[webkit-changes] [WebKit/WebKit] 8ab0a1: Incorrect CORS mode for ApplicationManifest

Tyler Wilcock noreply at github.com
Tue Aug 8 16:31:53 PDT 2023


  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 8ab0a195bae77ce58336c296af72acdd2b098329
      https://github.com/WebKit/WebKit/commit/8ab0a195bae77ce58336c296af72acdd2b098329
  Author: Marcos Caceres <marcosc at apple.com>
  Date:   2023-08-08 (Tue, 08 Aug 2023)

  Changed paths:
    M LayoutTests/TestExpectations
    A LayoutTests/http/wpt/content-security-policy/manifest.json
    A LayoutTests/http/wpt/content-security-policy/sandbox-manifest-blocked-cross-origin.sub-expected.txt
    A LayoutTests/http/wpt/content-security-policy/sandbox-manifest-blocked-cross-origin.sub.html
    A LayoutTests/http/wpt/content-security-policy/sandbox-manifest-blocked-cross-origin.sub.html.headers
    A LayoutTests/http/wpt/content-security-policy/sandbox-manifest-blocked-expected.txt
    A LayoutTests/http/wpt/content-security-policy/sandbox-manifest-blocked.html
    A LayoutTests/http/wpt/content-security-policy/sandbox-manifest-blocked.html.headers
    M LayoutTests/platform/ios-wk2/TestExpectations
    M LayoutTests/platform/mac-wk2/TestExpectations
    M Source/WebCore/loader/ApplicationManifestLoader.cpp
    M Tools/TestWebKitAPI/Tests/WebKitCocoa/ApplicationManifest.mm

  Log Message:
  -----------
  Incorrect CORS mode for ApplicationManifest
https://bugs.webkit.org/show_bug.cgi?id=256686
rdar://109154572

Reviewed by Brent Fulgham.

* LayoutTests/TestExpectations:
* LayoutTests/http/wpt/content-security-policy/manifest.json: Added.
* LayoutTests/http/wpt/content-security-policy/sandbox-manifest-blocked-cross-origin.sub-expected.txt: Added.
* LayoutTests/http/wpt/content-security-policy/sandbox-manifest-blocked-cross-origin.sub.html: Added.
* LayoutTests/http/wpt/content-security-policy/sandbox-manifest-blocked-cross-origin.sub.html.headers: Added.
* LayoutTests/http/wpt/content-security-policy/sandbox-manifest-blocked-expected.txt: Added.
* LayoutTests/http/wpt/content-security-policy/sandbox-manifest-blocked.html: Added.
* LayoutTests/http/wpt/content-security-policy/sandbox-manifest-blocked.html.headers: Added.
* LayoutTests/platform/ios-wk2/TestExpectations:
* LayoutTests/platform/mac-wk2/TestExpectations:
* Source/WebCore/loader/ApplicationManifestLoader.cpp:
(WebCore::ApplicationManifestLoader::startLoading):
* Tools/TestWebKitAPI/Tests/WebKitCocoa/ApplicationManifest.mm:
(TestWebKitAPI::TEST):

Originally-landed-as: 259548.816 at safari-7615-branch (8437c2302b67). rdar://113581463
Canonical link: https://commits.webkit.org/266703@main


  Commit: ef41761618aa0f95c860291d02d7bab31e638c62
      https://github.com/WebKit/WebKit/commit/ef41761618aa0f95c860291d02d7bab31e638c62
  Author: Alex Christensen <achristensen at apple.com>
  Date:   2023-08-08 (Tue, 08 Aug 2023)

  Changed paths:
    M Source/WebCore/editing/markup.cpp

  Log Message:
  -----------
  Disable link preload when sanitizing web content
https://bugs.webkit.org/show_bug.cgi?id=258100
rdar://109675198

Reviewed by Chris Dumez.

Otherwise we get a request in the network process with an invalid pageID,
and it MESSAGE_CHECKs and terminates the process.

* Source/WebCore/editing/markup.cpp:
(WebCore::createPageForSanitizingWebContent):

Originally-landed-as: 259548.830 at safari-7615-branch (9cd44913c84e). rdar://113581524
Canonical link: https://commits.webkit.org/266704@main


  Commit: 1a9dba69538046f2417bbe80b024119652a92a40
      https://github.com/WebKit/WebKit/commit/1a9dba69538046f2417bbe80b024119652a92a40
  Author: Alex Christensen <achristensen at apple.com>
  Date:   2023-08-08 (Tue, 08 Aug 2023)

  Changed paths:
    M Source/WTF/wtf/URLHelpers.cpp
    M Tools/TestWebKitAPI/Tests/WTF/cocoa/URLExtras.mm

  Log Message:
  -----------
  Expand list of URL spoofing characters
https://bugs.webkit.org/show_bug.cgi?id=256813
rdar://109105078, rdar://109056841, and rdar://109056217

Reviewed by Tim Horton.

U+1E9C and U+1E9D are Medievalist characters, which means they haven't been used much
in the last several centuries.  They look kind of like 'f' and other browsers punycode
encode them when seen in URL hosts, so let's do the same.  Same with U+1EFE and U+1EFF.

Deseret has been used much more recently, but still not much since the late 1800's.
There is a sign in a restaurant in the Salt Lake City airport that uses it, but it
seems to be a historical reference.  Classify Deseret like we do the International
Phonetic Alphabet and punycode encode it if seen in URL hosts.

* Source/WTF/wtf/URLHelpers.cpp:
(WTF::URLHelpers::isLookalikeCharacter):
* Tools/TestWebKitAPI/Tests/WTF/cocoa/URLExtras.mm:
(TestWebKitAPI::TEST):

Originally-landed-as: 259548.832 at safari-7615-branch (aecf4d579f39). rdar://113581615
Canonical link: https://commits.webkit.org/266705@main


  Commit: 44ab01dd7c251c97393b56ba5bca83947b911a13
      https://github.com/WebKit/WebKit/commit/44ab01dd7c251c97393b56ba5bca83947b911a13
  Author: Tyler Wilcock <tyler_w at apple.com>
  Date:   2023-08-08 (Tue, 08 Aug 2023)

  Changed paths:
    M Source/WebCore/accessibility/AXLogger.cpp
    M Source/WebCore/accessibility/AXObjectCache.h
    M Source/WebCore/accessibility/isolatedtree/AXIsolatedObject.cpp

  Log Message:
  -----------
  AX: Improve smart pointer hygiene in AXObjectCache and AXIsolatedObject::updateBackingStore
rdar://111341681

Reviewed by Chris Fleizach.

Per https://github.com/WebKit/WebKit/wiki/Smart-Pointer-Usage-Guidelines, continue refactoring
to replace raw pointer usage with smart pointers where appropriate.

* Source/WebCore/accessibility/AXObjectCache.cpp:
(WebCore::AXObjectCache::remove):
(WebCore::AXObjectCache::deferNodeAddedOrRemoved):
(WebCore::AXObjectCache::prepareForDocumentDestruction):
(WebCore::AXObjectCache::performDeferredCacheUpdate):
* Source/WebCore/accessibility/AXObjectCache.h:
* Source/WebCore/accessibility/isolatedtree/AXIsolatedObject.cpp:

Originally-landed-as: 259548.864 at safari-7615-branch (c047b91f5ccb). rdar://113582260
Canonical link: https://commits.webkit.org/266706@main


Compare: https://github.com/WebKit/WebKit/compare/b148a49fc1bd...44ab01dd7c25


More information about the webkit-changes mailing list