Diff
Modified: trunk/LayoutTests/ChangeLog (258768 => 258769)
--- trunk/LayoutTests/ChangeLog 2020-03-20 17:26:59 UTC (rev 258768)
+++ trunk/LayoutTests/ChangeLog 2020-03-20 17:40:44 UTC (rev 258769)
@@ -1,3 +1,12 @@
+2020-03-20 youenn fablet <[email protected]>
+
+ Add routines to check about:blank and about:srcdoc URLs
+ https://bugs.webkit.org/show_bug.cgi?id=209174
+
+ Reviewed by Alex Christensen.
+
+ * platform/mac-wk1/imported/w3c/web-platform-tests/html/dom/usvstring-reflection.https-expected.txt:
+
2020-03-20 Sihui Liu <[email protected]>
REGRESSION (r258707): storage/indexeddb/cursor-leak.html is flaky timing out
Modified: trunk/LayoutTests/imported/w3c/ChangeLog (258768 => 258769)
--- trunk/LayoutTests/imported/w3c/ChangeLog 2020-03-20 17:26:59 UTC (rev 258768)
+++ trunk/LayoutTests/imported/w3c/ChangeLog 2020-03-20 17:40:44 UTC (rev 258769)
@@ -1,3 +1,12 @@
+2020-03-20 youenn fablet <[email protected]>
+
+ Add routines to check about:blank and about:srcdoc URLs
+ https://bugs.webkit.org/show_bug.cgi?id=209174
+
+ Reviewed by Alex Christensen.
+
+ * web-platform-tests/html/dom/usvstring-reflection.https-expected.txt:
+
2020-03-19 Javier Fernandez <[email protected]>
[css-grid] Changes in grid or elements inside the grid affects margin on other elements in the grid
Modified: trunk/LayoutTests/imported/w3c/web-platform-tests/html/dom/usvstring-reflection.https-expected.txt (258768 => 258769)
--- trunk/LayoutTests/imported/w3c/web-platform-tests/html/dom/usvstring-reflection.https-expected.txt 2020-03-20 17:26:59 UTC (rev 258768)
+++ trunk/LayoutTests/imported/w3c/web-platform-tests/html/dom/usvstring-reflection.https-expected.txt 2020-03-20 17:40:44 UTC (rev 258769)
@@ -2,9 +2,9 @@
CONSOLE MESSAGE: EventSource cannot load ws://www.example.com/socketserve%EF%BF%BD/ due to access control checks.
PASS location.hash : unpaired surrogate codepoint should be replaced with U+FFFD
-FAIL location.href : unpaired surrogate codepoint should be replaced with U+FFFD Blocked a frame with origin "https://localhost:9443" from accessing a cross-origin frame. Protocols, domains, and ports must match.
-FAIL window.open : unpaired surrogate codepoint should be replaced with U+FFFD Blocked a frame with origin "https://localhost:9443" from accessing a cross-origin frame. Protocols, domains, and ports must match.
-FAIL document.open : unpaired surrogate codepoint should be replaced with U+FFFD Blocked a frame with origin "https://localhost:9443" from accessing a cross-origin frame. Protocols, domains, and ports must match.
+PASS location.href : unpaired surrogate codepoint should be replaced with U+FFFD
+PASS window.open : unpaired surrogate codepoint should be replaced with U+FFFD
+PASS document.open : unpaired surrogate codepoint should be replaced with U+FFFD
PASS anchor : unpaired surrogate codepoint should be replaced with U+FFFD
PASS area : unpaired surrogate codepoint should be replaced with U+FFFD
PASS base : unpaired surrogate codepoint should be replaced with U+FFFD
@@ -18,6 +18,6 @@
PASS sendBeacon URL: unpaired surrogate codepoint should not make any exceptions.
FAIL RegisterProtocolHandler URL: unpaired surrogate codepoint should not make any exceptions. window.navigator.registerProtocolHandler is not a function. (In 'window.navigator.registerProtocolHandler('web+myprotocol', "custom-scheme\uD800/url="" "title")', 'window.navigator.registerProtocolHandler' is undefined)
FAIL UnregisterProtocolHandler URL: unpaired surrogate codepoint should not make any exceptions. window.navigator.unregisterProtocolHandler is not a function. (In 'window.navigator.unregisterProtocolHandler('web+myprotocol', "custom-scheme\uD800/url="" 'window.navigator.unregisterProtocolHandler' is undefined)
-FAIL Document URLs: unpaired surrogate codepoint should be replaced with U+FFFD Blocked a frame with origin "https://localhost:9443" from accessing a cross-origin frame. Protocols, domains, and ports must match.
+PASS Document URLs: unpaired surrogate codepoint should be replaced with U+FFFD
PASS RTCDataChannel.send: unpaired surrogate codepoint should be replaced with U+FFFD.
Modified: trunk/LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/html/dom/usvstring-reflection.https-expected.txt (258768 => 258769)
--- trunk/LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/html/dom/usvstring-reflection.https-expected.txt 2020-03-20 17:26:59 UTC (rev 258768)
+++ trunk/LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/html/dom/usvstring-reflection.https-expected.txt 2020-03-20 17:40:44 UTC (rev 258769)
@@ -2,9 +2,9 @@
CONSOLE MESSAGE: EventSource cannot load ws://www.example.com/socketserve%EF%BF%BD/ due to access control checks.
PASS location.hash : unpaired surrogate codepoint should be replaced with U+FFFD
-FAIL location.href : unpaired surrogate codepoint should be replaced with U+FFFD Blocked a frame with origin "https://localhost:9443" from accessing a cross-origin frame. Protocols, domains, and ports must match.
-FAIL window.open : unpaired surrogate codepoint should be replaced with U+FFFD Blocked a frame with origin "https://localhost:9443" from accessing a cross-origin frame. Protocols, domains, and ports must match.
-FAIL document.open : unpaired surrogate codepoint should be replaced with U+FFFD Blocked a frame with origin "https://localhost:9443" from accessing a cross-origin frame. Protocols, domains, and ports must match.
+PASS location.href : unpaired surrogate codepoint should be replaced with U+FFFD
+PASS window.open : unpaired surrogate codepoint should be replaced with U+FFFD
+PASS document.open : unpaired surrogate codepoint should be replaced with U+FFFD
PASS anchor : unpaired surrogate codepoint should be replaced with U+FFFD
PASS area : unpaired surrogate codepoint should be replaced with U+FFFD
PASS base : unpaired surrogate codepoint should be replaced with U+FFFD
@@ -18,6 +18,6 @@
FAIL sendBeacon URL: unpaired surrogate codepoint should not make any exceptions. assert_true: expected true got false
FAIL RegisterProtocolHandler URL: unpaired surrogate codepoint should not make any exceptions. window.navigator.registerProtocolHandler is not a function. (In 'window.navigator.registerProtocolHandler('web+myprotocol', "custom-scheme\uD800/url="" "title")', 'window.navigator.registerProtocolHandler' is undefined)
FAIL UnregisterProtocolHandler URL: unpaired surrogate codepoint should not make any exceptions. window.navigator.unregisterProtocolHandler is not a function. (In 'window.navigator.unregisterProtocolHandler('web+myprotocol', "custom-scheme\uD800/url="" 'window.navigator.unregisterProtocolHandler' is undefined)
-FAIL Document URLs: unpaired surrogate codepoint should be replaced with U+FFFD Blocked a frame with origin "https://localhost:9443" from accessing a cross-origin frame. Protocols, domains, and ports must match.
+PASS Document URLs: unpaired surrogate codepoint should be replaced with U+FFFD
PASS RTCDataChannel.send: unpaired surrogate codepoint should be replaced with U+FFFD.
Modified: trunk/Source/WTF/ChangeLog (258768 => 258769)
--- trunk/Source/WTF/ChangeLog 2020-03-20 17:26:59 UTC (rev 258768)
+++ trunk/Source/WTF/ChangeLog 2020-03-20 17:40:44 UTC (rev 258769)
@@ -1,3 +1,16 @@
+2020-03-20 youenn fablet <[email protected]>
+
+ Add routines to check about:blank and about:srcdoc URLs
+ https://bugs.webkit.org/show_bug.cgi?id=209174
+
+ Reviewed by Alex Christensen.
+
+ * wtf/URL.cpp:
+ (WTF::aboutSrcDocURL):
+ (WTF::URL::isAboutBlank const):
+ (WTF::URL::isAboutSrcDoc const):
+ * wtf/URL.h:
+
2020-03-20 Jacob Uphoff <[email protected]>
Unreviewed, reverting r258748.
Modified: trunk/Source/WTF/wtf/URL.cpp (258768 => 258769)
--- trunk/Source/WTF/wtf/URL.cpp 2020-03-20 17:26:59 UTC (rev 258768)
+++ trunk/Source/WTF/wtf/URL.cpp 2020-03-20 17:40:44 UTC (rev 258769)
@@ -873,6 +873,12 @@
return staticBlankURL;
}
+const URL& aboutSrcDocURL()
+{
+ static NeverDestroyed<URL> staticAboutSrcDocURL(URL(), "about:srcdoc");
+ return staticAboutSrcDocURL;
+}
+
bool URL::protocolIsAbout() const
{
return protocolIs("about");
@@ -1015,6 +1021,16 @@
return URL(URL(), "file:///" + filePath);
}
+bool URL::isAboutBlank() const
+{
+ return protocolIsAbout() && path() == "blank";
+}
+
+bool URL::isAboutSrcDoc() const
+{
+ return protocolIsAbout() && path() == "srcdoc";
+}
+
TextStream& operator<<(TextStream& ts, const URL& url)
{
ts << url.string();
Modified: trunk/Source/WTF/wtf/URL.h (258768 => 258769)
--- trunk/Source/WTF/wtf/URL.h 2020-03-20 17:26:59 UTC (rev 258768)
+++ trunk/Source/WTF/wtf/URL.h 2020-03-20 17:40:44 UTC (rev 258769)
@@ -132,9 +132,11 @@
bool protocolIsAbout() const;
bool protocolIsInHTTPFamily() const;
bool isLocalFile() const;
- bool isBlankURL() const;
bool cannotBeABaseURL() const { return m_cannotBeABaseURL; }
+ bool isAboutBlank() const;
+ bool isAboutSrcDoc() const;
+
bool isMatchingDomain(const String&) const;
bool setProtocol(const String&);
@@ -258,6 +260,7 @@
WTF_EXPORT_PRIVATE bool hostsAreEqual(const URL&, const URL&);
WTF_EXPORT_PRIVATE const URL& blankURL();
+WTF_EXPORT_PRIVATE const URL& aboutSrcDocURL();
// Functions to do URL operations on strings.
// These are operations that aren't faster on a parsed URL.
Modified: trunk/Source/WebCore/ChangeLog (258768 => 258769)
--- trunk/Source/WebCore/ChangeLog 2020-03-20 17:26:59 UTC (rev 258768)
+++ trunk/Source/WebCore/ChangeLog 2020-03-20 17:40:44 UTC (rev 258769)
@@ -1,3 +1,21 @@
+2020-03-20 youenn fablet <[email protected]>
+
+ Add routines to check about:blank and about:srcdoc URLs
+ https://bugs.webkit.org/show_bug.cgi?id=209174
+
+ Reviewed by Alex Christensen.
+
+ * Modules/fetch/FetchRequest.cpp:
+ (WebCore::computeReferrer):
+ * dom/Document.cpp:
+ (WebCore::isURLPotentiallyTrustworthy):
+ * html/HTMLFrameElementBase.cpp:
+ (WebCore::HTMLFrameElementBase::location const):
+ * loader/FrameLoader.cpp:
+ (WebCore::FrameLoader::shouldTreatURLAsSrcdocDocument const):
+ * page/SecurityPolicy.cpp:
+ (WebCore::SecurityPolicy::shouldInheritSecurityOriginFromOwner):
+
2020-03-20 Chris Dumez <[email protected]>
[iOS] Articles on NYTimes.com get truncated when switching between MobileSafari and another app
Modified: trunk/Source/WebCore/Modules/fetch/FetchRequest.cpp (258768 => 258769)
--- trunk/Source/WebCore/Modules/fetch/FetchRequest.cpp 2020-03-20 17:26:59 UTC (rev 258768)
+++ trunk/Source/WebCore/Modules/fetch/FetchRequest.cpp 2020-03-20 17:40:44 UTC (rev 258769)
@@ -60,7 +60,7 @@
if (!referrerURL.isValid())
return Exception { TypeError, "Referrer is not a valid URL."_s };
- if (referrerURL.protocolIs("about") && referrerURL.path() == "client")
+ if (referrerURL.protocolIsAbout() && referrerURL.path() == "client")
return "client"_str;
if (!(context.securityOrigin() && context.securityOrigin()->canRequest(referrerURL)))
Modified: trunk/Source/WebCore/dom/Document.cpp (258768 => 258769)
--- trunk/Source/WebCore/dom/Document.cpp 2020-03-20 17:26:59 UTC (rev 258768)
+++ trunk/Source/WebCore/dom/Document.cpp 2020-03-20 17:40:44 UTC (rev 258769)
@@ -6038,7 +6038,7 @@
static bool isURLPotentiallyTrustworthy(const URL& url)
{
if (url.protocolIsAbout())
- return equalIgnoringASCIICase(url.string(), WTF::blankURL()) || equalLettersIgnoringASCIICase(url.string(), "about:srcdoc");
+ return url.isAboutBlank() || url.isAboutSrcDoc();
if (url.protocolIsData())
return true;
return SecurityOrigin::create(url)->isPotentiallyTrustworthy();
Modified: trunk/Source/WebCore/html/HTMLFrameElementBase.cpp (258768 => 258769)
--- trunk/Source/WebCore/html/HTMLFrameElementBase.cpp 2020-03-20 17:26:59 UTC (rev 258768)
+++ trunk/Source/WebCore/html/HTMLFrameElementBase.cpp 2020-03-20 17:40:44 UTC (rev 258769)
@@ -153,7 +153,7 @@
URL HTMLFrameElementBase::location() const
{
if (hasAttributeWithoutSynchronization(srcdocAttr))
- return URL({ }, "about:srcdoc");
+ return WTF::aboutSrcDocURL();
return document().completeURL(attributeWithoutSynchronization(srcAttr));
}
Modified: trunk/Source/WebCore/loader/FrameLoader.cpp (258768 => 258769)
--- trunk/Source/WebCore/loader/FrameLoader.cpp 2020-03-20 17:26:59 UTC (rev 258768)
+++ trunk/Source/WebCore/loader/FrameLoader.cpp 2020-03-20 17:40:44 UTC (rev 258769)
@@ -3711,7 +3711,7 @@
bool FrameLoader::shouldTreatURLAsSrcdocDocument(const URL& url) const
{
- if (!equalLettersIgnoringASCIICase(url.string(), "about:srcdoc"))
+ if (!url.isAboutSrcDoc())
return false;
HTMLFrameOwnerElement* ownerElement = m_frame.ownerElement();
if (!ownerElement)
Modified: trunk/Source/WebCore/page/SecurityPolicy.cpp (258768 => 258769)
--- trunk/Source/WebCore/page/SecurityPolicy.cpp 2020-03-20 17:26:59 UTC (rev 258768)
+++ trunk/Source/WebCore/page/SecurityPolicy.cpp 2020-03-20 17:40:44 UTC (rev 258769)
@@ -166,8 +166,8 @@
// The origin of the document is the origin of its parent document.
//
// Note: We generalize this to invalid URLs because we treat such URLs as about:blank.
- //
- return url.isEmpty() || equalIgnoringASCIICase(url.string(), WTF::blankURL()) || equalLettersIgnoringASCIICase(url.string(), "about:srcdoc");
+ // FIXME: We also allow some URLs like "about:BLANK". We should probably block navigation to these URLs, see rdar://problem/57966056.
+ return url.isEmpty() || url.isAboutBlank() || url.isAboutSrcDoc() || equalIgnoringASCIICase(url.string(), WTF::blankURL());
}
bool SecurityPolicy::isBaseURLSchemeAllowed(const URL& url)
Modified: trunk/Source/WebKit/ChangeLog (258768 => 258769)
--- trunk/Source/WebKit/ChangeLog 2020-03-20 17:26:59 UTC (rev 258768)
+++ trunk/Source/WebKit/ChangeLog 2020-03-20 17:40:44 UTC (rev 258769)
@@ -1,3 +1,13 @@
+2020-03-20 youenn fablet <[email protected]>
+
+ Add routines to check about:blank and about:srcdoc URLs
+ https://bugs.webkit.org/show_bug.cgi?id=209174
+
+ Reviewed by Alex Christensen.
+
+ * WebProcess/WebCoreSupport/WebResourceLoadObserver.cpp:
+ (WebKit::WebResourceLoadObserver::requestStorageAccessUnderOpener):
+
2020-03-20 Chris Dumez <[email protected]>
[iOS] Articles on NYTimes.com get truncated when switching between MobileSafari and another app
Modified: trunk/Source/WebKit/WebProcess/WebCoreSupport/WebResourceLoadObserver.cpp (258768 => 258769)
--- trunk/Source/WebKit/WebProcess/WebCoreSupport/WebResourceLoadObserver.cpp 2020-03-20 17:26:59 UTC (rev 258768)
+++ trunk/Source/WebKit/WebProcess/WebCoreSupport/WebResourceLoadObserver.cpp 2020-03-20 17:40:44 UTC (rev 258769)
@@ -79,7 +79,7 @@
RegistrableDomain openerDomain { openerUrl };
if (domainInNeedOfStorageAccess != openerDomain
&& !openerDocument.hasRequestedPageSpecificStorageAccessWithUserInteraction(domainInNeedOfStorageAccess)
- && !equalIgnoringASCIICase(openerUrl.string(), WTF::blankURL())) {
+ && !openerUrl.isAboutBlank()) {
WebProcess::singleton().ensureNetworkProcessConnection().connection().send(Messages::NetworkConnectionToWebProcess::RequestStorageAccessUnderOpener(domainInNeedOfStorageAccess, openerPage.identifier(), openerDomain), 0);
openerPage.addDomainWithPageLevelStorageAccess(openerDomain, domainInNeedOfStorageAccess);
