[webkit-changes] [WebKit/WebKit] e089b6: Cherry-pick 272093 at main (1bfda19669ab). https://bu...
Karl Dubost
noreply at github.com
Thu Jan 25 04:09:18 PST 2024
Branch: refs/heads/webkitglib/2.42
Home: https://github.com/WebKit/WebKit
Commit: e089b654e521f916af133d22775050e0b1b1dc84
https://github.com/WebKit/WebKit/commit/e089b654e521f916af133d22775050e0b1b1dc84
Author: Wenson Hsieh <wenson_hsieh at apple.com>
Date: 2024-01-25 (Thu, 25 Jan 2024)
Changed paths:
M Source/WebCore/page/Quirks.cpp
Log Message:
-----------
Cherry-pick 272093 at main (1bfda19669ab). https://bugs.webkit.org/show_bug.cgi?id=266380
Mitigate crashes under Quirks::advancedPrivacyProtectionSubstituteDataURLForScriptWithFeatures()
https://bugs.webkit.org/show_bug.cgi?id=266380
rdar://118479646
Reviewed by Yusuke Suzuki.
Even after the mitigations in 269984 at main, we're still sometimes crashing when attempting to
determine whether or not we should apply hard-coded canvas fingerprinting mitigations when advanced
privacy protections are enabled. From discussing with JSC folks, this seems to be due to the way in
which we're currently trying to walk the stack by traversing `callerFrame()`s:
```
while (!codeBlock) {
callFrame = callFrame->callerFrame();
if (!callFrame)
break;
codeBlock = callFrame->codeBlock();
}
```
Instead of implementing it this way, the JSC team recommended using `StackVisitor::visit` instead to
walk the stack, which is the de-facto mechanism used to perform similar stack traversals elsewhere
in the codebase. In addition, I'm also rearranging this check, so that we only ever attempt this
relatively more expensive stack walk in the case where the `lastDrawnText`, `canvasWidth` and
`canvasHeight` all match their expected values for the quirk.
* Source/WebCore/page/Quirks.cpp:
(WebCore::Quirks::advancedPrivacyProtectionSubstituteDataURLForScriptWithFeatures const):
In my manual testing, I found that the source code length on some of the affected sites has been
changed slightly; adjust this quirk to match.
Canonical link: https://commits.webkit.org/272093@main
Commit: 3b71482e2ede7cf3517f373fe530683d3b43f7ce
https://github.com/WebKit/WebKit/commit/3b71482e2ede7cf3517f373fe530683d3b43f7ce
Author: Sihui Liu <sihui_liu at apple.com>
Date: 2024-01-25 (Thu, 25 Jan 2024)
Changed paths:
M Source/WebCore/page/Quirks.cpp
M Source/WebCore/platform/network/NetworkStorageSession.cpp
Log Message:
-----------
Cherry-pick 272146 at main (eb1f7a4e8a5e). https://bugs.webkit.org/show_bug.cgi?id=266442
Unable to log into gizmodo.com with tracking prevention enabled
https://bugs.webkit.org/show_bug.cgi?id=266442
rdar://106782128
Reviewed by John Wilander.
Update the quirk to make authentication flow of gizmodo.com work by:
1. Invoking requestStorageAccess on behalf of kinja.com when user starts authentication flow by clicking user profile
button (console log is added to make user and developer aware of the quirk).
2. Adjusting heuristics of detecting user profile button by finding target class on its ancestors, instead of only on
the element itself.
3. Skip checking user interaction on kinja.com in requestStorageAccess.
* Source/WebCore/page/Quirks.cpp:
(WebCore::elementHasClassInClosestAncestors):
(WebCore::isStorageAccessQuirkDomainAndElement):
(WebCore::Quirks::requestStorageAccessAndHandleClick const):
(WebCore::Quirks::triggerOptionalStorageAccessQuirk const):
* Source/WebCore/platform/network/NetworkStorageSession.cpp:
(WebCore::NetworkStorageSession::storageAccessQuirks):
Canonical link: https://commits.webkit.org/272146@main
Commit: c281cb861795c41c50d19c42e74b5d201a1a2935
https://github.com/WebKit/WebKit/commit/c281cb861795c41c50d19c42e74b5d201a1a2935
Author: Anne van Kesteren <annevk at annevk.nl>
Date: 2024-01-25 (Thu, 25 Jan 2024)
Changed paths:
M Source/WebCore/page/Quirks.cpp
Log Message:
-----------
Cherry-pick 273228 at main (a6d8d02660a9). https://bugs.webkit.org/show_bug.cgi?id=267687
Make host comparisons in Quirks case-sensitive
https://bugs.webkit.org/show_bug.cgi?id=267687
Reviewed by Alex Christensen and Chris Dumez.
The URL parser already ensures host is canonical.
* Source/WebCore/page/Quirks.cpp:
(WebCore::isYahooMail):
(WebCore::Quirks::isTouchBarUpdateSupressedForHiddenContentEditable const):
(WebCore::Quirks::isNeverRichlyEditableForTouchBar const):
(WebCore::Quirks::shouldSuppressAutocorrectionAndAutocapitalizationInHiddenEditableAreas const):
(WebCore::Quirks::needsYouTubeMouseOutQuirk const):
(WebCore::Quirks::shouldAvoidUsingIOS13ForGmail const):
(WebCore::Quirks::shouldMakeTouchEventNonCancelableForTarget const):
(WebCore::Quirks::shouldPreventDispatchOfTouchEvent const):
(WebCore::Quirks::shouldAvoidResizingWhenInputViewBoundsChange const):
(WebCore::Quirks::needsDeferKeyDownAndKeyPressTimersUntilNextEditingCommand const):
(WebCore::Quirks::needsGMailOverflowScrollQuirk const):
(WebCore::Quirks::needsYouTubeOverflowScrollQuirk const):
(WebCore::Quirks::shouldAvoidScrollingWhenFocusedContentIsVisible const):
(WebCore::Quirks::shouldIgnoreAriaForFastPathContentObservationCheck const):
(WebCore::Quirks::shouldOpenAsAboutBlank const):
(WebCore::Quirks::shouldBypassBackForwardCache const):
(WebCore::Quirks::isMicrosoftTeamsRedirectURL):
(WebCore::Quirks::needsVP9FullRangeFlagQuirk const):
(WebCore::Quirks::shouldDisableEndFullscreenEventWhenEnteringPictureInPictureFromFullscreenQuirk const):
(WebCore::Quirks::shouldEnableFontLoadingAPIQuirk const):
(WebCore::Quirks::shouldDisablePopoverAttributeQuirk const):
Canonical link: https://commits.webkit.org/273228@main
Commit: 14b6b197161c8a7bb40e943270aaea25966552e1
https://github.com/WebKit/WebKit/commit/14b6b197161c8a7bb40e943270aaea25966552e1
Author: Karl Dubost <karlcow at apple.com>
Date: 2024-01-25 (Thu, 25 Jan 2024)
Changed paths:
M Source/WebCore/page/Quirks.cpp
Log Message:
-----------
Cherry-pick 273282 at main (0b543cc9ff31). https://bugs.webkit.org/show_bug.cgi?id=267569
Quirks: ceac.state.gov requires document.activeElement to be HTMLInputElement
https://bugs.webkit.org/show_bug.cgi?id=267569
rdar://110953808
Reviewed by Aditya Keerthi.
Fixes a regression introduced by adding a new method in Quirks.
https://bugs.webkit.org/show_bug.cgi?id=260938
There is a followup bug to improve the new method and make sure
that every type of domain matching is covered.
See https://bugs.webkit.org/show_bug.cgi?id=267623
* Source/WebCore/page/Quirks.cpp:
(WebCore::Quirks::needsFormControlToBeMouseFocusable const):
Canonical link: https://commits.webkit.org/273282@main
Compare: https://github.com/WebKit/WebKit/compare/31c70df9a065...14b6b197161c
More information about the webkit-changes
mailing list