[webkit-changes] [214791] releases/WebKitGTK/webkit-2.16

[carlosgc]

Title: [214791] releases/WebKitGTK/webkit-2.16

Revision

214791

Author

carlo...@webkit.org

Date

2017-04-03 06:36:51 -0700 (Mon, 03 Apr 2017)

Log Message

Merge r214309 - WebSQL databases should not openable in private browsing.
<rdar://problem/30383335> and https://bugs.webkit.org/show_bug.cgi?id=170013

Reviewed by Alex Christensen.

Source/WebCore:

Test: storage/websql/private-browsing-open-disabled.html

* Modules/webdatabase/DatabaseManager.cpp:
(WebCore::DatabaseManager::openDatabaseBackend):
(WebCore::DatabaseManager::tryToOpenDatabaseBackend): Throw an exception if in private browsing.
* Modules/webdatabase/DatabaseManager.h:

LayoutTests:

* storage/websql/private-browsing-open-disabled-expected.txt: Added.
* storage/websql/private-browsing-open-disabled.html: Added.

Modified Paths

• releases/WebKitGTK/webkit-2.16/LayoutTests/ChangeLog
• releases/WebKitGTK/webkit-2.16/Source/WebCore/ChangeLog
• releases/WebKitGTK/webkit-2.16/Source/WebCore/Modules/webdatabase/DatabaseManager.cpp
• releases/WebKitGTK/webkit-2.16/Source/WebCore/Modules/webdatabase/DatabaseManager.h

Added Paths

• releases/WebKitGTK/webkit-2.16/LayoutTests/storage/websql/private-browsing-open-disabled-expected.txt
• releases/WebKitGTK/webkit-2.16/LayoutTests/storage/websql/private-browsing-open-disabled.html

Diff

Modified: releases/WebKitGTK/webkit-2.16/LayoutTests/ChangeLog (214790 => 214791)

--- releases/WebKitGTK/webkit-2.16/LayoutTests/ChangeLog	2017-04-03 13:33:41 UTC (rev 214790)
+++ releases/WebKitGTK/webkit-2.16/LayoutTests/ChangeLog	2017-04-03 13:36:51 UTC (rev 214791)
@@ -1,3 +1,13 @@
+2017-03-23  Brady Eidson  <beid...@apple.com>
+
+        WebSQL databases should not openable in private browsing.
+        <rdar://problem/30383335> and https://bugs.webkit.org/show_bug.cgi?id=170013
+
+        Reviewed by Alex Christensen.
+
+        * storage/websql/private-browsing-open-disabled-expected.txt: Added.
+        * storage/websql/private-browsing-open-disabled.html: Added.
+
 2017-03-22  Antti Koivisto  <an...@apple.com>
 
         Dynamically applied :empty pseudo class with display:none does not get unapplied

Added: releases/WebKitGTK/webkit-2.16/LayoutTests/storage/websql/private-browsing-open-disabled-expected.txt (0 => 214791)

--- releases/WebKitGTK/webkit-2.16/LayoutTests/storage/websql/private-browsing-open-disabled-expected.txt	                        (rev 0)
+++ releases/WebKitGTK/webkit-2.16/LayoutTests/storage/websql/private-browsing-open-disabled-expected.txt	2017-04-03 13:36:51 UTC (rev 214791)
@@ -0,0 +1 @@
+Caught exception opening a WebSQL database in private browsing: SecurityError (DOM Exception 18): The operation is insecure.

Added: releases/WebKitGTK/webkit-2.16/LayoutTests/storage/websql/private-browsing-open-disabled.html (0 => 214791)

--- releases/WebKitGTK/webkit-2.16/LayoutTests/storage/websql/private-browsing-open-disabled.html	                        (rev 0)
+++ releases/WebKitGTK/webkit-2.16/LayoutTests/storage/websql/private-browsing-open-disabled.html	2017-04-03 13:36:51 UTC (rev 214791)
@@ -0,0 +1,23 @@
+<body>
+<div id="logger"></div>
+<script>
+
+if (window.testRunner) {
+    testRunner.dumpAsText();
+    testRunner.waitUntilDone();
+    testRunner.setPrivateBrowsingEnabled(true);
+}
+
+var logger = document.getElementById("logger");
+try {
+    openDatabase("PrivateBrowsingOpenDisabled", "1.0", "Test that you can't open databases in private browsing mode", 1);
+    logger.innerHTML = "Successfully opened a WebSQL database in private browsing"
+} catch(e) {
+    logger.innerHTML = "Caught exception opening a WebSQL database in private browsing: " + e;
+}
+
+if (window.testRunner)
+    testRunner.notifyDone();
+
+</script>
+</body>

Modified: releases/WebKitGTK/webkit-2.16/Source/WebCore/ChangeLog (214790 => 214791)

--- releases/WebKitGTK/webkit-2.16/Source/WebCore/ChangeLog	2017-04-03 13:33:41 UTC (rev 214790)
+++ releases/WebKitGTK/webkit-2.16/Source/WebCore/ChangeLog	2017-04-03 13:36:51 UTC (rev 214791)
@@ -1,3 +1,17 @@
+2017-03-23  Brady Eidson  <beid...@apple.com>
+
+        WebSQL databases should not openable in private browsing.
+        <rdar://problem/30383335> and https://bugs.webkit.org/show_bug.cgi?id=170013
+
+        Reviewed by Alex Christensen.
+
+        Test: storage/websql/private-browsing-open-disabled.html
+
+        * Modules/webdatabase/DatabaseManager.cpp:
+        (WebCore::DatabaseManager::openDatabaseBackend):
+        (WebCore::DatabaseManager::tryToOpenDatabaseBackend): Throw an exception if in private browsing.
+        * Modules/webdatabase/DatabaseManager.h:
+
 2017-03-22  Dean Jackson  <d...@apple.com>
 
         NeverDestroyed<MediaQueryEvaluator> must explicitly construct with a String

Modified: releases/WebKitGTK/webkit-2.16/Source/WebCore/Modules/webdatabase/DatabaseManager.cpp (214790 => 214791)

--- releases/WebKitGTK/webkit-2.16/Source/WebCore/Modules/webdatabase/DatabaseManager.cpp	2017-04-03 13:33:41 UTC (rev 214790)
+++ releases/WebKitGTK/webkit-2.16/Source/WebCore/Modules/webdatabase/DatabaseManager.cpp	2017-04-03 13:36:51 UTC (rev 214791)
@@ -121,10 +121,8 @@
 
 ExceptionOr<Ref<Database>> DatabaseManager::openDatabaseBackend(ScriptExecutionContext& context, const String& name, const String& expectedVersion, const String& displayName, unsigned estimatedSize, bool setVersionInNewDatabase)
 {
-    auto databaseContext = this->databaseContext(context);
+    auto backend = tryToOpenDatabaseBackend(context, name, expectedVersion, displayName, estimatedSize, setVersionInNewDatabase, FirstTryToOpenDatabase);
 
-    auto backend = tryToOpenDatabaseBackend(databaseContext, name, expectedVersion, displayName, estimatedSize, setVersionInNewDatabase, FirstTryToOpenDatabase);
-
     if (backend.hasException()) {
         if (backend.exception().code() == QUOTA_EXCEEDED_ERR) {
             // Notify the client that we've exceeded the database quota.
@@ -133,9 +131,9 @@
             {
                 // FIXME: What guarantees context.securityOrigin() is non-null?
                 ProposedDatabase proposedDatabase { *this, *context.securityOrigin(), name, displayName, estimatedSize };
-                databaseContext->databaseExceededQuota(name, proposedDatabase.details());
+                this->databaseContext(context)->databaseExceededQuota(name, proposedDatabase.details());
             }
-            backend = tryToOpenDatabaseBackend(databaseContext, name, expectedVersion, displayName, estimatedSize, setVersionInNewDatabase, RetryOpenDatabase);
+            backend = tryToOpenDatabaseBackend(context, name, expectedVersion, displayName, estimatedSize, setVersionInNewDatabase, RetryOpenDatabase);
         }
     }
 
@@ -149,9 +147,22 @@
     return backend;
 }
 
-ExceptionOr<Ref<Database>> DatabaseManager::tryToOpenDatabaseBackend(DatabaseContext& backendContext, const String& name, const String& expectedVersion, const String& displayName, unsigned estimatedSize, bool setVersionInNewDatabase,
+ExceptionOr<Ref<Database>> DatabaseManager::tryToOpenDatabaseBackend(ScriptExecutionContext& scriptContext, const String& name, const String& expectedVersion, const String& displayName, unsigned estimatedSize, bool setVersionInNewDatabase,
     OpenAttempt attempt)
 {
+    if (is<Document>(&scriptContext)) {
+        auto* page = downcast<Document>(scriptContext).page();
+        if (!page || page->usesEphemeralSession())
+            return Exception { SECURITY_ERR };
+    }
+
+    if (scriptContext.isWorkerGlobalScope()) {
+        ASSERT_NOT_REACHED();
+        return Exception { SECURITY_ERR };
+    }
+
+    auto backendContext = this->databaseContext(scriptContext);
+
     ExceptionOr<void> preflightResult;
     switch (attempt) {
     case FirstTryToOpenDatabase:
@@ -171,7 +182,7 @@
         return openResult.releaseException();
 
     // FIXME: What guarantees backendContext.securityOrigin() is non-null?
-    DatabaseTracker::singleton().setDatabaseDetails(backendContext.securityOrigin(), name, displayName, estimatedSize);
+    DatabaseTracker::singleton().setDatabaseDetails(backendContext->securityOrigin(), name, displayName, estimatedSize);
     return WTFMove(database);
 }
 

Modified: releases/WebKitGTK/webkit-2.16/Source/WebCore/Modules/webdatabase/DatabaseManager.h (214790 => 214791)

--- releases/WebKitGTK/webkit-2.16/Source/WebCore/Modules/webdatabase/DatabaseManager.h	2017-04-03 13:33:41 UTC (rev 214790)
+++ releases/WebKitGTK/webkit-2.16/Source/WebCore/Modules/webdatabase/DatabaseManager.h	2017-04-03 13:36:51 UTC (rev 214791)
@@ -76,7 +76,7 @@
 
     enum OpenAttempt { FirstTryToOpenDatabase, RetryOpenDatabase };
     ExceptionOr<Ref<Database>> openDatabaseBackend(ScriptExecutionContext&, const String& name, const String& expectedVersion, const String& displayName, unsigned estimatedSize, bool setVersionInNewDatabase);
-    static ExceptionOr<Ref<Database>> tryToOpenDatabaseBackend(DatabaseContext&, const String& name, const String& expectedVersion, const String& displayName, unsigned estimatedSize, bool setVersionInNewDatabase, OpenAttempt);
+    ExceptionOr<Ref<Database>> tryToOpenDatabaseBackend(ScriptExecutionContext&, const String& name, const String& expectedVersion, const String& displayName, unsigned estimatedSize, bool setVersionInNewDatabase, OpenAttempt);
 
     class ProposedDatabase;
     void addProposedDatabase(ProposedDatabase&);

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes