[webkit-changes] [WebKit/WebKit] 9cee47: Lookalike string sanitization should apply consist...

Thu Jan 12 14:02:25 PST 2023

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 9cee478a2d1e86c873adf8d67ef4d960333fd0fc
      https://github.com/WebKit/WebKit/commit/9cee478a2d1e86c873adf8d67ef4d960333fd0fc
  Author: Wenson Hsieh <wenson_hsieh at apple.com>
  Date:   2023-01-12 (Thu, 12 Jan 2023)

  Changed paths:
    M Source/WebKit/NetworkProcess/NetworkProcess.cpp
    M Source/WebKit/NetworkProcess/NetworkProcess.h
    M Source/WebKit/NetworkProcess/NetworkProcess.messages.in
    R Source/WebKit/NetworkProcess/cocoa/NetworkConnectionIntegrityHelpers.h
    R Source/WebKit/NetworkProcess/cocoa/NetworkConnectionIntegrityHelpers.mm
    A Source/WebKit/Platform/cocoa/NetworkConnectionIntegrityHelpers.h
    A Source/WebKit/Platform/cocoa/NetworkConnectionIntegrityHelpers.mm
    M Source/WebKit/SourcesCocoa.txt
    M Source/WebKit/UIProcess/API/Cocoa/WKWebViewPrivateForTesting.h
    M Source/WebKit/UIProcess/API/Cocoa/WKWebViewTesting.mm
    M Source/WebKit/UIProcess/Cocoa/WebPageProxyCocoa.mm
    M Source/WebKit/UIProcess/Network/NetworkProcessProxy.cpp
    M Source/WebKit/UIProcess/Network/NetworkProcessProxy.h
    M Source/WebKit/UIProcess/WebFramePolicyListenerProxy.cpp
    M Source/WebKit/UIProcess/WebFramePolicyListenerProxy.h
    M Source/WebKit/UIProcess/WebFrameProxy.cpp
    M Source/WebKit/UIProcess/WebFrameProxy.h
    M Source/WebKit/UIProcess/WebPageProxy.cpp
    M Source/WebKit/UIProcess/WebPageProxy.h
    M Source/WebKit/WebKit.xcodeproj/project.pbxproj

  Log Message:
  -----------
  Lookalike string sanitization should apply consistently during the first navigation in a web view
https://bugs.webkit.org/show_bug.cgi?id=250496
rdar://103568418

Reviewed by Alex Christensen.

Refactor lookalike string sanitization code, such that it applies to the first navigation triggered
in WKWebView. To achieve this, we adopt a similar approach as the one taken by both safe browsing
and app-bound domains, by gating the initial navigation policy decisions (before any lookalike
strings are cached in the UI process) on receiving data over XPC from the associated system service,
that have previously been downloaded and cached on device.

See below for more details.

* Source/WebKit/NetworkProcess/NetworkProcess.cpp:
(WebKit::NetworkProcess::requestLookalikeCharacterStrings): Deleted.
* Source/WebKit/NetworkProcess/NetworkProcess.h:
* Source/WebKit/NetworkProcess/NetworkProcess.messages.in:

Remove support for requesting lookalike character strings from the network process; this is no
longer necessary, as we can now request the data directly in the UI process.

* Source/WebKit/Platform/cocoa/NetworkConnectionIntegrityHelpers.h: Renamed from Source/WebKit/NetworkProcess/cocoa/NetworkConnectionIntegrityHelpers.h.
* Source/WebKit/Platform/cocoa/NetworkConnectionIntegrityHelpers.mm: Renamed from Source/WebKit/NetworkProcess/cocoa/NetworkConnectionIntegrityHelpers.mm.

Move this file from `Source/WebKit/NetworkProcess` to `Source/WebKit/Platform`, since the UI process
now uses one of the helper functions in this file (`requestLookalikeCharacterStrings`).

* Source/WebKit/SourcesCocoa.txt:
* Source/WebKit/UIProcess/API/Cocoa/WKWebViewPrivateForTesting.h:
* Source/WebKit/UIProcess/API/Cocoa/WKWebViewTesting.mm:
(+[WKWebView _setLookalikeCharacterStringsForTesting:]): Deleted.

Remove this testing-only SPI, since we can simply swizzle out the related platform APIs, which are
now invoked in the UI process.

* Source/WebKit/UIProcess/Cocoa/WebPageProxyCocoa.mm:
* Source/WebKit/UIProcess/Network/NetworkProcessProxy.cpp:
(WebKit::NetworkProcessProxy::requestLookalikeCharacterStrings): Deleted.
* Source/WebKit/UIProcess/Network/NetworkProcessProxy.h:

Remove this helper method and IPC message between the UI and network processes (see above).

* Source/WebKit/UIProcess/WebFramePolicyListenerProxy.cpp:
(WebKit::WebFramePolicyListenerProxy::WebFramePolicyListenerProxy):
(WebKit::WebFramePolicyListenerProxy::didReceiveAppBoundDomainResult):
(WebKit::WebFramePolicyListenerProxy::didReceiveSafeBrowsingResults):

Adjust these to also check for the new `m_doneWaitingForLookalikeCharacterStrings` flag.

(WebKit::WebFramePolicyListenerProxy::didReceiveInitialLookalikeCharacterStrings):

Add a new method (similar to the other `didReceive*` methods above), which is called when we're done
waiting for the initial set of cached lookalike character strings.

When this method is invoked, we'll either set `m_doneWaitingForLookalikeCharacterStrings` and
continue waiting for any of the other pending tasks to complete, or (if receiving cached lookalike
strings was the last task to finish), we'll invoke the `m_reply` handler.

(WebKit::WebFramePolicyListenerProxy::use):
* Source/WebKit/UIProcess/WebFramePolicyListenerProxy.h:

Add `m_doneWaitingForLookalikeCharacterStrings` (see above for more details).

(WebKit::WebFramePolicyListenerProxy::create):
* Source/WebKit/UIProcess/WebFrameProxy.cpp:
(WebKit::WebFrameProxy::setUpPolicyListenerProxy):

Wait for the initial set of cached lookalike character strings by passing in
`ShouldWaitForInitialLookalikeCharacterStrings::Yes`, only if we have no cached strings.

Also rename `m_shouldUpdateLookalikeCharacterStrings` to `m_needsInitialLookalikeCharacterStrings`
and adjust the way it works. It's set when we first initialize the web page, but only if we didn't
have cached lookalike character strings at the time of web page initialization; when performing the
navigation policy decision, we'll then either send the cached strings (if present), or we'll wait
for the cached strings to arrive, and then send them.

* Source/WebKit/UIProcess/WebFrameProxy.h:
* Source/WebKit/UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::initializeWebPage):
(WebKit::WebPageProxy::didCommitLoadForFrame):

Delete logic that was previously attempting to request these strings from the network process at
load commit time, and send them to the web process.

(WebKit::WebPageProxy::decidePolicyForNavigationAction):

Pass in `ShouldWaitForInitialLookalikeCharacterStrings::Yes` if cached lookalike character strings
aren't already present, and send them to the web page if needed.

(WebKit::WebPageProxy::decidePolicyForNewWindowAction):
(WebKit::WebPageProxy::decidePolicyForResponseShared):

Default to `ShouldWaitForInitialLookalikeCharacterStrings::No` for these, since we should already
have cached strings after the navigation action decision above.

(WebKit::WebPageProxy::createNewPage):
(WebKit::WebPageProxy::sendCachedLookalikeCharacterStrings):

Add a helper method to propagate cached lookalike character strings to the web process.

(WebKit::WebPageProxy::waitForInitialLookalikeCharacterStrings):

Add a helper method to request lookalike character strings, cache them, and inform the listener
afterwards.

(WebKit::WebPageProxy::updateLookalikeCharacterStringsIfNeeded): Deleted.
* Source/WebKit/UIProcess/WebPageProxy.h:
* Source/WebKit/WebKit.xcodeproj/project.pbxproj:

Move some WebKit utility files from `Source/WebKit/NetworkProcess` to `Source/WebKit/Platform`.

Canonical link: https://commits.webkit.org/258851@main