[webkit-changes] [WebKit/WebKit] 313974: Add support to allow lookalike characters on sanit...

Charlie Wolfe noreply at github.com
Sun Jan 29 16:56:00 PST 2023 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 313974e6d6608538daaf50e5f52e29b55f3c7dc7
      https://github.com/WebKit/WebKit/commit/313974e6d6608538daaf50e5f52e29b55f3c7dc7
  Author: Charlie Wolfe <charliew at apple.com>
  Date:   2023-01-29 (Sun, 29 Jan 2023)

  Changed paths:
    M Source/WebCore/Headers.cmake
    M Source/WebCore/WebCore.xcodeproj/project.pbxproj
    M Source/WebCore/dom/Document.cpp
    M Source/WebCore/page/ChromeClient.h
    A Source/WebCore/page/LookalikeCharactersSanitizationData.h
    M Source/WebCore/page/Page.cpp
    M Source/WebCore/page/Page.h
    M Source/WebKit/Platform/cocoa/NetworkConnectionIntegrityHelpers.h
    M Source/WebKit/Shared/WebPageCreationParameters.cpp
    M Source/WebKit/Shared/WebPageCreationParameters.h
    M Source/WebKit/UIProcess/WebPageProxy.cpp
    M Source/WebKit/UIProcess/WebPageProxy.h
    M Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.cpp
    M Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.h
    M Source/WebKit/WebProcess/WebPage/Cocoa/WebPageCocoa.mm
    M Source/WebKit/WebProcess/WebPage/WebPage.cpp
    M Source/WebKit/WebProcess/WebPage/WebPage.h
    M Source/WebKit/WebProcess/WebPage/WebPage.messages.in

  Log Message:
  -----------
  Add support to allow lookalike characters on sanitization
https://bugs.webkit.org/show_bug.cgi?id=250992
rdar://103329323

Reviewed by Wenson Hsieh.

Add the functionality to allow certain lookalike characters on sanitization when
accessed from bindings. See below for more details.

* Source/WebCore/WebCore.xcodeproj/project.pbxproj:

* Source/WebCore/dom/Document.cpp:
(WebCore::Document::adjustedURL const):
(WebCore::Document::urlForBindings const):

Refactor returning the adjusted URL such that we request the sanitized URL
with the allowed lookalike characters.

* Source/WebCore/page/ChromeClient.h:
(WebCore::ChromeClient::allowedLookalikeCharacters const):

Add a client function to sanitize a given URL.

* Source/WebCore/page/LookalikeCharactersSanitizationData.h: Copied from Source/WebKit/Platform/cocoa/NetworkConnectionIntegrityHelpers.h.
(WebCore::LookalikeCharactersSanitizationData::LookalikeCharactersSanitizationData):
(WebCore::LookalikeCharactersSanitizationData::lookalikeCharacters):
(WebCore::LookalikeCharactersSanitizationData::encode const):
(WebCore::LookalikeCharactersSanitizationData::decode):

Add a struct to hold data used for domain scoped lookalike character sanitization.

* Source/WebCore/page/Page.cpp:
(WebCore::Page::allowedLookalikeCharacters const):
* Source/WebCore/page/Page.h:

Add helper functions on Page to sanitize a given URL.

* Source/WebKit/Shared/WebPageCreationParameters.cpp:
(WebKit::WebPageCreationParameters::encode const):
(WebKit::WebPageCreationParameters::decode):
* Source/WebKit/Shared/WebPageCreationParameters.h:

Add the allowed lookalike character strings to the web page creation parameters. This
is used to retrieve the cached allowed lookalike characters in the UI process.

* Source/WebKit/UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::initializeWebPage):
(WebKit::WebPageProxy::didCommitLoadForFrame):
(WebKit::WebPageProxy::createNewPage):
(WebKit::WebPageProxy::creationParameters):
(WebKit::WebPageProxy::cachedAllowedLookalikeStrings):
(WebKit::WebPageProxy::updateAllowedLookalikeCharacterStringsIfNeeded):
* Source/WebKit/UIProcess/WebPageProxy.h:

Add functionality to update the allowed lookalike characters strings in `didCommitLoadForFrame`.
This previously existed for `cachedLookalikeStrings`, but was changed because the lookalike strings
were populated too late to apply for this first navigation within a web view. Since `allowedLookalikeStrings`
only needs to be populated after a navigation has already occured, we can have the update function in
`didCommitLoadForFrame`.

* Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.cpp:
(WebKit::WebChromeClient::allowedLookalikeCharacters const):
* Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.h:

* Source/WebKit/WebProcess/WebPage/Cocoa/WebPageCocoa.mm:
(WebKit::WebPage::allowedLookalikeCharacters):
* Source/WebKit/WebProcess/WebPage/WebPage.cpp:
(WebKit::m_appHighlightsVisible):
(WebKit::WebPage::setAllowedLookalikeCharacterStrings):

Populate the allowed lookalike character strings hashmap as domain -> lookalikeCharacters.

* Source/WebKit/WebProcess/WebPage/WebPage.h:
(WebKit::WebPage::allowedLookalikeCharacters):
* Source/WebKit/WebProcess/WebPage/WebPage.messages.in:

Canonical link: https://commits.webkit.org/259541@main

More information about the webkit-changes mailing list