Bug 209368

Summary:

Add checks for app-bound navigations when evaluating user style sheets

Product:

WebKit

Reporter:

Kate Cheney <katherine_cheney>

Component:

WebKit Misc.

Assignee:

Kate Cheney <katherine_cheney>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

aestes, bfulgham, cdumez, ews-watchlist, japhet, koivisto, thorton, wilander

Priority:

Keywords:

InRadar

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
Patch	none
Patch	none
Patch	none
Patch for landing	none

Description Kate Cheney 2020-03-20 16:54:18 PDT

We should check for app-bound navigations when we update user style sheets for pages.

Comment 1 Kate Cheney 2020-03-20 16:55:27 PDT

<rdar://problem/60204230>

Comment 2 Kate Cheney 2020-03-20 17:08:08 PDT

Created attachment 394150 [details]
Patch

Comment 3 Kate Cheney 2020-03-23 08:41:48 PDT

Created attachment 394263 [details]
Patch

Comment 4 Kate Cheney 2020-03-23 09:32:28 PDT

Created attachment 394266 [details]
Patch

Comment 5 Brent Fulgham 2020-03-23 10:40:27 PDT

Comment on attachment 394266 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=394266&action=review

Awesome! Thank you for creating useful tests for this. r=me, but please add the logging I suggest.

> Source/WebCore/page/Page.cpp:3078
> +    if (m_mainFrame->loader().client().hasNavigatedAwayFromAppBoundDomain())

I feel like we should issue some kind of console message so developers will know what's going on. Look for instances of 'document->addConsoleMessage' (or context->addConsoleMessage) for examples.

> Source/WebCore/style/StyleScopeRuleSets.cpp:98
> +        collectRulesFromUserStyleSheets(extensionStyleSheets.injectedUserStyleSheets(), tempUserStyle.get(), mediaQueryEvaluator);

I suggest:

auto* page = m_styleResolver.document().page();
if (page && page->mainFrame().loader().client().hasNavigatedAwayFromAppBoundDomain())
    m_styleResolver.document().addConsoleMessage(MessageSource::Security, MessageLevel::Warning, "Ignoring user style sheet for non-app bound domain."_s);
else
    collectRulesFromUserStyleSheets(extensionStyleSheets.injectedUserStyleSheets(), tempUserStyle.get(), mediaQueryEvaluator);

> Tools/TestWebKitAPI/Tests/WebKitCocoa/InAppBrowserPrivacy.mm:76
> +        response = @"<body style='background-color: red;'><iframe src='in-app-browser:///in-app-browser-privacy-test-user-style-sheets'></iframe></body>";

Nice!

Comment 6 Kate Cheney 2020-03-23 11:11:44 PDT

Created attachment 394279 [details]
Patch for landing

Comment 7 Kate Cheney 2020-03-23 11:12:40 PDT

(In reply to Brent Fulgham from comment #5)
> Comment on attachment 394266 [details]
> Patch
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=394266&action=review
> 
> Awesome! Thank you for creating useful tests for this. r=me, but please add
> the logging I suggest.

Thanks! I added the logging you suggested.

Comment 8 EWS 2020-03-23 11:47:53 PDT

Committed r258863: <https://trac.webkit.org/changeset/258863>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 394279 [details].