[webkit-changes] [WebKit/WebKit] 3f96c8: Add URL validity checks in NetworkStorageSession::...
Alex Christensen
noreply at github.com
Thu Jan 30 10:43:37 PST 2025
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 3f96c8098b43055eac53a239ae3c9da7673a2f27
https://github.com/WebKit/WebKit/commit/3f96c8098b43055eac53a239ae3c9da7673a2f27
Author: Alex Christensen <achristensen at apple.com>
Date: 2025-01-30 (Thu, 30 Jan 2025)
Changed paths:
M Source/WebCore/platform/network/NetworkStorageSession.cpp
M Source/WebCore/workers/service/server/SWServer.cpp
Log Message:
-----------
Add URL validity checks in NetworkStorageSession::shouldBlockCookies
rdar://140118202
Reviewed by Brent Fulgham.
If a comporomised web process sends IPC with an invalid URL, it can reach
NetworkStorageSession::shouldBlockCookies which should not allow access to
the cookies in that case.
SWServer::createScriptRequest needed a slight modification to stop it from
setting a firstPartyForCookies to an invalid URL like "https:".
* Source/WTF/wtf/cf/URLCF.cpp:
(WTF::URL::createCFURL const):
* Tools/TestWebKitAPI/Tests/WTF/cocoa/URLExtras.mm:
(TestWebKitAPI::TEST(WTF_URLExtras, InvalidURLToNSURL)):
Originally-landed-as: 283286.572 at safari-7620-branch (fbcccfb28bc6). rdar://143593425
Canonical link: https://commits.webkit.org/289567@main
To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications
More information about the webkit-changes
mailing list