[Webkit-unassigned] [Bug 201810] New: Create InjectedBundle SPI to better support NSSecureCoding

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sun Sep 15 15:34:11 PDT 2019 

https://bugs.webkit.org/show_bug.cgi?id=201810

            Bug ID: 201810
           Summary: Create InjectedBundle SPI to better support
                    NSSecureCoding
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebKit API
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: bfulgham at webkit.org

The encoding/decoding routines used by WebKit’s InjectedBundles are based on NSCoding. While we have changed WebKit internals to use NSSecureCoding, there are a number of injected bundles that need to serialize custom classes between the InjectedBundle and the relevant WebKit UIProcess.

We need to lock down this communications channel by enforcing NSSecureCoding.

This patch creates new SPI to allow the UIProcess to specify classes that it will accept in messages from the WebContet Process (and Injected Bundle).

It adds the following property to the WKProcessPoolConfiguration:

    @property (nonatomic, copy) NSSet<Class> *customClassesForParameterCoder;


Clients that wish to serialize custom classes would do something like the following:

        _WKProcessPoolConfiguration *configuration = [[_WKProcessPoolConfiguration alloc] init];
        ... various setup steps ...
        // An InjectedBundle will be used:
        [configuration setInjectedBundleURL:[[NSBundle mainBundle].builtInPlugInsURL URLByAppendingPathComponent:@"Example.wkbundle" isDirectory:YES]];
        // So specify any custom classes for the use case:
        [configuration setCustomClassesForParameterCoder:[NSSet setWithObjects:[Example1 class], [Example2 class], [Example3 class], nil]];

If no custom classes are specified, the standard serialization primitives are supported: NSArray, NSData, NSDate, NSDictionary, NSNull, NSNumber, NSSet,
NSString, NSTimeZone, NSURL, and NSUUID.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20190915/e8978e2c/attachment.html>

More information about the webkit-unassigned mailing list