[webkit-changes] [WebKit/WebKit] 9b41fc: Validate URL strings in notificationPermissions() ...
Brady Eidson
noreply at github.com
Mon Jun 12 17:02:56 PDT 2023
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 9b41fc1d28820ad02376e962deb315ffd46e5ecf
https://github.com/WebKit/WebKit/commit/9b41fc1d28820ad02376e962deb315ffd46e5ecf
Author: Brady Eidson <beidson at apple.com>
Date: 2023-06-12 (Mon, 12 Jun 2023)
Changed paths:
M Source/WebKit/UIProcess/API/Cocoa/WKWebsiteDataStore.mm
M Tools/TestWebKitAPI/Tests/WebKitCocoa/PushAPI.mm
Log Message:
-----------
Validate URL strings in notificationPermissions() callback
https://bugs.webkit.org/show_bug.cgi?id=257987
rdar://110594888
Reviewed by Brent Fulgham and Sihui Liu.
The idea here is the client passes back URL strings.
Which - we'd expect - can parse into a URL and therefore into a security origin.
We've seen clients pass back keys that don't meet these criteria.
In the mean time - while tracking those cases down - let's make WebKit validate the input.
* Source/WebKit/UIProcess/API/Cocoa/WKWebsiteDataStore.mm:
* Tools/TestWebKitAPI/Tests/WebKitCocoa/PushAPI.mm:
Canonical link: https://commits.webkit.org/265092@main
More information about the webkit-changes
mailing list