Title: [259494] branches/safari-609.2.1.2-branch
- Revision
- 259494
- Author
- [email protected]
- Date
- 2020-04-03 12:57:55 -0700 (Fri, 03 Apr 2020)
Log Message
Cherry-pick r258741. rdar://problem/61231885
Sanitize suggested download filename received from web process
https://bugs.webkit.org/show_bug.cgi?id=209300
<rdar://problem/59487723>
Patch by Alex Christensen <[email protected]> on 2020-03-19
Reviewed by Chris Dumez.
Source/WebKit:
* UIProcess/Downloads/DownloadProxy.cpp:
(WebKit::DownloadProxy::decideDestinationWithSuggestedFilenameAsync):
LayoutTests:
* fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-backslash-expected.txt:
* fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-backslash.html:
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@258741 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Modified Paths
Diff
Modified: branches/safari-609.2.1.2-branch/LayoutTests/ChangeLog (259493 => 259494)
--- branches/safari-609.2.1.2-branch/LayoutTests/ChangeLog 2020-04-03 19:57:52 UTC (rev 259493)
+++ branches/safari-609.2.1.2-branch/LayoutTests/ChangeLog 2020-04-03 19:57:55 UTC (rev 259494)
@@ -1,5 +1,39 @@
2020-04-03 Alan Coon <[email protected]>
+ Cherry-pick r258741. rdar://problem/61231885
+
+ Sanitize suggested download filename received from web process
+ https://bugs.webkit.org/show_bug.cgi?id=209300
+ <rdar://problem/59487723>
+
+ Patch by Alex Christensen <[email protected]> on 2020-03-19
+ Reviewed by Chris Dumez.
+
+ Source/WebKit:
+
+ * UIProcess/Downloads/DownloadProxy.cpp:
+ (WebKit::DownloadProxy::decideDestinationWithSuggestedFilenameAsync):
+
+ LayoutTests:
+
+ * fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-backslash-expected.txt:
+ * fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-backslash.html:
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@258741 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2020-03-19 Alex Christensen <[email protected]>
+
+ Sanitize suggested download filename received from web process
+ https://bugs.webkit.org/show_bug.cgi?id=209300
+ <rdar://problem/59487723>
+
+ Reviewed by Chris Dumez.
+
+ * fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-backslash-expected.txt:
+ * fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-backslash.html:
+
+2020-04-03 Alan Coon <[email protected]>
+
Cherry-pick r258459. rdar://problem/61231983
SVGMatrix should have the access right of its owner SVGTransform always
Modified: branches/safari-609.2.1.2-branch/LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-backslash-expected.txt (259493 => 259494)
--- branches/safari-609.2.1.2-branch/LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-backslash-expected.txt 2020-04-03 19:57:52 UTC (rev 259493)
+++ branches/safari-609.2.1.2-branch/LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-backslash-expected.txt 2020-04-03 19:57:55 UTC (rev 259494)
@@ -1,6 +1,6 @@
Download started.
-Downloading URL with suggested filename "*\.png"
+Downloading URL with suggested filename "*.png"
Download completed.
-The suggested filename above should be "*\.png" and the download should succeed.
+The suggested filename above should be "*.png" and the download should succeed.
File backed blob URL
Modified: branches/safari-609.2.1.2-branch/LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-backslash.html (259493 => 259494)
--- branches/safari-609.2.1.2-branch/LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-backslash.html 2020-04-03 19:57:52 UTC (rev 259493)
+++ branches/safari-609.2.1.2-branch/LayoutTests/fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-backslash.html 2020-04-03 19:57:55 UTC (rev 259494)
@@ -12,7 +12,7 @@
</script>
</head>
<body>
-<p>The suggested filename above should be "*\.png" and the download should succeed.</p>
+<p>The suggested filename above should be "*.png" and the download should succeed.</p>
<a id="blob-url" download="*\">File backed blob URL</a>
<script>
function click(elmt)
Modified: branches/safari-609.2.1.2-branch/Source/WebKit/ChangeLog (259493 => 259494)
--- branches/safari-609.2.1.2-branch/Source/WebKit/ChangeLog 2020-04-03 19:57:52 UTC (rev 259493)
+++ branches/safari-609.2.1.2-branch/Source/WebKit/ChangeLog 2020-04-03 19:57:55 UTC (rev 259494)
@@ -1,5 +1,39 @@
2020-04-03 Alan Coon <[email protected]>
+ Cherry-pick r258741. rdar://problem/61231885
+
+ Sanitize suggested download filename received from web process
+ https://bugs.webkit.org/show_bug.cgi?id=209300
+ <rdar://problem/59487723>
+
+ Patch by Alex Christensen <[email protected]> on 2020-03-19
+ Reviewed by Chris Dumez.
+
+ Source/WebKit:
+
+ * UIProcess/Downloads/DownloadProxy.cpp:
+ (WebKit::DownloadProxy::decideDestinationWithSuggestedFilenameAsync):
+
+ LayoutTests:
+
+ * fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-backslash-expected.txt:
+ * fast/dom/HTMLAnchorElement/anchor-file-blob-download-includes-backslash.html:
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@258741 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2020-03-19 Alex Christensen <[email protected]>
+
+ Sanitize suggested download filename received from web process
+ https://bugs.webkit.org/show_bug.cgi?id=209300
+ <rdar://problem/59487723>
+
+ Reviewed by Chris Dumez.
+
+ * UIProcess/Downloads/DownloadProxy.cpp:
+ (WebKit::DownloadProxy::decideDestinationWithSuggestedFilenameAsync):
+
+2020-04-03 Alan Coon <[email protected]>
+
Cherry-pick r258559. rdar://problem/61231877
Terminate the WebContent process when receiving invalid IPC from a WebInspector session
Modified: branches/safari-609.2.1.2-branch/Source/WebKit/UIProcess/Downloads/DownloadProxy.cpp (259493 => 259494)
--- branches/safari-609.2.1.2-branch/Source/WebKit/UIProcess/Downloads/DownloadProxy.cpp 2020-04-03 19:57:52 UTC (rev 259493)
+++ branches/safari-609.2.1.2-branch/Source/WebKit/UIProcess/Downloads/DownloadProxy.cpp 2020-04-03 19:57:55 UTC (rev 259494)
@@ -40,6 +40,7 @@
#include "WebProcessPool.h"
#include "WebProtectionSpace.h"
#include <WebCore/MIMETypeRegistry.h>
+#include <WebCore/ResourceResponseBase.h>
#include <wtf/FileSystem.h>
#include <wtf/text/CString.h>
#include <wtf/text/WTFString.h>
@@ -178,7 +179,7 @@
if (!m_processPool)
return;
- m_processPool->downloadClient().decideDestinationWithSuggestedFilename(*this, suggestedFilename, [this, protectedThis = makeRef(*this), downloadID = downloadID] (AllowOverwrite allowOverwrite, String destination) {
+ m_processPool->downloadClient().decideDestinationWithSuggestedFilename(*this, ResourceResponseBase::sanitizeSuggestedFilename(suggestedFilename), [this, protectedThis = makeRef(*this), downloadID = downloadID] (AllowOverwrite allowOverwrite, String destination) {
SandboxExtension::Handle sandboxExtensionHandle;
if (!destination.isNull())
SandboxExtension::createHandle(destination, SandboxExtension::Type::ReadWrite, sandboxExtensionHandle);
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
