Diff
Modified: trunk/Source/WebCore/ChangeLog (213009 => 213010)
--- trunk/Source/WebCore/ChangeLog 2017-02-26 07:19:22 UTC (rev 213009)
+++ trunk/Source/WebCore/ChangeLog 2017-02-26 18:31:13 UTC (rev 213010)
@@ -1,3 +1,19 @@
+2017-02-26 Chris Dumez <[email protected]>
+
+ HitTestResult's linkSuggestedFilename should sanitize download attribute
+ https://bugs.webkit.org/show_bug.cgi?id=168856
+ <rdar://problem/30683109>
+
+ Reviewed by Antti Koivisto.
+
+ HitTestResult's linkSuggestedFilename should sanitize download attribute.
+ This is used by the context menu's "Download Linked File" & "Download Linked
+ File As..." actions.
+
+ * rendering/HitTestResult.cpp:
+ (WebCore::HitTestResult::linkSuggestedFilename):
+ * rendering/HitTestResult.h:
+
2017-02-25 Zalan Bujtas <[email protected]>
Simple line layout: Move coverage functions out of SimpleLineLayout.cpp
Modified: trunk/Source/WebCore/rendering/HitTestResult.cpp (213009 => 213010)
--- trunk/Source/WebCore/rendering/HitTestResult.cpp 2017-02-26 07:19:22 UTC (rev 213009)
+++ trunk/Source/WebCore/rendering/HitTestResult.cpp 2017-02-26 18:31:13 UTC (rev 213010)
@@ -784,12 +784,12 @@
return node->parentElement();
}
-const AtomicString& HitTestResult::URLElementDownloadAttribute() const
+String HitTestResult::linkSuggestedFilename() const
{
auto* urlElement = URLElement();
if (!is<HTMLAnchorElement>(urlElement))
return nullAtom;
- return urlElement->attributeWithoutSynchronization(HTMLNames::downloadAttr);
+ return ResourceResponse::sanitizeSuggestedFilename(urlElement->attributeWithoutSynchronization(HTMLNames::downloadAttr));
}
bool HitTestResult::mediaSupportsEnhancedFullscreen() const
Modified: trunk/Source/WebCore/rendering/HitTestResult.h (213009 => 213010)
--- trunk/Source/WebCore/rendering/HitTestResult.h 2017-02-26 07:19:22 UTC (rev 213009)
+++ trunk/Source/WebCore/rendering/HitTestResult.h 2017-02-26 18:31:13 UTC (rev 213010)
@@ -62,7 +62,7 @@
Scrollbar* scrollbar() const { return m_scrollbar.get(); }
bool isOverWidget() const { return m_isOverWidget; }
- WEBCORE_EXPORT const AtomicString& URLElementDownloadAttribute() const;
+ WEBCORE_EXPORT String linkSuggestedFilename() const;
// Forwarded from HitTestLocation
bool isRectBasedTest() const { return m_hitTestLocation.isRectBasedTest(); }
Modified: trunk/Source/WebKit2/ChangeLog (213009 => 213010)
--- trunk/Source/WebKit2/ChangeLog 2017-02-26 07:19:22 UTC (rev 213009)
+++ trunk/Source/WebKit2/ChangeLog 2017-02-26 18:31:13 UTC (rev 213010)
@@ -1,3 +1,20 @@
+2017-02-26 Chris Dumez <[email protected]>
+
+ HitTestResult's linkSuggestedFilename should sanitize download attribute
+ https://bugs.webkit.org/show_bug.cgi?id=168856
+ <rdar://problem/30683109>
+
+ Reviewed by Antti Koivisto.
+
+ HitTestResult's linkSuggestedFilename should sanitize download attribute.
+ This is used by the context menu's "Download Linked File" & "Download Linked
+ File As..." actions.
+
+ * Shared/WebHitTestResultData.cpp:
+ (WebKit::WebHitTestResultData::WebHitTestResultData):
+ * WebProcess/InjectedBundle/InjectedBundleHitTestResult.cpp:
+ (WebKit::InjectedBundleHitTestResult::linkSuggestedFilename):
+
2017-02-25 Michael Catanzaro <[email protected]>
[GTK] Unreviewed, document deficiency in webkit_website_data_manager_clear() API
Modified: trunk/Source/WebKit2/Shared/WebHitTestResultData.cpp (213009 => 213010)
--- trunk/Source/WebKit2/Shared/WebHitTestResultData.cpp 2017-02-26 07:19:22 UTC (rev 213009)
+++ trunk/Source/WebKit2/Shared/WebHitTestResultData.cpp 2017-02-26 18:31:13 UTC (rev 213010)
@@ -46,7 +46,7 @@
, absoluteMediaURL(hitTestResult.absoluteMediaURL().string())
, linkLabel(hitTestResult.textContent())
, linkTitle(hitTestResult.titleDisplayString())
- , linkSuggestedFilename(hitTestResult.URLElementDownloadAttribute().string())
+ , linkSuggestedFilename(hitTestResult.linkSuggestedFilename())
, isContentEditable(hitTestResult.isContentEditable())
, elementBoundingBox(elementBoundingBoxInWindowCoordinates(hitTestResult))
, isScrollbar(hitTestResult.scrollbar())
@@ -66,7 +66,7 @@
, absoluteMediaURL(hitTestResult.absoluteMediaURL().string())
, linkLabel(hitTestResult.textContent())
, linkTitle(hitTestResult.titleDisplayString())
- , linkSuggestedFilename(hitTestResult.URLElementDownloadAttribute().string())
+ , linkSuggestedFilename(hitTestResult.linkSuggestedFilename())
, isContentEditable(hitTestResult.isContentEditable())
, elementBoundingBox(elementBoundingBoxInWindowCoordinates(hitTestResult))
, isScrollbar(hitTestResult.scrollbar())
Modified: trunk/Source/WebKit2/WebProcess/InjectedBundle/InjectedBundleHitTestResult.cpp (213009 => 213010)
--- trunk/Source/WebKit2/WebProcess/InjectedBundle/InjectedBundleHitTestResult.cpp 2017-02-26 07:19:22 UTC (rev 213009)
+++ trunk/Source/WebKit2/WebProcess/InjectedBundle/InjectedBundleHitTestResult.cpp 2017-02-26 18:31:13 UTC (rev 213010)
@@ -141,7 +141,7 @@
String InjectedBundleHitTestResult::linkSuggestedFilename() const
{
- return m_hitTestResult.URLElementDownloadAttribute();
+ return m_hitTestResult.linkSuggestedFilename();
}
IntRect InjectedBundleHitTestResult::imageRect() const
Modified: trunk/Tools/ChangeLog (213009 => 213010)
--- trunk/Tools/ChangeLog 2017-02-26 07:19:22 UTC (rev 213009)
+++ trunk/Tools/ChangeLog 2017-02-26 18:31:13 UTC (rev 213010)
@@ -1,3 +1,19 @@
+2017-02-26 Chris Dumez <[email protected]>
+
+ HitTestResult's linkSuggestedFilename should sanitize download attribute
+ https://bugs.webkit.org/show_bug.cgi?id=168856
+ <rdar://problem/30683109>
+
+ Reviewed by Antti Koivisto.
+
+ Add test coverage.
+
+ * TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
+ * TestWebKitAPI/Tests/WebKit2/link-with-download-attribute-with-slashes.html: Added.
+ * TestWebKitAPI/Tests/WebKit2/mac/ContextMenuDownload.mm:
+ (TestWebKitAPI::decideDestinationWithSuggestedFilenameContainingSlashes):
+ (TestWebKitAPI::TEST):
+
2017-02-24 Joseph Pecoraro <[email protected]>
[Resource Timing] Media elements initiated loads should set the initiatorType to their element name (video/audio)
Modified: trunk/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj (213009 => 213010)
--- trunk/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj 2017-02-26 07:19:22 UTC (rev 213009)
+++ trunk/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj 2017-02-26 18:31:13 UTC (rev 213010)
@@ -436,6 +436,7 @@
8349D3C21DB96DDE004A9F65 /* ContextMenuDownload.mm in Sources */ = {isa = PBXBuildFile; fileRef = 8349D3C11DB96DDA004A9F65 /* ContextMenuDownload.mm */; };
8349D3C41DB9728E004A9F65 /* link-with-download-attribute.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 8349D3C31DB9724F004A9F65 /* link-with-download-attribute.html */; };
835CF9671D25FCD6001A65D4 /* RestoreSessionStateWithoutNavigation.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 835CF9661D25FCD6001A65D4 /* RestoreSessionStateWithoutNavigation.cpp */; };
+ 8361F1781E610B4E00759B25 /* link-with-download-attribute-with-slashes.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 8361F1771E610B2100759B25 /* link-with-download-attribute-with-slashes.html */; };
837A35F11D9A1E7D00663C57 /* DownloadRequestBlobURL.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 837A35F01D9A1E6400663C57 /* DownloadRequestBlobURL.html */; };
83CF1C301C4F1B8B00688447 /* StringUtilities.mm in Sources */ = {isa = PBXBuildFile; fileRef = 83CF1C2C1C4F19AE00688447 /* StringUtilities.mm */; };
8E4A85371E1D1AB200F53B0F /* GridPosition.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 8E4A85361E1D1AA100F53B0F /* GridPosition.cpp */; };
@@ -635,6 +636,7 @@
dstPath = TestWebKitAPI.resources;
dstSubfolderSpec = 7;
files = (
+ 8361F1781E610B4E00759B25 /* link-with-download-attribute-with-slashes.html in Copy Resources */,
C25CCA0D1E5141840026CB8A /* AllAhem.svg in Copy Resources */,
C25CCA0B1E5140C10026CB8A /* LineBreaking.html in Copy Resources */,
C9C60E651E53A9DC006DA181 /* autoplay-check-frame.html in Copy Resources */,
@@ -1139,6 +1141,7 @@
8349D3C11DB96DDA004A9F65 /* ContextMenuDownload.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = ContextMenuDownload.mm; sourceTree = "<group>"; };
8349D3C31DB9724F004A9F65 /* link-with-download-attribute.html */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.html; path = "link-with-download-attribute.html"; sourceTree = "<group>"; };
835CF9661D25FCD6001A65D4 /* RestoreSessionStateWithoutNavigation.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = RestoreSessionStateWithoutNavigation.cpp; sourceTree = "<group>"; };
+ 8361F1771E610B2100759B25 /* link-with-download-attribute-with-slashes.html */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.html; path = "link-with-download-attribute-with-slashes.html"; sourceTree = "<group>"; };
837A35F01D9A1E6400663C57 /* DownloadRequestBlobURL.html */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.html; path = DownloadRequestBlobURL.html; sourceTree = "<group>"; };
83B88A331C80056D00BB2418 /* HTMLParserIdioms.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = HTMLParserIdioms.cpp; sourceTree = "<group>"; };
83CF1C2C1C4F19AE00688447 /* StringUtilities.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = StringUtilities.mm; sourceTree = "<group>"; };
@@ -2078,6 +2081,7 @@
CE3524F51B142BBB0028A7C5 /* input-focus-blur.html */,
C99B675B1E3971FC00FC6C80 /* js-play-with-controls.html */,
8349D3C31DB9724F004A9F65 /* link-with-download-attribute.html */,
+ 8361F1771E610B2100759B25 /* link-with-download-attribute-with-slashes.html */,
378E647816326FDF00B6C676 /* link-with-title.html */,
9361002814DC957B0061379D /* lots-of-iframes.html */,
93AF4ECF1506F123007FD57E /* lots-of-images.html */,
Added: trunk/Tools/TestWebKitAPI/Tests/WebKit2/link-with-download-attribute-with-slashes.html (0 => 213010)
--- trunk/Tools/TestWebKitAPI/Tests/WebKit2/link-with-download-attribute-with-slashes.html (rev 0)
+++ trunk/Tools/TestWebKitAPI/Tests/WebKit2/link-with-download-attribute-with-slashes.html 2017-02-26 18:31:13 UTC (rev 213010)
@@ -0,0 +1,10 @@
+<html>
+ <body>
+ <a id="testAnchor" style="display: block; height: 100%; width: 100%" download="test1/test2/downloadAttributeValue.txt"></a>
+ <script>
+ var blob = new Blob(["Hello world!"], {type: "application/octet-stream"});
+ var link = document.getElementById("testAnchor");
+ link.href = ""
+ </script>
+ </body>
+</html>
Modified: trunk/Tools/TestWebKitAPI/Tests/WebKit2/mac/ContextMenuDownload.mm (213009 => 213010)
--- trunk/Tools/TestWebKitAPI/Tests/WebKit2/mac/ContextMenuDownload.mm 2017-02-26 07:19:22 UTC (rev 213009)
+++ trunk/Tools/TestWebKitAPI/Tests/WebKit2/mac/ContextMenuDownload.mm 2017-02-26 18:31:13 UTC (rev 213010)
@@ -108,4 +108,50 @@
Util::run(&didDecideDownloadDestination);
}
+static WKStringRef decideDestinationWithSuggestedFilenameContainingSlashes(WKContextRef, WKDownloadRef download, WKStringRef suggestedFilename, bool*, const void*)
+{
+ // Make sure the suggested filename is provided and matches the value of the download attribute in the HTML, after sanitization.
+ EXPECT_WK_STREQ("test1_test2_downloadAttributeValue.txt", suggestedFilename);
+
+ WKDownloadCancel(download);
+ didDecideDownloadDestination = true;
+
+ return Util::toWK("/tmp/WebKitAPITest/ContextMenuDownload").leakRef();
}
+
+TEST(WebKit2, ContextMenuDownloadHTMLDownloadAttributeWithSlashes)
+{
+ WKRetainPtr<WKContextRef> context(AdoptWK, Util::createContextWithInjectedBundle());
+
+ WKContextDownloadClientV0 client;
+ memset(&client, 0, sizeof(client));
+ client.base.version = 0;
+ client.decideDestinationWithSuggestedFilename = decideDestinationWithSuggestedFilenameContainingSlashes;
+ WKContextSetDownloadClient(context.get(), &client.base);
+
+ WKRetainPtr<WKPageGroupRef> pageGroup(AdoptWK, WKPageGroupCreateWithIdentifier(Util::toWK("MyGroup").get()));
+ PlatformWebView webView(context.get(), pageGroup.get());
+
+ WKPageLoaderClientV0 loaderClient;
+ memset(&loaderClient, 0, sizeof(loaderClient));
+ loaderClient.base.version = 0;
+ loaderClient.didFinishLoadForFrame = didFinishLoadForFrame;
+ WKPageSetPageLoaderClient(webView.page(), &loaderClient.base);
+
+ WKPageContextMenuClientV3 contextMenuClient;
+ memset(&contextMenuClient, 0, sizeof(contextMenuClient));
+ contextMenuClient.base.version = 3;
+ contextMenuClient.getContextMenuFromProposedMenu = getContextMenuFromProposedMenu;
+ WKPageSetPageContextMenuClient(webView.page(), &contextMenuClient.base);
+
+ WKRetainPtr<WKURLRef> url(AdoptWK, Util::createURLForResource("link-with-download-attribute-with-slashes", "html"));
+
+ WKPageLoadURL(webView.page(), url.get());
+ Util::run(&didFinishLoad);
+
+ // Right click on link.
+ webView.simulateButtonClick(kWKEventMouseButtonRightButton, 50, 50, 0);
+ Util::run(&didDecideDownloadDestination);
+}
+
+}
