[webkit-changes] [WebKit/WebKit] dda2fc: Cherry-pick 259548.465 at safari-7615-branch (cf0b343...
Matthew Finkel
noreply at github.com
Tue May 23 15:07:11 PDT 2023
Branch: refs/heads/webkitglib/2.40
Home: https://github.com/WebKit/WebKit
Commit: dda2fc0dedd730ad63251ad3532762d3ea34bcd0
https://github.com/WebKit/WebKit/commit/dda2fc0dedd730ad63251ad3532762d3ea34bcd0
Author: JC Alvarado <joncarlo at apple.com>
Date: 2023-05-23 (Tue, 23 May 2023)
Changed paths:
A LayoutTests/fast/editing/frame-selection-in-child-view-crash-expected.txt
A LayoutTests/fast/editing/frame-selection-in-child-view-crash.html
M Source/WebCore/platform/ScrollView.cpp
M Tools/TestWebKitAPI/Tests/WebKitCocoa/CSSViewportUnits.mm
Log Message:
-----------
Cherry-pick 259548.465 at safari-7615-branch (cf0b3436ba58). rdar://104064235
Increase max scrollbar update passes
rdar://104064235
Reviewed by Simon Fraser.
Scrollbars are not fully updated in a single layout which
can lead to an additional layout in the scriptDisallowedScope
in FrameView::scrollRectToVisibleInChildView.
* LayoutTests/fast/editing/frame-selection-in-child-view-crash-expected.txt: Added.
* LayoutTests/fast/editing/frame-selection-in-child-view-crash.html: Added.
* Source/WebCore/platform/ScrollView.cpp:
(WebCore::ScrollView::updateScrollbars):
* Tools/TestWebKitAPI/Tests/WebKitCocoa/CSSViewportUnits.mm:
(TEST):
Add scrollbarSize to width in WritingMode tests because we should
expect vertical overflow in these cases. This test would pass prior
to this patch despite the displayed WebView having both a vertical
and horizontal scroll bar.
Canonical link: https://commits.webkit.org/259548.465@safari-7615-branch
Commit: 4b00e71587b24b975c0ec03850b9957d38a4159a
https://github.com/WebKit/WebKit/commit/4b00e71587b24b975c0ec03850b9957d38a4159a
Author: Rob Buis <rbuis at igalia.com>
Date: 2023-05-23 (Tue, 23 May 2023)
Changed paths:
A LayoutTests/fast/multicol/crash-when-constructing-nested-columns2-expected.txt
A LayoutTests/fast/multicol/crash-when-constructing-nested-columns2.html
M Source/WebCore/rendering/updating/RenderTreeBuilderMultiColumn.cpp
Log Message:
-----------
Cherry-pick 260286.15 at webkit-2023.2-embargoed (028f984310b6). https://bugs.webkit.org/show_bug.cgi?id=245374
Fix spanner reset logic
https://bugs.webkit.org/show_bug.cgi?id=245374
Reviewed by Alan Baradlay.
In restoreColumnSpannersForContainer we want to reset the spanners to their original position
and remove the placeholders, however in some cases the attach step will call multiColumnDescendantInserted
and re-insert placeholders. To fix this, prevent calling the spanner processing logic by
multiColumnDescendantInserted by introducing a new flag gRestoringColumnSpannersForContainer.
* LayoutTests/fast/multicol/crash-when-constructing-nested-columns2-expected.txt: Added.
* LayoutTests/fast/multicol/crash-when-constructing-nested-columns2.html: Added.
* Source/WebCore/rendering/updating/RenderTreeBuilderMultiColumn.cpp:
(WebCore::RenderTreeBuilder::MultiColumn::restoreColumnSpannersForContainer):
(WebCore::RenderTreeBuilder::MultiColumn::multiColumnDescendantInserted):
(WebCore::RenderTreeBuilder::MultiColumn::processPossibleSpannerDescendant):
Canonical link: https://commits.webkit.org/260286.15@webkit-2023.2-embargoed
Commit: 09d9962232640246be89b9f4a6cfdc20769413e1
https://github.com/WebKit/WebKit/commit/09d9962232640246be89b9f4a6cfdc20769413e1
Author: Patrick Angle <pangle at apple.com>
Date: 2023-05-23 (Tue, 23 May 2023)
Changed paths:
M LayoutTests/inspector/debugger/async-stack-trace-truncate-expected.txt
M LayoutTests/inspector/debugger/async-stack-trace-truncate.html
M Source/JavaScriptCore/inspector/AsyncStackTrace.cpp
M Source/JavaScriptCore/inspector/ScriptCallStack.cpp
M Source/JavaScriptCore/inspector/ScriptCallStack.h
Log Message:
-----------
Cherry-pick 259548.467 at safari-7615-branch (69eae63cd374). https://bugs.webkit.org/show_bug.cgi?id=254244
Web Inspector: Deeply nested async stack traces are not fully truncated
https://bugs.webkit.org/show_bug.cgi?id=254244
rdar://105900359
Reviewed by Yusuke Suzuki.
As of 252630 at main, ScriptCallStack holds a reference to its parent AsyncStackTrace to enable providing async stack
traces in places where previously the async context was being lost. However when this was added, the truncation
functionality used to ensure that AsyncStackTrace did not create an infinitely nested set of objects did not take the
new reference into account. In practice, we should break that relationship any time we are removing the parent of the
AsyncStackTrace. This allows us to correctly release ownership of AsyncStackTraces as we nest deeper, then preventing us
from recursing during their deconstruction later.
* LayoutTests/inspector/debugger/async-stack-trace-truncate-expected.txt:
* LayoutTests/inspector/debugger/async-stack-trace-truncate.html:
- Add test case that creates a nested set of AsyncStackTrace/ScriptCallStack that will exceed the size of the stack if
not correctly truncated.
* Source/JavaScriptCore/inspector/AsyncStackTrace.cpp:
(Inspector::AsyncStackTrace::remove):
Remove the ScriptCallStack's parent at the same time we remove the AsyncStackTrace's parent.
* Source/JavaScriptCore/inspector/ScriptCallStack.cpp:
(Inspector::ScriptCallStack::removeParentStackTrace):
* Source/JavaScriptCore/inspector/ScriptCallStack.h:
Canonical link: https://commits.webkit.org/259548.467@safari-7615-branch
Commit: 68c5195200d91169b7b6f0e3c1fcdabe7927b040
https://github.com/WebKit/WebKit/commit/68c5195200d91169b7b6f0e3c1fcdabe7927b040
Author: Chirag M Shah <chirag_m_shah at apple.com>
Date: 2023-05-23 (Tue, 23 May 2023)
Changed paths:
A LayoutTests/svg/animations/svg-element-attribute-changed-crash-expected.txt
A LayoutTests/svg/animations/svg-element-attribute-changed-crash.html
M Source/WebCore/svg/properties/SVGAnimatedProperty.cpp
Log Message:
-----------
Cherry-pick 259548.475 at safari-7615-branch (aaa1c998206d). https://bugs.webkit.org/show_bug.cgi?id=254281
Fix heap use-after-free in Update::addSVGRendererUpdate
https://bugs.webkit.org/show_bug.cgi?id=254281
rdar://107052707
Reviewed by Ryosuke Niwa.
Update::addSVGRendererUpdate can end up removing the SVGElement from
m_roots, which can result in SVGElement being deleted when an attribute
change happens. This change prevents that by protecting the SVGElement
using a RefPtr.
* LayoutTests/svg/animations/svg-element-attribute-changed-crash-expected.txt: Added.
* LayoutTests/svg/animations/svg-element-attribute-changed-crash.html: Added.
* Source/WebCore/svg/properties/SVGAnimatedProperty.cpp:
(WebCore::SVGAnimatedProperty::commitPropertyChange):
Canonical link: https://commits.webkit.org/259548.475@safari-7615-branch
Commit: b3a18564f431333959043b094fa9d283846321dc
https://github.com/WebKit/WebKit/commit/b3a18564f431333959043b094fa9d283846321dc
Author: Matthew Finkel <sysrqb at apple.com>
Date: 2023-05-24 (Wed, 24 May 2023)
Changed paths:
M LayoutTests/http/tests/resources/redirect.py
A LayoutTests/http/tests/websocket/tests/hybi/websocket-blocked-sending-cookie-as-third-party-after-redirect-expected.txt
A LayoutTests/http/tests/websocket/tests/hybi/websocket-blocked-sending-cookie-as-third-party-after-redirect.html
A LayoutTests/http/tests/websocket/tests/hybi/websocket-blocked-sending-cookie-as-third-party-after-ws-redirect-expected.txt
A LayoutTests/http/tests/websocket/tests/hybi/websocket-blocked-sending-cookie-as-third-party-after-ws-redirect.html
A LayoutTests/http/tests/websocket/tests/hybi/websocket-blocked-sending-cookie-as-third-party-expected.txt
A LayoutTests/http/tests/websocket/tests/hybi/websocket-blocked-sending-cookie-as-third-party.html
A LayoutTests/http/tests/websocket/tests/hybi/websocket-blocked-sending-cookie-as-third-party_wsh.py
M LayoutTests/platform/mac-wk1/TestExpectations
M Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp
M Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.h
M Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.messages.in
M Source/WebKit/NetworkProcess/NetworkSession.cpp
M Source/WebKit/NetworkProcess/NetworkSession.h
M Source/WebKit/NetworkProcess/NetworkSocketChannel.cpp
M Source/WebKit/NetworkProcess/NetworkSocketChannel.h
M Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.h
M Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm
M Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.h
M Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm
A Source/WebKit/NetworkProcess/cocoa/NetworkTaskCocoa.h
A Source/WebKit/NetworkProcess/cocoa/NetworkTaskCocoa.mm
M Source/WebKit/NetworkProcess/cocoa/WebSocketTaskCocoa.h
M Source/WebKit/NetworkProcess/cocoa/WebSocketTaskCocoa.mm
M Source/WebKit/NetworkProcess/curl/NetworkSessionCurl.cpp
M Source/WebKit/NetworkProcess/curl/NetworkSessionCurl.h
M Source/WebKit/NetworkProcess/soup/NetworkSessionSoup.cpp
M Source/WebKit/NetworkProcess/soup/NetworkSessionSoup.h
M Source/WebKit/SourcesCocoa.txt
M Source/WebKit/WebKit.xcodeproj/project.pbxproj
M Source/WebKit/WebProcess/Network/WebSocketChannel.cpp
M Tools/TestWebKitAPI/Tests/WebKitCocoa/WKHTTPCookieStore.mm
Log Message:
-----------
Cherry-pick 259548.477 at safari-7615-branch (a5d38dc00a5d). https://bugs.webkit.org/show_bug.cgi?id=251835
Apply cookie policy on WebSocket request
https://bugs.webkit.org/show_bug.cgi?id=254220
rdar://106831525
Reviewed by Alex Christensen.
WebKit's cookie policy was not correctly applied in the WebSocket handshake. In
this patch we now use the same logic in WebSocket requests as we already used
in HTTP requests. This policy is applied during HTTP redirects, as well. The
shared logic is moved into a new common base class that is shared by
WebSocketTasks and DataTasks.
Covered by new Layout and API tests.
* LayoutTests/http/tests/resources/redirect.py:
(set_cookie):
* LayoutTests/http/tests/websocket/tests/hybi/websocket-blocked-sending-cookie-as-third-party-after-redirect-expected.txt: Added.
* LayoutTests/http/tests/websocket/tests/hybi/websocket-blocked-sending-cookie-as-third-party-after-redirect.html: Added.
* LayoutTests/http/tests/websocket/tests/hybi/websocket-blocked-sending-cookie-as-third-party-after-ws-redirect-expected.txt: Added.
* LayoutTests/http/tests/websocket/tests/hybi/websocket-blocked-sending-cookie-as-third-party-after-ws-redirect.html: Added.
* LayoutTests/http/tests/websocket/tests/hybi/websocket-blocked-sending-cookie-as-third-party-expected.txt: Added.
* LayoutTests/http/tests/websocket/tests/hybi/websocket-blocked-sending-cookie-as-third-party.html: Added.
* LayoutTests/http/tests/websocket/tests/hybi/websocket-blocked-sending-cookie-as-third-party_wsh.py: Added.
(HeaderCache):
(web_socket_do_extra_handshake):
(web_socket_transfer_data):
* LayoutTests/platform/mac-wk1/TestExpectations:
Add new tests.
* Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp:
(WebKit::NetworkConnectionToWebProcess::createSocketChannel):
* Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.h:
* Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.messages.in:
* Source/WebKit/NetworkProcess/NetworkSession.cpp:
(WebKit::NetworkSession::createWebSocketTask):
* Source/WebKit/NetworkProcess/NetworkSession.h:
* Source/WebKit/NetworkProcess/NetworkSocketChannel.cpp:
(WebKit::NetworkSocketChannel::create):
(WebKit::NetworkSocketChannel::NetworkSocketChannel):
(WebKit::NetworkSocketChannel::session const):
(WebKit::NetworkSocketChannel::session): Deleted.
* Source/WebKit/NetworkProcess/NetworkSocketChannel.h:
Generally, plumb some required information down in to the Network Process for making policy decisions.
* Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.h:
* Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm:
(WebKit::NetworkDataTaskCocoa::applySniffingPoliciesAndBindRequestToInferfaceIfNeeded):
(WebKit::NetworkDataTaskCocoa::updateFirstPartyInfoForSession):
(WebKit::NetworkDataTaskCocoa::NetworkDataTaskCocoa):
(WebKit::NetworkDataTaskCocoa::willPerformHTTPRedirection):
(WebKit::NetworkDataTaskCocoa::task const):
(WebKit::lastRemoteIPAddress): Deleted.
(WebKit::NetworkDataTaskCocoa::statelessCookieStorage): Deleted.
(WebKit::lastCNAMEDomain): Deleted.
(WebKit::NetworkDataTaskCocoa::shouldApplyCookiePolicyForThirdPartyCloaking const): Deleted.
(): Deleted.
(WebKit::shouldCapCookieExpiryForThirdPartyIPAddress): Deleted.
(WebKit::NetworkDataTaskCocoa::applyCookiePolicyForThirdPartyCloaking): Deleted.
(WebKit::NetworkDataTaskCocoa::blockCookies): Deleted.
(WebKit::NetworkDataTaskCocoa::unblockCookies): Deleted.
(WebKit::NetworkDataTaskCocoa::needsFirstPartyCookieBlockingLatchModeQuirk const): Deleted.
(WebKit::updateTaskWithFirstPartyForSameSiteCookies): Deleted.
(WebKit::computeIsAlwaysOnLoggingAllowed): Deleted.
(WebKit::NetworkDataTaskCocoa::isAlwaysOnLoggingAllowed const): Deleted.
These deleted functions are moved into the NetworkTaskCocoa class.
* Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.h:
* Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm:
(-[WKNetworkSessionDelegate URLSession:task:willPerformHTTPRedirection:newRequest:completionHandler:]):
(-[WKNetworkSessionDelegate existingWebSocketTask:]):
(WebKit::NetworkSessionCocoa::continueDidReceiveChallenge):
(WebKit::NetworkSessionCocoa::createWebSocketTask):
* Source/WebKit/NetworkProcess/cocoa/NetworkTaskCocoa.h: Added.
(WebKit::NetworkTaskCocoa::shouldRelaxThirdPartyCookieBlocking const):
(WebKit::NetworkTaskCocoa::isAlwaysOnLoggingAllowed const):
* Source/WebKit/NetworkProcess/cocoa/NetworkTaskCocoa.mm: Added.
(computeIsAlwaysOnLoggingAllowed):
(NetworkTaskCocoa::NetworkTaskCocoa):
(shouldCapCookieExpiryForThirdPartyIPAddress):
(NetworkTaskCocoa::shouldApplyCookiePolicyForThirdPartyCloaking const):
(NetworkTaskCocoa::statelessCookieStorage):
(NetworkTaskCocoa::lastRemoteIPAddress):
(NetworkTaskCocoa::lastCNAMEDomain):
(NetworkTaskCocoa::needsFirstPartyCookieBlockingLatchModeQuirk const):
(NetworkTaskCocoa::applyCookiePolicyForThirdPartyCloaking):
(NetworkTaskCocoa::blockCookies):
(NetworkTaskCocoa::unblockCookies):
(NetworkTaskCocoa::updateTaskWithFirstPartyForSameSiteCookies):
(NetworkTaskCocoa::willPerformHTTPRedirection):
New common base class for NetworkDataTaskCocoa and WebSocketTaskCocoa.
* Source/WebKit/NetworkProcess/cocoa/WebSocketTaskCocoa.h:
(WebKit::WebSocketTask::webProxyPageID const):
(WebKit::WebSocketTask::pageID const): Deleted.
* Source/WebKit/NetworkProcess/cocoa/WebSocketTaskCocoa.mm:
(WebKit::WebSocketTask::WebSocketTask):
(WebKit::WebSocketTask::task const):
(WebKit::WebSocketTask::~WebSocketTask): Deleted.
* Source/WebKit/NetworkProcess/curl/NetworkSessionCurl.cpp:
(WebKit::NetworkSessionCurl::createWebSocketTask):
* Source/WebKit/NetworkProcess/curl/NetworkSessionCurl.h:
* Source/WebKit/NetworkProcess/soup/NetworkSessionSoup.cpp:
(WebKit::NetworkSessionSoup::createWebSocketTask):
* Source/WebKit/NetworkProcess/soup/NetworkSessionSoup.h:
* Source/WebKit/SourcesCocoa.txt:
* Source/WebKit/WebKit.xcodeproj/project.pbxproj:
* Source/WebKit/WebProcess/Network/WebSocketChannel.cpp:
(WebKit::WebSocketChannel::connect):
* Tools/TestWebKitAPI/Tests/WebKitCocoa/WKHTTPCookieStore.mm:
(TEST):
Canonical link: https://commits.webkit.org/259548.477@safari-7615-branch
Compare: https://github.com/WebKit/WebKit/compare/cbdc482f614b...b3a18564f431
More information about the webkit-changes
mailing list