[webkit-changes] [WebKit/WebKit] cf8519: Main frame PDFs served with CSP sandbox header do ...

Abrar Rahman Protyasha noreply at github.com
Wed Dec 18 18:07:07 PST 2024 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: cf8519d4c46735412bfd7e9b52b8208810c6d3be
      https://github.com/WebKit/WebKit/commit/cf8519d4c46735412bfd7e9b52b8208810c6d3be
  Author: Abrar Rahman Protyasha <a_protyasha at apple.com>
  Date:   2024-12-18 (Wed, 18 Dec 2024)

  Changed paths:
    M Source/WebCore/html/HTMLPlugInImageElement.h
    M Source/WebCore/loader/SubframeLoader.cpp
    M Source/WebCore/loader/SubframeLoader.h
    M Tools/TestWebKitAPI/SourcesCocoa.txt
    M Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj
    M Tools/TestWebKitAPI/Tests/WebKit/WKThumbnailView.mm
    M Tools/TestWebKitAPI/Tests/WebKitCocoa/ContentSecurityPolicy.mm
    A Tools/TestWebKitAPI/Tests/WebKitCocoa/ContentSecurityPolicyTestHelpers.h
    A Tools/TestWebKitAPI/Tests/WebKitCocoa/ContentSecurityPolicyTestHelpers.mm
    M Tools/TestWebKitAPI/Tests/WebKitCocoa/CookieAcceptPolicy.mm
    M Tools/TestWebKitAPI/Tests/WebKitCocoa/DocumentEditingContext.mm
    M Tools/TestWebKitAPI/Tests/WebKitCocoa/EditorStateTests.mm
    M Tools/TestWebKitAPI/Tests/WebKitCocoa/ElementTargetingTests.mm
    M Tools/TestWebKitAPI/Tests/WebKitCocoa/FileSystemAccess.mm
    M Tools/TestWebKitAPI/Tests/WebKitCocoa/IndexedDBSuspendImminently.mm
    M Tools/TestWebKitAPI/Tests/WebKitCocoa/NavigationAction.mm
    M Tools/TestWebKitAPI/Tests/WebKitCocoa/RestoreLocalStorage.mm
    M Tools/TestWebKitAPI/Tests/WebKitCocoa/RestoreSessionStorage.mm
    M Tools/TestWebKitAPI/Tests/WebKitCocoa/SystemPreview.mm
    M Tools/TestWebKitAPI/Tests/WebKitCocoa/TextWidth.mm
    M Tools/TestWebKitAPI/Tests/WebKitCocoa/UnifiedPDFTests.mm
    M Tools/TestWebKitAPI/Tests/ios/KeyboardInputTestsIOS.mm
    M Tools/TestWebKitAPI/Tests/mac/WKWebViewMacEditingTests.mm
    M Tools/TestWebKitAPI/cocoa/CGImagePixelReader.cpp
    M Tools/TestWebKitAPI/cocoa/CGImagePixelReader.h
    M Tools/TestWebKitAPI/cocoa/HTTPServer.h
    M Tools/TestWebKitAPI/cocoa/TestWKWebView.h
    M Tools/TestWebKitAPI/cocoa/TestWKWebView.mm

  Log Message:
  -----------
  Main frame PDFs served with CSP sandbox header do not load
https://bugs.webkit.org/show_bug.cgi?id=284594
rdar://141166987

Reviewed by Wenson Hsieh.

The PDF plugin is an internal WebKit implementation detail, and thus
should not be subjected to the CSP sandbox. This patch makes sure we
bypass the sandbox in SubframeLoader::pluginIsLoadable(). Note that we
only do so for main frame PDFs. The embedded PDF case's behavior is
directed by https://github.com/whatwg/html/issues/3958, and the WPT
`html/semantics/embedded-content/the-iframe-element/sandbox_004.htm`.

Also, add two new API tests that assert correct loading behavior. The
latter enables UnifiedPDFPlugin while the former tests legacy PDF
plugin.

- ContentSecurityPolicy.LoadPDFWithSandboxCSPDirective
- UnifiedPDF.LoadPDFWithSandboxCSPDirective

The rest of the change involves adding new test helpers to facilitate
the API tests, TestWKWebView interface to sample colors (which, by the
way, should be adopted by many tests), and the fallout unified source
build fixes required for a clean build.

* Source/WebCore/html/HTMLPlugInImageElement.h:
* Source/WebCore/loader/SubframeLoader.cpp:
(WebCore::FrameLoader::SubframeLoader::pluginIsLoadable const):
(WebCore::FrameLoader::SubframeLoader::requestPlugin):
(WebCore::FrameLoader::SubframeLoader::pluginIsLoadable): Deleted.
* Source/WebCore/loader/SubframeLoader.h:
* Tools/TestWebKitAPI/SourcesCocoa.txt:
* Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
* Tools/TestWebKitAPI/Tests/WebKit/WKThumbnailView.mm:
* Tools/TestWebKitAPI/Tests/WebKitCocoa/ContentSecurityPolicy.mm:
(TEST(ContentSecurityPolicy, LoadPDFWithSandboxCSPDirective)):
* Tools/TestWebKitAPI/Tests/WebKitCocoa/ContentSecurityPolicyTestHelpers.h: Copied from Tools/TestWebKitAPI/cocoa/CGImagePixelReader.h.
* Tools/TestWebKitAPI/Tests/WebKitCocoa/ContentSecurityPolicyTestHelpers.mm: Copied from Tools/TestWebKitAPI/cocoa/CGImagePixelReader.h.
(TestWebKitAPI::runLoadPDFWithSandboxCSPDirectiveTest):
* Tools/TestWebKitAPI/Tests/WebKitCocoa/CookieAcceptPolicy.mm:

* Tools/TestWebKitAPI/Tests/WebKitCocoa/DocumentEditingContext.mm:
(applyStyle): Deleted.
(applyAhemStyle): Deleted.
* Tools/TestWebKitAPI/Tests/WebKitCocoa/EditorStateTests.mm:
(): Deleted.
(TestWebKitAPI::applyAhemStyle): Deleted.

Fix ODR violation by pushing applyAhemStyle into specific namespaces.

* Tools/TestWebKitAPI/Tests/WebKitCocoa/ElementTargetingTests.mm:
* Tools/TestWebKitAPI/Tests/WebKitCocoa/NavigationAction.mm:
* Tools/TestWebKitAPI/Tests/WebKitCocoa/SiteIsolation.mm:
* Tools/TestWebKitAPI/Tests/WebKitCocoa/TextWidth.mm:
* Tools/TestWebKitAPI/Tests/WebKitCocoa/UnifiedPDFTests.mm:
(TestWebKitAPI::UNIFIED_PDF_TEST):
(TestWebKitAPI::sampleColorsInWebView): Deleted.
* Tools/TestWebKitAPI/Tests/ios/KeyboardInputTestsIOS.mm:
* Tools/TestWebKitAPI/Tests/mac/WKWebViewMacEditingTests.mm:
* Tools/TestWebKitAPI/cocoa/CGImagePixelReader.cpp:
* Tools/TestWebKitAPI/cocoa/CGImagePixelReader.h:
* Tools/TestWebKitAPI/cocoa/HTTPServer.h:
(TestWebKitAPI::HTTPResponse::HTTPResponse):
* Tools/TestWebKitAPI/cocoa/TestWKWebView.h:
* Tools/TestWebKitAPI/cocoa/TestWKWebView.mm:
(-[TestWKWebView sampleColors]):
(-[TestWKWebView sampleColorsWithInterval:]):

Canonical link: https://commits.webkit.org/288060@main



To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications

More information about the webkit-changes mailing list