[webkit-changes] [264961] trunk/Source/WebKit

[katherine_cheney]

Title: [264961] trunk/Source/WebKit

Revision

264961

Author

katherine_che...@apple.com

Date

2020-07-27 17:36:59 -0700 (Mon, 27 Jul 2020)

Log Message

Handle full browser apps that try to use prohibited Info.plist strings
https://bugs.webkit.org/show_bug.cgi?id=214852
<rdar://problem/66023860>

Reviewed by Brent Fulgham.

Full-web browsing applications which also use prohibited Info.plist
strings should be restricted from using certain powerful APIs like
_javascript_ injection. These apps will have the equivalent privileges
of an app that opts into App-Bound Domains with an empty
WKAppBoundDomains key.

No new tests. Writing a test for this would require being able to
change TestWebKitAPI's Info.plist between tests, which we do not
support. I manually tested this by adding a prohibited
string to the TestWebKitAPI Info.plist then verified that restricted APIs,
like JS injection, were blocked.

* UIProcess/WebPageProxy.cpp:
(isFullWebBrowser):
(hasProhibitedUsageStrings):
(WebKit::WebPageProxy::loadData):
(WebKit::WebPageProxy::setIsNavigatingToAppBoundDomainAndCheckIfPermitted):
We do not need to set m_isNavigatingToAppBoundDomain in the case where
a full web browser does not use prohibited strings. In this case, we
want m_isNavigatingToAppBoundDomain to stay as WTF::nullopt so no API
restriction is enabled.

Modified Paths

• trunk/Source/WebKit/ChangeLog
• trunk/Source/WebKit/UIProcess/WebPageProxy.cpp

Diff

Modified: trunk/Source/WebKit/ChangeLog (264960 => 264961)

--- trunk/Source/WebKit/ChangeLog	2020-07-28 00:30:17 UTC (rev 264960)
+++ trunk/Source/WebKit/ChangeLog	2020-07-28 00:36:59 UTC (rev 264961)
@@ -1,3 +1,33 @@
+2020-07-27  Kate Cheney  <katherine_che...@apple.com>
+
+        Handle full browser apps that try to use prohibited Info.plist strings
+        https://bugs.webkit.org/show_bug.cgi?id=214852
+        <rdar://problem/66023860>
+
+        Reviewed by Brent Fulgham.
+
+        Full-web browsing applications which also use prohibited Info.plist
+        strings should be restricted from using certain powerful APIs like
+        _javascript_ injection. These apps will have the equivalent privileges
+        of an app that opts into App-Bound Domains with an empty
+        WKAppBoundDomains key.
+
+        No new tests. Writing a test for this would require being able to
+        change TestWebKitAPI's Info.plist between tests, which we do not
+        support. I manually tested this by adding a prohibited
+        string to the TestWebKitAPI Info.plist then verified that restricted APIs, 
+        like JS injection, were blocked.
+
+        * UIProcess/WebPageProxy.cpp:
+        (isFullWebBrowser):
+        (hasProhibitedUsageStrings):
+        (WebKit::WebPageProxy::loadData):
+        (WebKit::WebPageProxy::setIsNavigatingToAppBoundDomainAndCheckIfPermitted):
+        We do not need to set m_isNavigatingToAppBoundDomain in the case where
+        a full web browser does not use prohibited strings. In this case, we
+        want m_isNavigatingToAppBoundDomain to stay as WTF::nullopt so no API
+        restriction is enabled.
+
 2020-07-27  David Kilzer  <ddkil...@apple.com>
 
         WebKit::setCrashReportApplicationSpecificInformation() should also log to WTFLogAlways()

Modified: trunk/Source/WebKit/UIProcess/WebPageProxy.cpp (264960 => 264961)

--- trunk/Source/WebKit/UIProcess/WebPageProxy.cpp	2020-07-28 00:30:17 UTC (rev 264960)
+++ trunk/Source/WebKit/UIProcess/WebPageProxy.cpp	2020-07-28 00:36:59 UTC (rev 264961)
@@ -291,8 +291,11 @@
 #if USE(APPLE_INTERNAL_SDK)
 #include <WebKitAdditions/WebPageProxyAdditions.h>
 #else
-#define WEB_PAGE_PROXY_ADDITIONS_SETISNAVIGATINGTOAPPBOUNDDOMAIN true
+static bool isFullWebBrowser() { return true; }
+#if PLATFORM(IOS_FAMILY)
+static bool hasProhibitedUsageStrings() { return false; }
 #endif
+#endif
 
 // This controls what strategy we use for mouse wheel coalescing.
 #define MERGE_WHEEL_EVENTS 1
@@ -1393,7 +1396,7 @@
 {
     RELEASE_LOG_IF_ALLOWED(Loading, "loadData:");
 
-    if (MIMEType == "text/html"_s && !WEB_PAGE_PROXY_ADDITIONS_SETISNAVIGATINGTOAPPBOUNDDOMAIN)
+    if (MIMEType == "text/html"_s && !isFullWebBrowser())
         m_limitsNavigationsToAppBoundDomains = true;
 
     if (m_isClosed) {
@@ -3134,8 +3137,11 @@
 bool WebPageProxy::setIsNavigatingToAppBoundDomainAndCheckIfPermitted(bool isMainFrame, const URL& requestURL, Optional<NavigatingToAppBoundDomain> isNavigatingToAppBoundDomain)
 {
 #if PLATFORM(IOS_FAMILY)
-    if (WEB_PAGE_PROXY_ADDITIONS_SETISNAVIGATINGTOAPPBOUNDDOMAIN)
+    if (isFullWebBrowser()) {
+        if (hasProhibitedUsageStrings())
+            m_isNavigatingToAppBoundDomain = NavigatingToAppBoundDomain::No;
         return true;
+    }
     if (!isNavigatingToAppBoundDomain) {
         m_isNavigatingToAppBoundDomain = WTF::nullopt;
         return true;

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes