Title: [288946] releases/WebKitGTK/webkit-2.34
- Revision
- 288946
- Author
- [email protected]
- Date
- 2022-02-02 00:40:41 -0800 (Wed, 02 Feb 2022)
Log Message
Merge r286308 - Scripting attributes are sometimes not properly stripped from elements when JS is disabled
https://bugs.webkit.org/show_bug.cgi?id=233642
<rdar://63180952>
Reviewed by Geoffrey Garen.
Source/WebCore:
HTMLConstructionSite::mergeAttributesFromTokenIntoElement() was not properly stripping scripting
Element attributes when scripting is disabled, unlike other code paths in HTMLConstructionSite().
Covered by new API tests.
* html/parser/HTMLConstructionSite.cpp:
(WebCore::HTMLConstructionSite::mergeAttributesFromTokenIntoElement):
Tools:
Add API test coverage.
* TestWebKitAPI/Tests/WebKitCocoa/WKWebViewConfiguration.mm:
(TEST):
Modified Paths
Diff
Modified: releases/WebKitGTK/webkit-2.34/Source/WebCore/ChangeLog (288945 => 288946)
--- releases/WebKitGTK/webkit-2.34/Source/WebCore/ChangeLog 2022-02-02 08:22:40 UTC (rev 288945)
+++ releases/WebKitGTK/webkit-2.34/Source/WebCore/ChangeLog 2022-02-02 08:40:41 UTC (rev 288946)
@@ -1,3 +1,19 @@
+2021-11-30 Chris Dumez <[email protected]>
+
+ Scripting attributes are sometimes not properly stripped from elements when JS is disabled
+ https://bugs.webkit.org/show_bug.cgi?id=233642
+ <rdar://63180952>
+
+ Reviewed by Geoffrey Garen.
+
+ HTMLConstructionSite::mergeAttributesFromTokenIntoElement() was not properly stripping scripting
+ Element attributes when scripting is disabled, unlike other code paths in HTMLConstructionSite().
+
+ Covered by new API tests.
+
+ * html/parser/HTMLConstructionSite.cpp:
+ (WebCore::HTMLConstructionSite::mergeAttributesFromTokenIntoElement):
+
2022-01-21 Mike Gorse <[email protected]>
Build failure with g++ 12: std::exchange undefined
Modified: releases/WebKitGTK/webkit-2.34/Source/WebCore/html/parser/HTMLConstructionSite.cpp (288945 => 288946)
--- releases/WebKitGTK/webkit-2.34/Source/WebCore/html/parser/HTMLConstructionSite.cpp 2022-02-02 08:22:40 UTC (rev 288945)
+++ releases/WebKitGTK/webkit-2.34/Source/WebCore/html/parser/HTMLConstructionSite.cpp 2022-02-02 08:40:41 UTC (rev 288946)
@@ -292,6 +292,9 @@
if (token.attributes().isEmpty())
return;
+ if (!scriptingContentIsAllowed(m_parserContentPolicy))
+ element.stripScriptingAttributes(token.attributes());
+
for (auto& tokenAttribute : token.attributes()) {
if (!element.elementData() || !element.findAttributeByName(tokenAttribute.name()))
element.setAttribute(tokenAttribute.name(), tokenAttribute.value());
Modified: releases/WebKitGTK/webkit-2.34/Tools/ChangeLog (288945 => 288946)
--- releases/WebKitGTK/webkit-2.34/Tools/ChangeLog 2022-02-02 08:22:40 UTC (rev 288945)
+++ releases/WebKitGTK/webkit-2.34/Tools/ChangeLog 2022-02-02 08:40:41 UTC (rev 288946)
@@ -1,3 +1,16 @@
+2021-11-30 Chris Dumez <[email protected]>
+
+ Scripting attributes are sometimes not properly stripped from elements when JS is disabled
+ https://bugs.webkit.org/show_bug.cgi?id=233642
+ <rdar://63180952>
+
+ Reviewed by Geoffrey Garen.
+
+ Add API test coverage.
+
+ * TestWebKitAPI/Tests/WebKitCocoa/WKWebViewConfiguration.mm:
+ (TEST):
+
2022-01-21 Mike Gorse <[email protected]>
Build failure with g++ 12: std::exchange undefined
Modified: releases/WebKitGTK/webkit-2.34/Tools/TestWebKitAPI/Tests/WebKitCocoa/WKWebViewConfiguration.mm (288945 => 288946)
--- releases/WebKitGTK/webkit-2.34/Tools/TestWebKitAPI/Tests/WebKitCocoa/WKWebViewConfiguration.mm 2022-02-02 08:22:40 UTC (rev 288945)
+++ releases/WebKitGTK/webkit-2.34/Tools/TestWebKitAPI/Tests/WebKitCocoa/WKWebViewConfiguration.mm 2022-02-02 08:40:41 UTC (rev 288946)
@@ -28,6 +28,7 @@
#import "HTTPServer.h"
#import "PlatformUtilities.h"
#import "TestNavigationDelegate.h"
+#import "TestWKWebView.h"
#import <WebKit/WKWebView.h>
#import <WebKit/WKWebViewConfigurationPrivate.h>
#import <WebKit/WKWebsiteDataStorePrivate.h>
@@ -149,3 +150,25 @@
EXPECT_FALSE([WKWebView _willUpgradeToHTTPS:[NSURL URLWithString:@"custom-scheme://www.opengl.org/"]]);
EXPECT_FALSE([WKWebView _willUpgradeToHTTPS:[NSURL URLWithString:@"http://example.com/"]]);
}
+
+TEST(WebKit, ConfigurationDisableJavaScript)
+{
+ auto configuration = adoptNS([WKWebViewConfiguration new]);
+ EXPECT_TRUE([configuration _allowsJavaScriptMarkup]);
+ [configuration _setAllowsJavaScriptMarkup:NO];
+ auto webView = adoptNS([[TestWKWebView alloc] initWithFrame:CGRectMake(0, 0, 100, 100) configuration:configuration.get()]);
+ [webView synchronouslyLoadHTMLString:@"<body _onload_=\"document.write('FAIL');\">PASS</body>"];
+ NSString *bodyHTML = [webView stringByEvaluatingJavaScript:@"document.body.innerHTML"];
+ EXPECT_WK_STREQ(bodyHTML, @"PASS");
+}
+
+TEST(WebKit, ConfigurationDisableJavaScriptNestedBody)
+{
+ auto configuration = adoptNS([WKWebViewConfiguration new]);
+ EXPECT_TRUE([configuration _allowsJavaScriptMarkup]);
+ [configuration _setAllowsJavaScriptMarkup:NO];
+ auto webView = adoptNS([[TestWKWebView alloc] initWithFrame:CGRectMake(0, 0, 100, 100) configuration:configuration.get()]);
+ [webView synchronouslyLoadHTMLString:@"<table><body _onload_=\"document.write('FAIL');\"></table>"];
+ NSString *bodyHTML = [webView stringByEvaluatingJavaScript:@"document.body.innerHTML"];
+ EXPECT_WK_STREQ(bodyHTML, @"<table></table>");
+}
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
