[webkit-changes] [116695] trunk

[andersca]

Title: [116695] trunk

Revision

116695

Author

ander...@apple.com

Date

2012-05-10 15:45:41 -0700 (Thu, 10 May 2012)

Log Message

WebKit1: Add a way to blacklist specific plug-ins/plug-in versions
https://bugs.webkit.org/show_bug.cgi?id=86150
<rdar://problem/9551196>

Reviewed by Sam Weinig.

Source/WebCore:

* English.lproj/Localizable.strings:
Update.

* loader/SubframeLoader.cpp:
(WebCore::SubframeLoader::loadPlugin):
It is possible that the client has already set the unavailability reason so don't try to set it twice.

* platform/LocalizedStrings.cpp:
(WebCore::insecurePluginVersionText):
* platform/LocalizedStrings.h:
Add insecure plug-in version text.

* rendering/RenderEmbeddedObject.cpp:
(WebCore::RenderEmbeddedObject::unavailablePluginReplacementText):
* rendering/RenderEmbeddedObject.h:
Add InsecurePluginVersion unavailability reason.

Source/WebKit/mac:

* Misc/WebKitErrors.h:
Add WebKitErrorInsecurePlugInVersion enum.

* Plugins/WebBasePluginPackage.h:
* Plugins/WebBasePluginPackage.mm:
(-[WebBasePluginPackage bundleIdentifier]):
(-[WebBasePluginPackage bundleVersion]):
Add bundleIdentifier and bundleVersion getters.

* WebCoreSupport/WebFrameLoaderClient.mm:
(WebFrameLoaderClient::createPlugin):
Check if the plug-in is blocked. If it is, set the unavailability reason and the error code.

WebKitLibraries:

Add WKShouldBlockPlugin.

* WebKitSystemInterface.h:
* libWebKitSystemInterfaceLion.a:
* libWebKitSystemInterfaceSnowLeopard.a:

Modified Paths

• trunk/Source/WebCore/ChangeLog
• trunk/Source/WebCore/English.lproj/Localizable.strings
• trunk/Source/WebCore/loader/SubframeLoader.cpp
• trunk/Source/WebCore/platform/LocalizedStrings.cpp
• trunk/Source/WebCore/platform/LocalizedStrings.h
• trunk/Source/WebCore/rendering/RenderEmbeddedObject.cpp
• trunk/Source/WebCore/rendering/RenderEmbeddedObject.h
• trunk/Source/WebKit/mac/ChangeLog
• trunk/Source/WebKit/mac/Misc/WebKitErrors.h
• trunk/Source/WebKit/mac/Plugins/WebBasePluginPackage.h
• trunk/Source/WebKit/mac/Plugins/WebBasePluginPackage.mm
• trunk/Source/WebKit/mac/WebCoreSupport/WebFrameLoaderClient.mm
• trunk/WebKitLibraries/ChangeLog
• trunk/WebKitLibraries/WebKitSystemInterface.h
• trunk/WebKitLibraries/libWebKitSystemInterfaceLion.a
• trunk/WebKitLibraries/libWebKitSystemInterfaceSnowLeopard.a

Diff

Modified: trunk/Source/WebCore/ChangeLog (116694 => 116695)

--- trunk/Source/WebCore/ChangeLog	2012-05-10 22:11:57 UTC (rev 116694)
+++ trunk/Source/WebCore/ChangeLog	2012-05-10 22:45:41 UTC (rev 116695)
@@ -1,3 +1,28 @@
+2012-05-10  Anders Carlsson  <ander...@apple.com>
+
+        WebKit1: Add a way to blacklist specific plug-ins/plug-in versions
+        https://bugs.webkit.org/show_bug.cgi?id=86150
+        <rdar://problem/9551196>
+
+        Reviewed by Sam Weinig.
+
+        * English.lproj/Localizable.strings:
+        Update.
+
+        * loader/SubframeLoader.cpp:
+        (WebCore::SubframeLoader::loadPlugin):
+        It is possible that the client has already set the unavailability reason so don't try to set it twice.
+
+        * platform/LocalizedStrings.cpp:
+        (WebCore::insecurePluginVersionText):
+        * platform/LocalizedStrings.h:
+        Add insecure plug-in version text.
+
+        * rendering/RenderEmbeddedObject.cpp:
+        (WebCore::RenderEmbeddedObject::unavailablePluginReplacementText):
+        * rendering/RenderEmbeddedObject.h:
+        Add InsecurePluginVersion unavailability reason.
+
 2012-05-10  Eric Seidel  <e...@webkit.org>
 
         Make IFRAME_SEAMLESS child documents inherit styles from their parent iframe element

Modified: trunk/Source/WebCore/English.lproj/Localizable.strings (116694 => 116695)

--- trunk/Source/WebCore/English.lproj/Localizable.strings	2012-05-10 22:11:57 UTC (rev 116694)
+++ trunk/Source/WebCore/English.lproj/Localizable.strings	2012-05-10 22:45:41 UTC (rev 116695)
@@ -172,6 +172,9 @@
 /* Undo action name */
 "Indent (Undo action name)" = "Indent";
 
+/* Label text to be used when an insecure plug-in version was blocked from loading */
+"Insecure Plug-In Version" = "Insecure Plug-In Version";
+
 /* Undo action name */
 "Insert List (Undo action name)" = "Insert List";
 

Modified: trunk/Source/WebCore/loader/SubframeLoader.cpp (116694 => 116695)

--- trunk/Source/WebCore/loader/SubframeLoader.cpp	2012-05-10 22:11:57 UTC (rev 116694)
+++ trunk/Source/WebCore/loader/SubframeLoader.cpp	2012-05-10 22:45:41 UTC (rev 116695)
@@ -376,7 +376,8 @@
         pluginElement, url, paramNames, paramValues, mimeType, loadManually);
 
     if (!widget) {
-        renderer->setPluginUnavailabilityReason(RenderEmbeddedObject::PluginMissing);
+        if (!renderer->showsUnavailablePluginIndicator())
+            renderer->setPluginUnavailabilityReason(RenderEmbeddedObject::PluginMissing);
         return false;
     }
 

Modified: trunk/Source/WebCore/platform/LocalizedStrings.cpp (116694 => 116695)

--- trunk/Source/WebCore/platform/LocalizedStrings.cpp	2012-05-10 22:11:57 UTC (rev 116694)
+++ trunk/Source/WebCore/platform/LocalizedStrings.cpp	2012-05-10 22:45:41 UTC (rev 116695)
@@ -673,6 +673,11 @@
     return WEB_UI_STRING("Plug-in Failure", "Label text to be used if plugin host process has crashed");
 }
 
+String insecurePluginVersionText()
+{
+    return WEB_UI_STRING("Insecure Plug-In Version", "Label text to be used when an insecure plug-in version was blocked from loading");
+}
+
 String multipleFileUploadText(unsigned numberOfFiles)
 {
     return formatLocalizedString(WEB_UI_STRING("%d files", "Label to describe the number of files selected in a file upload control that allows multiple files"), numberOfFiles);

Modified: trunk/Source/WebCore/platform/LocalizedStrings.h (116694 => 116695)

--- trunk/Source/WebCore/platform/LocalizedStrings.h	2012-05-10 22:11:57 UTC (rev 116694)
+++ trunk/Source/WebCore/platform/LocalizedStrings.h	2012-05-10 22:45:41 UTC (rev 116695)
@@ -167,6 +167,7 @@
 
     String missingPluginText();
     String crashedPluginText();
+    String insecurePluginVersionText();
     String multipleFileUploadText(unsigned numberOfFiles);
     String unknownFileSizeText();
 

Modified: trunk/Source/WebCore/rendering/RenderEmbeddedObject.cpp (116694 => 116695)

--- trunk/Source/WebCore/rendering/RenderEmbeddedObject.cpp	2012-05-10 22:11:57 UTC (rev 116694)
+++ trunk/Source/WebCore/rendering/RenderEmbeddedObject.cpp	2012-05-10 22:45:41 UTC (rev 116695)
@@ -214,6 +214,8 @@
         return missingPluginText();
     case PluginCrashed:
         return crashedPluginText();
+    case InsecurePluginVersion:
+        return insecurePluginVersionText();
     }
 
     ASSERT_NOT_REACHED();

Modified: trunk/Source/WebCore/rendering/RenderEmbeddedObject.h (116694 => 116695)

--- trunk/Source/WebCore/rendering/RenderEmbeddedObject.h	2012-05-10 22:11:57 UTC (rev 116694)
+++ trunk/Source/WebCore/rendering/RenderEmbeddedObject.h	2012-05-10 22:45:41 UTC (rev 116695)
@@ -39,6 +39,7 @@
     enum PluginUnavailabilityReason {
         PluginMissing,
         PluginCrashed,
+        InsecurePluginVersion
     };
     void setPluginUnavailabilityReason(PluginUnavailabilityReason);
     bool showsUnavailablePluginIndicator() const;

Modified: trunk/Source/WebKit/mac/ChangeLog (116694 => 116695)

--- trunk/Source/WebKit/mac/ChangeLog	2012-05-10 22:11:57 UTC (rev 116694)
+++ trunk/Source/WebKit/mac/ChangeLog	2012-05-10 22:45:41 UTC (rev 116695)
@@ -1,5 +1,26 @@
 2012-05-10  Anders Carlsson  <ander...@apple.com>
 
+        WebKit1: Add a way to blacklist specific plug-ins/plug-in versions
+        https://bugs.webkit.org/show_bug.cgi?id=86150
+        <rdar://problem/9551196>
+
+        Reviewed by Sam Weinig.
+
+        * Misc/WebKitErrors.h:
+        Add WebKitErrorInsecurePlugInVersion enum.
+
+        * Plugins/WebBasePluginPackage.h:
+        * Plugins/WebBasePluginPackage.mm:
+        (-[WebBasePluginPackage bundleIdentifier]):
+        (-[WebBasePluginPackage bundleVersion]):
+        Add bundleIdentifier and bundleVersion getters.
+
+        * WebCoreSupport/WebFrameLoaderClient.mm:
+        (WebFrameLoaderClient::createPlugin):
+        Check if the plug-in is blocked. If it is, set the unavailability reason and the error code.
+
+2012-05-10  Anders Carlsson  <ander...@apple.com>
+
         Rename the missing plug-in indicator to the unavailable plug-in indicator
         https://bugs.webkit.org/show_bug.cgi?id=86136
 

Modified: trunk/Source/WebKit/mac/Misc/WebKitErrors.h (116694 => 116695)

--- trunk/Source/WebKit/mac/Misc/WebKitErrors.h	2012-05-10 22:11:57 UTC (rev 116694)
+++ trunk/Source/WebKit/mac/Misc/WebKitErrors.h	2012-05-10 22:45:41 UTC (rev 116695)
@@ -56,4 +56,5 @@
     WebKitErrorCannotFindPlugIn =                               200,
     WebKitErrorCannotLoadPlugIn =                               201,
     WebKitErrorJavaUnavailable =                                202,
+    WebKitErrorInsecurePlugInVersion =                          203,
 };

Modified: trunk/Source/WebKit/mac/Plugins/WebBasePluginPackage.h (116694 => 116695)

--- trunk/Source/WebKit/mac/Plugins/WebBasePluginPackage.h	2012-05-10 22:11:57 UTC (rev 116694)
+++ trunk/Source/WebKit/mac/Plugins/WebBasePluginPackage.h	2012-05-10 22:45:41 UTC (rev 116695)
@@ -77,7 +77,8 @@
 
 - (const WebCore::PluginInfo&)pluginInfo;
 
-- (WTF::String)bundleIdentifier;
+- (String)bundleIdentifier;
+- (String)bundleVersion;
 
 - (BOOL)supportsExtension:(const WTF::String&)extension;
 - (BOOL)supportsMIMEType:(const WTF::String&)MIMEType;

Modified: trunk/Source/WebKit/mac/Plugins/WebBasePluginPackage.mm (116694 => 116695)

--- trunk/Source/WebKit/mac/Plugins/WebBasePluginPackage.mm	2012-05-10 22:11:57 UTC (rev 116694)
+++ trunk/Source/WebKit/mac/Plugins/WebBasePluginPackage.mm	2012-05-10 22:45:41 UTC (rev 116695)
@@ -463,11 +463,24 @@
     [pluginDatabases removeObject:database];
 }
 
-- (WTF::String)bundleIdentifier
+- (String)bundleIdentifier
 {
     return CFBundleGetIdentifier(cfBundle.get());
 }
 
+- (String)bundleVersion
+{
+    CFDictionaryRef infoDictionary = CFBundleGetInfoDictionary(cfBundle.get());
+    if (!infoDictionary)
+        return String();
+
+    CFTypeRef bundleVersionString = CFDictionaryGetValue(infoDictionary, kCFBundleVersionKey);
+    if (!bundleVersionString || CFGetTypeID(bundleVersionString) != CFStringGetTypeID())
+        return String();
+
+    return reinterpret_cast<CFStringRef>(bundleVersionString);
+}
+
 @end
 
 @implementation NSArray (WebPluginExtensions)

Modified: trunk/Source/WebKit/mac/WebCoreSupport/WebFrameLoaderClient.mm (116694 => 116695)

--- trunk/Source/WebKit/mac/WebCoreSupport/WebFrameLoaderClient.mm	2012-05-10 22:11:57 UTC (rev 116694)
+++ trunk/Source/WebKit/mac/WebCoreSupport/WebFrameLoaderClient.mm	2012-05-10 22:45:41 UTC (rev 116695)
@@ -1665,25 +1665,31 @@
     NSView *view = nil;
 
     if (pluginPackage) {
-        if ([pluginPackage isKindOfClass:[WebPluginPackage class]])
-            view = pluginView(m_webFrame.get(), (WebPluginPackage *)pluginPackage, attributeKeys, kit(paramValues), baseURL, kit(element), loadManually);
-            
+        if (!WKShouldBlockPlugin([pluginPackage bundleIdentifier], [pluginPackage bundleVersion])) {
+            if ([pluginPackage isKindOfClass:[WebPluginPackage class]])
+                view = pluginView(m_webFrame.get(), (WebPluginPackage *)pluginPackage, attributeKeys, kit(paramValues), baseURL, kit(element), loadManually);
+
 #if ENABLE(NETSCAPE_PLUGIN_API)
-        else if ([pluginPackage isKindOfClass:[WebNetscapePluginPackage class]]) {
-            WebBaseNetscapePluginView *pluginView = [[[NETSCAPE_PLUGIN_VIEW alloc]
-                initWithFrame:NSMakeRect(0, 0, size.width(), size.height())
-                pluginPackage:(WebNetscapePluginPackage *)pluginPackage
-                URL:pluginURL
-                baseURL:baseURL
-                MIMEType:MIMEType
-                attributeKeys:attributeKeys
-                attributeValues:kit(paramValues)
-                loadManually:loadManually
-                element:element] autorelease];
-            
-            return adoptRef(new NetscapePluginWidget(pluginView));
-        } 
+            else if ([pluginPackage isKindOfClass:[WebNetscapePluginPackage class]]) {
+                WebBaseNetscapePluginView *pluginView = [[[NETSCAPE_PLUGIN_VIEW alloc]
+                    initWithFrame:NSMakeRect(0, 0, size.width(), size.height())
+                    pluginPackage:(WebNetscapePluginPackage *)pluginPackage
+                    URL:pluginURL
+                    baseURL:baseURL
+                    MIMEType:MIMEType
+                    attributeKeys:attributeKeys
+                    attributeValues:kit(paramValues)
+                    loadManually:loadManually
+                    element:element] autorelease];
+
+                return adoptRef(new NetscapePluginWidget(pluginView));
+            }
 #endif
+        } else {
+            errorCode = WebKitErrorInsecurePlugInVersion;
+            if (element->renderer()->isEmbeddedObject())
+                toRenderEmbeddedObject(element->renderer())->setPluginUnavailabilityReason(RenderEmbeddedObject::InsecurePluginVersion);
+        }
     } else
         errorCode = WebKitErrorCannotFindPlugIn;
 

Modified: trunk/WebKitLibraries/ChangeLog (116694 => 116695)

--- trunk/WebKitLibraries/ChangeLog	2012-05-10 22:11:57 UTC (rev 116694)
+++ trunk/WebKitLibraries/ChangeLog	2012-05-10 22:45:41 UTC (rev 116695)
@@ -1,3 +1,17 @@
+2012-05-10  Anders Carlsson  <ander...@apple.com>
+
+        WebKit1: Add a way to blacklist specific plug-ins/plug-in versions
+        https://bugs.webkit.org/show_bug.cgi?id=86150
+        <rdar://problem/9551196>
+
+        Reviewed by Sam Weinig.
+
+        Add WKShouldBlockPlugin.
+
+        * WebKitSystemInterface.h:
+        * libWebKitSystemInterfaceLion.a:
+        * libWebKitSystemInterfaceSnowLeopard.a:
+
 2012-05-08  Jon Lee  <jon...@apple.com>
 
         Safari warns that it needs to resend the form in an iFrame when going back

Modified: trunk/WebKitLibraries/WebKitSystemInterface.h (116694 => 116695)

--- trunk/WebKitLibraries/WebKitSystemInterface.h	2012-05-10 22:11:57 UTC (rev 116694)
+++ trunk/WebKitLibraries/WebKitSystemInterface.h	2012-05-10 22:45:41 UTC (rev 116695)
@@ -92,6 +92,7 @@
 AXUIElementRef WKCreateAXUIElementRef(id element);
 void WKUnregisterUniqueIdForElement(id element);
 
+BOOL WKShouldBlockPlugin(NSString *bundleIdentifier, NSString *bundleVersionString);
 
 #if MAC_OS_X_VERSION_MIN_REQUIRED >= 1060
 // Remote Accessibility API.

Modified: trunk/WebKitLibraries/libWebKitSystemInterfaceLion.a

(Binary files differ)

Modified: trunk/WebKitLibraries/libWebKitSystemInterfaceSnowLeopard.a

(Binary files differ)

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes