[webkit-changes] [257434] releases/WebKitGTK/webkit-2.28/Source

Wed, 26 Feb 2020 02:57:52 -0800

Title: [257434] releases/WebKitGTK/webkit-2.28/Source
Revision
257434
Author
[email protected]
Date
2020-02-26 02:56:17 -0800 (Wed, 26 Feb 2020)

Log Message

Merge r256925 - Re-disable top-level data URL navigations
https://bugs.webkit.org/show_bug.cgi?id=207917
<rdar://problem/59568037>

Reviewed by Darin Adler.

Source/WebCore:

Calls to WKPage and WKWebView API used to load data and strings directly should be recognized by
the loading code as being from client API calls. This brings these API behaviors into alignment
with similar API for loading URLs and URLRequests directly. This change also allows us to enforce
stricter handling of Data URLs, and to remove the need to explicitly permit top-level data URL
navigation when client APIs are used.

Tested by TestWebKitAPI Navigation tests.

* page/Settings.yaml:

Source/WebKit:

In Bug 207719 we allowed top-level navigations to data URLs by default. This
patch updates client loading API calls so that we can go back to a default
block of these loads without breaking WebKit clients.

* UIProcess/API/Cocoa/WKWebViewConfiguration.mm:
(-[WKWebViewConfiguration init]):
* WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::loadDataImpl): Recognize direct data loads started from client API.
* WebProcess/WebPage/WebPage.h:

Modified Paths

Diff

Modified: releases/WebKitGTK/webkit-2.28/Source/WebCore/ChangeLog (257433 => 257434)


--- releases/WebKitGTK/webkit-2.28/Source/WebCore/ChangeLog	2020-02-26 10:56:12 UTC (rev 257433)
+++ releases/WebKitGTK/webkit-2.28/Source/WebCore/ChangeLog	2020-02-26 10:56:17 UTC (rev 257434)
@@ -1,3 +1,21 @@
+2020-02-19  Brent Fulgham  <[email protected]>
+
+        Re-disable top-level data URL navigations
+        https://bugs.webkit.org/show_bug.cgi?id=207917
+        <rdar://problem/59568037>
+
+        Reviewed by Darin Adler.
+
+        Calls to WKPage and WKWebView API used to load data and strings directly should be recognized by
+        the loading code as being from client API calls. This brings these API behaviors into alignment
+        with similar API for loading URLs and URLRequests directly. This change also allows us to enforce
+        stricter handling of Data URLs, and to remove the need to explicitly permit top-level data URL
+        navigation when client APIs are used.
+
+        Tested by TestWebKitAPI Navigation tests.
+
+        * page/Settings.yaml:
+
 2020-02-18  Chris Dumez  <[email protected]>
 
         ASSERT_NOT_REACHED() under WebPageProxy::suspendCurrentPageIfPossible()

Modified: releases/WebKitGTK/webkit-2.28/Source/WebCore/page/Settings.yaml (257433 => 257434)


--- releases/WebKitGTK/webkit-2.28/Source/WebCore/page/Settings.yaml	2020-02-26 10:56:12 UTC (rev 257433)
+++ releases/WebKitGTK/webkit-2.28/Source/WebCore/page/Settings.yaml	2020-02-26 10:56:17 UTC (rev 257434)
@@ -108,7 +108,7 @@
 allowCrossOriginSubresourcesToAskForCredentials:
   initial: false
 allowTopNavigationToDataURLs:
-  initial: true
+  initial: false
 needsStorageAccessFromFileURLsQuirk:
   initial: true
 needsFrameNameFallbackToIdQuirk:

Modified: releases/WebKitGTK/webkit-2.28/Source/WebKit/ChangeLog (257433 => 257434)


--- releases/WebKitGTK/webkit-2.28/Source/WebKit/ChangeLog	2020-02-26 10:56:12 UTC (rev 257433)
+++ releases/WebKitGTK/webkit-2.28/Source/WebKit/ChangeLog	2020-02-26 10:56:17 UTC (rev 257434)
@@ -1,3 +1,21 @@
+2020-02-19  Brent Fulgham  <[email protected]>
+
+        Re-disable top-level data URL navigations
+        https://bugs.webkit.org/show_bug.cgi?id=207917
+        <rdar://problem/59568037>
+
+        Reviewed by Darin Adler.
+
+        In Bug 207719 we allowed top-level navigations to data URLs by default. This
+        patch updates client loading API calls so that we can go back to a default
+        block of these loads without breaking WebKit clients.
+
+        * UIProcess/API/Cocoa/WKWebViewConfiguration.mm:
+        (-[WKWebViewConfiguration init]):
+        * WebProcess/WebPage/WebPage.cpp:
+        (WebKit::WebPage::loadDataImpl): Recognize direct data loads started from client API.
+        * WebProcess/WebPage/WebPage.h:
+
 2020-02-18  Zan Dobersek  <[email protected]>
 
         [WPE] Support 2D axis, smooth-motion events

Modified: releases/WebKitGTK/webkit-2.28/Source/WebKit/UIProcess/API/Cocoa/WKWebViewConfiguration.mm (257433 => 257434)


--- releases/WebKitGTK/webkit-2.28/Source/WebKit/UIProcess/API/Cocoa/WKWebViewConfiguration.mm	2020-02-26 10:56:12 UTC (rev 257433)
+++ releases/WebKitGTK/webkit-2.28/Source/WebKit/UIProcess/API/Cocoa/WKWebViewConfiguration.mm	2020-02-26 10:56:17 UTC (rev 257434)
@@ -237,7 +237,7 @@
     _convertsPositionStyleOnCopy = NO;
     _allowsMetaRefresh = YES;
     _allowUniversalAccessFromFileURLs = NO;
-    _allowTopNavigationToDataURLs = YES;
+    _allowTopNavigationToDataURLs = NO;
     _needsStorageAccessFromFileURLsQuirk = YES;
 
 #if PLATFORM(IOS_FAMILY)

Modified: releases/WebKitGTK/webkit-2.28/Source/WebKit/WebProcess/WebPage/WebPage.cpp (257433 => 257434)


--- releases/WebKitGTK/webkit-2.28/Source/WebKit/WebProcess/WebPage/WebPage.cpp	2020-02-26 10:56:12 UTC (rev 257433)
+++ releases/WebKitGTK/webkit-2.28/Source/WebKit/WebProcess/WebPage/WebPage.cpp	2020-02-26 10:56:17 UTC (rev 257434)
@@ -1627,6 +1627,7 @@
     // Initate the load in WebCore.
     FrameLoadRequest frameLoadRequest(*m_mainFrame->coreFrame(), request, shouldOpenExternalURLsPolicy, substituteData);
     frameLoadRequest.setShouldTreatAsContinuingLoad(shouldTreatAsContinuingLoad);
+    frameLoadRequest.setIsRequestFromClientOrUserInput();
     m_mainFrame->coreFrame()->loader().load(WTFMove(frameLoadRequest));
 }
 

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to