Diff
Modified: trunk/LayoutTests/ChangeLog (282745 => 282746)
--- trunk/LayoutTests/ChangeLog 2021-09-20 14:09:25 UTC (rev 282745)
+++ trunk/LayoutTests/ChangeLog 2021-09-20 14:22:03 UTC (rev 282746)
@@ -1,5 +1,20 @@
2021-09-20 Marcos Caceres <[email protected]>
+ Web Share permission policy "web-share" and "self" as the allowlist
+ https://bugs.webkit.org/show_bug.cgi?id=214448
+
+ Reviewed by Youenn Fablet.
+
+ * http/tests/webshare/resources/webshare-postmessage.html: Added.
+ * http/tests/webshare/webshare-allow-attribute-canShare.https-expected.txt: Added.
+ * http/tests/webshare/webshare-allow-attribute-canShare.https.html: Added.
+ * http/tests/webshare/webshare-allow-attribute-share.https-expected.txt: Added.
+ * http/tests/webshare/webshare-allow-attribute-share.https.html: Added.
+ * platform/mac-wk1/TestExpectations:
+ * platform/win/TestExpectations:
+
+2021-09-20 Marcos Caceres <[email protected]>
+
Web Share tests are out of date
https://bugs.webkit.org/show_bug.cgi?id=229489
Added: trunk/LayoutTests/http/tests/webshare/resources/webshare-postmessage.html (0 => 282746)
--- trunk/LayoutTests/http/tests/webshare/resources/webshare-postmessage.html (rev 0)
+++ trunk/LayoutTests/http/tests/webshare/resources/webshare-postmessage.html 2021-09-20 14:22:03 UTC (rev 282746)
@@ -0,0 +1,70 @@
+<!DOCTYPE html>
+<meta charset="utf-8" />
+<meta viewport="width=device-width, initial-scale=1.0" />
+<style>
+ html {
+ height: 100%;
+ margin: 0;
+ padding: 0;
+ }
+ body {
+ margin: 0;
+ padding: 0;
+ display: grid;
+ }
+ button {
+ height: 100vh;
+ width: 100%;
+ border: 1px solid black;
+ }
+</style>
+<body>
+ <button id="share-button">SHARE!</button>
+ <script>
+ window.addEventListener(
+ "message",
+ async (event) => {
+ const shareButton = document.getElementById("share-button");
+ const { action } = event.data;
+ let result = null;
+ let exceptionMessage;
+ let exceptionName;
+ switch (action) {
+ case "call canShare()":
+ try {
+ result = navigator.canShare({ text: "some text" });
+ } catch (e) {
+ exceptionMessage = e.message;
+ exceptionName = e.name;
+ }
+ break;
+ case "call share()":
+ await userActivationFromParent(shareButton, event);
+ try {
+ await navigator.share({ text: "some text" });
+ result = "share completed";
+ } catch (e) {
+ result = "threw";
+ exceptionMessage = e.message;
+ exceptionName = e.name;
+ }
+ break;
+ default:
+ throw new Error(`Unknown action: ${action}`);
+ }
+ event.source.postMessage(
+ { action, result, exceptionMessage, exceptionName },
+ event.origin
+ );
+ },
+ { once: true }
+ );
+
+ function userActivationFromParent(shareButton, event) {
+ return new Promise((resolve) => {
+ shareButton.addEventListener("click", resolve, { once: true });
+ event.source.postMessage("activate me!", event.origin);
+ });
+ }
+ </script>
+</body>
Added: trunk/LayoutTests/http/tests/webshare/webshare-allow-attribute-canShare.https-expected.txt (0 => 282746)
--- trunk/LayoutTests/http/tests/webshare/webshare-allow-attribute-canShare.https-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/webshare/webshare-allow-attribute-canShare.https-expected.txt 2021-09-20 14:22:03 UTC (rev 282746)
@@ -0,0 +1,18 @@
+CONSOLE MESSAGE: Feature policy 'WebShare' check failed for iframe with origin 'https://localhost:8443' and allow attribute ''.
+CONSOLE MESSAGE: Feature policy 'WebShare' check failed for iframe with origin 'https://localhost:8443' and allow attribute 'web-share 'none''.
+CONSOLE MESSAGE: Feature policy 'WebShare' check failed for iframe with origin 'https://127.0.0.1:8443' and allow attribute 'web-share 'none''.
+CONSOLE MESSAGE: Feature policy 'WebShare' check failed for iframe with origin 'https://localhost:8443' and allow attribute 'web-share 'self''.
+CONSOLE MESSAGE: Feature policy 'WebShare' check failed for iframe with origin 'https://127.0.0.1:8443' and allow attribute 'web-share https://localhost:8443'.
+PASS iframe src: "https://localhost:8443/webshare/resources/webshare-postmessage.html" with allow="" MUST NOT be allowed to call canShare().
+PASS iframe src: "https://127.0.0.1:8443/webshare/resources/webshare-postmessage.html" with allow="" is allowed to call canShare().
+PASS iframe src: "https://localhost:8443/webshare/resources/webshare-postmessage.html" with allow="web-share" is allowed to call canShare().
+PASS iframe src: "https://127.0.0.1:8443/webshare/resources/webshare-postmessage.html" with allow="web-share" is allowed to call canShare().
+PASS iframe src: "https://localhost:8443/webshare/resources/webshare-postmessage.html" with allow="web-share *" is allowed to call canShare().
+PASS iframe src: "https://127.0.0.1:8443/webshare/resources/webshare-postmessage.html" with allow="web-share *" is allowed to call canShare().
+PASS iframe src: "https://localhost:8443/webshare/resources/webshare-postmessage.html" with allow="web-share 'none'" MUST NOT be allowed to call canShare().
+PASS iframe src: "https://127.0.0.1:8443/webshare/resources/webshare-postmessage.html" with allow="web-share 'none'" MUST NOT be allowed to call canShare().
+PASS iframe src: "https://localhost:8443/webshare/resources/webshare-postmessage.html" with allow="web-share 'self'" MUST NOT be allowed to call canShare().
+PASS iframe src: "https://127.0.0.1:8443/webshare/resources/webshare-postmessage.html" with allow="web-share 'self'" is allowed to call canShare().
+PASS iframe src: "https://localhost:8443/webshare/resources/webshare-postmessage.html" with allow="web-share https://localhost:8443" is allowed to call canShare().
+PASS iframe src: "https://127.0.0.1:8443/webshare/resources/webshare-postmessage.html" with allow="web-share https://localhost:8443" MUST NOT be allowed to call canShare().
+
Added: trunk/LayoutTests/http/tests/webshare/webshare-allow-attribute-canShare.https.html (0 => 282746)
--- trunk/LayoutTests/http/tests/webshare/webshare-allow-attribute-canShare.https.html (rev 0)
+++ trunk/LayoutTests/http/tests/webshare/webshare-allow-attribute-canShare.https.html 2021-09-20 14:22:03 UTC (rev 282746)
@@ -0,0 +1,109 @@
+<!DOCTYPE html>
+<html>
+ <head>
+ <title>
+ Test allow attribute with "web-share" and canShare() method
+ </title>
+ <meta name="viewport" content="initial-scale=5, width=device-width" />
+ <script src=""
+ <script>
+ testRunner?.dumpAsText();
+ testRunner?.waitUntilDone();
+
+ function waitFor(target, eventName) {
+ return new Promise((resolve) => {
+ target.addEventListener(eventName, resolve, { once: true });
+ });
+ }
+
+ window.addEventListener("load", async () => {
+ for (const iframe of document.querySelectorAll("iframe")) {
+ const { enabled, src } = iframe.dataset;
+ const isAllowed = enabled === "true";
+ const action = "" canShare()";
+ iframe.contentWindow.postMessage({ action }, "*");
+ const { data } = await waitFor(window, "message");
+ const { exceptionMessage, exceptionName, result } = data;
+
+ const msg = `iframe src: "${iframe.src}" with allow="${
+ iframe.allow
+ }" ${
+ isAllowed ? "is allowed to" : "MUST NOT be allowed to"
+ } ${action}. ${exceptionName ?? ""} ${exceptionMessage ?? ""}`;
+
+ switch (result) {
+ case true:
+ isAllowed ? testPassed(msg) : testFailed(msg);
+ break;
+ case false:
+ !isAllowed ? testPassed(msg) : testFailed(msg);
+ break;
+ default:
+ testFailed(msg + ` - result was: ${result}`);
+ }
+ }
+ testRunner.notifyDone();
+ });
+ </script>
+ </head>
+ <body>
+ <iframe
+ data-enabled="false"
+ src=""
+ ></iframe>
+ <iframe
+ data-enabled="true"
+ src=""
+ ></iframe>
+ <iframe
+ allow="web-share"
+ data-enabled="true"
+ src=""
+ ></iframe>
+ <iframe
+ allow="web-share"
+ data-enabled="true"
+ src=""
+ ></iframe>
+ <iframe
+ allow="web-share *"
+ data-enabled="true"
+ src=""
+ ></iframe>
+ <iframe
+ allow="web-share *"
+ data-enabled="true"
+ src=""
+ ></iframe>
+ <iframe
+ allow="web-share 'none'"
+ data-enabled="false"
+ src=""
+ ></iframe>
+ <iframe
+ allow="web-share 'none'"
+ data-enabled="false"
+ src=""
+ ></iframe>
+ <iframe
+ allow="web-share 'self'"
+ data-enabled="false"
+ src=""
+ ></iframe>
+ <iframe
+ allow="web-share 'self'"
+ data-enabled="true"
+ src=""
+ ></iframe>
+ <iframe
+ allow="web-share https://localhost:8443"
+ data-enabled="true"
+ src=""
+ ></iframe>
+ <iframe
+ allow="web-share https://localhost:8443"
+ data-enabled="false"
+ src=""
+ ></iframe>
+ </body>
+</html>
Added: trunk/LayoutTests/http/tests/webshare/webshare-allow-attribute-share.https-expected.txt (0 => 282746)
--- trunk/LayoutTests/http/tests/webshare/webshare-allow-attribute-share.https-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/webshare/webshare-allow-attribute-share.https-expected.txt 2021-09-20 14:22:03 UTC (rev 282746)
@@ -0,0 +1,18 @@
+CONSOLE MESSAGE: Feature policy 'WebShare' check failed for iframe with origin 'https://localhost:8443' and allow attribute ''.
+CONSOLE MESSAGE: Feature policy 'WebShare' check failed for iframe with origin 'https://localhost:8443' and allow attribute 'web-share 'none''.
+CONSOLE MESSAGE: Feature policy 'WebShare' check failed for iframe with origin 'https://127.0.0.1:8443' and allow attribute 'web-share 'none''.
+CONSOLE MESSAGE: Feature policy 'WebShare' check failed for iframe with origin 'https://localhost:8443' and allow attribute 'web-share 'self''.
+CONSOLE MESSAGE: Feature policy 'WebShare' check failed for iframe with origin 'https://127.0.0.1:8443' and allow attribute 'web-share https://localhost:8443'.
+PASS iframe src: "https://localhost:8443/webshare/resources/webshare-postmessage.html" with allow="" MUST NOT be allowed to call share(). NotAllowedError Third-party iframes are not allowed to call share() unless explicitly allowed via Feature-Policy (web-share)
+PASS iframe src: "https://127.0.0.1:8443/webshare/resources/webshare-postmessage.html" with allow="" is allowed to call share().
+PASS iframe src: "https://localhost:8443/webshare/resources/webshare-postmessage.html" with allow="web-share" is allowed to call share().
+PASS iframe src: "https://127.0.0.1:8443/webshare/resources/webshare-postmessage.html" with allow="web-share" is allowed to call share().
+PASS iframe src: "https://localhost:8443/webshare/resources/webshare-postmessage.html" with allow="web-share *" is allowed to call share().
+PASS iframe src: "https://127.0.0.1:8443/webshare/resources/webshare-postmessage.html" with allow="web-share *" is allowed to call share().
+PASS iframe src: "https://localhost:8443/webshare/resources/webshare-postmessage.html" with allow="web-share 'none'" MUST NOT be allowed to call share(). NotAllowedError Third-party iframes are not allowed to call share() unless explicitly allowed via Feature-Policy (web-share)
+PASS iframe src: "https://127.0.0.1:8443/webshare/resources/webshare-postmessage.html" with allow="web-share 'none'" MUST NOT be allowed to call share(). NotAllowedError Third-party iframes are not allowed to call share() unless explicitly allowed via Feature-Policy (web-share)
+PASS iframe src: "https://localhost:8443/webshare/resources/webshare-postmessage.html" with allow="web-share 'self'" MUST NOT be allowed to call share(). NotAllowedError Third-party iframes are not allowed to call share() unless explicitly allowed via Feature-Policy (web-share)
+PASS iframe src: "https://127.0.0.1:8443/webshare/resources/webshare-postmessage.html" with allow="web-share 'self'" is allowed to call share().
+PASS iframe src: "https://localhost:8443/webshare/resources/webshare-postmessage.html" with allow="web-share https://localhost:8443" is allowed to call share().
+PASS iframe src: "https://127.0.0.1:8443/webshare/resources/webshare-postmessage.html" with allow="web-share https://localhost:8443" MUST NOT be allowed to call share(). NotAllowedError Third-party iframes are not allowed to call share() unless explicitly allowed via Feature-Policy (web-share)
+
Added: trunk/LayoutTests/http/tests/webshare/webshare-allow-attribute-share.https.html (0 => 282746)
--- trunk/LayoutTests/http/tests/webshare/webshare-allow-attribute-share.https.html (rev 0)
+++ trunk/LayoutTests/http/tests/webshare/webshare-allow-attribute-share.https.html 2021-09-20 14:22:03 UTC (rev 282746)
@@ -0,0 +1,144 @@
+<!DOCTYPE html>
+<html>
+ <head>
+ <title>
+ Test allow attribute with "web-share" and share() method
+ </title>
+ <meta name="viewport" content="initial-scale=1, width=device-width" />
+ <script src=""
+ <script src=""
+ <script>
+ testRunner?.dumpAsText();
+ testRunner?.waitUntilDone();
+
+ function waitFor(target, eventName) {
+ return new Promise((resolve) => {
+ target.addEventListener(eventName, resolve, { once: true });
+ });
+ }
+
+ function userActivation(element) {
+ const promise = UIHelper.isIOSFamily()
+ ? UIHelper.tapElement(element)
+ : UIHelper.activateElement(element);
+ return promise;
+ }
+
+ const iframeDetails = [
+ {
+ enabled: "false",
+ src: "https://localhost:8443/webshare/resources/webshare-postmessage.html",
+ },
+ {
+ enabled: "true",
+ src: "./resources/webshare-postmessage.html",
+ },
+ {
+ allow: "web-share",
+ enabled: "true",
+ src: "https://localhost:8443/webshare/resources/webshare-postmessage.html",
+ },
+ {
+ allow: "web-share",
+ enabled: "true",
+ src: "./resources/webshare-postmessage.html",
+ },
+ {
+ allow: "web-share *",
+ enabled: "true",
+ src: "https://localhost:8443/webshare/resources/webshare-postmessage.html",
+ },
+ {
+ allow: "web-share *",
+ enabled: "true",
+ src: "./resources/webshare-postmessage.html",
+ },
+ {
+ allow: "web-share 'none'",
+ enabled: "false",
+ src: "https://localhost:8443/webshare/resources/webshare-postmessage.html",
+ },
+ {
+ allow: "web-share 'none'",
+ enabled: "false",
+ src: "./resources/webshare-postmessage.html",
+ },
+ {
+ allow: "web-share 'self'",
+ enabled: "false",
+ src: "https://localhost:8443/webshare/resources/webshare-postmessage.html",
+ },
+ {
+ allow: "web-share 'self'",
+ enabled: "true",
+ src: "./resources/webshare-postmessage.html",
+ },
+ {
+ allow: "web-share https://localhost:8443",
+ enabled: "true",
+ src: "https://localhost:8443/webshare/resources/webshare-postmessage.html",
+ },
+ {
+ allow: "web-share https://localhost:8443",
+ enabled: "false",
+ src: "./resources/webshare-postmessage.html",
+ },
+ ];
+
+ async function loadIframe(details) {
+ const iframe = document.createElement("iframe");
+ if (details.hasOwnProperty("allow")) {
+ iframe.setAttribute("allow", details.allow);
+ }
+ iframe.dataset.enabled = details.enabled;
+ iframe.src = ""
+ document.body.appendChild(iframe);
+ await waitFor(iframe, "load");
+ return iframe;
+ }
+
+ async function runTests () {
+ for (const details of iframeDetails) {
+ const iframe = await loadIframe(details);
+ const { enabled } = iframe.dataset;
+ const isAllowed = enabled === "true";
+ const action = "" share()";
+ iframe.contentWindow.postMessage({ action }, "*");
+ const { data: activateMe } = await waitFor(window, "message");
+ if (activateMe !== "activate me!") {
+ throw new Error("Expected an activate request:" + activateMe);
+ }
+ await userActivation(iframe);
+ const { data } = await waitFor(window, "message");
+ const { exceptionMessage, exceptionName, result } = data;
+ const msg = `iframe src: "${iframe.src}" with allow="${
+ iframe.allow
+ }" ${
+ isAllowed ? "is allowed to" : "MUST NOT be allowed to"
+ } ${action}. ${exceptionName ?? ""} ${exceptionMessage ?? ""}`;
+ switch (result) {
+ case "share completed":
+ isAllowed ? testPassed(msg) : testFailed(msg);
+ break;
+ case "threw":
+ if (
+ !isAllowed &&
+ exceptionName === "NotAllowedError" &&
+ exceptionMessage.endsWith("Feature-Policy (web-share)")
+ ) {
+ testPassed(msg);
+ } else {
+ testFailed(msg);
+ }
+ break;
+ default:
+ testFailed(msg + ` - result was: ${result}`);
+ }
+ iframe.remove();
+ }
+ testRunner.notifyDone();
+ }
+ </script>
+ </head>
+ <body _onload_="runTests()">
+</html>
Modified: trunk/LayoutTests/platform/mac-wk1/TestExpectations (282745 => 282746)
--- trunk/LayoutTests/platform/mac-wk1/TestExpectations 2021-09-20 14:09:25 UTC (rev 282745)
+++ trunk/LayoutTests/platform/mac-wk1/TestExpectations 2021-09-20 14:22:03 UTC (rev 282746)
@@ -1408,3 +1408,6 @@
webkit.org/b/230427 http/tests/misc/iframe-reparenting-id-collision.html [ Pass Failure ]
webkit.org/b/230425 printing/allowed-breaks.html [ Pass Failure ]
+
+# webkit.org/b/214448 Web Share API is not implemented for mac-wk1
+http/tests/webshare/ [ Skip ]
Modified: trunk/LayoutTests/platform/win/TestExpectations (282745 => 282746)
--- trunk/LayoutTests/platform/win/TestExpectations 2021-09-20 14:09:25 UTC (rev 282745)
+++ trunk/LayoutTests/platform/win/TestExpectations 2021-09-20 14:22:03 UTC (rev 282746)
@@ -147,7 +147,7 @@
http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-enabled.py [ Skip ]
http/tests/navigation/ping-attribute/area-cross-origin.html [ Skip ]
http/tests/navigation/ping-attribute/anchor-cross-origin.html [ Skip ]
-http/tests/referrer-policy/no-referrer-when-downgrade/ [ Skip ]
+http/tests/referrer-policy/no-referrer-when-downgrade/ [ Skip ]
http/tests/referrer-policy/unsafe-url/cross-origin-http-http.html [ Skip ]
http/tests/referrer-policy/unsafe-url/cross-origin-http.https.html [ Skip ]
http/tests/referrer-policy-img/no-referrer-when-downgrade/ [ Skip ]
@@ -4692,3 +4692,6 @@
webkit.org/b/229594 js/dfg-int32array-overflow-values.html [ Pass Crash ]
webkit.org/b/230427 http/tests/misc/iframe-reparenting-id-collision.html [ Pass Failure ]
+
+# webkit.org/b/214448 Web Share API is not implemented in the Windows port
+http/tests/webshare/ [ Skip ]
Modified: trunk/Source/WebCore/ChangeLog (282745 => 282746)
--- trunk/Source/WebCore/ChangeLog 2021-09-20 14:09:25 UTC (rev 282745)
+++ trunk/Source/WebCore/ChangeLog 2021-09-20 14:22:03 UTC (rev 282746)
@@ -1,3 +1,22 @@
+2021-09-20 Marcos Caceres <[email protected]>
+
+ Web Share permission policy "web-share" and "self" as the allowlist
+ https://bugs.webkit.org/show_bug.cgi?id=214448
+
+ Reviewed by Youenn Fablet.
+
+ Tests: http/tests/webshare/webshare-allow-attribute-canShare.https.html
+ http/tests/webshare/webshare-allow-attribute-share.https.html
+
+ * html/FeaturePolicy.cpp:
+ (WebCore::policyTypeName):
+ (WebCore::FeaturePolicy::parse):
+ (WebCore::FeaturePolicy::allows const):
+ * html/FeaturePolicy.h:
+ * page/Navigator.cpp:
+ (WebCore::Navigator::canShare):
+ (WebCore::Navigator::share):
+
2021-09-20 Zalan Bujtas <[email protected]>
[LFC][Integration] Remove redundant Run::m_isLineSpanning
Modified: trunk/Source/WebCore/html/FeaturePolicy.cpp (282745 => 282746)
--- trunk/Source/WebCore/html/FeaturePolicy.cpp 2021-09-20 14:09:25 UTC (rev 282745)
+++ trunk/Source/WebCore/html/FeaturePolicy.cpp 2021-09-20 14:22:03 UTC (rev 282746)
@@ -56,6 +56,8 @@
return "SyncXHR";
case FeaturePolicy::Type::Fullscreen:
return "Fullscreen";
+ case FeaturePolicy::Type::WebShare:
+ return "WebShare";
#if ENABLE(DEVICE_ORIENTATION)
case FeaturePolicy::Type::Gyroscope:
return "Gyroscope";
@@ -175,6 +177,7 @@
bool isPaymentInitialized = false;
bool isSyncXHRInitialized = false;
bool isFullscreenInitialized = false;
+ bool isWebShareInitialized = false;
#if ENABLE(DEVICE_ORIENTATION)
bool isGyroscopeInitialized = false;
bool isAccelerometerInitialized = false;
@@ -225,6 +228,11 @@
updateList(document, policy.m_fullscreenRule, item.substring(11));
continue;
}
+ if (item.startsWith("web-share")) {
+ isWebShareInitialized = true;
+ updateList(document, policy.m_webShareRule, item.substring(10));
+ continue;
+ }
#if ENABLE(DEVICE_ORIENTATION)
if (item.startsWith("gyroscope")) {
isGyroscopeInitialized = true;
@@ -264,6 +272,8 @@
policy.m_geolocationRule.allowedList.add(document.securityOrigin().data());
if (!isPaymentInitialized)
policy.m_paymentRule.allowedList.add(document.securityOrigin().data());
+ if (!isWebShareInitialized)
+ policy.m_webShareRule.allowedList.add(document.securityOrigin().data());
#if ENABLE(DEVICE_ORIENTATION)
if (!isGyroscopeInitialized)
policy.m_gyroscopeRule.allowedList.add(document.securityOrigin().data());
@@ -317,6 +327,8 @@
return isAllowedByFeaturePolicy(m_syncXHRRule, origin);
case Type::Fullscreen:
return isAllowedByFeaturePolicy(m_fullscreenRule, origin);
+ case Type::WebShare:
+ return isAllowedByFeaturePolicy(m_webShareRule, origin);
#if ENABLE(DEVICE_ORIENTATION)
case Type::Gyroscope:
return isAllowedByFeaturePolicy(m_gyroscopeRule, origin);
Modified: trunk/Source/WebCore/html/FeaturePolicy.h (282745 => 282746)
--- trunk/Source/WebCore/html/FeaturePolicy.h 2021-09-20 14:09:25 UTC (rev 282745)
+++ trunk/Source/WebCore/html/FeaturePolicy.h 2021-09-20 14:22:03 UTC (rev 282746)
@@ -47,6 +47,7 @@
Payment,
SyncXHR,
Fullscreen,
+ WebShare,
#if ENABLE(DEVICE_ORIENTATION)
Gyroscope,
Accelerometer,
@@ -73,6 +74,8 @@
AllowRule m_paymentRule;
AllowRule m_syncXHRRule;
AllowRule m_fullscreenRule;
+ AllowRule m_webShareRule;
+
#if ENABLE(DEVICE_ORIENTATION)
AllowRule m_gyroscopeRule;
AllowRule m_accelerometerRule;
Modified: trunk/Source/WebCore/page/Navigator.cpp (282745 => 282746)
--- trunk/Source/WebCore/page/Navigator.cpp 2021-09-20 14:09:25 UTC (rev 282745)
+++ trunk/Source/WebCore/page/Navigator.cpp 2021-09-20 14:22:03 UTC (rev 282746)
@@ -30,6 +30,7 @@
#include "DOMPlugin.h"
#include "DOMPluginArray.h"
#include "Document.h"
+#include "FeaturePolicy.h"
#include "Frame.h"
#include "FrameLoader.h"
#include "FrameLoaderClient.h"
@@ -129,6 +130,9 @@
if (!document.isFullyActive())
return false;
+ if (!isFeaturePolicyAllowedByDocumentAndAllOwners(FeaturePolicy::Type::WebShare, document, LogFeaturePolicyFailure::Yes))
+ return false;
+
bool hasShareableTitleOrText = !data.title.isNull() || !data.text.isNull();
bool hasShareableURL = !!shareableURLForShareData(document, data);
#if ENABLE(FILE_SHARE)
@@ -147,6 +151,11 @@
return;
}
+ if (!isFeaturePolicyAllowedByDocumentAndAllOwners(FeaturePolicy::Type::WebShare, document, LogFeaturePolicyFailure::Yes)) {
+ promise->reject(NotAllowedError, "Third-party iframes are not allowed to call share() unless explicitly allowed via Feature-Policy (web-share)"_s);
+ return;
+ }
+
if (m_hasPendingShare) {
promise->reject(NotAllowedError);
return;
@@ -173,7 +182,7 @@
if (document.settings().webShareFileAPIEnabled() && !data.files.isEmpty()) {
if (m_loader)
m_loader->cancel();
-
+
m_loader = ShareDataReader::create([this, promise = WTFMove(promise)] (ExceptionOr<ShareDataWithParsedURL&> readData) mutable {
showShareData(readData, WTFMove(promise));
});
