- Revision
- 241490
- Author
- [email protected]
- Date
- 2019-02-13 17:36:28 -0800 (Wed, 13 Feb 2019)
Log Message
Ignore Ad Click Attribution where source and destination are same-site
https://bugs.webkit.org/show_bug.cgi?id=194620
<rdar://problem/47890018>
Reviewed by Jiewen Tan.
Source/WebCore:
Updated the existing test.
We should not accept Ad Click Attribution requests where the site of the
anchor tag and its addestination attribute are same-site. Such attributions
don’t make sense (the site can track intra-site clicks through better means)
and would just lead to increased memory use where are the pending
attributions are stored.
For ports that don't have access to the Public Suffix List, this patch
only checks that the hosts don't match, i.e. not just eTLD+1.
* html/HTMLAnchorElement.cpp:
(WebCore::HTMLAnchorElement::parseAdClickAttribution const):
Now returns WTF::nullopt if the current document and the
addestination are same site. Also fixed a console message
typo.
LayoutTests:
Same-site test added and test results updated.
* http/tests/adClickAttribution/anchor-tag-attributes-validation-expected.txt:
* http/tests/adClickAttribution/anchor-tag-attributes-validation.html:
* platform/ios-wk2/http/tests/adClickAttribution/anchor-tag-attributes-validation-expected.txt:
Modified Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (241489 => 241490)
--- trunk/LayoutTests/ChangeLog 2019-02-14 01:25:39 UTC (rev 241489)
+++ trunk/LayoutTests/ChangeLog 2019-02-14 01:36:28 UTC (rev 241490)
@@ -1,3 +1,17 @@
+2019-02-13 John Wilander <[email protected]>
+
+ Ignore Ad Click Attribution where source and destination are same-site
+ https://bugs.webkit.org/show_bug.cgi?id=194620
+ <rdar://problem/47890018>
+
+ Reviewed by Jiewen Tan.
+
+ Same-site test added and test results updated.
+
+ * http/tests/adClickAttribution/anchor-tag-attributes-validation-expected.txt:
+ * http/tests/adClickAttribution/anchor-tag-attributes-validation.html:
+ * platform/ios-wk2/http/tests/adClickAttribution/anchor-tag-attributes-validation-expected.txt:
+
2019-02-13 Youenn Fablet <[email protected]>
getUserMedia with an ideal deviceId constraint doesn't always select the correct device
Modified: trunk/LayoutTests/http/tests/adClickAttribution/anchor-tag-attributes-validation-expected.txt (241489 => 241490)
--- trunk/LayoutTests/http/tests/adClickAttribution/anchor-tag-attributes-validation-expected.txt 2019-02-14 01:25:39 UTC (rev 241489)
+++ trunk/LayoutTests/http/tests/adClickAttribution/anchor-tag-attributes-validation-expected.txt 2019-02-14 01:36:28 UTC (rev 241490)
@@ -3,29 +3,16 @@
CONSOLE MESSAGE: line 108: adcampaignid can not be converted to a non-negative integer which is required for Ad Click Attribution.
CONSOLE MESSAGE: line 108: adcampaignid can not be converted to a non-negative integer which is required for Ad Click Attribution.
CONSOLE MESSAGE: line 108: adcampaignid can not be converted to a non-negative integer which is required for Ad Click Attribution.
-CONSOLE MESSAGE: line 108: adddestination could not be converted to a valid HTTP-family URL.
-CONSOLE MESSAGE: line 108: adddestination could not be converted to a valid HTTP-family URL.
-CONSOLE MESSAGE: line 108: adddestination could not be converted to a valid HTTP-family URL.
+CONSOLE MESSAGE: line 108: addestination could not be converted to a valid HTTP-family URL.
+CONSOLE MESSAGE: line 108: addestination could not be converted to a valid HTTP-family URL.
+CONSOLE MESSAGE: line 108: addestination could not be converted to a valid HTTP-family URL.
CONSOLE MESSAGE: line 108: Both adcampaignid and addestination need to be set for Ad Click Attribution to work.
CONSOLE MESSAGE: line 108: Both adcampaignid and addestination need to be set for Ad Click Attribution to work.
+CONSOLE MESSAGE: line 108: addestination can not be the same site as the current website.
Test for validity of ad click attribution attributes on anchor tags.
On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
-Link1
-Link2
-Link3
-Link4
-Link5
-Link6
-Link7
-Link8
-Link9
-Link10
-Link11
-Link12
-Link13
-Link14
PASS successfullyParsed is true
Modified: trunk/LayoutTests/http/tests/adClickAttribution/anchor-tag-attributes-validation.html (241489 => 241490)
--- trunk/LayoutTests/http/tests/adClickAttribution/anchor-tag-attributes-validation.html 2019-02-14 01:25:39 UTC (rev 241489)
+++ trunk/LayoutTests/http/tests/adClickAttribution/anchor-tag-attributes-validation.html 2019-02-14 01:36:28 UTC (rev 241490)
@@ -51,6 +51,7 @@
const validAdCampaignID = "03";
const validAdDestination = "http://webkit.org";
+ const sameSite = document.location.origin;
const testCases = [
[ validAdCampaignID, validAdDestination ],
[ "100", validAdDestination ], // Too many characters.
@@ -65,14 +66,17 @@
[ validAdCampaignID, "://webkit.org" ], // Partially missing protocol.
[ validAdCampaignID, "" ], // Non-ASCII characters as destination.
[ "", validAdDestination ], // Empty campaign ID.
- [ validAdCampaignID, "" ] // Empty destination.
+ [ validAdCampaignID, "" ], // Empty destination.
+ [ validAdCampaignID, sameSite ] // Same-site destination.
];
function runAllTests() {
if (currentTest < testCases.length)
runOneTest(testCases[currentTest][0], testCases[currentTest][1], runAllTests);
- else
+ else {
+ document.body.removeChild(output);
finishJSTest();
+ }
}
</script>
</body>
Modified: trunk/LayoutTests/platform/ios-wk2/http/tests/adClickAttribution/anchor-tag-attributes-validation-expected.txt (241489 => 241490)
--- trunk/LayoutTests/platform/ios-wk2/http/tests/adClickAttribution/anchor-tag-attributes-validation-expected.txt 2019-02-14 01:25:39 UTC (rev 241489)
+++ trunk/LayoutTests/platform/ios-wk2/http/tests/adClickAttribution/anchor-tag-attributes-validation-expected.txt 2019-02-14 01:36:28 UTC (rev 241490)
@@ -3,29 +3,16 @@
CONSOLE MESSAGE: adcampaignid can not be converted to a non-negative integer which is required for Ad Click Attribution.
CONSOLE MESSAGE: adcampaignid can not be converted to a non-negative integer which is required for Ad Click Attribution.
CONSOLE MESSAGE: adcampaignid can not be converted to a non-negative integer which is required for Ad Click Attribution.
-CONSOLE MESSAGE: adddestination could not be converted to a valid HTTP-family URL.
-CONSOLE MESSAGE: adddestination could not be converted to a valid HTTP-family URL.
-CONSOLE MESSAGE: adddestination could not be converted to a valid HTTP-family URL.
+CONSOLE MESSAGE: addestination could not be converted to a valid HTTP-family URL.
+CONSOLE MESSAGE: addestination could not be converted to a valid HTTP-family URL.
+CONSOLE MESSAGE: addestination could not be converted to a valid HTTP-family URL.
CONSOLE MESSAGE: Both adcampaignid and addestination need to be set for Ad Click Attribution to work.
CONSOLE MESSAGE: Both adcampaignid and addestination need to be set for Ad Click Attribution to work.
+CONSOLE MESSAGE: addestination can not be the same site as the current website.
Test for validity of ad click attribution attributes on anchor tags.
On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
-Link1
-Link2
-Link3
-Link4
-Link5
-Link6
-Link7
-Link8
-Link9
-Link10
-Link11
-Link12
-Link13
-Link14
PASS successfullyParsed is true
Modified: trunk/Source/WebCore/ChangeLog (241489 => 241490)
--- trunk/Source/WebCore/ChangeLog 2019-02-14 01:25:39 UTC (rev 241489)
+++ trunk/Source/WebCore/ChangeLog 2019-02-14 01:36:28 UTC (rev 241490)
@@ -1,3 +1,28 @@
+2019-02-13 John Wilander <[email protected]>
+
+ Ignore Ad Click Attribution where source and destination are same-site
+ https://bugs.webkit.org/show_bug.cgi?id=194620
+ <rdar://problem/47890018>
+
+ Reviewed by Jiewen Tan.
+
+ Updated the existing test.
+
+ We should not accept Ad Click Attribution requests where the site of the
+ anchor tag and its addestination attribute are same-site. Such attributions
+ don’t make sense (the site can track intra-site clicks through better means)
+ and would just lead to increased memory use where are the pending
+ attributions are stored.
+
+ For ports that don't have access to the Public Suffix List, this patch
+ only checks that the hosts don't match, i.e. not just eTLD+1.
+
+ * html/HTMLAnchorElement.cpp:
+ (WebCore::HTMLAnchorElement::parseAdClickAttribution const):
+ Now returns WTF::nullopt if the current document and the
+ addestination are same site. Also fixed a console message
+ typo.
+
2019-02-13 Eric Carlson <[email protected]> and Youenn Fablet <[email protected]>
getUserMedia with an ideal deviceId constraint doesn't always select the correct device
Modified: trunk/Source/WebCore/html/HTMLAnchorElement.cpp (241489 => 241490)
--- trunk/Source/WebCore/html/HTMLAnchorElement.cpp 2019-02-14 01:25:39 UTC (rev 241489)
+++ trunk/Source/WebCore/html/HTMLAnchorElement.cpp 2019-02-14 01:36:28 UTC (rev 241490)
@@ -42,6 +42,7 @@
#include "MouseEvent.h"
#include "PingLoader.h"
#include "PlatformMouseEvent.h"
+#include "PublicSuffix.h"
#include "RenderImage.h"
#include "ResourceRequest.h"
#include "RuntimeEnabledFeatures.h"
@@ -436,10 +437,21 @@
URL adDestinationURL { URL(), adDestinationAttr };
if (!adDestinationURL.isValid() || !adDestinationURL.protocolIsInHTTPFamily()) {
- document().addConsoleMessage(MessageSource::Other, MessageLevel::Warning, "adddestination could not be converted to a valid HTTP-family URL."_s);
+ document().addConsoleMessage(MessageSource::Other, MessageLevel::Warning, "addestination could not be converted to a valid HTTP-family URL."_s);
return WTF::nullopt;
}
+ auto documentDomain = document().domain();
+ auto adDestinationHost = adDestinationURL.host().toString();
+#if ENABLE(PUBLIC_SUFFIX_LIST)
+ if (topPrivatelyControlledDomain(documentDomain) == topPrivatelyControlledDomain(adDestinationHost)) {
+#else
+ if (documentDomain == adDestinationHost) {
+#endif
+ document().addConsoleMessage(MessageSource::Other, MessageLevel::Warning, "addestination can not be the same site as the current website."_s);
+ return WTF::nullopt;
+ }
+
return AdClickAttribution { Campaign(adCampaignID.value()), Source(document().domain()), Destination(adDestinationURL.host().toString()) };
}
