[webkit-changes] [WebKit/WebKit] 04c640: [macOS] drawFocusIfNeeded() should not expose the ...

Wenson Hsieh noreply at github.com
Mon Aug 14 15:34:25 PDT 2023 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 04c640bb1dcea7ab1a75bbdc59a891dde2e9c499
      https://github.com/WebKit/WebKit/commit/04c640bb1dcea7ab1a75bbdc59a891dde2e9c499
  Author: Wenson Hsieh <wenson_hsieh at apple.com>
  Date:   2023-08-14 (Mon, 14 Aug 2023)

  Changed paths:
    M LayoutTests/TestExpectations
    A LayoutTests/fast/canvas/do-not-expose-non-default-focus-ring-color-expected.html
    A LayoutTests/fast/canvas/do-not-expose-non-default-focus-ring-color.html
    A LayoutTests/fast/canvas/resources/do-not-expose-non-default-focus-ring-color.js
    A LayoutTests/fast/css/mac/focus-ring-color-should-not-expose-accent-color-expected-mismatch.html
    A LayoutTests/fast/css/mac/focus-ring-color-should-not-expose-accent-color.html
    M LayoutTests/platform/mac-wk2/TestExpectations
    M LayoutTests/resources/ui-helper.js
    M Source/WebCore/PAL/pal/spi/ios/UIKitSPI.h
    M Source/WebCore/rendering/RenderElement.cpp
    M Source/WebCore/rendering/RenderImage.cpp
    M Source/WebCore/rendering/RenderThemeIOS.mm
    M Source/WebCore/rendering/RenderThemeMac.mm
    M Source/WebCore/testing/Internals.cpp
    M Tools/TestRunnerShared/UIScriptContext/Bindings/UIScriptController.idl
    M Tools/TestRunnerShared/UIScriptContext/UIScriptController.h
    M Tools/WebKitTestRunner/InjectedBundle/Bindings/TestRunner.idl
    M Tools/WebKitTestRunner/InjectedBundle/TestRunner.h
    M Tools/WebKitTestRunner/TestController.h
    M Tools/WebKitTestRunner/mac/TestControllerMac.mm
    M Tools/WebKitTestRunner/mac/UIScriptControllerMac.h
    M Tools/WebKitTestRunner/mac/UIScriptControllerMac.mm

  Log Message:
  -----------
  [macOS] drawFocusIfNeeded() should not expose the user's system accent color
https://bugs.webkit.org/show_bug.cgi?id=260102
rdar://105554669

Reviewed by Tim Nguyen.

On macOS, `drawFocusIfNeeded()` currently exposes the user's system accent color via
`RenderTheme::focusRingColor()`. To mitigate fingerprinting risk due to this API for users that have
chosen a non-default system accent color, we make `RenderTheme::focusRingColor()` respect the given
`UseSystemAppearance` state by returning the default system focus ring color on macOS, in the case
where that option is absent. As a result, this means that quirks-mode webpages that use
`-webkit-focus-ring-color` will also no longer be able to determine the user's accent color. This
aligns with existing behavior for the "activeborder" CSS value.

Tests:  fast/canvas/do-not-expose-non-default-focus-ring-color.html
        fast/css/mac/focus-ring-color-should-not-expose-accent-color.html

* LayoutTests/TestExpectations:
* LayoutTests/fast/canvas/do-not-expose-non-default-focus-ring-color-expected.html: Added.
* LayoutTests/fast/canvas/do-not-expose-non-default-focus-ring-color.html: Added.
* LayoutTests/fast/canvas/resources/do-not-expose-non-default-focus-ring-color.js: Added.
(paintIntoSwatch):

Add a test to verify that accent colors can't be read back using canvas 2D; to test this, we render
a simple focus ring to a 2D canvas, use `getImageData` to read it back, and verify that the average
non-transparent pixel values in the resulting image data match even when the accent color is
different (customized using the new `UIScriptController` hook below).

* LayoutTests/fast/css/mac/focus-ring-color-should-not-expose-accent-color-expected-mismatch.html: Added.
* LayoutTests/fast/css/mac/focus-ring-color-should-not-expose-accent-color.html: Added.

Add another test to verify that accent colors (1) are not directly leaked through the use of the
`-webkit-focus-ring-color` CSS property, and (2) enabling system appearance is sufficient to expose
the real focus ring color again.

* LayoutTests/platform/mac-wk2/TestExpectations:
* LayoutTests/resources/ui-helper.js:
(window.UIHelper.isMac):
(window.UIHelper.setAppAccentColor):
* Source/WebCore/PAL/pal/spi/ios/UIKitSPI.h:

Drive-by fix: remove an unnecessary UIKit SPI method declaraction.

* Source/WebCore/rendering/RenderElement.cpp:
(WebCore::RenderElement::paintFocusRing const):

Set `UseSystemAppearance` here to ensure that focus rings still paint with the correct appearance.

* Source/WebCore/rendering/RenderImage.cpp:
(WebCore::RenderImage::paintAreaElementFocusRing):

Set `UseSystemAppearance` here to ensure that focus rings still paint with the correct appearance.

* Source/WebCore/rendering/RenderThemeIOS.mm:
(WebCore::RenderThemeIOS::systemFocusRingColor):
* Source/WebCore/rendering/RenderThemeMac.mm:
(WebCore::defaultFocusRingColor):
(WebCore::RenderThemeMac::platformFocusRingColor const):

This is the main fix — pull the hard-coded value for the focus ring color out into a separate helper
function, which we use in `platformFocusRingColor` if `UseSystemAppearance` is unset.

(WebCore::RenderThemeMac::systemColor const):
* Source/WebCore/testing/Internals.cpp:
(WebCore::Internals::focusRingColor):
* Tools/TestRunnerShared/UIScriptContext/Bindings/UIScriptController.idl:
* Tools/TestRunnerShared/UIScriptContext/UIScriptController.h:
(WTR::UIScriptController::setAppAccentColor):

Add a `UIScriptController` hook to set a custom accent color, using `-_setAccentColor:`. This is
reset to the default value (computed upon initializing the test runner and stored in
`m_defaultAppAccentColor`) between test runs.

* Tools/WebKitTestRunner/InjectedBundle/Bindings/TestRunner.idl:
* Tools/WebKitTestRunner/InjectedBundle/TestRunner.h:
(WTR::TestRunner::isMac const):
* Tools/WebKitTestRunner/TestController.h:
* Tools/WebKitTestRunner/mac/TestControllerMac.mm:
(WTR::TestController::platformInitialize):
(WTR::TestController::platformResetStateToConsistentValues):
* Tools/WebKitTestRunner/mac/UIScriptControllerMac.h:
* Tools/WebKitTestRunner/mac/UIScriptControllerMac.mm:
(WTR::UIScriptControllerMac::setAppAccentColor):

Canonical link: https://commits.webkit.org/266881@main

More information about the webkit-changes mailing list