RESOLVED FIXED245538
Provide a mechanism for NSAttributedString to extend file access to WebContent process 
https://bugs.webkit.org/show_bug.cgi?id=245538
Summary Provide a mechanism for NSAttributedString to extend file access to WebConten...
Brent Fulgham
Reported 2022-09-22 14:00:29 PDT
NSAttributedString in recent Cocoa OS releases makes use of the modern WebKit architecture, and renders HTML content in a separate WebContent process from the main application. This security improvement has created problems when an author attempts to create an NSAttributedString from an HTML String that includes references to files in an application's bundle. We need a way for WebKit's NSAttributedString extensions to pass file permission to the WebContent process, otherwise the strings cannot be properly rendered.
Attachments
Add attachment proposed patch, testcase, etc.
Brent Fulgham
Comment 1 2022-09-22 14:01:12 PDT
<rdar://98333507>
Brent Fulgham
Comment 2 2022-09-22 14:12:32 PDT
Pull request: https://github.com/Webkit/WebKit/pull/4608
Brent Fulgham
Comment 3 2022-09-27 12:49:06 PDT
Pull request: https://github.com/WebKit/WebKit/pull/4608
EWS
Comment 4 2022-09-28 14:29:43 PDT
Committed 254968@main (3c74d31715ca): <https://commits.webkit.org/254968@main> Reviewed commits have been landed. Closing PR #4608 and removing active labels.
Ryan Haddad
Comment 5 2022-09-28 22:28:46 PDT
Two of the API tests added with this change are consistently crashing on Big Sur bots TestWebKitAPI.WebKit.NSAttributedStringWithReadOnlyPaths TestWebKitAPI.WebKit.NSAttributedStringWithAndWithoutReadOnlyPaths https://results.webkit.org/?suite=api-tests&suite=api-tests&test=TestWebKitAPI.WebKit.NSAttributedStringWithAndWithoutReadOnlyPaths&test=TestWebKitAPI.WebKit.NSAttributedStringWithReadOnlyPaths Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 TestWebKitAPI 0x000000010a521fb3 crash + 1 (CheckedArithmetic.h:109) [inlined] 1 TestWebKitAPI 0x000000010a521fb3 overflowed + 1 (CheckedArithmetic.h:102) [inlined] 2 TestWebKitAPI 0x000000010a521fb3 at + 1 (Vector.h:763) [inlined] 3 TestWebKitAPI 0x000000010a521fb3 operator[] + 1 (Vector.h:773) [inlined] 4 TestWebKitAPI 0x000000010a521fb3 invocation function for block in WebKit_NSAttributedStringWithReadOnlyPaths_Test::TestBody() + 2564 (AdditionalReadAccessAllowedURLs.mm:152) 5 com.apple.WebKit 0x000000010f5be38c __90+[NSAttributedString(WKPrivate) _loadFromHTMLWithOptions:contentLoader:completionHandler:]_block_invoke.271 + 377 (NSAttributedString.mm:366) 6 com.apple.WebKit 0x000000010f5be584 __90+[NSAttributedString(WKPrivate) _loadFromHTMLWithOptions:contentLoader:completionHandler:]_block_invoke.280 + 40 (NSAttributedString.mm:370) 7 com.apple.WebKit 0x000000010f67fed6 operator() + 11 (BlockPtr.h:193) [inlined] 8 com.apple.WebKit 0x000000010f67fed6 operator()<const WebCore::AttributedString> + 65 (WKWebView.mm:3177) [inlined] 9 com.apple.WebKit 0x000000010f67fed6 WTF::Detail::CallableWrapper<-[WKWebView(WKPrivate) _getContentsAsAttributedStringWithCompletionHandler:]::$_44, void, WebCore::AttributedString const&>::call(WebCore::AttributedString const&) + 82 (Function.h:53) 10 com.apple.WebKit 0x000000010f914cdd operator() + 9 (Function.h:82) [inlined] 11 com.apple.WebKit 0x000000010f914cdd operator() + 23 (CompletionHandler.h:72) [inlined] 12 com.apple.WebKit 0x000000010f914cdd WTF::Detail::CallableWrapper<WTF::CompletionHandler<void (WebCore::AttributedString const&)>, void, WebCore::AttributedString&&>::call(WebCore::AttributedString&&) + 27 (Function.h:53) 13 com.apple.WebKit 0x000000010fbe89a0 operator() + 9 (Function.h:82) [inlined] 14 com.apple.WebKit 0x000000010fbe89a0 operator() + 19 (CompletionHandler.h:72) [inlined] 15 com.apple.WebKit 0x000000010fbe89a0 Messages::WebPage::GetContentsAsAttributedString::cancelReply(WTF::CompletionHandler<void (WebCore::AttributedString&&)>&&) + 38 (WebPageMessageReceiver.cpp:1078) 16 com.apple.WebKit 0x000000010fbe8831 Messages::WebPage::GetContentsAsAttributedString::callReply(IPC::Decoder&, WTF::CompletionHandler<void (WebCore::AttributedString&&)>&&) + 91 (WebPageMessageReceiver.cpp:1070) 17 com.apple.WebKit 0x000000010f914c07 operator() + 68 (MessageSender.h:100) [inlined] 18 com.apple.WebKit 0x000000010f914c07 WTF::Detail::CallableWrapper<unsigned long long IPC::MessageSender::sendWithAsyncReply<Messages::WebPage::GetContentsAsAttributedString, WTF::CompletionHandler<void (WebCore::AttributedString const&)> >(Messages::WebPage::GetContentsAsAttributedString&&, WTF::CompletionHandler<void (WebCore::AttributedString const&)>&&, unsigned long long, WTF::OptionSet<IPC::SendOption>)::'lambda'(IPC::Decoder*), void, IPC::Decoder*>::call(IPC::Decoder*) + 81 (Function.h:53) 19 com.apple.WebKit 0x000000010f854eb5 operator() + 9 (Function.h:82) [inlined] 20 com.apple.WebKit 0x000000010f854eb5 operator() + 23 (CompletionHandler.h:72) [inlined] 21 com.apple.WebKit 0x000000010f854eb5 operator() + 23 (AuxiliaryProcessProxy.cpp:219) [inlined] 22 com.apple.WebKit 0x000000010f854eb5 WTF::Detail::CallableWrapper<WebKit::AuxiliaryProcessProxy::sendMessage(WTF::UniqueRef<IPC::Encoder>&&, WTF::OptionSet<IPC::SendOption>, std::__1::optional<std::__1::pair<WTF::CompletionHandler<void (IPC::Decoder*)>, unsigned long long> >&&, WebKit::AuxiliaryProcessProxy::ShouldStartProcessThrottlerActivity)::$_1, void, IPC::Decoder*>::call(IPC::Decoder*) + 27 (Function.h:53)
Note You need to log in before you can comment on or make changes to this bug.