Diff
Modified: branches/safari-605-branch/LayoutTests/ChangeLog (231953 => 231954)
--- branches/safari-605-branch/LayoutTests/ChangeLog 2018-05-18 14:31:02 UTC (rev 231953)
+++ branches/safari-605-branch/LayoutTests/ChangeLog 2018-05-18 15:09:14 UTC (rev 231954)
@@ -1,3 +1,112 @@
+2018-05-17 Kocsen Chung <[email protected]>
+
+ Cherry-pick r229503. rdar://problem/39841080
+
+ [macOS] Copying a table from the Numbers app and pasting into iCloud Numbers fails
+ https://bugs.webkit.org/show_bug.cgi?id=183485
+ <rdar://problem/38041984>
+
+ Reviewed by Ryosuke Niwa.
+
+ Source/WebCore:
+
+ After r222656, WebKit now treats raw image data on the pasteboard as files for the purposes of computing
+ DataTransfer.files and DataTransfer.types. However, this is combined with existing policies that suppress
+ DataTransfer.getData and DataTransfer.setData when the pasteboard contains files (generalized to copy/paste in
+ r222688). This means we now don't allow web pages to access "text/plain" in the case where the user copies part
+ of a table from the native Numbers app since Numbers additionally writes a snapshot of the table to the platform
+ pasteboard.
+
+ This restriction on getData/setData was intended to prevent web pages from extracting users' file paths when
+ pasting or dropping, so it doesn't make sense to enforce this restriction even when there is only in-memory
+ image data on the pasteboard. To fix this bug, we make Pasteboard::fileContentState() differentiate between
+ cases where there are (real) files on the pasteboard, and cases where we've fallen back to treating image data
+ as files.
+
+ Rebaselined existing LayoutTests to match new behavior.
+ Also covered by 4 new API tests:
+ - PasteMixedContent.ImageDataAndPlainText
+ - PasteMixedContent.ImageDataAndPlainTextAndURL
+ - PasteMixedContent.ImageDataAndPlainTextAndURLAndHTML
+ - UIPasteboardTests.DataTransferGetDataWhenPastingImageAndText
+
+ * dom/DataTransfer.cpp:
+ (WebCore::DataTransfer::shouldSuppressGetAndSetDataToAvoidExposingFilePaths const):
+
+ If custom pasteboard data is enabled, suppress getData and setData if and only if we might actually expose file
+ paths (see Pasteboard::fileContentState).
+
+ (WebCore::DataTransfer::types const):
+
+ Only allow "text/html" or "text/uri-list" in the case where there are actual files in the pasteboard. If there's
+ only image data, add all of the DOM-safe types back into the list of types.
+
+ * platform/Pasteboard.h:
+ * platform/StaticPasteboard.h:
+
+ Add an enum type to represent the result of Pasteboard::fileContentState.
+ - NoFileOrImageData indicates that there was nothing on the pasteboard that could be considered a file
+ from the point of view of the page.
+ - InMemoryImage indicates that there are no files on the pasteboard, but there is image data that we consider
+ to be files, exposed via DataTransfer API.
+ - MayContainFilePaths indicates that there might be file paths on the pasteboard. This means that the source
+ has either written file paths to the pasteboard (for example, through NSFilenamesPboardType) or the source
+ has written image data along with a URL type of some sort that does not match one of the allowed URL schemes
+ that are safe to expose (currently, these are http-family, data, or blob).
+
+ * platform/cocoa/PasteboardCocoa.mm:
+ (WebCore::Pasteboard::fileContentState):
+
+ Refactor to return one of the three enum types described above.
+
+ (WebCore::Pasteboard::containsFiles): Deleted.
+ * platform/gtk/PasteboardGtk.cpp:
+ (WebCore::Pasteboard::fileContentState):
+ (WebCore::Pasteboard::containsFiles): Deleted.
+ * platform/win/PasteboardWin.cpp:
+ (WebCore::Pasteboard::fileContentState):
+ (WebCore::Pasteboard::containsFiles): Deleted.
+ * platform/wpe/PasteboardWPE.cpp:
+ (WebCore::Pasteboard::fileContentState):
+ (WebCore::Pasteboard::containsFiles): Deleted.
+
+ Adjust for Pasteboard::fileContentState() tweaks.
+
+ Tools:
+
+ Add new API tests to cover scenarios in which we paste image data alongside text data.
+
+ * TestWebKitAPI/Tests/WebKitCocoa/PasteMixedContent.mm:
+ (TestWebKitAPI::TEST):
+ * TestWebKitAPI/Tests/ios/UIPasteboardTests.mm:
+ (TestWebKitAPI::TEST):
+
+ LayoutTests:
+
+ Rebaseline some pasteboard-related layout tests, in which we now expose text/plain alongside files that were
+ written to the DataTransfer by the page itself.
+
+ * editing/pasteboard/data-transfer-item-list-add-file-multiple-times-expected.txt:
+ * editing/pasteboard/data-transfer-item-list-add-file-on-copy-expected.txt:
+ * editing/pasteboard/data-transfer-item-list-add-file-on-drag-expected.txt:
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@229503 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2018-03-10 Wenson Hsieh <[email protected]>
+
+ [macOS] Copying a table from the Numbers app and pasting into iCloud Numbers fails
+ https://bugs.webkit.org/show_bug.cgi?id=183485
+ <rdar://problem/38041984>
+
+ Reviewed by Ryosuke Niwa.
+
+ Rebaseline some pasteboard-related layout tests, in which we now expose text/plain alongside files that were
+ written to the DataTransfer by the page itself.
+
+ * editing/pasteboard/data-transfer-item-list-add-file-multiple-times-expected.txt:
+ * editing/pasteboard/data-transfer-item-list-add-file-on-copy-expected.txt:
+ * editing/pasteboard/data-transfer-item-list-add-file-on-drag-expected.txt:
+
2018-05-15 Kocsen Chung <[email protected]>
Cherry-pick r231713. rdar://problem/40172913
Modified: branches/safari-605-branch/LayoutTests/editing/pasteboard/data-transfer-item-list-add-file-multiple-times-expected.txt (231953 => 231954)
--- branches/safari-605-branch/LayoutTests/editing/pasteboard/data-transfer-item-list-add-file-multiple-times-expected.txt 2018-05-18 14:31:02 UTC (rev 231953)
+++ branches/safari-605-branch/LayoutTests/editing/pasteboard/data-transfer-item-list-add-file-multiple-times-expected.txt 2018-05-18 15:09:14 UTC (rev 231954)
@@ -10,6 +10,7 @@
{
"data": {
"Files": "",
+ "text/plain": "plain text string",
"text/uri-list": "https://webkit.org"
},
"items": [
@@ -88,6 +89,7 @@
{
"data": {
"Files": "",
+ "text/plain": "plain text string",
"text/uri-list": "https://webkit.org"
},
"items": [
@@ -153,6 +155,7 @@
{
"data": {
"Files": "",
+ "text/plain": "plain text string",
"text/uri-list": "https://webkit.org"
},
"items": [
@@ -204,6 +207,7 @@
{
"data": {
"Files": "",
+ "text/plain": "plain text string",
"text/uri-list": "https://webkit.org"
},
"items": [
@@ -248,7 +252,8 @@
{
"data": {
"Files": "",
- "text/html": "<strong>some styled text</strong>"
+ "text/html": "<strong>some styled text</strong>",
+ "text/plain": "some plain text"
},
"items": [
{
Modified: branches/safari-605-branch/LayoutTests/editing/pasteboard/data-transfer-item-list-add-file-on-copy-expected.txt (231953 => 231954)
--- branches/safari-605-branch/LayoutTests/editing/pasteboard/data-transfer-item-list-add-file-on-copy-expected.txt 2018-05-18 14:31:02 UTC (rev 231953)
+++ branches/safari-605-branch/LayoutTests/editing/pasteboard/data-transfer-item-list-add-file-on-copy-expected.txt 2018-05-18 15:09:14 UTC (rev 231954)
@@ -24,7 +24,8 @@
2. After adding a file of custom type
{
"data": {
- "Files": ""
+ "Files": "",
+ "text/plain": "hello world"
},
"items": [
{
@@ -54,7 +55,8 @@
3. After adding the first plain text file
{
"data": {
- "Files": ""
+ "Files": "",
+ "text/plain": "hello world"
},
"items": [
{
@@ -98,7 +100,8 @@
4. After removing the last file
{
"data": {
- "Files": ""
+ "Files": "",
+ "text/plain": "hello world"
},
"items": [
{
@@ -130,6 +133,7 @@
{
"data": {
"Files": "",
+ "text/plain": "hello world",
"text/html": "<a>goodbye world</a>"
},
"items": [
@@ -166,6 +170,7 @@
{
"data": {
"Files": "",
+ "text/plain": "hello world",
"text/html": "<a>goodbye world</a>"
},
"items": [
@@ -216,6 +221,7 @@
{
"data": {
"Files": "",
+ "text/plain": "hello world",
"text/html": "<a>goodbye world</a>"
},
"items": [
@@ -252,7 +258,8 @@
8. After removing the HTML string
{
"data": {
- "Files": ""
+ "Files": "",
+ "text/plain": "hello world"
},
"items": [
{
Modified: branches/safari-605-branch/LayoutTests/editing/pasteboard/data-transfer-item-list-add-file-on-drag-expected.txt (231953 => 231954)
--- branches/safari-605-branch/LayoutTests/editing/pasteboard/data-transfer-item-list-add-file-on-drag-expected.txt 2018-05-18 14:31:02 UTC (rev 231953)
+++ branches/safari-605-branch/LayoutTests/editing/pasteboard/data-transfer-item-list-add-file-on-drag-expected.txt 2018-05-18 15:09:14 UTC (rev 231954)
@@ -24,7 +24,8 @@
2. After adding a file of custom type
{
"data": {
- "Files": ""
+ "Files": "",
+ "text/plain": "hello world"
},
"items": [
{
@@ -54,7 +55,8 @@
3. After adding the first plain text file
{
"data": {
- "Files": ""
+ "Files": "",
+ "text/plain": "hello world"
},
"items": [
{
@@ -98,7 +100,8 @@
4. After removing the last file
{
"data": {
- "Files": ""
+ "Files": "",
+ "text/plain": "hello world"
},
"items": [
{
@@ -130,6 +133,7 @@
{
"data": {
"Files": "",
+ "text/plain": "hello world",
"text/html": "<a>goodbye world</a>"
},
"items": [
@@ -166,6 +170,7 @@
{
"data": {
"Files": "",
+ "text/plain": "hello world",
"text/html": "<a>goodbye world</a>"
},
"items": [
@@ -216,6 +221,7 @@
{
"data": {
"Files": "",
+ "text/plain": "hello world",
"text/html": "<a>goodbye world</a>"
},
"items": [
@@ -252,7 +258,8 @@
8. After removing the HTML string
{
"data": {
- "Files": ""
+ "Files": "",
+ "text/plain": "hello world"
},
"items": [
{
Modified: branches/safari-605-branch/Source/WebCore/ChangeLog (231953 => 231954)
--- branches/safari-605-branch/Source/WebCore/ChangeLog 2018-05-18 14:31:02 UTC (rev 231953)
+++ branches/safari-605-branch/Source/WebCore/ChangeLog 2018-05-18 15:09:14 UTC (rev 231954)
@@ -1,5 +1,169 @@
2018-05-17 Kocsen Chung <[email protected]>
+ Cherry-pick r229503. rdar://problem/39841080
+
+ [macOS] Copying a table from the Numbers app and pasting into iCloud Numbers fails
+ https://bugs.webkit.org/show_bug.cgi?id=183485
+ <rdar://problem/38041984>
+
+ Reviewed by Ryosuke Niwa.
+
+ Source/WebCore:
+
+ After r222656, WebKit now treats raw image data on the pasteboard as files for the purposes of computing
+ DataTransfer.files and DataTransfer.types. However, this is combined with existing policies that suppress
+ DataTransfer.getData and DataTransfer.setData when the pasteboard contains files (generalized to copy/paste in
+ r222688). This means we now don't allow web pages to access "text/plain" in the case where the user copies part
+ of a table from the native Numbers app since Numbers additionally writes a snapshot of the table to the platform
+ pasteboard.
+
+ This restriction on getData/setData was intended to prevent web pages from extracting users' file paths when
+ pasting or dropping, so it doesn't make sense to enforce this restriction even when there is only in-memory
+ image data on the pasteboard. To fix this bug, we make Pasteboard::fileContentState() differentiate between
+ cases where there are (real) files on the pasteboard, and cases where we've fallen back to treating image data
+ as files.
+
+ Rebaselined existing LayoutTests to match new behavior.
+ Also covered by 4 new API tests:
+ - PasteMixedContent.ImageDataAndPlainText
+ - PasteMixedContent.ImageDataAndPlainTextAndURL
+ - PasteMixedContent.ImageDataAndPlainTextAndURLAndHTML
+ - UIPasteboardTests.DataTransferGetDataWhenPastingImageAndText
+
+ * dom/DataTransfer.cpp:
+ (WebCore::DataTransfer::shouldSuppressGetAndSetDataToAvoidExposingFilePaths const):
+
+ If custom pasteboard data is enabled, suppress getData and setData if and only if we might actually expose file
+ paths (see Pasteboard::fileContentState).
+
+ (WebCore::DataTransfer::types const):
+
+ Only allow "text/html" or "text/uri-list" in the case where there are actual files in the pasteboard. If there's
+ only image data, add all of the DOM-safe types back into the list of types.
+
+ * platform/Pasteboard.h:
+ * platform/StaticPasteboard.h:
+
+ Add an enum type to represent the result of Pasteboard::fileContentState.
+ - NoFileOrImageData indicates that there was nothing on the pasteboard that could be considered a file
+ from the point of view of the page.
+ - InMemoryImage indicates that there are no files on the pasteboard, but there is image data that we consider
+ to be files, exposed via DataTransfer API.
+ - MayContainFilePaths indicates that there might be file paths on the pasteboard. This means that the source
+ has either written file paths to the pasteboard (for example, through NSFilenamesPboardType) or the source
+ has written image data along with a URL type of some sort that does not match one of the allowed URL schemes
+ that are safe to expose (currently, these are http-family, data, or blob).
+
+ * platform/cocoa/PasteboardCocoa.mm:
+ (WebCore::Pasteboard::fileContentState):
+
+ Refactor to return one of the three enum types described above.
+
+ (WebCore::Pasteboard::containsFiles): Deleted.
+ * platform/gtk/PasteboardGtk.cpp:
+ (WebCore::Pasteboard::fileContentState):
+ (WebCore::Pasteboard::containsFiles): Deleted.
+ * platform/win/PasteboardWin.cpp:
+ (WebCore::Pasteboard::fileContentState):
+ (WebCore::Pasteboard::containsFiles): Deleted.
+ * platform/wpe/PasteboardWPE.cpp:
+ (WebCore::Pasteboard::fileContentState):
+ (WebCore::Pasteboard::containsFiles): Deleted.
+
+ Adjust for Pasteboard::fileContentState() tweaks.
+
+ Tools:
+
+ Add new API tests to cover scenarios in which we paste image data alongside text data.
+
+ * TestWebKitAPI/Tests/WebKitCocoa/PasteMixedContent.mm:
+ (TestWebKitAPI::TEST):
+ * TestWebKitAPI/Tests/ios/UIPasteboardTests.mm:
+ (TestWebKitAPI::TEST):
+
+ LayoutTests:
+
+ Rebaseline some pasteboard-related layout tests, in which we now expose text/plain alongside files that were
+ written to the DataTransfer by the page itself.
+
+ * editing/pasteboard/data-transfer-item-list-add-file-multiple-times-expected.txt:
+ * editing/pasteboard/data-transfer-item-list-add-file-on-copy-expected.txt:
+ * editing/pasteboard/data-transfer-item-list-add-file-on-drag-expected.txt:
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@229503 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2018-03-10 Wenson Hsieh <[email protected]>
+
+ [macOS] Copying a table from the Numbers app and pasting into iCloud Numbers fails
+ https://bugs.webkit.org/show_bug.cgi?id=183485
+ <rdar://problem/38041984>
+
+ Reviewed by Ryosuke Niwa.
+
+ After r222656, WebKit now treats raw image data on the pasteboard as files for the purposes of computing
+ DataTransfer.files and DataTransfer.types. However, this is combined with existing policies that suppress
+ DataTransfer.getData and DataTransfer.setData when the pasteboard contains files (generalized to copy/paste in
+ r222688). This means we now don't allow web pages to access "text/plain" in the case where the user copies part
+ of a table from the native Numbers app since Numbers additionally writes a snapshot of the table to the platform
+ pasteboard.
+
+ This restriction on getData/setData was intended to prevent web pages from extracting users' file paths when
+ pasting or dropping, so it doesn't make sense to enforce this restriction even when there is only in-memory
+ image data on the pasteboard. To fix this bug, we make Pasteboard::fileContentState() differentiate between
+ cases where there are (real) files on the pasteboard, and cases where we've fallen back to treating image data
+ as files.
+
+ Rebaselined existing LayoutTests to match new behavior.
+ Also covered by 4 new API tests:
+ - PasteMixedContent.ImageDataAndPlainText
+ - PasteMixedContent.ImageDataAndPlainTextAndURL
+ - PasteMixedContent.ImageDataAndPlainTextAndURLAndHTML
+ - UIPasteboardTests.DataTransferGetDataWhenPastingImageAndText
+
+ * dom/DataTransfer.cpp:
+ (WebCore::DataTransfer::shouldSuppressGetAndSetDataToAvoidExposingFilePaths const):
+
+ If custom pasteboard data is enabled, suppress getData and setData if and only if we might actually expose file
+ paths (see Pasteboard::fileContentState).
+
+ (WebCore::DataTransfer::types const):
+
+ Only allow "text/html" or "text/uri-list" in the case where there are actual files in the pasteboard. If there's
+ only image data, add all of the DOM-safe types back into the list of types.
+
+ * platform/Pasteboard.h:
+ * platform/StaticPasteboard.h:
+
+ Add an enum type to represent the result of Pasteboard::fileContentState.
+ - NoFileOrImageData indicates that there was nothing on the pasteboard that could be considered a file
+ from the point of view of the page.
+ - InMemoryImage indicates that there are no files on the pasteboard, but there is image data that we consider
+ to be files, exposed via DataTransfer API.
+ - MayContainFilePaths indicates that there might be file paths on the pasteboard. This means that the source
+ has either written file paths to the pasteboard (for example, through NSFilenamesPboardType) or the source
+ has written image data along with a URL type of some sort that does not match one of the allowed URL schemes
+ that are safe to expose (currently, these are http-family, data, or blob).
+
+ * platform/cocoa/PasteboardCocoa.mm:
+ (WebCore::Pasteboard::fileContentState):
+
+ Refactor to return one of the three enum types described above.
+
+ (WebCore::Pasteboard::containsFiles): Deleted.
+ * platform/gtk/PasteboardGtk.cpp:
+ (WebCore::Pasteboard::fileContentState):
+ (WebCore::Pasteboard::containsFiles): Deleted.
+ * platform/win/PasteboardWin.cpp:
+ (WebCore::Pasteboard::fileContentState):
+ (WebCore::Pasteboard::containsFiles): Deleted.
+ * platform/wpe/PasteboardWPE.cpp:
+ (WebCore::Pasteboard::fileContentState):
+ (WebCore::Pasteboard::containsFiles): Deleted.
+
+ Adjust for Pasteboard::fileContentState() tweaks.
+
+2018-05-17 Kocsen Chung <[email protected]>
+
Cherry-pick r230533. rdar://problem/40345980
IDN spoofing with Hebrew combining characters
Modified: branches/safari-605-branch/Source/WebCore/dom/DataTransfer.cpp (231953 => 231954)
--- branches/safari-605-branch/Source/WebCore/dom/DataTransfer.cpp 2018-05-18 14:31:02 UTC (rev 231953)
+++ branches/safari-605-branch/Source/WebCore/dom/DataTransfer.cpp 2018-05-18 15:09:14 UTC (rev 231954)
@@ -204,7 +204,7 @@
{
if (!forFileDrag() && !RuntimeEnabledFeatures::sharedFeatures().customPasteboardDataEnabled())
return false;
- return m_pasteboard->containsFiles();
+ return m_pasteboard->fileContentState() == Pasteboard::FileContentState::MayContainFilePaths;
}
void DataTransfer::setData(const String& type, const String& data)
@@ -291,7 +291,7 @@
if (!RuntimeEnabledFeatures::sharedFeatures().customPasteboardDataEnabled()) {
auto types = m_pasteboard->typesForLegacyUnsafeBindings();
ASSERT(!types.contains("Files"));
- if (m_pasteboard->containsFiles() && addFilesType == AddFilesType::Yes)
+ if (m_pasteboard->fileContentState() != Pasteboard::FileContentState::NoFileOrImageData && addFilesType == AddFilesType::Yes)
types.append("Files");
return types;
}
@@ -301,10 +301,17 @@
return item->isFile();
});
- if (hasFileBackedItem || m_pasteboard->containsFiles()) {
+ auto fileContentState = m_pasteboard->fileContentState();
+ if (hasFileBackedItem || fileContentState != Pasteboard::FileContentState::NoFileOrImageData) {
Vector<String> types;
if (addFilesType == AddFilesType::Yes)
types.append(ASCIILiteral("Files"));
+
+ if (fileContentState != Pasteboard::FileContentState::MayContainFilePaths) {
+ types.appendVector(WTFMove(safeTypes));
+ return types;
+ }
+
if (safeTypes.contains("text/uri-list"))
types.append(ASCIILiteral("text/uri-list"));
if (safeTypes.contains("text/html") && RuntimeEnabledFeatures::sharedFeatures().customPasteboardDataEnabled())
Modified: branches/safari-605-branch/Source/WebCore/platform/Pasteboard.h (231953 => 231954)
--- branches/safari-605-branch/Source/WebCore/platform/Pasteboard.h 2018-05-18 14:31:02 UTC (rev 231953)
+++ branches/safari-605-branch/Source/WebCore/platform/Pasteboard.h 2018-05-18 15:09:14 UTC (rev 231954)
@@ -220,9 +220,11 @@
virtual void writeCustomData(const PasteboardCustomData&);
- virtual bool containsFiles();
virtual bool canSmartReplace();
+ enum class FileContentState { NoFileOrImageData, InMemoryImage, MayContainFilePaths };
+ virtual WEBCORE_EXPORT FileContentState fileContentState();
+
virtual void writeMarkup(const String& markup);
enum SmartReplaceOption { CanSmartReplace, CannotSmartReplace };
virtual WEBCORE_EXPORT void writePlainText(const String&, SmartReplaceOption); // FIXME: Two separate functions would be clearer than one function with an argument.
Modified: branches/safari-605-branch/Source/WebCore/platform/StaticPasteboard.h (231953 => 231954)
--- branches/safari-605-branch/Source/WebCore/platform/StaticPasteboard.h 2018-05-18 14:31:02 UTC (rev 231953)
+++ branches/safari-605-branch/Source/WebCore/platform/StaticPasteboard.h 2018-05-18 15:09:14 UTC (rev 231954)
@@ -61,7 +61,7 @@
void writeCustomData(const PasteboardCustomData&) final { }
- bool containsFiles() final { return false; }
+ Pasteboard::FileContentState fileContentState() final { return FileContentState::NoFileOrImageData; }
bool canSmartReplace() final { return false; }
void writeMarkup(const String&) final { }
Modified: branches/safari-605-branch/Source/WebCore/platform/cocoa/PasteboardCocoa.mm (231953 => 231954)
--- branches/safari-605-branch/Source/WebCore/platform/cocoa/PasteboardCocoa.mm 2018-05-18 14:31:02 UTC (rev 231953)
+++ branches/safari-605-branch/Source/WebCore/platform/cocoa/PasteboardCocoa.mm 2018-05-18 15:09:14 UTC (rev 231954)
@@ -138,21 +138,35 @@
return cocoaTypeToImageType(cocoaType) != ImageType::Invalid;
}
-bool Pasteboard::containsFiles()
+Pasteboard::FileContentState Pasteboard::fileContentState()
{
- if (!platformStrategies()->pasteboardStrategy()->getNumberOfFiles(m_pasteboardName)) {
+ bool mayContainFilePaths = platformStrategies()->pasteboardStrategy()->getNumberOfFiles(m_pasteboardName);
+ if (!mayContainFilePaths) {
Vector<String> cocoaTypes;
platformStrategies()->pasteboardStrategy()->getTypes(cocoaTypes, m_pasteboardName);
if (cocoaTypes.findMatching([](const String& cocoaType) { return shouldTreatCocoaTypeAsFile(cocoaType); }) == notFound)
- return false;
+ return FileContentState::NoFileOrImageData;
+
+ bool containsURL = notFound != cocoaTypes.findMatching([] (auto& cocoaType) {
+#if PLATFORM(MAC)
+ if (cocoaType == String(legacyURLPasteboardType()))
+ return true;
+#endif
+ return cocoaType == String(kUTTypeURL);
+ });
+ mayContainFilePaths = containsURL && !Pasteboard::canExposeURLToDOMWhenPasteboardContainsFiles(readString(ASCIILiteral("text/uri-list")));
}
// Enforce changeCount ourselves for security. We check after reading instead of before to be
// sure it doesn't change between our testing the change count and accessing the data.
if (m_changeCount != platformStrategies()->pasteboardStrategy()->changeCount(m_pasteboardName))
- return false;
+ return FileContentState::NoFileOrImageData;
- return true;
+ // Even when there's only image data in the pasteboard and no file representations, we still run the risk of exposing file paths
+ // to the page if the app has written image data to the pasteboard with a corresponding file path as plain text. An example of
+ // this is copying an image with a local `src` in Safari. To mitigate this, we additionally require that the app has not also
+ // written URLs to the pasteboard, as this would suggest that the plain text data might contain file paths.
+ return mayContainFilePaths ? FileContentState::MayContainFilePaths : FileContentState::InMemoryImage;
}
Vector<String> Pasteboard::typesSafeForBindings(const String& origin)
Modified: branches/safari-605-branch/Source/WebCore/platform/gtk/PasteboardGtk.cpp (231953 => 231954)
--- branches/safari-605-branch/Source/WebCore/platform/gtk/PasteboardGtk.cpp 2018-05-18 14:31:02 UTC (rev 231953)
+++ branches/safari-605-branch/Source/WebCore/platform/gtk/PasteboardGtk.cpp 2018-05-18 15:09:14 UTC (rev 231954)
@@ -318,10 +318,10 @@
return { };
}
-bool Pasteboard::containsFiles()
+Pasteboard::FileContentState Pasteboard::fileContentState()
{
readFromClipboard();
- return !m_selectionData->filenames().isEmpty();
+ return m_selectionData->filenames().isEmpty() ? FileContentState::NoFileOrImageData : FileContentState::MayContainFilePaths;
}
void Pasteboard::writeMarkup(const String&)
Modified: branches/safari-605-branch/Source/WebCore/platform/win/PasteboardWin.cpp (231953 => 231954)
--- branches/safari-605-branch/Source/WebCore/platform/win/PasteboardWin.cpp 2018-05-18 14:31:02 UTC (rev 231953)
+++ branches/safari-605-branch/Source/WebCore/platform/win/PasteboardWin.cpp 2018-05-18 15:09:14 UTC (rev 231954)
@@ -315,12 +315,12 @@
unsigned count { 0 };
};
-bool Pasteboard::containsFiles()
+Pasteboard::FileContentState Pasteboard::fileContentState()
{
// FIXME: This implementation can be slightly more efficient by avoiding calls to DragQueryFileW.
PasteboardFileCounter reader;
read(reader);
- return reader.count;
+ return reader.count ? FileContentState::MayContainFilePaths : FileContentState::NoFileOrImageData;
}
void Pasteboard::read(PasteboardFileReader& reader)
Modified: branches/safari-605-branch/Source/WebCore/platform/wpe/PasteboardWPE.cpp (231953 => 231954)
--- branches/safari-605-branch/Source/WebCore/platform/wpe/PasteboardWPE.cpp 2018-05-18 14:31:02 UTC (rev 231953)
+++ branches/safari-605-branch/Source/WebCore/platform/wpe/PasteboardWPE.cpp 2018-05-18 15:09:14 UTC (rev 231954)
@@ -125,10 +125,10 @@
platformStrategies()->pasteboardStrategy()->writeToPasteboard(content);
}
-bool Pasteboard::containsFiles()
+Pasteboard::FileContentState Pasteboard::fileContentState()
{
notImplemented();
- return false;
+ return FileContentState::NoFileOrImageData;
}
bool Pasteboard::canSmartReplace()
Modified: branches/safari-605-branch/Tools/ChangeLog (231953 => 231954)
--- branches/safari-605-branch/Tools/ChangeLog 2018-05-18 14:31:02 UTC (rev 231953)
+++ branches/safari-605-branch/Tools/ChangeLog 2018-05-18 15:09:14 UTC (rev 231954)
@@ -1,5 +1,114 @@
2018-05-17 Kocsen Chung <[email protected]>
+ Cherry-pick r229503. rdar://problem/39841080
+
+ [macOS] Copying a table from the Numbers app and pasting into iCloud Numbers fails
+ https://bugs.webkit.org/show_bug.cgi?id=183485
+ <rdar://problem/38041984>
+
+ Reviewed by Ryosuke Niwa.
+
+ Source/WebCore:
+
+ After r222656, WebKit now treats raw image data on the pasteboard as files for the purposes of computing
+ DataTransfer.files and DataTransfer.types. However, this is combined with existing policies that suppress
+ DataTransfer.getData and DataTransfer.setData when the pasteboard contains files (generalized to copy/paste in
+ r222688). This means we now don't allow web pages to access "text/plain" in the case where the user copies part
+ of a table from the native Numbers app since Numbers additionally writes a snapshot of the table to the platform
+ pasteboard.
+
+ This restriction on getData/setData was intended to prevent web pages from extracting users' file paths when
+ pasting or dropping, so it doesn't make sense to enforce this restriction even when there is only in-memory
+ image data on the pasteboard. To fix this bug, we make Pasteboard::fileContentState() differentiate between
+ cases where there are (real) files on the pasteboard, and cases where we've fallen back to treating image data
+ as files.
+
+ Rebaselined existing LayoutTests to match new behavior.
+ Also covered by 4 new API tests:
+ - PasteMixedContent.ImageDataAndPlainText
+ - PasteMixedContent.ImageDataAndPlainTextAndURL
+ - PasteMixedContent.ImageDataAndPlainTextAndURLAndHTML
+ - UIPasteboardTests.DataTransferGetDataWhenPastingImageAndText
+
+ * dom/DataTransfer.cpp:
+ (WebCore::DataTransfer::shouldSuppressGetAndSetDataToAvoidExposingFilePaths const):
+
+ If custom pasteboard data is enabled, suppress getData and setData if and only if we might actually expose file
+ paths (see Pasteboard::fileContentState).
+
+ (WebCore::DataTransfer::types const):
+
+ Only allow "text/html" or "text/uri-list" in the case where there are actual files in the pasteboard. If there's
+ only image data, add all of the DOM-safe types back into the list of types.
+
+ * platform/Pasteboard.h:
+ * platform/StaticPasteboard.h:
+
+ Add an enum type to represent the result of Pasteboard::fileContentState.
+ - NoFileOrImageData indicates that there was nothing on the pasteboard that could be considered a file
+ from the point of view of the page.
+ - InMemoryImage indicates that there are no files on the pasteboard, but there is image data that we consider
+ to be files, exposed via DataTransfer API.
+ - MayContainFilePaths indicates that there might be file paths on the pasteboard. This means that the source
+ has either written file paths to the pasteboard (for example, through NSFilenamesPboardType) or the source
+ has written image data along with a URL type of some sort that does not match one of the allowed URL schemes
+ that are safe to expose (currently, these are http-family, data, or blob).
+
+ * platform/cocoa/PasteboardCocoa.mm:
+ (WebCore::Pasteboard::fileContentState):
+
+ Refactor to return one of the three enum types described above.
+
+ (WebCore::Pasteboard::containsFiles): Deleted.
+ * platform/gtk/PasteboardGtk.cpp:
+ (WebCore::Pasteboard::fileContentState):
+ (WebCore::Pasteboard::containsFiles): Deleted.
+ * platform/win/PasteboardWin.cpp:
+ (WebCore::Pasteboard::fileContentState):
+ (WebCore::Pasteboard::containsFiles): Deleted.
+ * platform/wpe/PasteboardWPE.cpp:
+ (WebCore::Pasteboard::fileContentState):
+ (WebCore::Pasteboard::containsFiles): Deleted.
+
+ Adjust for Pasteboard::fileContentState() tweaks.
+
+ Tools:
+
+ Add new API tests to cover scenarios in which we paste image data alongside text data.
+
+ * TestWebKitAPI/Tests/WebKitCocoa/PasteMixedContent.mm:
+ (TestWebKitAPI::TEST):
+ * TestWebKitAPI/Tests/ios/UIPasteboardTests.mm:
+ (TestWebKitAPI::TEST):
+
+ LayoutTests:
+
+ Rebaseline some pasteboard-related layout tests, in which we now expose text/plain alongside files that were
+ written to the DataTransfer by the page itself.
+
+ * editing/pasteboard/data-transfer-item-list-add-file-multiple-times-expected.txt:
+ * editing/pasteboard/data-transfer-item-list-add-file-on-copy-expected.txt:
+ * editing/pasteboard/data-transfer-item-list-add-file-on-drag-expected.txt:
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@229503 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2018-03-10 Wenson Hsieh <[email protected]>
+
+ [macOS] Copying a table from the Numbers app and pasting into iCloud Numbers fails
+ https://bugs.webkit.org/show_bug.cgi?id=183485
+ <rdar://problem/38041984>
+
+ Reviewed by Ryosuke Niwa.
+
+ Add new API tests to cover scenarios in which we paste image data alongside text data.
+
+ * TestWebKitAPI/Tests/WebKitCocoa/PasteMixedContent.mm:
+ (TestWebKitAPI::TEST):
+ * TestWebKitAPI/Tests/ios/UIPasteboardTests.mm:
+ (TestWebKitAPI::TEST):
+
+2018-05-17 Kocsen Chung <[email protected]>
+
Cherry-pick r230533. rdar://problem/40345980
IDN spoofing with Hebrew combining characters
Modified: branches/safari-605-branch/Tools/TestWebKitAPI/Tests/WebKitCocoa/PasteMixedContent.mm (231953 => 231954)
--- branches/safari-605-branch/Tools/TestWebKitAPI/Tests/WebKitCocoa/PasteMixedContent.mm 2018-05-18 14:31:02 UTC (rev 231953)
+++ branches/safari-605-branch/Tools/TestWebKitAPI/Tests/WebKitCocoa/PasteMixedContent.mm 2018-05-18 15:09:14 UTC (rev 231954)
@@ -194,6 +194,49 @@
EXPECT_FALSE([[webView stringByEvaluatingJavaScript:@"rawHTMLData.textContent"] containsString:@"script"]);
}
+TEST(PasteMixedContent, ImageDataAndPlainText)
+{
+ auto webView = setUpWebView();
+ writeTypesAndDataToPasteboard(NSPasteboardTypeString, @"Hello world", NSPasteboardTypePNG, [NSData dataWithContentsOfFile:imagePath()], nil);
+ [webView paste:nil];
+
+ EXPECT_WK_STREQ("Files, text/plain", [webView stringByEvaluatingJavaScript:@"types.textContent"]);
+ EXPECT_WK_STREQ("(STRING, text/plain), (FILE, image/png)", [webView stringByEvaluatingJavaScript:@"items.textContent"]);
+ EXPECT_WK_STREQ("('image.png', image/png)", [webView stringByEvaluatingJavaScript:@"files.textContent"]);
+ EXPECT_WK_STREQ("", [webView stringByEvaluatingJavaScript:@"urlData.textContent"]);
+ EXPECT_WK_STREQ("Hello world", [webView stringByEvaluatingJavaScript:@"textData.textContent"]);
+ EXPECT_WK_STREQ("", [webView stringByEvaluatingJavaScript:@"htmlData.textContent"]);
+}
+
+TEST(PasteMixedContent, ImageDataAndPlainTextAndURL)
+{
+ auto webView = setUpWebView();
+ writeTypesAndDataToPasteboard(NSPasteboardTypeString, imagePath(), NSURLPboardType, imagePath(), NSPasteboardTypePNG, [NSData dataWithContentsOfFile:imagePath()], nil);
+ [webView paste:nil];
+
+ EXPECT_WK_STREQ("Files", [webView stringByEvaluatingJavaScript:@"types.textContent"]);
+ EXPECT_WK_STREQ("(FILE, image/png)", [webView stringByEvaluatingJavaScript:@"items.textContent"]);
+ EXPECT_WK_STREQ("('image.png', image/png)", [webView stringByEvaluatingJavaScript:@"files.textContent"]);
+ EXPECT_WK_STREQ("", [webView stringByEvaluatingJavaScript:@"urlData.textContent"]);
+ EXPECT_WK_STREQ("", [webView stringByEvaluatingJavaScript:@"textData.textContent"]);
+ EXPECT_WK_STREQ("", [webView stringByEvaluatingJavaScript:@"htmlData.textContent"]);
+}
+
+TEST(PasteMixedContent, ImageDataAndPlainTextAndURLAndHTML)
+{
+ auto webView = setUpWebView();
+ writeTypesAndDataToPasteboard(NSPasteboardTypeString, imagePath(), NSURLPboardType, imagePath(), NSPasteboardTypeHTML, markupString(), NSPasteboardTypePNG, [NSData dataWithContentsOfFile:imagePath()], nil);
+ [webView paste:nil];
+
+ EXPECT_WK_STREQ("Files, text/html", [webView stringByEvaluatingJavaScript:@"types.textContent"]);
+ EXPECT_WK_STREQ("(STRING, text/html), (FILE, image/png)", [webView stringByEvaluatingJavaScript:@"items.textContent"]);
+ EXPECT_WK_STREQ("('image.png', image/png)", [webView stringByEvaluatingJavaScript:@"files.textContent"]);
+ EXPECT_WK_STREQ("", [webView stringByEvaluatingJavaScript:@"urlData.textContent"]);
+ EXPECT_WK_STREQ("", [webView stringByEvaluatingJavaScript:@"textData.textContent"]);
+ EXPECT_WK_STREQ("HELLO WORLD", [webView stringByEvaluatingJavaScript:@"htmlData.textContent"]);
+ EXPECT_FALSE([[webView stringByEvaluatingJavaScript:@"rawHTMLData.textContent"] containsString:@"script"]);
+}
+
} // namespace TestWebKitAPI
#endif // PLATFORM(MAC) && WK_API_ENABLED
Modified: branches/safari-605-branch/Tools/TestWebKitAPI/Tests/ios/UIPasteboardTests.mm (231953 => 231954)
--- branches/safari-605-branch/Tools/TestWebKitAPI/Tests/ios/UIPasteboardTests.mm 2018-05-18 14:31:02 UTC (rev 231953)
+++ branches/safari-605-branch/Tools/TestWebKitAPI/Tests/ios/UIPasteboardTests.mm 2018-05-18 15:09:14 UTC (rev 231954)
@@ -194,6 +194,30 @@
});
}
+TEST(UIPasteboardTests, DataTransferGetDataWhenPastingImageAndText)
+{
+ auto webView = setUpWebViewForPasteboardTests(@"DataTransfer");
+ auto copiedText = retainPtr(@"Apple Inc.");
+ auto itemProvider = adoptNS([[NSItemProvider alloc] init]);
+ [itemProvider registerDataRepresentationForTypeIdentifier:(NSString *)kUTTypePNG visibility:NSItemProviderRepresentationVisibilityAll loadHandler:[] (DataLoadCompletionBlock completionHandler) -> NSProgress * {
+ completionHandler([NSData dataWithContentsOfURL:[[NSBundle mainBundle] URLForResource:@"icon" withExtension:@"png" subdirectory:@"TestWebKitAPI.resources"]], nil);
+ return nil;
+ }];
+ [itemProvider registerDataRepresentationForTypeIdentifier:(NSString *)kUTTypeUTF8PlainText visibility:NSItemProviderRepresentationVisibilityAll loadHandler:[copiedText] (DataLoadCompletionBlock completionHandler) -> NSProgress * {
+ completionHandler([copiedText dataUsingEncoding:NSUTF8StringEncoding], nil);
+ return nil;
+ }];
+ [UIPasteboard generalPasteboard].itemProviders = @[ itemProvider.get() ];
+ [webView paste:nil];
+
+ EXPECT_WK_STREQ("Files, text/plain", [webView stringByEvaluatingJavaScript:@"types.textContent"]);
+ EXPECT_WK_STREQ("(STRING, text/plain), (FILE, image/png)", [webView stringByEvaluatingJavaScript:@"items.textContent"]);
+ EXPECT_WK_STREQ("('image.png', image/png)", [webView stringByEvaluatingJavaScript:@"files.textContent"]);
+ EXPECT_WK_STREQ("", [webView stringByEvaluatingJavaScript:@"urlData.textContent"]);
+ EXPECT_WK_STREQ("Apple Inc.", [webView stringByEvaluatingJavaScript:@"textData.textContent"]);
+ EXPECT_WK_STREQ("", [webView stringByEvaluatingJavaScript:@"htmlData.textContent"]);
+}
+
TEST(UIPasteboardTests, DataTransferSetDataCannotWritePlatformTypes)
{
auto webView = setUpWebViewForPasteboardTests(@"dump-datatransfer-types");
