[webkit-changes] [WebKit/WebKit] 614b6d: Allow tainted scripts to extract text from some fi...

[Commit Queue]

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 614b6dccb3ba73d2974dccecb6992b88e29e68c1
      
https://github.com/WebKit/WebKit/commit/614b6dccb3ba73d2974dccecb6992b88e29e68c1
  Author: Matthew Finkel <m_fin...@apple.com>
  Date:   2025-10-23 (Thu, 23 Oct 2025)

  Changed paths:
    M Source/WebCore/dom/ScriptExecutionContext.cpp
    M Source/WebCore/dom/ScriptExecutionContext.h
    M Source/WebCore/html/HTMLFormControlElement.cpp
    M Source/WebCore/html/HTMLFormControlElement.h
    M Source/WebCore/html/HTMLInputElement.cpp
    M Source/WebCore/html/HTMLTextAreaElement.cpp
    M Source/WebCore/html/HTMLTextFormControlElement.cpp
    M Source/WebCore/html/HTMLTextFormControlElement.h
    M Tools/TestWebKitAPI/Tests/WebKitCocoa/ScriptTrackingPrivacyTests.mm

  Log Message:
  -----------
  Allow tainted scripts to extract text from some fields
https://bugs.webkit.org/show_bug.cgi?id=301157
rdar://161669359

Reviewed by Wenson Hsieh.

The form control protection prevents tainted scripts from accessing the value
of all text form fields. That protection causes some web compatibility issues
that we can fix by slightly relaxing the restriction which is what I'm doing in
this patch. We can let tainted scripts extract the value if that element was
created by a tainted script and it wasn't modified by user input.

Test: Tools/TestWebKitAPI/Tests/WebKitCocoa/ScriptTrackingPrivacyTests.mm

* Source/WebCore/html/HTMLFormControlElement.cpp:
(WebCore::m_wasCreatedByTaintedScript):
(WebCore::m_wasChangedSinceLastFormControlChangeEvent): Deleted.
* Source/WebCore/html/HTMLFormControlElement.h:
(WebCore::HTMLFormControlElement::wasCreatedByTaintedScript const):
* Source/WebCore/html/HTMLInputElement.cpp:
(WebCore::HTMLInputElement::value const):
* Source/WebCore/html/HTMLTextAreaElement.cpp:
(WebCore::HTMLTextAreaElement::value const):
* Source/WebCore/html/HTMLTextFormControlElement.cpp:
(WebCore::HTMLTextFormControlElement::didEditInnerTextValue):
(WebCore::HTMLTextFormControlElement::wasChangeEverUserEdit const):
(WebCore::HTMLTextFormControlElement::shouldApplyScriptTrackingPrivacyProtection
 const):
* Source/WebCore/html/HTMLTextFormControlElement.h:
* Tools/TestWebKitAPI/Tests/WebKitCocoa/ScriptTrackingPrivacyTests.mm:
(TestWebKitAPI::(ScriptTrackingPrivacyTests, DirectFormFieldAccess)):

Canonical link: https://commits.webkit.org/302031@main



To unsubscribe from these emails, change your notification settings at 
https://github.com/WebKit/WebKit/settings/notifications