[webkit-changes] [WebKit/WebKit] d08492: Web Inspector: WebKit-internal JSContexts should n...

Patrick Angle noreply at github.com
Wed Jan 18 18:32:04 PST 2023 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: d08492cc7b9e0114af0a6aac4606f75864d5e763
      https://github.com/WebKit/WebKit/commit/d08492cc7b9e0114af0a6aac4606f75864d5e763
  Author: Patrick Angle <pangle at apple.com>
  Date:   2023-01-18 (Wed, 18 Jan 2023)

  Changed paths:
    M Source/JavaScriptCore/API/JSRemoteInspector.cpp
    M Source/JavaScriptCore/API/JSRemoteInspector.h
    M Source/JavaScriptCore/inspector/JSGlobalObjectInspectorController.cpp
    M Source/JavaScriptCore/inspector/remote/RemoteInspectionTarget.cpp
    M Source/JavaScriptCore/inspector/remote/RemoteInspectionTarget.h
    M Source/JavaScriptCore/inspector/remote/cocoa/RemoteInspectorCocoa.mm
    M Source/JavaScriptCore/inspector/remote/glib/RemoteInspectorGlib.cpp
    M Source/JavaScriptCore/inspector/remote/socket/RemoteInspectorSocket.cpp
    M Source/WebCore/bindings/js/JSDOMGlobalObject.cpp
    M Source/WebKit/UIProcess/API/Cocoa/APISerializedScriptValueCocoa.mm

  Log Message:
  -----------
  Web Inspector: WebKit-internal JSContexts should not be inspectable, even if internal policies would override `inspectable`
https://bugs.webkit.org/show_bug.cgi?id=250633
rdar://103312497

Reviewed by Saam Barati.

Relanding with availability annotation fix. Originally review in github.com/WebKit/WebKit/pull/8666.

On configurations where `inspectable` can be overriden, there are still some WebKit-internal contexts that should not be
inspectable. The first are JSDOMGlobalObjects, which are already inspectable via the WKWebView they exist for by using
the context picker in Web Inspector, making these JSContexts redundant and noisy. The second case is
APISerializedScriptValueCocoa which creates JSContexts to help serialize values to/from JS/Cocoa.

This problem did not exist before the introduction of the `inspectable` API because the default state of `inspectable`
was false, which would not be overriden because the decision by the platform as to whether an application was inspectable
occurred in a system daemon, which would not override the per-context `inspectable` setting. When unifying the decision
logic for what is inspectable into JSC/WebKit, this use case was initially overlooked as the only platform that implements
an internal policy for inspection doesn't have any symptoms of this that a user could observe due to the specific policy.
However, in use for those working on machines where this policy is applied, the noise of so many JSContexts is making it
difficult to sort through usefully inspectable contexts in Safari's Develop menu.

This patch also fixes a minor bug where `inspectable` would return `true` for JSContexts and WKWebViews, even if
inspection was disabled, when an internal policy is overriding inspection.

* Source/JavaScriptCore/API/JSRemoteInspector.cpp:
(JSRemoteInspectorGetInspectionFollowsInternalPolicies):
(JSRemoteInspectorSetInspectionFollowsInternalPolicies):
* Source/JavaScriptCore/API/JSRemoteInspector.h:
- Add methods to set and get the new "followsInternalPolicies" state to be applied to new contexts as well as those that
change their `inspectable` setting.

* Source/JavaScriptCore/inspector/JSGlobalObjectInspectorController.cpp:
(Inspector::JSGlobalObjectInspectorController::developerExtrasEnabled const):
* Source/JavaScriptCore/inspector/remote/cocoa/RemoteInspectorCocoa.mm:
(Inspector::RemoteInspector::listingForInspectionTarget const):
* Source/JavaScriptCore/inspector/remote/glib/RemoteInspectorGlib.cpp:
(Inspector::RemoteInspector::listingForInspectionTarget const):
* Source/JavaScriptCore/inspector/remote/socket/RemoteInspectorSocket.cpp:
(Inspector::RemoteInspector::listingForInspectionTarget const):
- Use new `allowsInspectionByPolicy` which takes into account internal policies.

* Source/JavaScriptCore/inspector/remote/RemoteInspectionTarget.cpp:
(Inspector::RemoteInspectionTarget::remoteControlAllowed const):
(Inspector::RemoteInspectionTarget::allowsInspectionByPolicy const):
(Inspector::RemoteInspectionTarget::inspectable const):
(Inspector::RemoteInspectionTarget::setInspectable):
(Inspector::RemoteInspectionTarget::pauseWaitingForAutomaticInspection):
* Source/JavaScriptCore/inspector/remote/RemoteInspectionTarget.h:
- Use the new `followsInternalPolicies` state to keep track of when a target should be exempt from internal policies for
contexts that never make sense to be inspectable.
- Introduce `allowsInspectionByPolicy` which takes into account internal policy when determining the inspectability of
a target. Previously this was baked into `inspectable`, but that inadvertently leaks the internal policy implementation
detail to clients of JSContext and WKWebView.

* Source/WebCore/bindings/js/JSDOMGlobalObject.cpp:
(WebCore::JSDOMGlobalObject::finishCreation):
* Source/WebKit/UIProcess/API/Cocoa/APISerializedScriptValueCocoa.mm:
(API::SharedJSContext::ensureContext):
- Adopt new methods to mark the contexts created here as never inspectable since they do not expose any useful information.

Canonical link: https://commits.webkit.org/259064@main

More information about the webkit-changes mailing list