Title: [220147] trunk/Source/WebKit
- Revision
- 220147
- Author
- [email protected]
- Date
- 2017-08-02 11:35:22 -0700 (Wed, 02 Aug 2017)
Log Message
Web Automation: files selected for upload should be checked against values of the 'accept' attribute
https://bugs.webkit.org/show_bug.cgi?id=174803
<rdar://problem/33514190>
Reviewed by Carlos Garcia Campos.
Use the parsed values of the file input element's "accept" attribute to reject
files that don't match the specified values. This is normally done by Safari
using NSOpenPanel, but since a real open panel isn't shown during automation,
it needs to be done here.
Support for limiting accepted files by file extensions will be added when the
same is implemented in the normal code path for the C and Objective-C APIs.
This change is covered by internal WebDriver tests that will be rewritten for the
public Webdriver W3C test suite someday, when safaridriver runs those tests itself.
* UIProcess/Automation/WebAutomationSession.cpp:
(WebKit::WebAutomationSession::handleRunOpenPanel):
Since we already have the proposed files, there's no need to compute a list of
supported extensions based on wildcard MIME types. First check the extension,
then the inferred MIME type for the extension, and then the wildcard MIME type
if the inferred type is not an exact match.
Modified Paths
Diff
Modified: trunk/Source/WebKit/ChangeLog (220146 => 220147)
--- trunk/Source/WebKit/ChangeLog 2017-08-02 18:25:17 UTC (rev 220146)
+++ trunk/Source/WebKit/ChangeLog 2017-08-02 18:35:22 UTC (rev 220147)
@@ -1,3 +1,29 @@
+2017-08-02 Brian Burg <[email protected]>
+
+ Web Automation: files selected for upload should be checked against values of the 'accept' attribute
+ https://bugs.webkit.org/show_bug.cgi?id=174803
+ <rdar://problem/33514190>
+
+ Reviewed by Carlos Garcia Campos.
+
+ Use the parsed values of the file input element's "accept" attribute to reject
+ files that don't match the specified values. This is normally done by Safari
+ using NSOpenPanel, but since a real open panel isn't shown during automation,
+ it needs to be done here.
+
+ Support for limiting accepted files by file extensions will be added when the
+ same is implemented in the normal code path for the C and Objective-C APIs.
+
+ This change is covered by internal WebDriver tests that will be rewritten for the
+ public Webdriver W3C test suite someday, when safaridriver runs those tests itself.
+
+ * UIProcess/Automation/WebAutomationSession.cpp:
+ (WebKit::WebAutomationSession::handleRunOpenPanel):
+ Since we already have the proposed files, there's no need to compute a list of
+ supported extensions based on wildcard MIME types. First check the extension,
+ then the inferred MIME type for the extension, and then the wildcard MIME type
+ if the inferred type is not an exact match.
+
2017-08-02 Tim Horton <[email protected]>
WKPDFView doesn't respect safe area insets
Modified: trunk/Source/WebKit/UIProcess/Automation/WebAutomationSession.cpp (220146 => 220147)
--- trunk/Source/WebKit/UIProcess/Automation/WebAutomationSession.cpp 2017-08-02 18:25:17 UTC (rev 220146)
+++ trunk/Source/WebKit/UIProcess/Automation/WebAutomationSession.cpp 2017-08-02 18:35:22 UTC (rev 220147)
@@ -26,6 +26,7 @@
#include "config.h"
#include "WebAutomationSession.h"
+#include "APIArray.h"
#include "APIAutomationSessionClient.h"
#include "APIOpenPanelParameters.h"
#include "AutomationProtocolObjects.h"
@@ -38,6 +39,7 @@
#include "WebProcessPool.h"
#include <_javascript_Core/InspectorBackendDispatcher.h>
#include <_javascript_Core/InspectorFrontendRouter.h>
+#include <WebCore/MIMETypeRegistry.h>
#include <WebCore/URL.h>
#include <algorithm>
#include <wtf/HashMap.h>
@@ -525,7 +527,34 @@
String handle = handleForWebPageProxy(page);
m_domainNotifier->browsingContextCleared(handle);
}
-
+
+static bool fileCanBeAcceptedForUpload(const String& filename, const HashSet<String>& allowedMIMETypes) {
+ if (!WebCore::fileExists(filename))
+ return false;
+
+ if (allowedMIMETypes.isEmpty())
+ return true;
+
+ // Validate filenames against allowed MIME types before choosing them.
+ // FIXME: validate against allowed file extensions when <https://webkit.org/b/95698> is fixed.
+ String extension = filename.substring(filename.reverseFind('.') + 1);
+ String mappedMIMEType = WebCore::MIMETypeRegistry::getMIMETypeForExtension(extension);
+ if (allowedMIMETypes.contains(mappedMIMEType))
+ return true;
+
+ // Fall back to checking for a MIME type wildcard if an exact match is not found.
+ Vector<String> components;
+ mappedMIMEType.split('/', false, components);
+ if (components.size() != 2)
+ return false;
+
+ String wildcardedMIMEType = makeString(components[0], "/*");
+ if (allowedMIMETypes.contains(wildcardedMIMEType))
+ return true;
+
+ return false;
+}
+
void WebAutomationSession::handleRunOpenPanel(const WebPageProxy& page, const WebFrameProxy&, const API::OpenPanelParameters& parameters, WebOpenPanelResultListenerProxy& resultListener)
{
if (!m_filesToSelectForFileUpload.size()) {
@@ -540,10 +569,14 @@
return;
}
- // Per §14.3.10.5 in the W3C spec, if at least one file no longer exists, the command should fail.
- // The REST API service can tell that this failed by checking the "value" attribute of the input element.
+ HashSet<String> allowedMIMETypes;
+ for (auto type : parameters.acceptMIMETypes()->elementsOfType<API::String>())
+ allowedMIMETypes.add(type->string());
+
+ // Per §14.3.10.5 in the W3C spec, if at least one file cannot be accepted, the command should fail.
+ // The REST API service can tell that this failed by checking the "files" attribute of the input element.
for (const String& filename : m_filesToSelectForFileUpload) {
- if (!WebCore::fileExists(filename)) {
+ if (!fileCanBeAcceptedForUpload(filename, allowedMIMETypes)) {
resultListener.cancel();
m_domainNotifier->fileChooserDismissed(m_activeBrowsingContextHandle, true);
return;
@@ -550,7 +583,6 @@
}
}
- // FIXME: validate filenames against allowed MIME types before choosing them. <https://webkit.org/b/174803>
resultListener.chooseFiles(m_filesToSelectForFileUpload);
m_domainNotifier->fileChooserDismissed(m_activeBrowsingContextHandle, false);
}
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
