Branch: refs/heads/webkitglib/2.40
Home: https://github.com/WebKit/WebKit
Commit: dda2fc0dedd730ad63251ad3532762d3ea34bcd0
https://github.com/WebKit/WebKit/commit/dda2fc0dedd730ad63251ad3532762d3ea34bcd0
Author: JC Alvarado <jonca...@apple.com>
Date: 2023-05-23 (Tue, 23 May 2023)
Changed paths:
A LayoutTests/fast/editing/frame-selection-in-child-view-crash-expected.txt
A LayoutTests/fast/editing/frame-selection-in-child-view-crash.html
M Source/WebCore/platform/ScrollView.cpp
M Tools/TestWebKitAPI/Tests/WebKitCocoa/CSSViewportUnits.mm
Log Message:
-----------
Cherry-pick 259548.465@safari-7615-branch (cf0b3436ba58). rdar://104064235
Increase max scrollbar update passes
rdar://104064235
Reviewed by Simon Fraser.
Scrollbars are not fully updated in a single layout which
can lead to an additional layout in the scriptDisallowedScope
in FrameView::scrollRectToVisibleInChildView.
*
LayoutTests/fast/editing/frame-selection-in-child-view-crash-expected.txt:
Added.
* LayoutTests/fast/editing/frame-selection-in-child-view-crash.html: Added.
* Source/WebCore/platform/ScrollView.cpp:
(WebCore::ScrollView::updateScrollbars):
* Tools/TestWebKitAPI/Tests/WebKitCocoa/CSSViewportUnits.mm:
(TEST):
Add scrollbarSize to width in WritingMode tests because we should
expect vertical overflow in these cases. This test would pass prior
to this patch despite the displayed WebView having both a vertical
and horizontal scroll bar.
Canonical link: https://commits.webkit.org/259548.465@safari-7615-branch
Commit: 4b00e71587b24b975c0ec03850b9957d38a4159a
https://github.com/WebKit/WebKit/commit/4b00e71587b24b975c0ec03850b9957d38a4159a
Author: Rob Buis <rb...@igalia.com>
Date: 2023-05-23 (Tue, 23 May 2023)
Changed paths:
A
LayoutTests/fast/multicol/crash-when-constructing-nested-columns2-expected.txt
A LayoutTests/fast/multicol/crash-when-constructing-nested-columns2.html
M Source/WebCore/rendering/updating/RenderTreeBuilderMultiColumn.cpp
Log Message:
-----------
Cherry-pick 260286.15@webkit-2023.2-embargoed (028f984310b6).
https://bugs.webkit.org/show_bug.cgi?id=245374
Fix spanner reset logic
https://bugs.webkit.org/show_bug.cgi?id=245374
Reviewed by Alan Baradlay.
In restoreColumnSpannersForContainer we want to reset the spanners to their
original position
and remove the placeholders, however in some cases the attach step will
call multiColumnDescendantInserted
and re-insert placeholders. To fix this, prevent calling the spanner
processing logic by
multiColumnDescendantInserted by introducing a new flag
gRestoringColumnSpannersForContainer.
*
LayoutTests/fast/multicol/crash-when-constructing-nested-columns2-expected.txt:
Added.
* LayoutTests/fast/multicol/crash-when-constructing-nested-columns2.html:
Added.
* Source/WebCore/rendering/updating/RenderTreeBuilderMultiColumn.cpp:
(WebCore::RenderTreeBuilder::MultiColumn::restoreColumnSpannersForContainer):
(WebCore::RenderTreeBuilder::MultiColumn::multiColumnDescendantInserted):
(WebCore::RenderTreeBuilder::MultiColumn::processPossibleSpannerDescendant):
Canonical link: https://commits.webkit.org/260286.15@webkit-2023.2-embargoed
Commit: 09d9962232640246be89b9f4a6cfdc20769413e1
https://github.com/WebKit/WebKit/commit/09d9962232640246be89b9f4a6cfdc20769413e1
Author: Patrick Angle <pan...@apple.com>
Date: 2023-05-23 (Tue, 23 May 2023)
Changed paths:
M LayoutTests/inspector/debugger/async-stack-trace-truncate-expected.txt
M LayoutTests/inspector/debugger/async-stack-trace-truncate.html
M Source/JavaScriptCore/inspector/AsyncStackTrace.cpp
M Source/JavaScriptCore/inspector/ScriptCallStack.cpp
M Source/JavaScriptCore/inspector/ScriptCallStack.h
Log Message:
-----------
Cherry-pick 259548.467@safari-7615-branch (69eae63cd374).
https://bugs.webkit.org/show_bug.cgi?id=254244
Web Inspector: Deeply nested async stack traces are not fully truncated
https://bugs.webkit.org/show_bug.cgi?id=254244
rdar://105900359
Reviewed by Yusuke Suzuki.
As of 252630@main, ScriptCallStack holds a reference to its parent
AsyncStackTrace to enable providing async stack
traces in places where previously the async context was being lost. However
when this was added, the truncation
functionality used to ensure that AsyncStackTrace did not create an
infinitely nested set of objects did not take the
new reference into account. In practice, we should break that relationship
any time we are removing the parent of the
AsyncStackTrace. This allows us to correctly release ownership of
AsyncStackTraces as we nest deeper, then preventing us
from recursing during their deconstruction later.
* LayoutTests/inspector/debugger/async-stack-trace-truncate-expected.txt:
* LayoutTests/inspector/debugger/async-stack-trace-truncate.html:
- Add test case that creates a nested set of
AsyncStackTrace/ScriptCallStack that will exceed the size of the stack if
not correctly truncated.
* Source/JavaScriptCore/inspector/AsyncStackTrace.cpp:
(Inspector::AsyncStackTrace::remove):
Remove the ScriptCallStack's parent at the same time we remove the
AsyncStackTrace's parent.
* Source/JavaScriptCore/inspector/ScriptCallStack.cpp:
(Inspector::ScriptCallStack::removeParentStackTrace):
* Source/JavaScriptCore/inspector/ScriptCallStack.h:
Canonical link: https://commits.webkit.org/259548.467@safari-7615-branch
Commit: 68c5195200d91169b7b6f0e3c1fcdabe7927b040
https://github.com/WebKit/WebKit/commit/68c5195200d91169b7b6f0e3c1fcdabe7927b040
Author: Chirag M Shah <chirag_m_s...@apple.com>
Date: 2023-05-23 (Tue, 23 May 2023)
Changed paths:
A
LayoutTests/svg/animations/svg-element-attribute-changed-crash-expected.txt
A LayoutTests/svg/animations/svg-element-attribute-changed-crash.html
M Source/WebCore/svg/properties/SVGAnimatedProperty.cpp
Log Message:
-----------
Cherry-pick 259548.475@safari-7615-branch (aaa1c998206d).
https://bugs.webkit.org/show_bug.cgi?id=254281
Fix heap use-after-free in Update::addSVGRendererUpdate
https://bugs.webkit.org/show_bug.cgi?id=254281
rdar://107052707
Reviewed by Ryosuke Niwa.
Update::addSVGRendererUpdate can end up removing the SVGElement from
m_roots, which can result in SVGElement being deleted when an attribute
change happens. This change prevents that by protecting the SVGElement
using a RefPtr.
*
LayoutTests/svg/animations/svg-element-attribute-changed-crash-expected.txt:
Added.
* LayoutTests/svg/animations/svg-element-attribute-changed-crash.html:
Added.
* Source/WebCore/svg/properties/SVGAnimatedProperty.cpp:
(WebCore::SVGAnimatedProperty::commitPropertyChange):
Canonical link: https://commits.webkit.org/259548.475@safari-7615-branch
Commit: b3a18564f431333959043b094fa9d283846321dc
https://github.com/WebKit/WebKit/commit/b3a18564f431333959043b094fa9d283846321dc
Author: Matthew Finkel <sys...@apple.com>
Date: 2023-05-24 (Wed, 24 May 2023)
Changed paths:
M LayoutTests/http/tests/resources/redirect.py
A
LayoutTests/http/tests/websocket/tests/hybi/websocket-blocked-sending-cookie-as-third-party-after-redirect-expected.txt
A
LayoutTests/http/tests/websocket/tests/hybi/websocket-blocked-sending-cookie-as-third-party-after-redirect.html
A
LayoutTests/http/tests/websocket/tests/hybi/websocket-blocked-sending-cookie-as-third-party-after-ws-redirect-expected.txt
A
LayoutTests/http/tests/websocket/tests/hybi/websocket-blocked-sending-cookie-as-third-party-after-ws-redirect.html
A
LayoutTests/http/tests/websocket/tests/hybi/websocket-blocked-sending-cookie-as-third-party-expected.txt
A
LayoutTests/http/tests/websocket/tests/hybi/websocket-blocked-sending-cookie-as-third-party.html
A
LayoutTests/http/tests/websocket/tests/hybi/websocket-blocked-sending-cookie-as-third-party_wsh.py
M LayoutTests/platform/mac-wk1/TestExpectations
M Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp
M Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.h
M Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.messages.in
M Source/WebKit/NetworkProcess/NetworkSession.cpp
M Source/WebKit/NetworkProcess/NetworkSession.h
M Source/WebKit/NetworkProcess/NetworkSocketChannel.cpp
M Source/WebKit/NetworkProcess/NetworkSocketChannel.h
M Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.h
M Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm
M Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.h
M Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm
A Source/WebKit/NetworkProcess/cocoa/NetworkTaskCocoa.h
A Source/WebKit/NetworkProcess/cocoa/NetworkTaskCocoa.mm
M Source/WebKit/NetworkProcess/cocoa/WebSocketTaskCocoa.h
M Source/WebKit/NetworkProcess/cocoa/WebSocketTaskCocoa.mm
M Source/WebKit/NetworkProcess/curl/NetworkSessionCurl.cpp
M Source/WebKit/NetworkProcess/curl/NetworkSessionCurl.h
M Source/WebKit/NetworkProcess/soup/NetworkSessionSoup.cpp
M Source/WebKit/NetworkProcess/soup/NetworkSessionSoup.h
M Source/WebKit/SourcesCocoa.txt
M Source/WebKit/WebKit.xcodeproj/project.pbxproj
M Source/WebKit/WebProcess/Network/WebSocketChannel.cpp
M Tools/TestWebKitAPI/Tests/WebKitCocoa/WKHTTPCookieStore.mm
Log Message:
-----------
Cherry-pick 259548.477@safari-7615-branch (a5d38dc00a5d).
https://bugs.webkit.org/show_bug.cgi?id=251835
Apply cookie policy on WebSocket request
https://bugs.webkit.org/show_bug.cgi?id=254220
rdar://106831525
Reviewed by Alex Christensen.
WebKit's cookie policy was not correctly applied in the WebSocket
handshake. In
this patch we now use the same logic in WebSocket requests as we already
used
in HTTP requests. This policy is applied during HTTP redirects, as well. The
shared logic is moved into a new common base class that is shared by
WebSocketTasks and DataTasks.
Covered by new Layout and API tests.
* LayoutTests/http/tests/resources/redirect.py:
(set_cookie):
*
LayoutTests/http/tests/websocket/tests/hybi/websocket-blocked-sending-cookie-as-third-party-after-redirect-expected.txt:
Added.
*
LayoutTests/http/tests/websocket/tests/hybi/websocket-blocked-sending-cookie-as-third-party-after-redirect.html:
Added.
*
LayoutTests/http/tests/websocket/tests/hybi/websocket-blocked-sending-cookie-as-third-party-after-ws-redirect-expected.txt:
Added.
*
LayoutTests/http/tests/websocket/tests/hybi/websocket-blocked-sending-cookie-as-third-party-after-ws-redirect.html:
Added.
*
LayoutTests/http/tests/websocket/tests/hybi/websocket-blocked-sending-cookie-as-third-party-expected.txt:
Added.
*
LayoutTests/http/tests/websocket/tests/hybi/websocket-blocked-sending-cookie-as-third-party.html:
Added.
*
LayoutTests/http/tests/websocket/tests/hybi/websocket-blocked-sending-cookie-as-third-party_wsh.py:
Added.
(HeaderCache):
(web_socket_do_extra_handshake):
(web_socket_transfer_data):
* LayoutTests/platform/mac-wk1/TestExpectations:
Add new tests.
* Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp:
(WebKit::NetworkConnectionToWebProcess::createSocketChannel):
* Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.h:
* Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.messages.in:
* Source/WebKit/NetworkProcess/NetworkSession.cpp:
(WebKit::NetworkSession::createWebSocketTask):
* Source/WebKit/NetworkProcess/NetworkSession.h:
* Source/WebKit/NetworkProcess/NetworkSocketChannel.cpp:
(WebKit::NetworkSocketChannel::create):
(WebKit::NetworkSocketChannel::NetworkSocketChannel):
(WebKit::NetworkSocketChannel::session const):
(WebKit::NetworkSocketChannel::session): Deleted.
* Source/WebKit/NetworkProcess/NetworkSocketChannel.h:
Generally, plumb some required information down in to the Network Process
for making policy decisions.
* Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.h:
* Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm:
(WebKit::NetworkDataTaskCocoa::applySniffingPoliciesAndBindRequestToInferfaceIfNeeded):
(WebKit::NetworkDataTaskCocoa::updateFirstPartyInfoForSession):
(WebKit::NetworkDataTaskCocoa::NetworkDataTaskCocoa):
(WebKit::NetworkDataTaskCocoa::willPerformHTTPRedirection):
(WebKit::NetworkDataTaskCocoa::task const):
(WebKit::lastRemoteIPAddress): Deleted.
(WebKit::NetworkDataTaskCocoa::statelessCookieStorage): Deleted.
(WebKit::lastCNAMEDomain): Deleted.
(WebKit::NetworkDataTaskCocoa::shouldApplyCookiePolicyForThirdPartyCloaking
const): Deleted.
(): Deleted.
(WebKit::shouldCapCookieExpiryForThirdPartyIPAddress): Deleted.
(WebKit::NetworkDataTaskCocoa::applyCookiePolicyForThirdPartyCloaking):
Deleted.
(WebKit::NetworkDataTaskCocoa::blockCookies): Deleted.
(WebKit::NetworkDataTaskCocoa::unblockCookies): Deleted.
(WebKit::NetworkDataTaskCocoa::needsFirstPartyCookieBlockingLatchModeQuirk
const): Deleted.
(WebKit::updateTaskWithFirstPartyForSameSiteCookies): Deleted.
(WebKit::computeIsAlwaysOnLoggingAllowed): Deleted.
(WebKit::NetworkDataTaskCocoa::isAlwaysOnLoggingAllowed const): Deleted.
These deleted functions are moved into the NetworkTaskCocoa class.
* Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.h:
* Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm:
(-[WKNetworkSessionDelegate
URLSession:task:willPerformHTTPRedirection:newRequest:completionHandler:]):
(-[WKNetworkSessionDelegate existingWebSocketTask:]):
(WebKit::NetworkSessionCocoa::continueDidReceiveChallenge):
(WebKit::NetworkSessionCocoa::createWebSocketTask):
* Source/WebKit/NetworkProcess/cocoa/NetworkTaskCocoa.h: Added.
(WebKit::NetworkTaskCocoa::shouldRelaxThirdPartyCookieBlocking const):
(WebKit::NetworkTaskCocoa::isAlwaysOnLoggingAllowed const):
* Source/WebKit/NetworkProcess/cocoa/NetworkTaskCocoa.mm: Added.
(computeIsAlwaysOnLoggingAllowed):
(NetworkTaskCocoa::NetworkTaskCocoa):
(shouldCapCookieExpiryForThirdPartyIPAddress):
(NetworkTaskCocoa::shouldApplyCookiePolicyForThirdPartyCloaking const):
(NetworkTaskCocoa::statelessCookieStorage):
(NetworkTaskCocoa::lastRemoteIPAddress):
(NetworkTaskCocoa::lastCNAMEDomain):
(NetworkTaskCocoa::needsFirstPartyCookieBlockingLatchModeQuirk const):
(NetworkTaskCocoa::applyCookiePolicyForThirdPartyCloaking):
(NetworkTaskCocoa::blockCookies):
(NetworkTaskCocoa::unblockCookies):
(NetworkTaskCocoa::updateTaskWithFirstPartyForSameSiteCookies):
(NetworkTaskCocoa::willPerformHTTPRedirection):
New common base class for NetworkDataTaskCocoa and WebSocketTaskCocoa.
* Source/WebKit/NetworkProcess/cocoa/WebSocketTaskCocoa.h:
(WebKit::WebSocketTask::webProxyPageID const):
(WebKit::WebSocketTask::pageID const): Deleted.
* Source/WebKit/NetworkProcess/cocoa/WebSocketTaskCocoa.mm:
(WebKit::WebSocketTask::WebSocketTask):
(WebKit::WebSocketTask::task const):
(WebKit::WebSocketTask::~WebSocketTask): Deleted.
* Source/WebKit/NetworkProcess/curl/NetworkSessionCurl.cpp:
(WebKit::NetworkSessionCurl::createWebSocketTask):
* Source/WebKit/NetworkProcess/curl/NetworkSessionCurl.h:
* Source/WebKit/NetworkProcess/soup/NetworkSessionSoup.cpp:
(WebKit::NetworkSessionSoup::createWebSocketTask):
* Source/WebKit/NetworkProcess/soup/NetworkSessionSoup.h:
* Source/WebKit/SourcesCocoa.txt:
* Source/WebKit/WebKit.xcodeproj/project.pbxproj:
* Source/WebKit/WebProcess/Network/WebSocketChannel.cpp:
(WebKit::WebSocketChannel::connect):
* Tools/TestWebKitAPI/Tests/WebKitCocoa/WKHTTPCookieStore.mm:
(TEST):
Canonical link: https://commits.webkit.org/259548.477@safari-7615-branch
Compare: https://github.com/WebKit/WebKit/compare/cbdc482f614b...b3a18564f431
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
