250510 2023-01-12 04:16:40 -0800 Validate animation key paths sent over IPC 2023-02-01 11:33:51 -0800 1 1 1 Unclassified WebKit Animations Safari Technology Preview Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 250509 250519 250520 250641 250642 250744 1 graouts graouts commit-queue dino graouts simon.fraser webkit-bug-importer oldest_to_newest 1925027 0 graouts 2023-01-12 04:16:40 -0800 We currently send a CAAnimation's keyPath over IPC as a String. We should send this as a struct for the string to be generated in the UI Process for added security. 1925028 1 graouts 2023-01-12 04:16:54 -0800 rdar://102433824 1925108 2 graouts 2023-01-12 12:14:17 -0800 Pull request: https://github.com/WebKit/WebKit/pull/8587 1925755 3 graouts 2023-01-16 01:16:13 -0800 Simon suggested that we keep using strings to represent animation key paths but instead validate the string in the UIProcess once received before creating the CAAnimation. Renaming bug to track this effort. 1925756 4 graouts 2023-01-16 01:28:28 -0800 Pull request: https://github.com/WebKit/WebKit/pull/8680 1926004 5 ews-feeder 2023-01-17 08:58:18 -0800 Committed 258986@main (a4467affde12): <https://commits.webkit.org/258986@main> Reviewed commits have been landed. Closing PR #8680 and removing active labels. 1926164 6 commit-queue 2023-01-17 17:43:34 -0800 Re-opened since this is blocked by bug 250744 1926224 7 graouts 2023-01-18 02:03:33 -0800 Pull request: https://github.com/WebKit/WebKit/pull/8760 1926531 8 ews-feeder 2023-01-18 22:44:37 -0800 Committed 259066@main (f554fc01c126): <https://commits.webkit.org/259066@main> Reviewed commits have been landed. Closing PR #8760 and removing active labels. 1930196 9 graouts 2023-02-01 11:30:40 -0800 Re-opening for pull request https://github.com/WebKit/WebKit/pull/9466 1930200 10 graouts 2023-02-01 11:33:51 -0800 Mistakenly re-opened this, closing it again.