[webkit-changes] [WebKit/WebKit] e089b6: Cherry-pick 272093 at main (1bfda19669ab). https://bu...

Karl Dubost noreply at github.com
Thu Jan 25 04:09:18 PST 2024 

  Branch: refs/heads/webkitglib/2.42
  Home:   https://github.com/WebKit/WebKit
  Commit: e089b654e521f916af133d22775050e0b1b1dc84
      https://github.com/WebKit/WebKit/commit/e089b654e521f916af133d22775050e0b1b1dc84
  Author: Wenson Hsieh <wenson_hsieh at apple.com>
  Date:   2024-01-25 (Thu, 25 Jan 2024)

  Changed paths:
    M Source/WebCore/page/Quirks.cpp

  Log Message:
  -----------
  Cherry-pick 272093 at main (1bfda19669ab). https://bugs.webkit.org/show_bug.cgi?id=266380

    Mitigate crashes under Quirks::advancedPrivacyProtectionSubstituteDataURLForScriptWithFeatures()
    https://bugs.webkit.org/show_bug.cgi?id=266380
    rdar://118479646

    Reviewed by Yusuke Suzuki.

    Even after the mitigations in 269984 at main, we're still sometimes crashing when attempting to
    determine whether or not we should apply hard-coded canvas fingerprinting mitigations when advanced
    privacy protections are enabled. From discussing with JSC folks, this seems to be due to the way in
    which we're currently trying to walk the stack by traversing `callerFrame()`s:

    ```
    while (!codeBlock) {
        callFrame = callFrame->callerFrame();
        if (!callFrame)
            break;
        codeBlock = callFrame->codeBlock();
    }
    ```

    Instead of implementing it this way, the JSC team recommended using `StackVisitor::visit` instead to
    walk the stack, which is the de-facto mechanism used to perform similar stack traversals elsewhere
    in the codebase. In addition, I'm also rearranging this check, so that we only ever attempt this
    relatively more expensive stack walk in the case where the `lastDrawnText`, `canvasWidth` and
    `canvasHeight` all match their expected values for the quirk.

    * Source/WebCore/page/Quirks.cpp:
    (WebCore::Quirks::advancedPrivacyProtectionSubstituteDataURLForScriptWithFeatures const):

    In my manual testing, I found that the source code length on some of the affected sites has been
    changed slightly; adjust this quirk to match.

    Canonical link: https://commits.webkit.org/272093@main


  Commit: 3b71482e2ede7cf3517f373fe530683d3b43f7ce
      https://github.com/WebKit/WebKit/commit/3b71482e2ede7cf3517f373fe530683d3b43f7ce
  Author: Sihui Liu <sihui_liu at apple.com>
  Date:   2024-01-25 (Thu, 25 Jan 2024)

  Changed paths:
    M Source/WebCore/page/Quirks.cpp
    M Source/WebCore/platform/network/NetworkStorageSession.cpp

  Log Message:
  -----------
  Cherry-pick 272146 at main (eb1f7a4e8a5e). https://bugs.webkit.org/show_bug.cgi?id=266442

    Unable to log into gizmodo.com with tracking prevention enabled
    https://bugs.webkit.org/show_bug.cgi?id=266442
    rdar://106782128

    Reviewed by John Wilander.

    Update the quirk to make authentication flow of gizmodo.com work by:
    1. Invoking requestStorageAccess on behalf of kinja.com when user starts authentication flow by clicking user profile
    button (console log is added to make user and developer aware of the quirk).
    2. Adjusting heuristics of detecting user profile button by finding target class on its ancestors, instead of only on
    the element itself.
    3. Skip checking user interaction on kinja.com in requestStorageAccess.

    * Source/WebCore/page/Quirks.cpp:
    (WebCore::elementHasClassInClosestAncestors):
    (WebCore::isStorageAccessQuirkDomainAndElement):
    (WebCore::Quirks::requestStorageAccessAndHandleClick const):
    (WebCore::Quirks::triggerOptionalStorageAccessQuirk const):
    * Source/WebCore/platform/network/NetworkStorageSession.cpp:
    (WebCore::NetworkStorageSession::storageAccessQuirks):

    Canonical link: https://commits.webkit.org/272146@main


  Commit: c281cb861795c41c50d19c42e74b5d201a1a2935
      https://github.com/WebKit/WebKit/commit/c281cb861795c41c50d19c42e74b5d201a1a2935
  Author: Anne van Kesteren <annevk at annevk.nl>
  Date:   2024-01-25 (Thu, 25 Jan 2024)

  Changed paths:
    M Source/WebCore/page/Quirks.cpp

  Log Message:
  -----------
  Cherry-pick 273228 at main (a6d8d02660a9). https://bugs.webkit.org/show_bug.cgi?id=267687

    Make host comparisons in Quirks case-sensitive
    https://bugs.webkit.org/show_bug.cgi?id=267687

    Reviewed by Alex Christensen and Chris Dumez.

    The URL parser already ensures host is canonical.

    * Source/WebCore/page/Quirks.cpp:
    (WebCore::isYahooMail):
    (WebCore::Quirks::isTouchBarUpdateSupressedForHiddenContentEditable const):
    (WebCore::Quirks::isNeverRichlyEditableForTouchBar const):
    (WebCore::Quirks::shouldSuppressAutocorrectionAndAutocapitalizationInHiddenEditableAreas const):
    (WebCore::Quirks::needsYouTubeMouseOutQuirk const):
    (WebCore::Quirks::shouldAvoidUsingIOS13ForGmail const):
    (WebCore::Quirks::shouldMakeTouchEventNonCancelableForTarget const):
    (WebCore::Quirks::shouldPreventDispatchOfTouchEvent const):
    (WebCore::Quirks::shouldAvoidResizingWhenInputViewBoundsChange const):
    (WebCore::Quirks::needsDeferKeyDownAndKeyPressTimersUntilNextEditingCommand const):
    (WebCore::Quirks::needsGMailOverflowScrollQuirk const):
    (WebCore::Quirks::needsYouTubeOverflowScrollQuirk const):
    (WebCore::Quirks::shouldAvoidScrollingWhenFocusedContentIsVisible const):
    (WebCore::Quirks::shouldIgnoreAriaForFastPathContentObservationCheck const):
    (WebCore::Quirks::shouldOpenAsAboutBlank const):
    (WebCore::Quirks::shouldBypassBackForwardCache const):
    (WebCore::Quirks::isMicrosoftTeamsRedirectURL):
    (WebCore::Quirks::needsVP9FullRangeFlagQuirk const):
    (WebCore::Quirks::shouldDisableEndFullscreenEventWhenEnteringPictureInPictureFromFullscreenQuirk const):
    (WebCore::Quirks::shouldEnableFontLoadingAPIQuirk const):
    (WebCore::Quirks::shouldDisablePopoverAttributeQuirk const):

    Canonical link: https://commits.webkit.org/273228@main


  Commit: 14b6b197161c8a7bb40e943270aaea25966552e1
      https://github.com/WebKit/WebKit/commit/14b6b197161c8a7bb40e943270aaea25966552e1
  Author: Karl Dubost <karlcow at apple.com>
  Date:   2024-01-25 (Thu, 25 Jan 2024)

  Changed paths:
    M Source/WebCore/page/Quirks.cpp

  Log Message:
  -----------
  Cherry-pick 273282 at main (0b543cc9ff31). https://bugs.webkit.org/show_bug.cgi?id=267569

    Quirks: ceac.state.gov requires document.activeElement to be HTMLInputElement
    https://bugs.webkit.org/show_bug.cgi?id=267569
    rdar://110953808

    Reviewed by Aditya Keerthi.

    Fixes a regression introduced by adding a new method in Quirks.
    https://bugs.webkit.org/show_bug.cgi?id=260938
    There is a followup bug to improve the new method and make sure
    that every type of domain matching is covered.
    See https://bugs.webkit.org/show_bug.cgi?id=267623

    * Source/WebCore/page/Quirks.cpp:
    (WebCore::Quirks::needsFormControlToBeMouseFocusable const):

    Canonical link: https://commits.webkit.org/273282@main


Compare: https://github.com/WebKit/WebKit/compare/31c70df9a065...14b6b197161c

More information about the webkit-changes mailing list