<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[199795] trunk</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/199795">199795</a></dd>
<dt>Author</dt> <dd>commit-queue@webkit.org</dd>
<dt>Date</dt> <dd>2016-04-20 15:56:40 -0700 (Wed, 20 Apr 2016)</dd>
</dl>
<h3>Log Message</h3>
<pre>[GTK] Expose AllowUniversalAccessFromFileURLs preference now that calling localStorage.getItem() results in SecurityError: DOM Exception 18
Source/WebKit2:
Patch by Dustin Falgout <dustin@falgout.us> on 2016-04-20
Reviewed by Michael Catanzaro.
As of <a href="http://trac.webkit.org/projects/webkit/changeset/197858">r197858</a> JavaScript loaded in the context of a file scheme url cannot access local storage. That is a major
breaking change as many applications that serve files locally rely on having access to local storage. The point
of that security fix is to avoid cases of downloaded HTML content (such as e-mail attachments or JS injected
into local contexts) from having access to your local file system and arbitrary local storage. If you are serving
local files in your applications, you can use the WebKitAllowUniversalAccessFromFileURLs preference key to tell
Webkit that you are approve of these kinds of interactions.
https://bugs.webkit.org/show_bug.cgi?id=156651
* UIProcess/API/gtk/WebKitSettings.cpp:
(webKitSettingsSetProperty):
(webKitSettingsGetProperty):
(webkit_settings_class_init):
(webkit_settings_get_allow_universal_access_from_file_urls):
(webkit_settings_set_allow_universal_access_from_file_urls):
* UIProcess/API/gtk/WebKitSettings.h:
* UIProcess/API/gtk/docs/webkit2gtk-4.0-sections.txt:
Tools:
https://bugs.webkit.org/show_bug.cgi?id=156651
Patch by Dustin Falgout <dustin@falgout.us> on 2016-04-20
Reviewed by Michael Catanzaro.
* TestWebKitAPI/Tests/WebKit2Gtk/TestWebKitSettings.cpp:
(testWebKitSettings):</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkSourceWebKit2ChangeLog">trunk/Source/WebKit2/ChangeLog</a></li>
<li><a href="#trunkSourceWebKit2UIProcessAPIgtkWebKitSettingscpp">trunk/Source/WebKit2/UIProcess/API/gtk/WebKitSettings.cpp</a></li>
<li><a href="#trunkSourceWebKit2UIProcessAPIgtkWebKitSettingsh">trunk/Source/WebKit2/UIProcess/API/gtk/WebKitSettings.h</a></li>
<li><a href="#trunkSourceWebKit2UIProcessAPIgtkdocswebkit2gtk40sectionstxt">trunk/Source/WebKit2/UIProcess/API/gtk/docs/webkit2gtk-4.0-sections.txt</a></li>
<li><a href="#trunkToolsChangeLog">trunk/Tools/ChangeLog</a></li>
<li><a href="#trunkToolsTestWebKitAPITestsWebKit2GtkTestWebKitSettingscpp">trunk/Tools/TestWebKitAPI/Tests/WebKit2Gtk/TestWebKitSettings.cpp</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkSourceWebKit2ChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit2/ChangeLog (199794 => 199795)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit2/ChangeLog 2016-04-20 22:51:41 UTC (rev 199794)
+++ trunk/Source/WebKit2/ChangeLog 2016-04-20 22:56:40 UTC (rev 199795)
</span><span class="lines">@@ -1,3 +1,27 @@
</span><ins>+2016-04-20 Dustin Falgout <dustin@falgout.us>
+
+ [GTK] Expose AllowUniversalAccessFromFileURLs preference now that calling localStorage.getItem() results in SecurityError: DOM Exception 18
+
+ Reviewed by Michael Catanzaro.
+
+ As of r197858 JavaScript loaded in the context of a file scheme url cannot access local storage. That is a major
+ breaking change as many applications that serve files locally rely on having access to local storage. The point
+ of that security fix is to avoid cases of downloaded HTML content (such as e-mail attachments or JS injected
+ into local contexts) from having access to your local file system and arbitrary local storage. If you are serving
+ local files in your applications, you can use the WebKitAllowUniversalAccessFromFileURLs preference key to tell
+ Webkit that you are approve of these kinds of interactions.
+
+ https://bugs.webkit.org/show_bug.cgi?id=156651
+
+ * UIProcess/API/gtk/WebKitSettings.cpp:
+ (webKitSettingsSetProperty):
+ (webKitSettingsGetProperty):
+ (webkit_settings_class_init):
+ (webkit_settings_get_allow_universal_access_from_file_urls):
+ (webkit_settings_set_allow_universal_access_from_file_urls):
+ * UIProcess/API/gtk/WebKitSettings.h:
+ * UIProcess/API/gtk/docs/webkit2gtk-4.0-sections.txt:
+
</ins><span class="cx"> 2016-04-20 Brady Eidson <beidson@apple.com>
</span><span class="cx">
</span><span class="cx"> Modern IDB (Workers): Enable INDEXED_DATABASE_IN_WORKERS compile time flag, but disabled in RuntimeEnabledFeatures.
</span></span></pre></div>
<a id="trunkSourceWebKit2UIProcessAPIgtkWebKitSettingscpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit2/UIProcess/API/gtk/WebKitSettings.cpp (199794 => 199795)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit2/UIProcess/API/gtk/WebKitSettings.cpp 2016-04-20 22:51:41 UTC (rev 199794)
+++ trunk/Source/WebKit2/UIProcess/API/gtk/WebKitSettings.cpp 2016-04-20 22:56:40 UTC (rev 199795)
</span><span class="lines">@@ -144,7 +144,8 @@
</span><span class="cx"> PROP_ENABLE_MEDIA_STREAM,
</span><span class="cx"> PROP_ENABLE_SPATIAL_NAVIGATION,
</span><span class="cx"> PROP_ENABLE_MEDIASOURCE,
</span><del>- PROP_ALLOW_FILE_ACCESS_FROM_FILE_URLS
</del><ins>+ PROP_ALLOW_FILE_ACCESS_FROM_FILE_URLS,
+ PROP_ALLOW_UNIVERSAL_ACCESS_FROM_FILE_URLS
</ins><span class="cx"> };
</span><span class="cx">
</span><span class="cx"> static void webKitSettingsConstructed(GObject* object)
</span><span class="lines">@@ -313,6 +314,9 @@
</span><span class="cx"> case PROP_ALLOW_FILE_ACCESS_FROM_FILE_URLS:
</span><span class="cx"> webkit_settings_set_allow_file_access_from_file_urls(settings, g_value_get_boolean(value));
</span><span class="cx"> break;
</span><ins>+ case PROP_ALLOW_UNIVERSAL_ACCESS_FROM_FILE_URLS:
+ webkit_settings_set_allow_universal_access_from_file_urls(settings, g_value_get_boolean(value));
+ break;
</ins><span class="cx"> default:
</span><span class="cx"> G_OBJECT_WARN_INVALID_PROPERTY_ID(object, propId, paramSpec);
</span><span class="cx"> break;
</span><span class="lines">@@ -471,6 +475,9 @@
</span><span class="cx"> case PROP_ALLOW_FILE_ACCESS_FROM_FILE_URLS:
</span><span class="cx"> g_value_set_boolean(value, webkit_settings_get_allow_file_access_from_file_urls(settings));
</span><span class="cx"> break;
</span><ins>+ case PROP_ALLOW_UNIVERSAL_ACCESS_FROM_FILE_URLS:
+ g_value_set_boolean(value, webkit_settings_get_allow_universal_access_from_file_urls(settings));
+ break;
</ins><span class="cx"> default:
</span><span class="cx"> G_OBJECT_WARN_INVALID_PROPERTY_ID(object, propId, paramSpec);
</span><span class="cx"> break;
</span><span class="lines">@@ -1242,6 +1249,26 @@
</span><span class="cx"> _("Whether file access is allowed from file URLs."),
</span><span class="cx"> FALSE,
</span><span class="cx"> readWriteConstructParamFlags));
</span><ins>+
+ /**
+ * WebKitSettings:allow-universal-access-from-file-urls:
+ *
+ * Whether or not JavaScript running in the context of a file scheme URL
+ * should be allowed to access content from any origin. By default, when
+ * something is loaded in a #WebKitWebView using a file scheme URL,
+ * access to the local file system and arbitrary local storage is not
+ * allowed. This setting allows you to change that behaviour, so that
+ * it would be possible to use local storage, for example.
+ *
+ * Since: 2.14
+ */
+ g_object_class_install_property(gObjectClass,
+ PROP_ALLOW_UNIVERSAL_ACCESS_FROM_FILE_URLS,
+ g_param_spec_boolean("allow-universal-access-from-file-urls",
+ _("Allow universal access from the context of file scheme URLs"),
+ _("Whether or not universal access is allowed from the context of file scheme URLs"),
+ FALSE,
+ readWriteConstructParamFlags));
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> WebPreferences* webkitSettingsGetPreferences(WebKitSettings* settings)
</span><span class="lines">@@ -3062,3 +3089,41 @@
</span><span class="cx"> priv->preferences->setAllowFileAccessFromFileURLs(allowed);
</span><span class="cx"> g_object_notify(G_OBJECT(settings), "allow-file-access-from-file-urls");
</span><span class="cx"> }
</span><ins>+
+/**
+ * webkit_settings_get_allow_universal_access_from_file_urls:
+ * @settings: a #WebKitSettings
+ *
+ * Get the #WebKitSettings:allow-universal-access-from-file-urls property.
+ *
+ * Returns: %TRUE If universal access from file URLs is allowed or %FALSE otherwise.
+ *
+ * Since: 2.14
+ */
+gboolean webkit_settings_get_allow_universal_access_from_file_urls(WebKitSettings* settings)
+{
+ g_return_val_if_fail(WEBKIT_IS_SETTINGS(settings), FALSE);
+
+ return settings->priv->preferences->allowUniversalAccessFromFileURLs();
+}
+
+/**
+ * webkit_settings_set_allow_universal_access_from_file_urls:
+ * @settings: a #WebKitSettings
+ * @allowed: Value to be set
+ *
+ * Set the #WebKitSettings:allow-universal-access-from-file-urls property.
+ *
+ * Since: 2.14
+ */
+void webkit_settings_set_allow_universal_access_from_file_urls(WebKitSettings* settings, gboolean allowed)
+{
+ g_return_if_fail(WEBKIT_IS_SETTINGS(settings));
+
+ WebKitSettingsPrivate* priv = settings->priv;
+ if (priv->preferences->allowUniversalAccessFromFileURLs() == allowed)
+ return;
+
+ priv->preferences->setAllowUniversalAccessFromFileURLs(allowed);
+ g_object_notify(G_OBJECT(settings), "allow-universal-access-from-file-urls");
+}
</ins></span></pre></div>
<a id="trunkSourceWebKit2UIProcessAPIgtkWebKitSettingsh"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit2/UIProcess/API/gtk/WebKitSettings.h (199794 => 199795)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit2/UIProcess/API/gtk/WebKitSettings.h 2016-04-20 22:51:41 UTC (rev 199794)
+++ trunk/Source/WebKit2/UIProcess/API/gtk/WebKitSettings.h 2016-04-20 22:56:40 UTC (rev 199795)
</span><span class="lines">@@ -421,6 +421,13 @@
</span><span class="cx"> webkit_settings_set_allow_file_access_from_file_urls (WebKitSettings *settings,
</span><span class="cx"> gboolean allowed);
</span><span class="cx">
</span><ins>+WEBKIT_API gboolean
+webkit_settings_get_allow_universal_access_from_file_urls (WebKitSettings *settings);
+
+WEBKIT_API void
+webkit_settings_set_allow_universal_access_from_file_urls (WebKitSettings *settings,
+ gboolean allowed);
+
</ins><span class="cx"> G_END_DECLS
</span><span class="cx">
</span><span class="cx"> #endif /* WebKitSettings_h */
</span></span></pre></div>
<a id="trunkSourceWebKit2UIProcessAPIgtkdocswebkit2gtk40sectionstxt"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit2/UIProcess/API/gtk/docs/webkit2gtk-4.0-sections.txt (199794 => 199795)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit2/UIProcess/API/gtk/docs/webkit2gtk-4.0-sections.txt 2016-04-20 22:51:41 UTC (rev 199794)
+++ trunk/Source/WebKit2/UIProcess/API/gtk/docs/webkit2gtk-4.0-sections.txt 2016-04-20 22:56:40 UTC (rev 199795)
</span><span class="lines">@@ -453,6 +453,8 @@
</span><span class="cx"> webkit_settings_set_enable_mediasource
</span><span class="cx"> webkit_settings_get_allow_file_access_from_file_urls
</span><span class="cx"> webkit_settings_set_allow_file_access_from_file_urls
</span><ins>+webkit_settings_get_allow_universal_access_from_file_urls
+webkit_settings_set_allow_universal_access_from_file_urls
</ins><span class="cx">
</span><span class="cx"> <SUBSECTION Standard>
</span><span class="cx"> WebKitSettingsClass
</span></span></pre></div>
<a id="trunkToolsChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Tools/ChangeLog (199794 => 199795)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Tools/ChangeLog 2016-04-20 22:51:41 UTC (rev 199794)
+++ trunk/Tools/ChangeLog 2016-04-20 22:56:40 UTC (rev 199795)
</span><span class="lines">@@ -1,3 +1,13 @@
</span><ins>+2016-04-20 Dustin Falgout <dustin@falgout.us>
+
+ [GTK] Expose AllowUniversalAccessFromFileURLs preference now that calling localStorage.getItem() results in SecurityError: DOM Exception 18
+ https://bugs.webkit.org/show_bug.cgi?id=156651
+
+ Reviewed by Michael Catanzaro.
+
+ * TestWebKitAPI/Tests/WebKit2Gtk/TestWebKitSettings.cpp:
+ (testWebKitSettings):
+
</ins><span class="cx"> 2016-04-20 Brady Eidson <beidson@apple.com>
</span><span class="cx">
</span><span class="cx"> Modern IDB (Workers): Enable INDEXED_DATABASE_IN_WORKERS compile time flag, but disabled in RuntimeEnabledFeatures.
</span></span></pre></div>
<a id="trunkToolsTestWebKitAPITestsWebKit2GtkTestWebKitSettingscpp"></a>
<div class="modfile"><h4>Modified: trunk/Tools/TestWebKitAPI/Tests/WebKit2Gtk/TestWebKitSettings.cpp (199794 => 199795)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Tools/TestWebKitAPI/Tests/WebKit2Gtk/TestWebKitSettings.cpp 2016-04-20 22:51:41 UTC (rev 199794)
+++ trunk/Tools/TestWebKitAPI/Tests/WebKit2Gtk/TestWebKitSettings.cpp 2016-04-20 22:56:40 UTC (rev 199795)
</span><span class="lines">@@ -278,6 +278,11 @@
</span><span class="cx"> webkit_settings_set_allow_file_access_from_file_urls(settings, TRUE);
</span><span class="cx"> g_assert(webkit_settings_get_allow_file_access_from_file_urls(settings));
</span><span class="cx">
</span><ins>+ // Universal access from file URLs is not allowed by default.
+ g_assert(!webkit_settings_get_allow_universal_access_from_file_urls(settings));
+ webkit_settings_set_allow_universal_access_from_file_urls(settings, TRUE);
+ g_assert(webkit_settings_get_allow_universal_access_from_file_urls(settings));
+
</ins><span class="cx"> g_object_unref(G_OBJECT(settings));
</span><span class="cx"> }
</span><span class="cx">
</span></span></pre>
</div>
</div>
</body>
</html>