSettingsConstructed(GObject* object)
@@ -313,6 +314,9 @@
     case PROP_ALLOW_FILE_ACCESS_FROM_FILE_URLS:
         webkit_settings_set_allow_file_access_from_file_urls(settings, g_value_get_boolean(value));
         break;
+    case PROP_ALLOW_UNIVERSAL_ACCESS_FROM_FILE_URLS:
+        webkit_settings_set_allow_universal_access_from_file_urls(settings, g_value_get_boolean(value));
+        break;
     default:
         G_OBJECT_WARN_INVALID_PROPERTY_ID(object, propId, paramSpec);
         break;
@@ -471,6 +475,9 @@
     case PROP_ALLOW_FILE_ACCESS_FROM_FILE_URLS:
         g_value_set_boolean(value, webkit_settings_get_allow_file_access_from_file_urls(settings));
         break;
+    case PROP_ALLOW_UNIVERSAL_ACCESS_FROM_FILE_URLS:
+        g_value_set_boolean(value, webkit_settings_get_allow_universal_access_from_file_urls(settings));
+        break;
     default:
         G_OBJECT_WARN_INVALID_PROPERTY_ID(object, propId, paramSpec);
         break;
@@ -1242,6 +1249,26 @@
             _("Whether file access is allowed from file URLs."),
             FALSE,
             readWriteConstructParamFlags));
+
+    /**
+     * WebKitSettings:allow-universal-access-from-file-urls:
+     *
+     * Whether or not _javascript_ running in the context of a file scheme URL
+     * should be allowed to access content from any origin.  By default, when
+     * something is loaded in a #WebKitWebView using a file scheme URL,
+     * access to the local file system and arbitrary local storage is not
+     * allowed. This setting allows you to change that behaviour, so that
+     * it would be possible to use local storage, for example.
+     *
+     * Since: 2.14
+     */
+    g_object_class_install_property(gObjectClass,
+        PROP_ALLOW_UNIVERSAL_ACCESS_FROM_FILE_URLS,
+        g_param_spec_boolean("allow-universal-access-from-file-urls",
+            _("Allow universal access from the context of file scheme URLs"),
+            _("Whether or not universal access is allowed from the context of file scheme URLs"),
+            FALSE,
+            readWriteConstructParamFlags));
 }
 
 WebPreferences* webkitSettingsGetPreferences(WebKitSettings* settings)
@@ -3062,3 +3089,41 @@
     priv->preferences->setAllowFileAccessFromFileURLs(allowed);
     g_object_notify(G_OBJECT(settings), "allow-file-access-from-file-urls");
 }
+
+/**
+ * webkit_settings_get_allow_universal_access_from_file_urls:
+ * @settings: a #WebKitSettings
+ *
+ * Get the #WebKitSettings:allow-universal-access-from-file-urls property.
+ *
+ * Returns: %TRUE If universal access from file URLs is allowed or %FALSE otherwise.
+ *
+ * Since: 2.14
+ */
+gboolean webkit_settings_get_allow_universal_access_from_file_urls(WebKitSettings* settings)
+{
+    g_return_val_if_fail(WEBKIT_IS_SETTINGS(settings), FALSE);
+
+    return settings->priv->preferences->allowUniversalAccessFromFileURLs();
+}
+
+/**
+ * webkit_settings_set_allow_universal_access_from_file_urls:
+ * @settings: a #WebKitSettings
+ * @allowed: Value to be set
+ *
+ * Set the #WebKitSettings:allow-universal-access-from-file-urls property.
+ *
+ * Since: 2.14
+ */
+void webkit_settings_set_allow_universal_access_from_file_urls(WebKitSettings* settings, gboolean allowed)
+{
+    g_return_if_fail(WEBKIT_IS_SETTINGS(settings));
+
+    WebKitSettingsPrivate* priv = settings->priv;
+    if (priv->preferences->allowUniversalAccessFromFileURLs() == allowed)
+        return;
+
+    priv->preferences->setAllowUniversalAccessFromFileURLs(allowed);
+    g_object_notify(G_OBJECT(settings), "allow-universal-access-from-file-urls");
+}

Modified: trunk/Source/WebKit2/UIProcess/API/gtk/WebKitSettings.h (199794 => 199795)


--- trunk/Source/WebKit2/UIProcess/API/gtk/WebKitSettings.h	2016-04-20 22:51:41 UTC (rev 199794)
+++ trunk/Source/WebKit2/UIProcess/API/gtk/WebKitSettings.h	2016-04-20 22:56:40 UTC (rev 199795)
@@ -421,6 +421,13 @@
 webkit_settings_set_allow_file_access_from_file_urls           (WebKitSettings *settings,
                                                                 gboolean        allowed);
 
+WEBKIT_API gboolean
+webkit_settings_get_allow_universal_access_from_file_urls      (WebKitSettings *settings);
+
+WEBKIT_API void
+webkit_settings_set_allow_universal_access_from_file_urls      (WebKitSettings *settings,
+                                                                gboolean        allowed);
+
 G_END_DECLS
 
 #endif /* WebKitSettings_h */

Modified: trunk/Source/WebKit2/UIProcess/API/gtk/docs/webkit2gtk-4.0-sections.txt (199794 => 199795)


--- trunk/Source/WebKit2/UIProcess/API/gtk/docs/webkit2gtk-4.0-sections.txt	2016-04-20 22:51:41 UTC (rev 199794)
+++ trunk/Source/WebKit2/UIProcess/API/gtk/docs/webkit2gtk-4.0-sections.txt	2016-04-20 22:56:40 UTC (rev 199795)
@@ -453,6 +453,8 @@
 webkit_settings_set_enable_mediasource
 webkit_settings_get_allow_file_access_from_file_urls
 webkit_settings_set_allow_file_access_from_file_urls
+webkit_settings_get_allow_universal_access_from_file_urls
+webkit_settings_set_allow_universal_access_from_file_urls
 
 <SUBSECTION Standard>
 WebKitSettingsClass

Modified: trunk/Tools/ChangeLog (199794 => 199795)


--- trunk/Tools/ChangeLog	2016-04-20 22:51:41 UTC (rev 199794)
+++ trunk/Tools/ChangeLog	2016-04-20 22:56:40 UTC (rev 199795)
@@ -1,3 +1,13 @@
+2016-04-20  Dustin Falgout  <[email protected]>
+
+        [GTK] Expose AllowUniversalAccessFromFileURLs preference now that calling localStorage.getItem() results in SecurityError: DOM Exception 18
+        https://bugs.webkit.org/show_bug.cgi?id=156651
+
+        Reviewed by Michael Catanzaro.
+
+        * TestWebKitAPI/Tests/WebKit2Gtk/TestWebKitSettings.cpp:
+        (testWebKitSettings):
+
 2016-04-20  Brady Eidson  <[email protected]>
 
         Modern IDB (Workers): Enable INDEXED_DATABASE_IN_WORKERS compile time flag, but disabled in RuntimeEnabledFeatures.

Modified: trunk/Tools/TestWebKitAPI/Tests/WebKit2Gtk/TestWebKitSettings.cpp (199794 => 199795)


--- trunk/Tools/TestWebKitAPI/Tests/WebKit2Gtk/TestWebKitSettings.cpp	2016-04-20 22:51:41 UTC (rev 199794)
+++ trunk/Tools/TestWebKitAPI/Tests/WebKit2Gtk/TestWebKitSettings.cpp	2016-04-20 22:56:40 UTC (rev 199795)
@@ -278,6 +278,11 @@
     webkit_settings_set_allow_file_access_from_file_urls(settings, TRUE);
     g_assert(webkit_settings_get_allow_file_access_from_file_urls(settings));
 
+    // Universal access from file URLs is not allowed by default.
+    g_assert(!webkit_settings_get_allow_universal_access_from_file_urls(settings));
+    webkit_settings_set_allow_universal_access_from_file_urls(settings, TRUE);
+    g_assert(webkit_settings_get_allow_universal_access_from_file_urls(settings));
+
     g_object_unref(G_OBJECT(settings));
 }
 

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to