[webkit-changes] [WebKit/WebKit] 391c01: Begin hardening NSAttributedString deserialization

Alex Christensen noreply at github.com
Mon Mar 27 20:39:24 PDT 2023 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 391c01e102feba390f1bef16336ae485ab4022bf
      https://github.com/WebKit/WebKit/commit/391c01e102feba390f1bef16336ae485ab4022bf
  Author: Alex Christensen <achristensen at apple.com>
  Date:   2023-03-27 (Mon, 27 Mar 2023)

  Changed paths:
    M Source/WebCore/SourcesCocoa.txt
    M Source/WebCore/WebCore.xcodeproj/project.pbxproj
    M Source/WebCore/editing/cocoa/AttributedString.h
    A Source/WebCore/editing/cocoa/AttributedString.mm
    M Source/WebCore/editing/cocoa/EditorCocoa.mm
    M Source/WebCore/editing/cocoa/HTMLConverter.mm
    M Source/WebCore/editing/mac/EditorMac.mm
    A Source/WebCore/platform/ios/UIFoundationSoftLink.h
    A Source/WebCore/platform/ios/UIFoundationSoftLink.mm
    M Source/WebKit/Shared/Cocoa/ArgumentCodersCocoa.mm
    M Source/WebKit/Shared/Cocoa/WebCoreArgumentCodersCocoa.serialization.in
    M Source/WebKit/Shared/DocumentEditingContext.mm
    M Source/WebKit/UIProcess/API/Cocoa/WKWebView.mm
    M Source/WebKit/UIProcess/Cocoa/TextCheckingController.mm
    M Source/WebKit/UIProcess/mac/WebViewImpl.mm
    M Source/WebKit/WebProcess/WebPage/Cocoa/TextCheckingControllerProxy.mm
    M Source/WebKit/WebProcess/WebPage/Cocoa/WebPageCocoa.mm
    M Source/WebKit/WebProcess/WebPage/ios/WebPageIOS.mm
    M Source/WebKit/WebProcess/WebPage/mac/WebPageMac.mm
    M Source/WebKitLegacy/mac/WebCoreSupport/WebSelectionServiceController.mm
    M Source/WebKitLegacy/mac/WebView/WebHTMLRepresentation.mm
    M Source/WebKitLegacy/mac/WebView/WebHTMLView.mm
    M Source/WebKitLegacy/mac/WebView/WebImmediateActionController.mm
    M Tools/TestWebKitAPI/Tests/WebKitCocoa/WKWebViewGetContents.mm

  Log Message:
  -----------
  Begin hardening NSAttributedString deserialization
https://bugs.webkit.org/show_bug.cgi?id=254250
rdar://107033670

Reviewed by Tim Hatcher.

We get NSAttributedStrings in the web process to send to the UI process from two
different places: WKPDFLayerControllerDelegate and HTMLConverter.  After manually
looking through the code that generates those attributes, I created a structure
that more closely reflects the possible values that we might want to decode,
with more hardening possible in the future to harden the deserialization of each
value type.

A previous version of this PR broke the Catalyst build and returned an empty
NSAttributedString and NSDictionary instead of nil after serialization.  This
version fixes both issues.

* Source/WebCore/SourcesCocoa.txt:
* Source/WebCore/WebCore.xcodeproj/project.pbxproj:
* Source/WebCore/editing/cocoa/AttributedString.h:
* Source/WebCore/editing/cocoa/AttributedString.mm: Added.
(WebCore::AttributedString::rangesAreSafe):
(WebCore::toNSObject):
(WebCore::toNSDictionary):
(WebCore::AttributedString::documentAttributesAsNSDictionary const):
(WebCore::AttributedString::nsAttributedString const):
(WebCore::extractValue):
(WebCore::extractDictionary):
(WebCore::AttributedString::fromNSAttributedString):
(WebCore::AttributedString::fromNSAttributedStringAndDocumentAttributes):
* Source/WebCore/editing/cocoa/EditorCocoa.mm:
(WebCore::selectionAsAttributedString):
* Source/WebCore/editing/cocoa/HTMLConverter.mm:
(HTMLConverter::convert):
(WebCore::editingAttributedString):
* Source/WebCore/editing/mac/EditorMac.mm:
(WebCore::Editor::dataSelectionForPasteboard):
* Source/WebKit/Shared/Cocoa/ArgumentCodersCocoa.mm:
(IPC::decodeSecureCodingInternal):
* Source/WebKit/Shared/Cocoa/WebCoreArgumentCodersCocoa.serialization.in:
* Source/WebKit/Shared/DocumentEditingContext.mm:
(WebKit::DocumentEditingContext::toPlatformContext):
* Source/WebKit/UIProcess/API/Cocoa/WKWebView.mm:
(-[WKWebView _getContentsAsAttributedStringWithCompletionHandler:]):
* Source/WebKit/UIProcess/Cocoa/TextCheckingController.mm:
(WebKit::TextCheckingController::replaceRelativeToSelection):
* Source/WebKit/UIProcess/mac/WebViewImpl.mm:
(WebKit::WebViewImpl::attributedSubstringForProposedRange):
* Source/WebKit/WebProcess/WebPage/Cocoa/TextCheckingControllerProxy.mm:
(WebKit::TextCheckingControllerProxy::replaceRelativeToSelection):
(WebKit::TextCheckingControllerProxy::annotatedSubstringBetweenPositions):
* Source/WebKit/WebProcess/WebPage/Cocoa/WebPageCocoa.mm:
(WebKit::WebPage::dictionaryPopupInfoForRange):
* Source/WebKit/WebProcess/WebPage/ios/WebPageIOS.mm:
(WebKit::WebPage::requestDocumentEditingContext):
* Source/WebKit/WebProcess/WebPage/mac/WebPageMac.mm:
(WebKit::WebPage::attributedSubstringForCharacterRangeAsync):
(WebKit::WebPage::handleSelectionServiceClick):
* Source/WebKitLegacy/mac/WebCoreSupport/WebSelectionServiceController.mm:
(WebSelectionServiceController::handleSelectionServiceClick):
* Source/WebKitLegacy/mac/WebView/WebHTMLRepresentation.mm:
(-[WebHTMLRepresentation attributedStringFrom:startOffset:to:endOffset:]):
* Source/WebKitLegacy/mac/WebView/WebHTMLView.mm:
(-[WebHTMLView attributedSubstringFromRange:]):
(-[WebHTMLView _legacyAttributedStringFrom:offset:to:offset:]):
(-[WebHTMLView attributedString]):
(-[WebHTMLView selectedAttributedString]):
* Source/WebKitLegacy/mac/WebView/WebImmediateActionController.mm:
(+[WebImmediateActionController _dictionaryPopupInfoForRange:inFrame:withLookupOptions:indicatorOptions:transition:]):

Canonical link: https://commits.webkit.org/262192@main

More information about the webkit-changes mailing list