[Webkit-unassigned] [Bug 149873] [Content Extensions] Content blocking rules are not consulted for pings (<a ping>)

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Oct 13 08:49:41 PDT 2015 

https://bugs.webkit.org/show_bug.cgi?id=149873

Roopesh Chander <roop+webkit at roopc.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
 Attachment #262754|0                           |1
        is obsolete|                            |

--- Comment #12 from Roopesh Chander <roop+webkit at roopc.net> ---
Created attachment 262988
  --> https://bugs.webkit.org/attachment.cgi?id=262988&action=review
Patch (fails one test)

On the code changes:

 1. I created a new function in ContentExtensionsBackend.cpp called processContentExtensionRulesForPing() for handling pings, but it turned out to have a lot in common with processContentExtensionRulesForLoad(), so I've refactored out the common parts into a private method called processContentExtensionRules().

 2. In PingLoader::sendViolationReport(), I changed the existing code that roughly translates to (pseudocode):

        request.setAllowCookies(isSameSchemeHostPort(securityOriginOfURL))

    to something like (pseudocode):

        if (!isSameSchemeHostPort(securityOriginOfURL) || isCookiesBlocked) {
            request.setAllowCookies(false)
        }

    because it appears that the default allowCookies value could be false in iOS, which the earlier version could inadvertently turn on.

 3. Hiding content ("css-display-none") on an <a ping> is not working. I don't know why at present. I'm submitting this patch anyway so I can get an early feedback, and maybe some insight into why it might not be working.

On the tests:

 1. There are 3 types of pings (loadImage(), sendPing(), sendViolationReport()), and 3 actions ("block", "block-cookies", "css-display-none"), resulting in 9 scenarios to test. However, I can't think of a good way to test the combination of loadImage() + css-display-none (the ping is sent when the page is unloaded, so is it possible / useful to test hiding of an element in an unloaded page?), so that is excluded.

 2. The hide-on-ping.html test fails because of #3 above. So, I've not marked this for review.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20151013/4252e4e4/attachment.html>

More information about the webkit-unassigned mailing list