WebKit Bugzilla
Attachment 368279 Details for
Bug 197299
: Trying to load a main resource outside the sandbox should not crash the WebContent process
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-197299-20190425154618.patch (text/plain), 1.88 KB, created by
Chris Dumez
on 2019-04-25 15:46:18 PDT
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Chris Dumez
Created:
2019-04-25 15:46:18 PDT
Size:
1.88 KB
patch
obsolete
>Subversion Revision: 244645 >diff --git a/Source/WebKit/ChangeLog b/Source/WebKit/ChangeLog >index e32eb49e62072405510b89520fbefc7013e0f7cf..0731258fecf4eef33f7fcdcaa70ecf7578bff2cb 100644 >--- a/Source/WebKit/ChangeLog >+++ b/Source/WebKit/ChangeLog >@@ -1,3 +1,17 @@ >+2019-04-25 Chris Dumez <cdumez@apple.com> >+ >+ Trying to load a main resource outside the sandbox should not crash the WebContent process >+ https://bugs.webkit.org/show_bug.cgi?id=197299 >+ <rdar://problem/49808042> >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ Trying to load a main resource outside the sandbox should not crash the WebContent process. We should >+ simply ignore the load and log an error message. >+ >+ * UIProcess/WebPageProxy.cpp: >+ (WebKit::WebPageProxy::decidePolicyForNavigationAction): >+ > 2019-04-25 Youenn Fablet <youenn@apple.com> > > [Mac iOS WK2] Layout Test http/wpt/cache-storage/cache-quota-after-restart.any.html is a flaky failure >diff --git a/Source/WebKit/UIProcess/WebPageProxy.cpp b/Source/WebKit/UIProcess/WebPageProxy.cpp >index 1354f9cb8cf2b909fa786adc6872d3d391daec2b..3d2c9e1707824f058f873d7a91a43529dade7846 100644 >--- a/Source/WebKit/UIProcess/WebPageProxy.cpp >+++ b/Source/WebKit/UIProcess/WebPageProxy.cpp >@@ -4541,7 +4541,12 @@ void WebPageProxy::decidePolicyForNavigationAction(Ref<WebProcessProxy>&& proces > if (!fromAPI) > m_pageLoadState.clearPendingAPIRequestURL(transaction); > >- MESSAGE_CHECK_URL(process, request.url()); >+ if (!checkURLReceivedFromCurrentOrPreviousWebProcess(process, request.url())) { >+ RELEASE_LOG_ERROR_IF_ALLOWED(Process, "Ignoring request to load this main resource because it is outside the sandbox"); >+ sender->send(PolicyAction::Ignore, 0, DownloadID(), WTF::nullopt); >+ return; >+ } >+ > MESSAGE_CHECK_URL(process, originalRequest.url()); > > RefPtr<API::Navigation> navigation;
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=368279">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 197299
: 368279