[webkit-changes] [WebKit/WebKit] 78a55c: Validate item URL in BackForwardAddItem() IPC

Chris Dumez noreply at github.com
Thu Nov 17 08:06:46 PST 2022 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 78a55cf3976ce0b4543df42b03c335c5b89d27dd
      https://github.com/WebKit/WebKit/commit/78a55cf3976ce0b4543df42b03c335c5b89d27dd
  Author: Chris Dumez <cdumez at apple.com>
  Date:   2022-11-17 (Thu, 17 Nov 2022)

  Changed paths:
    R LayoutTests/fast/history/history-replace-updates-current-item-expected.txt
    R LayoutTests/fast/history/history-replace-updates-current-item.html
    R LayoutTests/fast/history/resources/history-replace-updates-current-item-done.html
    R LayoutTests/fast/history/resources/history-replace-updates-current-item-goback.html
    M LayoutTests/fast/loader/stateobjects/pushstate-frequency-iframe.html
    M LayoutTests/fast/loader/stateobjects/pushstate-frequency.html
    M LayoutTests/fast/loader/stateobjects/pushstate-with-fragment-urls-and-hashchange-expected.txt
    M LayoutTests/fast/loader/stateobjects/pushstate-with-fragment-urls-and-hashchange.html
    M LayoutTests/fast/loader/stateobjects/replacestate-frequency-iframe.html
    M LayoutTests/fast/loader/stateobjects/replacestate-frequency.html
    M LayoutTests/fast/loader/stateobjects/resources/pushstate-iframe.html
    M LayoutTests/fast/loader/stateobjects/resources/replacestate-iframe.html
    M LayoutTests/fast/loader/stateobjects/state-url-sets-links-visited.html
    A LayoutTests/http/tests/history/history-replace-updates-current-item-expected.txt
    A LayoutTests/http/tests/history/history-replace-updates-current-item.html
    A LayoutTests/http/tests/history/resources/history-replace-updates-current-item-done.html
    A LayoutTests/http/tests/history/resources/history-replace-updates-current-item-goback.html
    M LayoutTests/loader/stateobjects/pushstate-size-iframe.html
    M LayoutTests/loader/stateobjects/pushstate-size.html
    M LayoutTests/loader/stateobjects/replacestate-size-iframe.html
    M LayoutTests/loader/stateobjects/replacestate-size.html
    M LayoutTests/loader/stateobjects/resources/pushstate-iframe.html
    M LayoutTests/loader/stateobjects/resources/replacestate-iframe.html
    M LayoutTests/platform/wk2/TestExpectations
    M LayoutTests/swipe/pushState-cached-back-swipe.html
    M LayoutTests/swipe/pushState-programmatic-back-while-swiping-crash.html
    M Source/WTF/wtf/cocoa/RuntimeApplicationChecksCocoa.h
    M Source/WebCore/page/History.cpp
    M Source/WebKit/UIProcess/ProvisionalPageProxy.cpp
    M Source/WebKit/UIProcess/ProvisionalPageProxy.h
    M Source/WebKit/UIProcess/WebPageProxy.cpp
    M Source/WebKit/UIProcess/WebPageProxy.h
    M Source/WebKit/UIProcess/WebProcessProxy.cpp
    M Source/WebKit/UIProcess/WebProcessProxy.h
    M Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj
    M Tools/TestWebKitAPI/Tests/WebKit/ProvisionalURLAfterWillSendRequestCallback.cpp
    M Tools/TestWebKitAPI/Tests/WebKit/ProvisionalURLAfterWillSendRequestCallback_Bundle.cpp

  Log Message:
  -----------
  Validate item URL in BackForwardAddItem() IPC
https://bugs.webkit.org/show_bug.cgi?id=244620
<rdar://98999288>

Reviewed by Brent Fulgham.

When the client approves a navigation to a file URL, we keep track of it.
We then use this information to validate the URL of the item in the
BackForwardAddItem() IPC coming from the WebProcess.

Also, update history.pushState() / replaceState() to throw if the new URL
is a file URL and its path does not match the path of the current URL.
This aligns WebKit's behavior with Blink and the specification:
- https://html.spec.whatwg.org/multipage/history.html#can-have-its-url-rewritten (Step 4)

This Web-exposed change is important since trying to call history.pushState()
or replaceState() with a different file path would trip the IPC check I
am adding in this patch.

* LayoutTests/fast/loader/stateobjects/pushstate-frequency-iframe.html:
* LayoutTests/fast/loader/stateobjects/pushstate-frequency.html:
* LayoutTests/fast/loader/stateobjects/pushstate-with-fragment-urls-and-hashchange-expected.txt:
* LayoutTests/fast/loader/stateobjects/pushstate-with-fragment-urls-and-hashchange.html:
* LayoutTests/fast/loader/stateobjects/replacestate-frequency-iframe.html:
* LayoutTests/fast/loader/stateobjects/replacestate-frequency.html:
* LayoutTests/fast/loader/stateobjects/resources/pushstate-iframe.html:
* LayoutTests/fast/loader/stateobjects/resources/replacestate-iframe.html:
* LayoutTests/fast/loader/stateobjects/state-url-sets-links-visited.html:
Update existing tests to reflect the Web-exposed changes to history.pushState() / replaceState().

* Source/WebCore/page/History.cpp:
(WebCore::History::stateObjectAdded):
* Source/WebKit/UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::decidePolicyForNavigationActionAsyncShared):
(WebKit::WebPageProxy::backForwardAddItem):
* Source/WebKit/UIProcess/WebProcessProxy.cpp:
(WebKit::WebProcessProxy::addPreviouslyApprovedFileURL):
(WebKit::WebProcessProxy::wasPreviouslyApprovedFileURL const):
* Source/WebKit/UIProcess/WebProcessProxy.h:

Canonical link: https://commits.webkit.org/256785@main

More information about the webkit-changes mailing list