[webkit-changes] [213158] branches/safari-603-branch

Tue, 28 Feb 2017 11:36:06 -0800

Title: [213158] branches/safari-603-branch
Revision
213158
Author
matthew_han...@apple.com
Date
2017-02-28 11:36:56 -0800 (Tue, 28 Feb 2017)

Log Message

Merge r213076. rdar://problem/30704432


Modified Paths




Added Paths

Diff

Modified: branches/safari-603-branch/LayoutTests/ChangeLog (213157 => 213158)


--- branches/safari-603-branch/LayoutTests/ChangeLog	2017-02-28 19:31:30 UTC (rev 213157)
+++ branches/safari-603-branch/LayoutTests/ChangeLog	2017-02-28 19:36:56 UTC (rev 213158)
@@ -1,3 +1,32 @@
+2017-02-28  Matthew Hanson  <matthew_han...@apple.com>
+
+        Merge r213076. rdar://problem/30704432
+
+    2017-02-27  Matthew Hanson  <matthew_han...@apple.com>
+
+            Merge r212972. rdar://problem/30704432
+
+        2017-02-24  Chris Dumez  <cdu...@apple.com>
+
+                Download attribute should be sanitized before being used as suggested filename
+                https://bugs.webkit.org/show_bug.cgi?id=168839
+                <rdar://problem/30683109>
+
+                Reviewed by Darin Adler.
+
+                Add layout test coverage.
+
+                * fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-doublequote-expected.txt: Added.
+                * fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-doublequote.html: Added.
+                * fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-slashes-expected.txt: Added.
+                * fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-slashes.html: Added.
+                * fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-unicode-expected.txt: Added.
+                * fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-unicode.html: Added.
+                * platform/ios-simulator-wk1/TestExpectations:
+                * platform/ios-simulator-wk2/TestExpectations:
+                * platform/mac-wk1/TestExpectations:
+                * platform/win/TestExpectations:
+
 2017-02-23  Matthew Hanson  <matthew_han...@apple.com>
 
         Rollout r212740. rdar://problem/30636274

Added: branches/safari-603-branch/LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-doublequote-expected.txt (0 => 213158)


--- branches/safari-603-branch/LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-doublequote-expected.txt	                        (rev 0)
+++ branches/safari-603-branch/LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-doublequote-expected.txt	2017-02-28 19:36:56 UTC (rev 213158)
@@ -0,0 +1,6 @@
+Download started.
+Downloading URL with suggested filename "test"abe.png"
+Download completed.
+The suggested filename above should be 'test"abe.png' and the download should succeed.
+
+File backed blob URL

Added: branches/safari-603-branch/LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-doublequote.html (0 => 213158)


--- branches/safari-603-branch/LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-doublequote.html	                        (rev 0)
+++ branches/safari-603-branch/LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-doublequote.html	2017-02-28 19:36:56 UTC (rev 213158)
@@ -0,0 +1,36 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script type='text/_javascript_'>
+if (window.testRunner) {
+  testRunner.dumpAsText();
+  testRunner.waitUntilDone();
+}
+</script>
+</head>
+<body>
+<p>The suggested filename above should be 'test"abe.png' and the download should succeed.</p>
+<a id="blob-url" download='test"abe.png'>File backed blob URL</a>
+<script>
+function click(elmt)
+{
+    if (!window.eventSender) {
+        alert('Click the link to run the test.');
+        return;
+    }
+    eventSender.mouseMoveTo(elmt.offsetLeft + 5, elmt.offsetTop + 5);
+    eventSender.mouseDown();
+    eventSender.mouseUp();
+}
+
+function runTest()
+{
+    file = internals.createFile("../resources/abe.png");
+    var link = document.getElementById("blob-url");
+    link.href = ""
+    click(link);
+}
+runTest();
+</script>
+</body>
+</html>

Added: branches/safari-603-branch/LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-slashes-expected.txt (0 => 213158)


--- branches/safari-603-branch/LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-slashes-expected.txt	                        (rev 0)
+++ branches/safari-603-branch/LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-slashes-expected.txt	2017-02-28 19:36:56 UTC (rev 213158)
@@ -0,0 +1,6 @@
+Download started.
+Downloading URL with suggested filename "test1_test2abe.png"
+Download completed.
+The suggested filename above should NOT include slashes or backslashes and the download should succeed.
+
+File backed blob URL

Added: branches/safari-603-branch/LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-slashes.html (0 => 213158)


--- branches/safari-603-branch/LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-slashes.html	                        (rev 0)
+++ branches/safari-603-branch/LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-slashes.html	2017-02-28 19:36:56 UTC (rev 213158)
@@ -0,0 +1,36 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script type='text/_javascript_'>
+if (window.testRunner) {
+  testRunner.dumpAsText();
+  testRunner.waitUntilDone();
+}
+</script>
+</head>
+<body>
+<p>The suggested filename above should NOT include slashes or backslashes and the download should succeed.</p>
+<a id="blob-url" download="test1/test2\\abe.png">File backed blob URL</a>
+<script>
+function click(elmt)
+{
+    if (!window.eventSender) {
+        alert('Click the link to run the test.');
+        return;
+    }
+    eventSender.mouseMoveTo(elmt.offsetLeft + 5, elmt.offsetTop + 5);
+    eventSender.mouseDown();
+    eventSender.mouseUp();
+}
+
+function runTest()
+{
+    file = internals.createFile("../resources/abe.png");
+    var link = document.getElementById("blob-url");
+    link.href = ""
+    click(link);
+}
+runTest();
+</script>
+</body>
+</html>

Added: branches/safari-603-branch/LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-unicode-expected.txt (0 => 213158)


--- branches/safari-603-branch/LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-unicode-expected.txt	                        (rev 0)
+++ branches/safari-603-branch/LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-unicode-expected.txt	2017-02-28 19:36:56 UTC (rev 213158)
@@ -0,0 +1,6 @@
+Download started.
+Downloading URL with suggested filename "你好.png"
+Download completed.
+The suggested filename above should be "你好.png" and the download should succeed.
+
+File backed blob URL

Added: branches/safari-603-branch/LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-unicode.html (0 => 213158)


--- branches/safari-603-branch/LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-unicode.html	                        (rev 0)
+++ branches/safari-603-branch/LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-unicode.html	2017-02-28 19:36:56 UTC (rev 213158)
@@ -0,0 +1,37 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta charset="utf-8">
+<script type='text/_javascript_'>
+if (window.testRunner) {
+  testRunner.dumpAsText();
+  testRunner.waitUntilDone();
+}
+</script>
+</head>
+<body>
+<p>The suggested filename above should be "你好.png" and the download should succeed.</p>
+<a id="blob-url" download='你好.png'>File backed blob URL</a>
+<script>
+function click(elmt)
+{
+    if (!window.eventSender) {
+        alert('Click the link to run the test.');
+        return;
+    }
+    eventSender.mouseMoveTo(elmt.offsetLeft + 5, elmt.offsetTop + 5);
+    eventSender.mouseDown();
+    eventSender.mouseUp();
+}
+
+function runTest()
+{
+    file = internals.createFile("../resources/abe.png");
+    var link = document.getElementById("blob-url");
+    link.href = ""
+    click(link);
+}
+runTest();
+</script>
+</body>
+</html>

Modified: branches/safari-603-branch/LayoutTests/platform/ios-simulator-wk1/TestExpectations (213157 => 213158)


--- branches/safari-603-branch/LayoutTests/platform/ios-simulator-wk1/TestExpectations	2017-02-28 19:31:30 UTC (rev 213157)
+++ branches/safari-603-branch/LayoutTests/platform/ios-simulator-wk1/TestExpectations	2017-02-28 19:36:56 UTC (rev 213158)
@@ -1339,6 +1339,9 @@
 webkit.org/b/156069 fast/dom/HTMLAnchorElement/anchor-download-synthetic-click.html [ Skip ]
 webkit.org/b/156069 fast/dom/HTMLAnchorElement/anchor-download-user-triggered-synthetic-click.html [ Skip ]
 webkit.org/b/156069 fast/dom/HTMLAnchorElement/anchor-file-blob-download.html [ Skip ]
+webkit.org/b/156069 fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-doublequote.html [ Skip ]
+webkit.org/b/156069 fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-slashes.html [ Skip ]
+webkit.org/b/156069 fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-unicode.html [ Skip ]
 webkit.org/b/156069 http/tests/download/area-download.html [ Skip ]
 webkit.org/b/156069 http/tests/security/anchor-download-allow-blob.html [ Skip ]
 webkit.org/b/156069 http/tests/security/anchor-download-allow-data.html [ Skip ]

Modified: branches/safari-603-branch/LayoutTests/platform/ios-simulator-wk2/TestExpectations (213157 => 213158)


--- branches/safari-603-branch/LayoutTests/platform/ios-simulator-wk2/TestExpectations	2017-02-28 19:31:30 UTC (rev 213157)
+++ branches/safari-603-branch/LayoutTests/platform/ios-simulator-wk2/TestExpectations	2017-02-28 19:36:56 UTC (rev 213158)
@@ -1833,6 +1833,9 @@
 webkit.org/b/156067 fast/dom/HTMLAnchorElement/anchor-download.html [ Skip ]
 webkit.org/b/156067 fast/dom/HTMLAnchorElement/anchor-file-blob-convert-to-download.html [ Skip ]
 webkit.org/b/156067 fast/dom/HTMLAnchorElement/anchor-file-blob-download.html [ Skip ]
+webkit.org/b/156067 fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-doublequote.html [ Skip ]
+webkit.org/b/156067 fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-slashes.html [ Skip ]
+webkit.org/b/156067 fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-unicode.html [ Skip ]
 webkit.org/b/156067 fast/dom/HTMLAnchorElement/anchor-nodownload-set.html [ Skip ]
 webkit.org/b/156067 fast/dom/HTMLAnchorElement/anchor-nodownload.html [ Skip ]
 webkit.org/b/156067 fast/dom/HTMLAnchorElement/anchor-download-synthetic-click.html [ Skip ]

Modified: branches/safari-603-branch/LayoutTests/platform/mac-wk1/TestExpectations (213157 => 213158)


--- branches/safari-603-branch/LayoutTests/platform/mac-wk1/TestExpectations	2017-02-28 19:31:30 UTC (rev 213157)
+++ branches/safari-603-branch/LayoutTests/platform/mac-wk1/TestExpectations	2017-02-28 19:36:56 UTC (rev 213158)
@@ -209,6 +209,9 @@
 webkit.org/b/156069 fast/dom/HTMLAnchorElement/anchor-download-synthetic-click.html [ Skip ]
 webkit.org/b/156069 fast/dom/HTMLAnchorElement/anchor-download-user-triggered-synthetic-click.html [ Skip ]
 webkit.org/b/156069 fast/dom/HTMLAnchorElement/anchor-file-blob-download.html [ Skip ]
+webkit.org/b/156069 fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-doublequote.html [ Skip ]
+webkit.org/b/156069 fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-slashes.html [ Skip ]
+webkit.org/b/156069 fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-unicode.html [ Skip ]
 webkit.org/b/156069 http/tests/download/area-download.html [ Skip ]
 webkit.org/b/156069 http/tests/security/anchor-download-allow-blob.html [ Skip ]
 webkit.org/b/156069 http/tests/security/anchor-download-allow-data.html [ Skip ]

Modified: branches/safari-603-branch/LayoutTests/platform/win/TestExpectations (213157 => 213158)


--- branches/safari-603-branch/LayoutTests/platform/win/TestExpectations	2017-02-28 19:31:30 UTC (rev 213157)
+++ branches/safari-603-branch/LayoutTests/platform/win/TestExpectations	2017-02-28 19:36:56 UTC (rev 213158)
@@ -448,6 +448,9 @@
 fast/dom/HTMLAnchorElement/anchor-download-synthetic-click.html [ Skip ]
 fast/dom/HTMLAnchorElement/anchor-download-user-triggered-synthetic-click.html [ Skip ]
 fast/dom/HTMLAnchorElement/anchor-file-blob-download.html [ Skip ]
+fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-doublequote.html [ Skip ]
+fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-slashes.html [ Skip ]
+fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-unicode.html [ Skip ]
 http/tests/download/area-download.html [ Skip ]
 http/tests/security/anchor-download-allow-data.html [ Skip ]
 http/tests/security/anchor-download-allow-sameorigin.html [ Skip ]

Modified: branches/safari-603-branch/Source/WebCore/ChangeLog (213157 => 213158)


--- branches/safari-603-branch/Source/WebCore/ChangeLog	2017-02-28 19:31:30 UTC (rev 213157)
+++ branches/safari-603-branch/Source/WebCore/ChangeLog	2017-02-28 19:36:56 UTC (rev 213158)
@@ -1,3 +1,33 @@
+2017-02-28  Matthew Hanson  <matthew_han...@apple.com>
+
+        Merge r213076. rdar://problem/30704432
+
+    2017-02-27  Matthew Hanson  <matthew_han...@apple.com>
+
+            Merge r212972. rdar://problem/30704432
+
+        2017-02-24  Chris Dumez  <cdu...@apple.com>
+
+                Download attribute should be sanitized before being used as suggested filename
+                https://bugs.webkit.org/show_bug.cgi?id=168839
+                <rdar://problem/30683109>
+
+                Reviewed by Darin Adler.
+
+                Sanitize Download attribute before using it as a suggested filename for the download.
+                We rely on ResourceResponse's sanitizing of the suggested filename to do so, which has
+                the benefit of being consistent with downloads without the download attribute.
+
+                Tests: fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-doublequote.html
+                       fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-slashes.html
+                       fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-unicode.html
+
+                * html/HTMLAnchorElement.cpp:
+                (WebCore::HTMLAnchorElement::handleClick):
+                * platform/network/ResourceResponseBase.cpp:
+                (WebCore::ResourceResponseBase::sanitizeSuggestedFilename):
+                * platform/network/ResourceResponseBase.h:
+
 2017-02-22  Brent Fulgham  <bfulg...@apple.com>
 
         Merge r212828. rdar://problem/30636274

Modified: branches/safari-603-branch/Source/WebCore/html/HTMLAnchorElement.cpp (213157 => 213158)


--- branches/safari-603-branch/Source/WebCore/html/HTMLAnchorElement.cpp	2017-02-28 19:31:30 UTC (rev 213157)
+++ branches/safari-603-branch/Source/WebCore/html/HTMLAnchorElement.cpp	2017-02-28 19:36:56 UTC (rev 213158)
@@ -377,13 +377,13 @@
     appendServerMapMousePosition(url, event);
     URL completedURL = document().completeURL(url.toString());
 
-    auto downloadAttribute = nullAtom;
+    String downloadAttribute;
 #if ENABLE(DOWNLOAD_ATTRIBUTE)
     if (RuntimeEnabledFeatures::sharedFeatures().downloadAttributeEnabled()) {
         // Ignore the download attribute completely if the href URL is cross origin.
         bool isSameOrigin = completedURL.protocolIsData() || document().securityOrigin()->canRequest(completedURL);
         if (isSameOrigin)
-            downloadAttribute = attributeWithoutSynchronization(downloadAttr);
+            downloadAttribute = ResourceResponse::sanitizeSuggestedFilename(attributeWithoutSynchronization(downloadAttr));
         else if (hasAttributeWithoutSynchronization(downloadAttr))
             document().addConsoleMessage(MessageSource::Security, MessageLevel::Warning, "The download attribute on anchor was ignored because its href URL has a different security origin.");
     }

Modified: branches/safari-603-branch/Source/WebCore/platform/network/ResourceResponseBase.cpp (213157 => 213158)


--- branches/safari-603-branch/Source/WebCore/platform/network/ResourceResponseBase.cpp	2017-02-28 19:31:30 UTC (rev 213157)
+++ branches/safari-603-branch/Source/WebCore/platform/network/ResourceResponseBase.cpp	2017-02-28 19:36:56 UTC (rev 213158)
@@ -224,6 +224,19 @@
     return static_cast<const ResourceResponse*>(this)->platformSuggestedFilename();
 }
 
+String ResourceResponseBase::sanitizeSuggestedFilename(const String& suggestedFilename)
+{
+    if (suggestedFilename.isEmpty())
+        return suggestedFilename;
+
+    ResourceResponse response(URL(ParsedURLString, "http://example.com"), String(), -1, String());
+    response.setHTTPStatusCode(200);
+    String escapedSuggestedFilename = String(suggestedFilename).replace('\"', "\\\"");
+    String value = makeString("attachment; filename=\"", escapedSuggestedFilename, '"');
+    response.setHTTPHeaderField(HTTPHeaderName::ContentDisposition, value);
+    return response.suggestedFilename();
+}
+
 bool ResourceResponseBase::isSuccessful() const
 {
     int code = httpStatusCode();

Modified: branches/safari-603-branch/Source/WebCore/platform/network/ResourceResponseBase.h (213157 => 213158)


--- branches/safari-603-branch/Source/WebCore/platform/network/ResourceResponseBase.h	2017-02-28 19:31:30 UTC (rev 213157)
+++ branches/safari-603-branch/Source/WebCore/platform/network/ResourceResponseBase.h	2017-02-28 19:36:56 UTC (rev 213158)
@@ -113,6 +113,7 @@
 
     WEBCORE_EXPORT bool isAttachment() const;
     WEBCORE_EXPORT String suggestedFilename() const;
+    WEBCORE_EXPORT static String sanitizeSuggestedFilename(const String&);
 
     WEBCORE_EXPORT void includeCertificateInfo() const;
     const std::optional<CertificateInfo>& certificateInfo() const { return m_certificateInfo; };

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to