[webkit-changes] [WebKit/WebKit] 381712: browser.scripting.executeScript doesn't handle all...

kiaraarose noreply at github.com
Tue Jan 9 20:16:30 PST 2024


  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 38171256d2490d68d09297e3aa7afe34d1ae75d4
      https://github.com/WebKit/WebKit/commit/38171256d2490d68d09297e3aa7afe34d1ae75d4
  Author: Kiara Rose <kiara_rose at apple.com>
  Date:   2024-01-09 (Tue, 09 Jan 2024)

  Changed paths:
    M Source/WebKit/Shared/Extensions/WebExtensionDynamicScripts.serialization.in
    M Source/WebKit/Shared/Extensions/WebExtensionScriptInjectionParameters.h
    M Source/WebKit/UIProcess/Extensions/Cocoa/WebExtensionDynamicScriptsCocoa.mm
    M Source/WebKit/WebProcess/Extensions/API/Cocoa/WebExtensionAPIScriptingCocoa.mm
    M Source/WebKit/WebProcess/Extensions/API/WebExtensionAPIScripting.h
    M Source/WebKit/WebProcess/Extensions/Bindings/Cocoa/JSWebExtensionWrapperCocoa.mm
    M Tools/TestWebKitAPI/Tests/WebKitCocoa/WKWebExtensionAPIScripting.mm

  Log Message:
  -----------
  browser.scripting.executeScript doesn't handle all valid argument types
https://bugs.webkit.org/show_bug.cgi?id=267289
rdar://120727491

Reviewed by Timothy Hatcher.

We are incorrectly assuming all argument types passed into the 'args' (or 'arguments') property for
a calling to scripting.executeScript() will be a type String. However, that is incorrect since the
property types can be all JSON serializable values.

To fix this, we should check to see if the arguments passed are a valid JSON serializable objects
and then encode the data before passing it off to the UI Process.

* Source/WebKit/Shared/Extensions/WebExtensionDynamicScripts.serialization.in:
* Source/WebKit/Shared/Extensions/WebExtensionScriptInjectionParameters.h:
* Source/WebKit/UIProcess/Extensions/Cocoa/WebExtensionDynamicScriptsCocoa.mm:
(WebKit::WebExtensionDynamicScripts::executeScript):
* Source/WebKit/WebProcess/Extensions/API/Cocoa/WebExtensionAPIScriptingCocoa.mm:
(WebKit::WebExtensionAPIScripting::executeScript):
(WebKit::WebExtensionAPIScripting::validateScript):
We shouldn't be using NSObject anymore for expected value types since everything would return true.
Instead, verify that the top-level is an array and use isValidJSONObject to validate the contents.

(WebKit::WebExtensionAPIScripting::parseScriptInjectionOptions):
* Source/WebKit/WebProcess/Extensions/API/WebExtensionAPIScripting.h:

* Source/WebKit/WebProcess/Extensions/Bindings/Cocoa/JSWebExtensionWrapperCocoa.mm:
(WebKit::toNSObject):
Update method to iterate through the array and convert each element to a JSValue. Similar to what
we do in toNSDictionary(). Without this, element types like functions would be converted to an empty
NSDictionary and not a JSValue.

* Tools/TestWebKitAPI/Tests/WebKitCocoa/WKWebExtensionAPIScripting.mm:
(TestWebKitAPI::TEST):
Add new test to check that functions passed as arguments throw an error.
Add new tests that verify supported argument types.

Canonical link: https://commits.webkit.org/272836@main




More information about the webkit-changes mailing list