[webkit-changes] [WebKit/WebKit] 3b7c51: Transient activation should be dropped after evalu...

Michael Catanzaro noreply at github.com
Mon Aug 28 07:59:15 PDT 2023


  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 3b7c5108fac63ee6caad6481079c765f8b161a8b
      https://github.com/WebKit/WebKit/commit/3b7c5108fac63ee6caad6481079c765f8b161a8b
  Author: Michael Catanzaro <mcatanzaro at redhat.com>
  Date:   2023-08-28 (Mon, 28 Aug 2023)

  Changed paths:
    M Source/WebCore/bindings/js/ScriptController.cpp
    M Source/WebKit/UIProcess/API/C/WKPage.cpp
    M Source/WebKit/UIProcess/API/glib/WebKitWebView.cpp
    M Source/WebKit/UIProcess/Inspector/socket/RemoteInspectorProtocolHandler.cpp

  Log Message:
  -----------
  Transient activation should be dropped after evaluating JavaScript, except when required for application compatibility
https://bugs.webkit.org/show_bug.cgi?id=260361

Reviewed by Carlos Garcia Campos.

This is a follow-up to bug #258037 and bug #251276. When a user interacts with
a web page, the page is said to receive a user gesture and this grants
additional permissions to the web content until the "transient activation"
period expires, which in WebKit is 5 seconds. WebKit's API functions that allow
applications to run JavaScript allow the application to force a user gesture in
order to execute JS with full permissions. But in this case, the transient
activation should expire immediately because the user did not really interact
with the page. Web content should not unexpectedly receive additional
permissions for 5 seconds whenever the application runs some of its own
unrelated JS.

Bug #258037 and bug #251276 fixed this for freshly built applications on
Cocoa platforms, but left other platforms unchanged because dropping the
transient activation is not backwards-compatible and coulde possibly
cause unknown breakage in applications. But the desired behavior is to
always drop transient activation. Implement this everywhere:

(1) In RemoteInspectorProtocolHandler.cpp, affecting JS executed by remote
inspector. This change is surely safe.

(2) In WebKitWebView.cpp, affecting the GTK and WPE port. This could
possibly break GTK/WPE applications, so we won't backport it to the 2.40
stable branch.

(3) In WKPageRunJavaScriptInMainFrame, affecting non-Cocoa ports. This
should be safe because the C API is not public except for Windows and
PlayStation ports, which control the version of WebKit they ship.

(4) And finally in ScriptController::executeScriptIgnoringException. This
will affect all ports and could possibly break things.

* Source/WebCore/bindings/js/ScriptController.cpp:
(WebCore::ScriptController::executeScriptInWorldIgnoringException):
* Source/WebKit/UIProcess/API/C/WKPage.cpp:
(WKPageRunJavaScriptInMainFrame):
* Source/WebKit/UIProcess/API/glib/WebKitWebView.cpp:
(webkitWebViewRunJavascriptWithoutForcedUserGestures):
(webkitWebViewEvaluateJavascriptInternal):
(webkitWebViewCallAsyncJavascriptFunctionInternal):
(resourcesStreamReadCallback):
* Source/WebKit/UIProcess/Inspector/socket/RemoteInspectorProtocolHandler.cpp:
(WebKit::RemoteInspectorProtocolHandler::runScript):

Canonical link: https://commits.webkit.org/267352@main




More information about the webkit-changes mailing list