Bug 209368

Summary: Add checks for app-bound navigations when evaluating user style sheets
Product: WebKit Reporter: Kate Cheney <katherine_cheney>
Component: WebKit Misc.Assignee: Kate Cheney <katherine_cheney>
Status: RESOLVED FIXED    
Severity: Normal CC: aestes, bfulgham, cdumez, ews-watchlist, japhet, koivisto, thorton, wilander
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
none
Patch
none
Patch
none
Patch for landing none

Kate Cheney
Reported 2020-03-20 16:54:18 PDT
We should check for app-bound navigations when we update user style sheets for pages.
Attachments
Patch (10.64 KB, patch)
2020-03-20 17:08 PDT, Kate Cheney 		no flags
DetailsFormatted DiffDiff
Patch (10.87 KB, patch)
2020-03-23 08:41 PDT, Kate Cheney 		no flags
DetailsFormatted DiffDiff
Patch (10.88 KB, patch)
2020-03-23 09:32 PDT, Kate Cheney 		no flags
DetailsFormatted DiffDiff
Patch for landing (11.10 KB, patch)
2020-03-23 11:11 PDT, Kate Cheney 		no flags
DetailsFormatted DiffDiff
Show Obsolete (3) View All Add attachment proposed patch, testcase, etc.
Kate Cheney
Comment 1 2020-03-20 16:55:27 PDT
<rdar://problem/60204230>
Kate Cheney
Comment 2 2020-03-20 17:08:08 PDT
Created attachment 394150 [details] Patch
Kate Cheney
Comment 3 2020-03-23 08:41:48 PDT
Created attachment 394263 [details] Patch
Kate Cheney
Comment 4 2020-03-23 09:32:28 PDT
Created attachment 394266 [details] Patch
Brent Fulgham
Comment 5 2020-03-23 10:40:27 PDT
Comment on attachment 394266 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=394266&action=review Awesome! Thank you for creating useful tests for this. r=me, but please add the logging I suggest. > Source/WebCore/page/Page.cpp:3078 > + if (m_mainFrame->loader().client().hasNavigatedAwayFromAppBoundDomain()) I feel like we should issue some kind of console message so developers will know what's going on. Look for instances of 'document->addConsoleMessage' (or context->addConsoleMessage) for examples. > Source/WebCore/style/StyleScopeRuleSets.cpp:98 > + collectRulesFromUserStyleSheets(extensionStyleSheets.injectedUserStyleSheets(), tempUserStyle.get(), mediaQueryEvaluator); I suggest: auto* page = m_styleResolver.document().page(); if (page && page->mainFrame().loader().client().hasNavigatedAwayFromAppBoundDomain()) m_styleResolver.document().addConsoleMessage(MessageSource::Security, MessageLevel::Warning, "Ignoring user style sheet for non-app bound domain."_s); else collectRulesFromUserStyleSheets(extensionStyleSheets.injectedUserStyleSheets(), tempUserStyle.get(), mediaQueryEvaluator); > Tools/TestWebKitAPI/Tests/WebKitCocoa/InAppBrowserPrivacy.mm:76 > + response = @"<body style='background-color: red;'><iframe src='in-app-browser:///in-app-browser-privacy-test-user-style-sheets'></iframe></body>"; Nice!
Kate Cheney
Comment 6 2020-03-23 11:11:44 PDT
Created attachment 394279 [details] Patch for landing
Kate Cheney
Comment 7 2020-03-23 11:12:40 PDT
(In reply to Brent Fulgham from comment #5) > Comment on attachment 394266 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=394266&action=review > > Awesome! Thank you for creating useful tests for this. r=me, but please add > the logging I suggest. Thanks! I added the logging you suggested.
EWS
Comment 8 2020-03-23 11:47:53 PDT
Committed r258863: <https://trac.webkit.org/changeset/258863> All reviewed patches have been landed. Closing bug and clearing flags on attachment 394279 [details].
Note You need to log in before you can comment on or make changes to this bug.