Title: [279450] trunk
- Revision
- 279450
- Author
- [email protected]
- Date
- 2021-06-30 23:09:40 -0700 (Wed, 30 Jun 2021)
Log Message
Regression(r278737): WebContent crash when calling [WKWebView loadHTMLString:] with an invalid URL
https://bugs.webkit.org/show_bug.cgi?id=227560
<rdar://79815425>
Reviewed by Alex Christensen.
Source/WebKit:
Make sure the parsed URL is valid in WebPage::loadData() before getting its protocol and calling
LegacySchemeRegistry::registerURLSchemeAsHandledBySchemeHandler() with it. Passing a null String
to LegacySchemeRegistry::registerURLSchemeAsHandledBySchemeHandler() causes crashes.
* WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::loadData):
Tools:
Add API test coverage.
* TestWebKitAPI/Tests/WebKitCocoa/LoadAlternateHTMLString.mm:
(TEST):
Modified Paths
Diff
Modified: trunk/Source/WebKit/ChangeLog (279449 => 279450)
--- trunk/Source/WebKit/ChangeLog 2021-07-01 06:07:33 UTC (rev 279449)
+++ trunk/Source/WebKit/ChangeLog 2021-07-01 06:09:40 UTC (rev 279450)
@@ -1,3 +1,18 @@
+2021-06-30 Chris Dumez <[email protected]>
+
+ Regression(r278737): WebContent crash when calling [WKWebView loadHTMLString:] with an invalid URL
+ https://bugs.webkit.org/show_bug.cgi?id=227560
+ <rdar://79815425>
+
+ Reviewed by Alex Christensen.
+
+ Make sure the parsed URL is valid in WebPage::loadData() before getting its protocol and calling
+ LegacySchemeRegistry::registerURLSchemeAsHandledBySchemeHandler() with it. Passing a null String
+ to LegacySchemeRegistry::registerURLSchemeAsHandledBySchemeHandler() causes crashes.
+
+ * WebProcess/WebPage/WebPage.cpp:
+ (WebKit::WebPage::loadData):
+
2021-06-30 Megan Gardner <[email protected]>
Add ID and versioning support for AppHighlights
Modified: trunk/Source/WebKit/WebProcess/WebPage/WebPage.cpp (279449 => 279450)
--- trunk/Source/WebKit/WebProcess/WebPage/WebPage.cpp 2021-07-01 06:07:33 UTC (rev 279449)
+++ trunk/Source/WebKit/WebProcess/WebPage/WebPage.cpp 2021-07-01 06:09:40 UTC (rev 279450)
@@ -1744,8 +1744,11 @@
baseURL = aboutBlankURL();
else {
baseURL = URL(URL(), loadParameters.baseURLString);
- if (!baseURL.protocolIsInHTTPFamily())
- LegacySchemeRegistry::registerURLSchemeAsHandledBySchemeHandler(baseURL.protocol().toString());
+ if (baseURL.isValid()) {
+ if (!baseURL.protocolIsInHTTPFamily())
+ LegacySchemeRegistry::registerURLSchemeAsHandledBySchemeHandler(baseURL.protocol().toString());
+ } else
+ baseURL = aboutBlankURL();
}
loadDataImpl(loadParameters.navigationID, loadParameters.shouldTreatAsContinuingLoad, WTFMove(loadParameters.websitePolicies), WTFMove(sharedBuffer), loadParameters.MIMEType, loadParameters.encodingName, baseURL, URL(), loadParameters.userData, loadParameters.isNavigatingToAppBoundDomain, loadParameters.shouldOpenExternalURLsPolicy);
Modified: trunk/Tools/ChangeLog (279449 => 279450)
--- trunk/Tools/ChangeLog 2021-07-01 06:07:33 UTC (rev 279449)
+++ trunk/Tools/ChangeLog 2021-07-01 06:09:40 UTC (rev 279450)
@@ -1,3 +1,16 @@
+2021-06-30 Chris Dumez <[email protected]>
+
+ Regression(r278737): WebContent crash when calling [WKWebView loadHTMLString:] with an invalid URL
+ https://bugs.webkit.org/show_bug.cgi?id=227560
+ <rdar://79815425>
+
+ Reviewed by Alex Christensen.
+
+ Add API test coverage.
+
+ * TestWebKitAPI/Tests/WebKitCocoa/LoadAlternateHTMLString.mm:
+ (TEST):
+
2021-06-30 Saam Barati <[email protected]>
Turn off data ICs by default
Modified: trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/LoadAlternateHTMLString.mm (279449 => 279450)
--- trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/LoadAlternateHTMLString.mm 2021-07-01 06:07:33 UTC (rev 279449)
+++ trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/LoadAlternateHTMLString.mm 2021-07-01 06:09:40 UTC (rev 279450)
@@ -175,3 +175,26 @@
[webView loadHTMLString:[NSString stringWithFormat:html, server.port()] baseURL:[NSURL URLWithString:@"custom-scheme://"]];
Util::run(&done);
}
+
+TEST(WebKit, LoadHTMLStringWithInvalidBaseURL)
+{
+ auto webView = adoptNS([[WKWebView alloc] initWithFrame:NSZeroRect]);
+
+ auto navigationDelegate = adoptNS([[TestNavigationDelegate alloc] init]);
+ [webView setNavigationDelegate:navigationDelegate.get()];
+
+ __block bool didCrash = false;
+ navigationDelegate.get().webContentProcessDidTerminate = ^(WKWebView *view) {
+ didCrash = true;
+ };
+
+ __block bool didFinishNavigation = false;
+ navigationDelegate.get().didFinishNavigation = ^(WKWebView *view, WKNavigation *navigation) {
+ didFinishNavigation = true;
+ };
+
+ [webView loadHTMLString:@"test" baseURL:[NSURL URLWithString:@"invalid"]];
+ TestWebKitAPI::Util::run(&didFinishNavigation);
+
+ EXPECT_FALSE(didCrash);
+}
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
