[webkit-changes] [WebKit/WebKit] 52d668: Track cross-tab WindowProxy accesses

bnham noreply at github.com
Fri Dec 8 21:33:52 PST 2023 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 52d668d5cf530e5a5e5b06ad0535655a4cc58878
      https://github.com/WebKit/WebKit/commit/52d668d5cf530e5a5e5b06ad0535655a4cc58878
  Author: Ben Nham <nham at apple.com>
  Date:   2023-12-08 (Fri, 08 Dec 2023)

  Changed paths:
    M LayoutTests/TestExpectations
    A LayoutTests/http/wpt/opener/child-access-parent-via-windowproxy-expected.txt
    A LayoutTests/http/wpt/opener/child-access-parent-via-windowproxy.html
    A LayoutTests/http/wpt/opener/iframe-access-top-via-windowproxy-expected.txt
    A LayoutTests/http/wpt/opener/iframe-access-top-via-windowproxy.html
    A LayoutTests/http/wpt/opener/parent-access-child-via-windowproxy-expected.txt
    A LayoutTests/http/wpt/opener/parent-access-child-via-windowproxy.html
    A LayoutTests/http/wpt/opener/resources/empty.html
    A LayoutTests/http/wpt/opener/resources/send-message-to-opener.html
    A LayoutTests/http/wpt/opener/resources/send-message-to-top.html
    M LayoutTests/platform/ios-wk2/TestExpectations
    M LayoutTests/platform/mac-wk2/TestExpectations
    M Source/WTF/wtf/PlatformEnableCocoa.h
    M Source/WebCore/bindings/js/JSWindowProxy.cpp
    M Source/WebCore/bindings/js/JSWindowProxy.h
    M Source/WebCore/loader/FrameLoaderTypes.h
    M Source/WebCore/loader/LocalFrameLoaderClient.h
    M Source/WebCore/page/LocalFrame.cpp
    M Source/WebCore/page/LocalFrame.h
    M Source/WebCore/page/Location.h
    M Source/WebKit/Scripts/webkit/messages.py
    M Source/WebKit/Shared/WebCoreArgumentCoders.serialization.in
    M Source/WebKit/UIProcess/API/Cocoa/WKWebsiteDataStore.mm
    M Source/WebKit/UIProcess/FrameLoadState.cpp
    M Source/WebKit/UIProcess/FrameLoadState.h
    M Source/WebKit/UIProcess/WebPageProxy.cpp
    M Source/WebKit/UIProcess/WebPageProxy.h
    M Source/WebKit/UIProcess/WebPageProxy.messages.in
    M Source/WebKit/UIProcess/WebPageProxyInternals.h
    M Source/WebKit/UIProcess/WebsiteData/WebsiteDataStoreClient.h
    M Source/WebKit/WebProcess/WebCoreSupport/WebLocalFrameLoaderClient.cpp
    M Source/WebKit/WebProcess/WebCoreSupport/WebLocalFrameLoaderClient.h
    M Tools/MiniBrowser/mac/AppDelegate.m
    M Tools/WebKitTestRunner/InjectedBundle/Bindings/TestRunner.idl
    M Tools/WebKitTestRunner/InjectedBundle/InjectedBundle.cpp
    M Tools/WebKitTestRunner/InjectedBundle/TestRunner.cpp
    M Tools/WebKitTestRunner/InjectedBundle/TestRunner.h
    M Tools/WebKitTestRunner/TestController.cpp
    M Tools/WebKitTestRunner/TestController.h
    M Tools/WebKitTestRunner/TestInvocation.cpp
    M Tools/WebKitTestRunner/cocoa/TestControllerCocoa.mm
    M Tools/WebKitTestRunner/cocoa/TestWebsiteDataStoreDelegate.h
    M Tools/WebKitTestRunner/cocoa/TestWebsiteDataStoreDelegate.mm

  Log Message:
  -----------
  Track cross-tab WindowProxy accesses
https://bugs.webkit.org/show_bug.cgi?id=265822
rdar://118208200

Reviewed by Chris Dumez.

We want to track how WindowProxy is used across tabs (i.e. via an opener relationship). This can be
used to build up telemetry on how useful something like `Cross-Origin-Opener-Policy:
restrict-properties` would be on the web (which is a version of COOP that restricts cross-origin
WindowProxy to just the postMessage and closed properties).

To do this, we trap all property access in JSWindowProxy. In my own local tests, this seems to work.
Most WindowProxy property access seems to be just from callers trying to access some property on
their own window object. That bails out early on in the logic added by this patch (in the
`if target == lexicalGlobalObject` check).

>From there, if we detect that WindowProxy is used across an opener relationship, we message the
UIProcess about the property access the first time it happens via LocalFrame and
LocalFrameLoaderClient.

Note that the current approach doesn't handle the case of detecting if a WindowProxy is accessed
through multiple levels of openers (e.g. `window.opener.opener.postMessage`). But I don't think that
use case is very common.

One additional change is that I had to add some URL loading history to FrameLoadState. This is
because if an opened frame accesses WindowProxy in some way, we want to tell UIProcess not only
about the currently loaded domain in that frame, but also previous domains that have been loaded in
that frame. The URL history is only enabled for main frames (since those might have been opened by a
DOM opener), so I don't think it should have much memory impact. BackForwardList isn't sufficient
since we also want to capture things like server-side redirects that occur before the load event
fires in the page.

* LayoutTests/TestExpectations:
* LayoutTests/http/wpt/opener/child-access-parent-via-windowproxy-expected.txt: Added.
* LayoutTests/http/wpt/opener/child-access-parent-via-windowproxy.html: Added.
* LayoutTests/http/wpt/opener/iframe-access-top-via-windowproxy-expected.txt: Added.
* LayoutTests/http/wpt/opener/iframe-access-top-via-windowproxy.html: Added.
* LayoutTests/http/wpt/opener/parent-access-child-via-windowproxy-expected.txt: Added.
* LayoutTests/http/wpt/opener/parent-access-child-via-windowproxy.html: Added.
* LayoutTests/http/wpt/opener/resources/empty.html: Added.
* LayoutTests/http/wpt/opener/resources/send-message-to-opener.html: Added.
* LayoutTests/http/wpt/opener/resources/send-message-to-top.html: Added.
* LayoutTests/platform/ios-wk2/TestExpectations:
* LayoutTests/platform/mac-wk2/TestExpectations:
* Source/WTF/wtf/PlatformEnableCocoa.h:
* Source/WebCore/bindings/js/JSWindowProxy.cpp:
(WebCore::frameInfo):
(WebCore::hasSameMainFrame):
(WebCore::logCrossTabPropertyAccess):
(WebCore::checkCrossTabWindowProxyUsage):
(WebCore::JSWindowProxy::getOwnPropertySlot):
(WebCore::JSWindowProxy::getOwnPropertySlotByIndex):
(WebCore::JSWindowProxy::put):
(WebCore::JSWindowProxy::putByIndex):
(WebCore::JSWindowProxy::deleteProperty):
(WebCore::JSWindowProxy::deletePropertyByIndex):
(WebCore::JSWindowProxy::defineOwnProperty):
* Source/WebCore/bindings/js/JSWindowProxy.h:
* Source/WebCore/loader/FrameLoaderTypes.h:
* Source/WebCore/loader/LocalFrameLoaderClient.h:
* Source/WebCore/page/LocalFrame.cpp:
(WebCore::LocalFrame::setDocument):
(WebCore::LocalFrame::didAccessWindowProxyPropertyViaOpener):
* Source/WebCore/page/LocalFrame.h:
* Source/WebCore/page/Location.h:
* Source/WebKit/Scripts/webkit/messages.py:
(headers_for_type):
* Source/WebKit/Shared/WebCoreArgumentCoders.serialization.in:
* Source/WebKit/UIProcess/API/Cocoa/WKWebsiteDataStore.mm:
* Source/WebKit/UIProcess/FrameLoadState.cpp:
(WebKit::FrameLoadState::didStartProvisionalLoad):
(WebKit::FrameLoadState::didSuspend):
(WebKit::FrameLoadState::didExplicitOpen):
(WebKit::FrameLoadState::didReceiveServerRedirectForProvisionalLoad):
(WebKit::FrameLoadState::didFailProvisionalLoad):
(WebKit::FrameLoadState::didCommitLoad):
(WebKit::FrameLoadState::didFinishLoad):
(WebKit::FrameLoadState::didSameDocumentNotification):
(WebKit::FrameLoadState::setURL):
* Source/WebKit/UIProcess/FrameLoadState.h:
(WebKit::FrameLoadState::Observer::didReceiveProvisionalURL):
(WebKit::FrameLoadState::Observer::didCancelProvisionalLoad):
(WebKit::FrameLoadState::Observer::didCommitProvisionalLoad):
(WebKit::FrameLoadState::Observer::didFinishLoad):
(WebKit::FrameLoadState::setURL): Deleted.
* Source/WebKit/UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::didCreateMainFrame):
(WebKit::WebPageProxy::didAccessWindowProxyPropertyViaOpenerForFrame):
* Source/WebKit/UIProcess/WebPageProxy.h:
* Source/WebKit/UIProcess/WebPageProxy.messages.in:
* Source/WebKit/UIProcess/WebPageProxyInternals.h:
* Source/WebKit/UIProcess/WebsiteData/WebsiteDataStoreClient.h:
(WebKit::WebsiteDataStoreClient::didAccessWindowProxyProperty):
* Source/WebKit/WebProcess/WebCoreSupport/WebLocalFrameLoaderClient.cpp:
(WebKit::WebLocalFrameLoaderClient::didAccessWindowProxyPropertyViaOpener):
* Source/WebKit/WebProcess/WebCoreSupport/WebLocalFrameLoaderClient.h:
* Tools/MiniBrowser/mac/AppDelegate.m:
(windowProxyPropertyDescription):
(-[BrowserAppDelegate websiteDataStore:domain:didOpenDomainViaWindowOpen:withProperty:directly:]):
* Tools/WebKitTestRunner/InjectedBundle/Bindings/TestRunner.idl:
* Tools/WebKitTestRunner/InjectedBundle/InjectedBundle.cpp:
(WTR::InjectedBundle::didReceiveMessageToPage):
* Tools/WebKitTestRunner/InjectedBundle/TestRunner.cpp:
(WTR::TestRunner::getAndClearReportedWindowProxyAccessDomains):
(WTR::TestRunner::didGetAndClearReportedWindowProxyAccessDomains):
* Tools/WebKitTestRunner/InjectedBundle/TestRunner.h:
* Tools/WebKitTestRunner/TestController.cpp:
(WTR::TestController::getAndClearReportedWindowProxyAccessDomains):
* Tools/WebKitTestRunner/TestController.h:
* Tools/WebKitTestRunner/TestInvocation.cpp:
(WTR::TestInvocation::didReceiveMessageFromInjectedBundle):
* Tools/WebKitTestRunner/cocoa/TestControllerCocoa.mm:
(WTR::TestController::cocoaResetStateToConsistentValues):
(WTR::createWKArray):
(WTR::TestController::getAndClearReportedWindowProxyAccessDomains):
* Tools/WebKitTestRunner/cocoa/TestWebsiteDataStoreDelegate.h:
* Tools/WebKitTestRunner/cocoa/TestWebsiteDataStoreDelegate.mm:
(-[TestWebsiteDataStoreDelegate init]):
(-[TestWebsiteDataStoreDelegate websiteDataStore:domain:didOpenDomainViaWindowOpen:withProperty:directly:]):
(-[TestWebsiteDataStoreDelegate reportedWindowProxyAccessDomains]):
(-[TestWebsiteDataStoreDelegate clearReportedWindowProxyAccessDomains]):

Canonical link: https://commits.webkit.org/271791@main

More information about the webkit-changes mailing list