Skip to site navigation (Press enter)

[webkit-changes] [265160] trunk

beidson Fri, 31 Jul 2020 15:15:13 -0700

Title: [265160] trunk

Revision: 265160
Author: beid...@apple.com
Date: 2020-07-31 15:14:04 -0700 (Fri, 31 Jul 2020)

Log Message

Log a warning to the dev console when gamepads are accessed from an insecure context.
https://bugs.webkit.org/show_bug.cgi?id=214995


Reviewed by Tim Horton.

Source/WebCore:

Test: http/tests/misc/gamepads-insecure.html

* Modules/gamepad/NavigatorGamepad.cpp:
(WebCore::NavigatorGamepad::getGamepads): Insecure contexts should log that getGamepads() will
  be going away in a future release. Just do it once, because getGamepads() is called frequently.

LayoutTests:

* http/tests/misc/gamepads-insecure-expected.txt: Added.
* http/tests/misc/gamepads-insecure.html: Added.

Modified Paths

trunk/LayoutTests/ChangeLog
trunk/Source/WebCore/ChangeLog
trunk/Source/WebCore/Modules/gamepad/NavigatorGamepad.cpp

Added Paths

trunk/LayoutTests/http/tests/misc/gamepads-insecure-expected.txt
trunk/LayoutTests/http/tests/misc/gamepads-insecure.html

Diff

Modified: trunk/LayoutTests/ChangeLog (265159 => 265160)


--- trunk/LayoutTests/ChangeLog	2020-07-31 21:02:16 UTC (rev 265159)
+++ trunk/LayoutTests/ChangeLog	2020-07-31 22:14:04 UTC (rev 265160)
@@ -1,3 +1,13 @@
+2020-07-31  Brady Eidson  <beid...@apple.com>
+
+        Log a warning to the dev console when gamepads are accessed from an insecure context.
+        https://bugs.webkit.org/show_bug.cgi?id=214995
+
+        Reviewed by Tim Horton.
+
+        * http/tests/misc/gamepads-insecure-expected.txt: Added.
+        * http/tests/misc/gamepads-insecure.html: Added.
+
 2020-07-31  Aditya Keerthi  <akeer...@apple.com>
 
         [macOS] Date/time input types should have a textfield appearance

Added: trunk/LayoutTests/http/tests/misc/gamepads-insecure-expected.txt (0 => 265160)


--- trunk/LayoutTests/http/tests/misc/gamepads-insecure-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/http/tests/misc/gamepads-insecure-expected.txt	2020-07-31 22:14:04 UTC (rev 265160)
@@ -0,0 +1,2 @@
+CONSOLE MESSAGE: Navigator.getGamepads() will be removed from insecure contexts in a future release
+Test that accessing navigator.getGamepads from an insecure context logs a warning

Added: trunk/LayoutTests/http/tests/misc/gamepads-insecure.html (0 => 265160)


--- trunk/LayoutTests/http/tests/misc/gamepads-insecure.html	                        (rev 0)
+++ trunk/LayoutTests/http/tests/misc/gamepads-insecure.html	2020-07-31 22:14:04 UTC (rev 265160)
@@ -0,0 +1,11 @@
+<body>
+<p>Test that accessing navigator.getGamepads from an insecure context logs a warning</p>
+<script>
+if (window.testRunner)
+    testRunner.dumpAsText();
+if (window.internals)
+    internals.markContextAsInsecure();
+
+navigator.getGamepads();
+</script>
+</body>

Modified: trunk/Source/WebCore/ChangeLog (265159 => 265160)


--- trunk/Source/WebCore/ChangeLog	2020-07-31 21:02:16 UTC (rev 265159)
+++ trunk/Source/WebCore/ChangeLog	2020-07-31 22:14:04 UTC (rev 265160)
@@ -1,3 +1,16 @@
+2020-07-31  Brady Eidson  <beid...@apple.com>
+
+        Log a warning to the dev console when gamepads are accessed from an insecure context.
+        https://bugs.webkit.org/show_bug.cgi?id=214995
+
+        Reviewed by Tim Horton.
+
+        Test: http/tests/misc/gamepads-insecure.html
+
+        * Modules/gamepad/NavigatorGamepad.cpp:
+        (WebCore::NavigatorGamepad::getGamepads): Insecure contexts should log that getGamepads() will
+          be going away in a future release. Just do it once, because getGamepads() is called frequently.
+
 2020-07-31  Aditya Keerthi  <akeer...@apple.com>
 
         [macOS] Date/time input types should have a textfield appearance

Modified: trunk/Source/WebCore/Modules/gamepad/NavigatorGamepad.cpp (265159 => 265160)


--- trunk/Source/WebCore/Modules/gamepad/NavigatorGamepad.cpp	2020-07-31 21:02:16 UTC (rev 265159)
+++ trunk/Source/WebCore/Modules/gamepad/NavigatorGamepad.cpp	2020-07-31 22:14:04 UTC (rev 265160)
@@ -28,6 +28,7 @@
 
 #if ENABLE(GAMEPAD)
 
+#include "DOMWindow.h"
 #include "Gamepad.h"
 #include "GamepadManager.h"
 #include "GamepadProvider.h"
@@ -73,6 +74,21 @@
 
 const Vector<RefPtr<Gamepad>>& NavigatorGamepad::getGamepads(Navigator& navigator)
 {
+    auto* domWindow = navigator.window();
+    Document* document = domWindow ? domWindow->document() : nullptr;
+    if (!document) {
+        static NeverDestroyed<Vector<RefPtr<Gamepad>>> emptyGamepads;
+        return emptyGamepads;
+    }
+
+    if (!document->isSecureContext()) {
+        static std::once_flag onceFlag;
+        std::call_once(onceFlag, [document] {
+            document->addConsoleMessage(MessageSource::Security, MessageLevel::Warning, "Navigator.getGamepads() will be removed from insecure contexts in a future release"_s);
+        });
+
+    }
+
     return NavigatorGamepad::from(&navigator)->gamepads();
 }

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes