Skip to site navigation (Press enter)

[webkit-changes] [290958] trunk

cdumez Mon, 07 Mar 2022 14:33:25 -0800

Title: [290958] trunk

Revision: 290958
Author: cdu...@apple.com
Date: 2022-03-07 14:32:47 -0800 (Mon, 07 Mar 2022)

Log Message

allow-custom-protocols-navigation sandbox flag.
https://bugs.webkit.org/show_bug.cgi?id=237269
<rdar://problem/89899736>


Reviewed by Geoffrey Garen.

Source/WebCore:

Add support for allow-custom-protocols-navigation iframe sandbox flag to allow sandboxed iframes
to navigate to custom protocols, as per:
- https://github.com/whatwg/html/pull/7654

We recently started preventing sandboxed iframes from navigating to custom protocols, which broke
Microsoft Teams. We added a quirk for Microsoft Teams which we should be able to drop once they
adopt this new sandbox flag.

* dom/SecurityContext.cpp:
(WebCore::SecurityContext::isSupportedSandboxPolicy):
(WebCore::SecurityContext::parseSandboxPolicy):
* dom/SecurityContext.h:

Source/WebKit:

Add support for allow-custom-protocols-navigation iframe sandbox flag to allow sandboxed iframes
to navigate to custom protocols, as per:
- https://github.com/whatwg/html/pull/7654

We recently started preventing sandboxed iframes from navigating to custom protocols, which broke
Microsoft Teams. We added a quirk for Microsoft Teams which we should be able to drop once they
adopt this new sandbox flag.

* UIProcess/WebPageProxy.cpp:
(WebKit::frameSandboxAllowsOpeningExternalCustomProtocols):

Tools:

Add API test coverage.

* TestWebKitAPI/Tests/WebKitCocoa/Navigation.mm:
(TEST):

Modified Paths

trunk/Source/WebCore/ChangeLog
trunk/Source/WebCore/dom/SecurityContext.cpp
trunk/Source/WebCore/dom/SecurityContext.h
trunk/Source/WebKit/ChangeLog
trunk/Source/WebKit/UIProcess/WebPageProxy.cpp
trunk/Tools/ChangeLog
trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/Navigation.mm

Diff

Modified: trunk/Source/WebCore/ChangeLog (290957 => 290958)


--- trunk/Source/WebCore/ChangeLog	2022-03-07 22:13:22 UTC (rev 290957)
+++ trunk/Source/WebCore/ChangeLog	2022-03-07 22:32:47 UTC (rev 290958)
@@ -1,5 +1,26 @@
 2022-03-07  Chris Dumez  <cdu...@apple.com>
 
+        allow-custom-protocols-navigation sandbox flag.
+        https://bugs.webkit.org/show_bug.cgi?id=237269
+        <rdar://problem/89899736>
+
+        Reviewed by Geoffrey Garen.
+
+        Add support for allow-custom-protocols-navigation iframe sandbox flag to allow sandboxed iframes
+        to navigate to custom protocols, as per:
+        - https://github.com/whatwg/html/pull/7654
+
+        We recently started preventing sandboxed iframes from navigating to custom protocols, which broke
+        Microsoft Teams. We added a quirk for Microsoft Teams which we should be able to drop once they
+        adopt this new sandbox flag.
+
+        * dom/SecurityContext.cpp:
+        (WebCore::SecurityContext::isSupportedSandboxPolicy):
+        (WebCore::SecurityContext::parseSandboxPolicy):
+        * dom/SecurityContext.h:
+
+2022-03-07  Chris Dumez  <cdu...@apple.com>
+
         Optimize the passing of data across threads
         https://bugs.webkit.org/show_bug.cgi?id=237502

Modified: trunk/Source/WebCore/dom/SecurityContext.cpp (290957 => 290958)


--- trunk/Source/WebCore/dom/SecurityContext.cpp	2022-03-07 22:13:22 UTC (rev 290957)
+++ trunk/Source/WebCore/dom/SecurityContext.cpp	2022-03-07 22:32:47 UTC (rev 290958)
@@ -84,7 +84,7 @@
 bool SecurityContext::isSupportedSandboxPolicy(StringView policy)
 {
     static const char* const supportedPolicies[] = {
-        "allow-forms", "allow-same-origin", "allow-scripts", "allow-top-navigation", "allow-pointer-lock", "allow-popups", "allow-popups-to-escape-sandbox", "allow-top-navigation-by-user-activation", "allow-modals", "allow-storage-access-by-user-activation"
+        "allow-custom-protocols-navigation", "allow-forms", "allow-same-origin", "allow-scripts", "allow-top-navigation", "allow-pointer-lock", "allow-popups", "allow-popups-to-escape-sandbox", "allow-top-navigation-by-user-activation", "allow-modals", "allow-storage-access-by-user-activation"
     };
 
     for (auto* supportedPolicy : supportedPolicies) {
@@ -133,6 +133,8 @@
             flags &= ~SandboxPropagatesToAuxiliaryBrowsingContexts;
         else if (equalLettersIgnoringASCIICase(sandboxToken, "allow-top-navigation-by-user-activation"))
             flags &= ~SandboxTopNavigationByUserActivation;
+        else if (equalLettersIgnoringASCIICase(sandboxToken, "allow-custom-protocols-navigation"))
+            flags &= ~SandboxCustomProtocolsNavigation;
         else if (equalLettersIgnoringASCIICase(sandboxToken, "allow-modals"))
             flags &= ~SandboxModals;
         else if (equalLettersIgnoringASCIICase(sandboxToken, "allow-storage-access-by-user-activation"))

Modified: trunk/Source/WebCore/dom/SecurityContext.h (290957 => 290958)


--- trunk/Source/WebCore/dom/SecurityContext.h	2022-03-07 22:13:22 UTC (rev 290957)
+++ trunk/Source/WebCore/dom/SecurityContext.h	2022-03-07 22:32:47 UTC (rev 290958)
@@ -58,6 +58,7 @@
     SandboxDocumentDomain       = 1 << 11,
     SandboxModals               = 1 << 12,
     SandboxStorageAccessByUserActivation = 1 << 13,
+    SandboxCustomProtocolsNavigation = 1 << 14,
     SandboxAll                  = -1 // Mask with all bits set to 1.
 };

Modified: trunk/Source/WebKit/ChangeLog (290957 => 290958)


--- trunk/Source/WebKit/ChangeLog	2022-03-07 22:13:22 UTC (rev 290957)
+++ trunk/Source/WebKit/ChangeLog	2022-03-07 22:32:47 UTC (rev 290958)
@@ -1,3 +1,22 @@
+2022-03-07  Chris Dumez  <cdu...@apple.com>
+
+        allow-custom-protocols-navigation sandbox flag.
+        https://bugs.webkit.org/show_bug.cgi?id=237269
+        <rdar://problem/89899736>
+
+        Reviewed by Geoffrey Garen.
+
+        Add support for allow-custom-protocols-navigation iframe sandbox flag to allow sandboxed iframes
+        to navigate to custom protocols, as per:
+        - https://github.com/whatwg/html/pull/7654
+
+        We recently started preventing sandboxed iframes from navigating to custom protocols, which broke
+        Microsoft Teams. We added a quirk for Microsoft Teams which we should be able to drop once they
+        adopt this new sandbox flag.
+
+        * UIProcess/WebPageProxy.cpp:
+        (WebKit::frameSandboxAllowsOpeningExternalCustomProtocols):
+
 2022-03-07  Elliott Williams  <e...@apple.com>
 
         DerivedSources.make: Regenerate message receiver sources on Makefile changes

Modified: trunk/Source/WebKit/UIProcess/WebPageProxy.cpp (290957 => 290958)


--- trunk/Source/WebKit/UIProcess/WebPageProxy.cpp	2022-03-07 22:13:22 UTC (rev 290957)
+++ trunk/Source/WebKit/UIProcess/WebPageProxy.cpp	2022-03-07 22:32:47 UTC (rev 290958)
@@ -5363,7 +5363,7 @@
 // https://html.spec.whatwg.org/#hand-off-to-external-software
 static bool frameSandboxAllowsOpeningExternalCustomProtocols(SandboxFlags sandboxFlags, bool hasUserGesture)
 {
-    if (!(sandboxFlags & SandboxPopups) || !(sandboxFlags & SandboxTopNavigation))
+    if (!(sandboxFlags & SandboxPopups) || !(sandboxFlags & SandboxTopNavigation) || !(sandboxFlags & SandboxCustomProtocolsNavigation))
         return true;
 
     return !(sandboxFlags & SandboxTopNavigationByUserActivation) && hasUserGesture;

Modified: trunk/Tools/ChangeLog (290957 => 290958)


--- trunk/Tools/ChangeLog	2022-03-07 22:13:22 UTC (rev 290957)
+++ trunk/Tools/ChangeLog	2022-03-07 22:32:47 UTC (rev 290958)
@@ -1,3 +1,16 @@
+2022-03-07  Chris Dumez  <cdu...@apple.com>
+
+        allow-custom-protocols-navigation sandbox flag.
+        https://bugs.webkit.org/show_bug.cgi?id=237269
+        <rdar://problem/89899736>
+
+        Reviewed by Geoffrey Garen.
+
+        Add API test coverage.
+
+        * TestWebKitAPI/Tests/WebKitCocoa/Navigation.mm:
+        (TEST):
+
 2022-03-07  Jonathan Bedard  <jbed...@apple.com>
 
         [iOS] editing/async-clipboard/* 20 tests are flaky timeouts on iOS

Modified: trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/Navigation.mm (290957 => 290958)


--- trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/Navigation.mm	2022-03-07 22:13:22 UTC (rev 290957)
+++ trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/Navigation.mm	2022-03-07 22:32:47 UTC (rev 290958)
@@ -896,6 +896,41 @@
     Util::run(&didTryToLoadRadarURL);
 }
 
+TEST(WKNavigation, LoadRadarURLFromSandboxedFrameAllowCustomProtocolsNavigation)
+{
+    const char* mainHTML = "<iframe src='' sandbox='allow-scripts allow-custom-protocols-navigation'></iframe>";
+    const char* frameHTML = "<a id='testLink' href=''>Link</a><script>setTimeout(() => { document.getElementById('testLink').click() }, 0);</script>";
+
+    using namespace TestWebKitAPI;
+    HTTPServer server({
+        { "/", { mainHTML } },
+        { "/frame.html", { frameHTML } },
+    });
+
+    auto webView = adoptNS([WKWebView new]);
+    auto delegate = adoptNS([TestNavigationDelegate new]);
+    [webView setNavigationDelegate:delegate.get()];
+
+    __block bool didTryToLoadRadarURL = false;
+    delegate.get().decidePolicyForNavigationAction = ^(WKNavigationAction *action, void (^completionHandler)(WKNavigationActionPolicy)) {
+        if ([action.request.URL.scheme isEqualToString:@"rdar"]) {
+            didTryToLoadRadarURL = true;
+            completionHandler(WKNavigationActionPolicyCancel);
+        } else
+            completionHandler(WKNavigationActionPolicyAllow);
+    };
+
+    __block bool finishedNavigation = false;
+    delegate.get().didFinishNavigation = ^(WKWebView *, WKNavigation *) {
+        finishedNavigation = true;
+    };
+
+    [webView loadRequest:server.request()];
+    Util::run(&finishedNavigation);
+
+    Util::run(&didTryToLoadRadarURL);
+}
+
 TEST(WKNavigation, LoadRadarURLFromSandboxedFrameWithUserGesture)
 {
     const char* mainHTML = "<iframe src='' sandbox='allow-scripts allow-top-navigation-by-user-activation'></iframe>";

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes