- Revision
- 229462
- Author
- [email protected]
- Date
- 2018-03-09 07:11:01 -0800 (Fri, 09 Mar 2018)
Log Message
[Mac] WebKit fails to receive file promises when the embedding app is sandboxed
https://bugs.webkit.org/show_bug.cgi?id=183489
<rdar://problem/38267517>
Source/WebKit:
WebKit calls -[NSFilePromiseReceiver receivePromisedFilesAtDestination:...] with
NSTemporaryDirectory() as the destination for receiving file promise drops. AppKit attempts
to issue a sandbox extension for this directory, but for security reasons App Sandbox
refuses to do so for NSTemporaryDirectory() itself. As a result, AppKit will call our reader
block with a nil error and a valid file URL, but no file will actually exist at that URL.
In order for App Sandbox to grant issuing the sandbox extension needed by AppKit, we need to
use some other destination directory. This patch uses FileSystem::createTemporaryDirectory()
to securely create a unique temporary directory inside NSTemporaryDirectory() for use as the
drop destination.
Reviewed by Wenson Hsieh.
* UIProcess/Cocoa/WebViewImpl.mm:
(WebKit::WebViewImpl::performDragOperation):
Source/WebKitLegacy/mac:
WebKitLegacy calls -[NSFilePromiseReceiver receivePromisedFilesAtDestination:...] with
NSTemporaryDirectory() as the destination for receiving file promise drops. AppKit attempts
to issue a sandbox extension for this directory, but for security reasons App Sandbox
refuses to do so for NSTemporaryDirectory() itself. As a result, AppKit will call our reader
block with a nil error and a valid file URL, but no file will actually exist at that URL.
In order for App Sandbox to grant issuing the sandbox extension needed by AppKit, we need to
use some other destination directory. This patch uses FileSystem::createTemporaryDirectory()
to securely create a unique temporary directory inside NSTemporaryDirectory() for use as the
drop destination.
Reviewed by Wenson Hsieh.
* WebView/WebView.mm:
(-[WebView performDragOperation:]):
LayoutTests:
Reviewed by Wenson Hsieh.
Now that we create a unique temporary directory per drop, this test no longer encounters a
name conflict for apple.gif.
* editing/pasteboard/file-input-files-access-promise-expected.txt:
* editing/pasteboard/file-input-files-access-promise.html:
Modified Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (229461 => 229462)
--- trunk/LayoutTests/ChangeLog 2018-03-09 14:41:01 UTC (rev 229461)
+++ trunk/LayoutTests/ChangeLog 2018-03-09 15:11:01 UTC (rev 229462)
@@ -1,3 +1,17 @@
+2018-03-09 Andy Estes <[email protected]>
+
+ [Mac] WebKit fails to receive file promises when the embedding app is sandboxed
+ https://bugs.webkit.org/show_bug.cgi?id=183489
+ <rdar://problem/38267517>
+
+ Reviewed by Wenson Hsieh.
+
+ Now that we create a unique temporary directory per drop, this test no longer encounters a
+ name conflict for apple.gif.
+
+ * editing/pasteboard/file-input-files-access-promise-expected.txt:
+ * editing/pasteboard/file-input-files-access-promise.html:
+
2018-03-09 Zan Dobersek <[email protected]>
Unreviewed GTK+ gardening.
Modified: trunk/LayoutTests/editing/pasteboard/file-input-files-access-promise-expected.txt (229461 => 229462)
--- trunk/LayoutTests/editing/pasteboard/file-input-files-access-promise-expected.txt 2018-03-09 14:41:01 UTC (rev 229461)
+++ trunk/LayoutTests/editing/pasteboard/file-input-files-access-promise-expected.txt 2018-03-09 15:11:01 UTC (rev 229462)
@@ -13,9 +13,9 @@
PASS fileInput.value is ""
PASS fileInput.files.length is 0
Dragging three files to a multi-file input control:
-PASS fileInput.value is "C:\\fakepath\\apple 2.gif"
+PASS fileInput.value is "C:\\fakepath\\apple.gif"
PASS fileInput.files.length is 2
-PASS fileInput.files[0].name is "apple 2.gif"
+PASS fileInput.files[0].name is "apple.gif"
PASS fileInput.files[0].type is "image/gif"
PASS fileInput.files[0].size is 1476
PASS fileInput.files[1].name is "mozilla.gif"
Modified: trunk/LayoutTests/editing/pasteboard/file-input-files-access-promise.html (229461 => 229462)
--- trunk/LayoutTests/editing/pasteboard/file-input-files-access-promise.html 2018-03-09 14:41:01 UTC (rev 229461)
+++ trunk/LayoutTests/editing/pasteboard/file-input-files-access-promise.html 2018-03-09 15:11:01 UTC (rev 229462)
@@ -80,7 +80,7 @@
debug("Dragging three files to a multi-file input control:");
await testDraggingFiles([
- { 'path': 'resources/apple.gif', 'name' : 'apple 2.gif', 'size' : 1476, 'type' : 'image/gif' },
+ { 'path': 'resources/apple.gif', 'name' : 'apple.gif', 'size' : 1476, 'type' : 'image/gif' },
{ 'path': 'resources/mozilla.gif', 'name' : 'mozilla.gif', 'size' : 2593, 'type' : 'image/gif' },
]);
Modified: trunk/Source/WebKit/ChangeLog (229461 => 229462)
--- trunk/Source/WebKit/ChangeLog 2018-03-09 14:41:01 UTC (rev 229461)
+++ trunk/Source/WebKit/ChangeLog 2018-03-09 15:11:01 UTC (rev 229462)
@@ -1,3 +1,25 @@
+2018-03-09 Andy Estes <[email protected]>
+
+ [Mac] WebKit fails to receive file promises when the embedding app is sandboxed
+ https://bugs.webkit.org/show_bug.cgi?id=183489
+ <rdar://problem/38267517>
+
+ WebKit calls -[NSFilePromiseReceiver receivePromisedFilesAtDestination:...] with
+ NSTemporaryDirectory() as the destination for receiving file promise drops. AppKit attempts
+ to issue a sandbox extension for this directory, but for security reasons App Sandbox
+ refuses to do so for NSTemporaryDirectory() itself. As a result, AppKit will call our reader
+ block with a nil error and a valid file URL, but no file will actually exist at that URL.
+
+ In order for App Sandbox to grant issuing the sandbox extension needed by AppKit, we need to
+ use some other destination directory. This patch uses FileSystem::createTemporaryDirectory()
+ to securely create a unique temporary directory inside NSTemporaryDirectory() for use as the
+ drop destination.
+
+ Reviewed by Wenson Hsieh.
+
+ * UIProcess/Cocoa/WebViewImpl.mm:
+ (WebKit::WebViewImpl::performDragOperation):
+
2018-03-09 Carlos Garcia Campos <[email protected]>
[GTK] Do not use WebKitDOMHTMLFormElement as argument of signal WebKitWebPage::will-submit-form
Modified: trunk/Source/WebKit/UIProcess/Cocoa/WebViewImpl.mm (229461 => 229462)
--- trunk/Source/WebKit/UIProcess/Cocoa/WebViewImpl.mm 2018-03-09 14:41:01 UTC (rev 229461)
+++ trunk/Source/WebKit/UIProcess/Cocoa/WebViewImpl.mm 2018-03-09 15:11:01 UTC (rev 229462)
@@ -75,6 +75,7 @@
#import <WebCore/DragData.h>
#import <WebCore/DragItem.h>
#import <WebCore/Editor.h>
+#import <WebCore/FileSystem.h>
#import <WebCore/KeypressCommand.h>
#import <WebCore/LegacyNSPasteboardTypes.h>
#import <WebCore/LoaderNSURLExtras.h>
@@ -3720,9 +3721,16 @@
delete dragData;
return false;
}
+
+ NSString *dropDestinationPath = WebCore::FileSystem::createTemporaryDirectory(@"WebKitDropDestination");
+ if (!dropDestinationPath) {
+ delete dragData;
+ return false;
+ }
+
size_t fileCount = files.count;
Vector<String> *fileNames = new Vector<String>;
- NSURL *dropLocation = [NSURL fileURLWithPath:NSTemporaryDirectory() isDirectory:YES];
+ NSURL *dropDestination = [NSURL fileURLWithPath:dropDestinationPath isDirectory:YES];
String pasteboardName = draggingInfo.draggingPasteboard.name;
[draggingInfo enumerateDraggingItemsWithOptions:0 forView:m_view.getAutoreleased() classes:@[[NSFilePromiseReceiver class]] searchOptions:@{ } usingBlock:^(NSDraggingItem * __nonnull draggingItem, NSInteger idx, BOOL * __nonnull stop) {
NSFilePromiseReceiver *item = draggingItem.item;
@@ -3729,7 +3737,7 @@
NSDictionary *options = @{ };
RetainPtr<NSOperationQueue> queue = adoptNS([NSOperationQueue new]);
- [item receivePromisedFilesAtDestination:dropLocation options:options operationQueue:queue.get() reader:^(NSURL * _Nonnull fileURL, NSError * _Nullable errorOrNil) {
+ [item receivePromisedFilesAtDestination:dropDestination options:options operationQueue:queue.get() reader:^(NSURL * _Nonnull fileURL, NSError * _Nullable errorOrNil) {
if (errorOrNil)
return;
Modified: trunk/Source/WebKitLegacy/mac/ChangeLog (229461 => 229462)
--- trunk/Source/WebKitLegacy/mac/ChangeLog 2018-03-09 14:41:01 UTC (rev 229461)
+++ trunk/Source/WebKitLegacy/mac/ChangeLog 2018-03-09 15:11:01 UTC (rev 229462)
@@ -1,3 +1,25 @@
+2018-03-09 Andy Estes <[email protected]>
+
+ [Mac] WebKit fails to receive file promises when the embedding app is sandboxed
+ https://bugs.webkit.org/show_bug.cgi?id=183489
+ <rdar://problem/38267517>
+
+ WebKitLegacy calls -[NSFilePromiseReceiver receivePromisedFilesAtDestination:...] with
+ NSTemporaryDirectory() as the destination for receiving file promise drops. AppKit attempts
+ to issue a sandbox extension for this directory, but for security reasons App Sandbox
+ refuses to do so for NSTemporaryDirectory() itself. As a result, AppKit will call our reader
+ block with a nil error and a valid file URL, but no file will actually exist at that URL.
+
+ In order for App Sandbox to grant issuing the sandbox extension needed by AppKit, we need to
+ use some other destination directory. This patch uses FileSystem::createTemporaryDirectory()
+ to securely create a unique temporary directory inside NSTemporaryDirectory() for use as the
+ drop destination.
+
+ Reviewed by Wenson Hsieh.
+
+ * WebView/WebView.mm:
+ (-[WebView performDragOperation:]):
+
2018-03-08 Megan Gardner <[email protected]>
Allow WebViews to disable system appearance
Modified: trunk/Source/WebKitLegacy/mac/WebView/WebView.mm (229461 => 229462)
--- trunk/Source/WebKitLegacy/mac/WebView/WebView.mm 2018-03-09 14:41:01 UTC (rev 229461)
+++ trunk/Source/WebKitLegacy/mac/WebView/WebView.mm 2018-03-09 15:11:01 UTC (rev 229462)
@@ -144,6 +144,7 @@
#import <WebCore/Editor.h>
#import <WebCore/Event.h>
#import <WebCore/EventHandler.h>
+#import <WebCore/FileSystem.h>
#import <WebCore/FocusController.h>
#import <WebCore/FontCache.h>
#import <WebCore/FrameLoader.h>
@@ -6737,15 +6738,22 @@
delete dragData;
return false;
}
+
+ NSString *dropDestinationPath = WebCore::FileSystem::createTemporaryDirectory(@"WebKitDropDestination");
+ if (!dropDestinationPath) {
+ delete dragData;
+ return false;
+ }
+
size_t fileCount = files.count;
Vector<String> *fileNames = new Vector<String>;
- NSURL *dropLocation = [NSURL fileURLWithPath:NSTemporaryDirectory() isDirectory:YES];
+ NSURL *dropDestination = [NSURL fileURLWithPath:dropDestinationPath isDirectory:YES];
[draggingInfo enumerateDraggingItemsWithOptions:0 forView:self classes:@[[NSFilePromiseReceiver class]] searchOptions:@{ } usingBlock:^(NSDraggingItem * __nonnull draggingItem, NSInteger idx, BOOL * __nonnull stop) {
NSFilePromiseReceiver *item = draggingItem.item;
NSDictionary *options = @{ };
RetainPtr<NSOperationQueue> queue = adoptNS([NSOperationQueue new]);
- [item receivePromisedFilesAtDestination:dropLocation options:options operationQueue:queue.get() reader:^(NSURL * _Nonnull fileURL, NSError * _Nullable errorOrNil) {
+ [item receivePromisedFilesAtDestination:dropDestination options:options operationQueue:queue.get() reader:^(NSURL * _Nonnull fileURL, NSError * _Nullable errorOrNil) {
if (errorOrNil)
return;
