Bug 181616

Summary:

Blob conversion and sanitization doesn't work with Microsoft Word for Mac 2011

Product:

WebKit

Reporter:

Ryosuke Niwa <rniwa>

Component:

HTML Editing

Assignee:

Ryosuke Niwa <rniwa>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

commit-queue, m.samsel, thespyder, webkit-bug-importer, wenson_hsieh

Priority:

Keywords:

InRadar

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

Bug Depends on:

124391, 181920

Bug Blocks:

Attachments:

Description	Flags
WIP	none
Fixes the bug	none
Fixes the bug	none
Patch for landing	none
Patch for landing	none

Ryosuke Niwa

Reported 2018-01-12 15:30:08 PST

The blob conversion & sanitation upon paste doesn't work when copying & pasting from Microsoft Word for Mac 2011 as reported by the latest comment on the bug 124391. I can reproduce this issue locally as well.

Attachments
WIP (19.47 KB, patch) 2018-01-20 02:05 PST, Ryosuke Niwa	no flags	Details Formatted Diff Diff
Fixes the bug (20.64 KB, patch) 2018-01-21 22:34 PST, Ryosuke Niwa	no flags	Details Formatted Diff Diff
Fixes the bug (20.64 KB, patch) 2018-01-21 22:47 PST, Ryosuke Niwa	no flags	Details Formatted Diff Diff
Patch for landing (20.33 KB, patch) 2018-01-22 10:05 PST, Ryosuke Niwa	no flags	Details Formatted Diff Diff
Patch for landing (20.25 KB, patch) 2018-01-22 12:38 PST, Ryosuke Niwa	no flags	Details Formatted Diff Diff
Show Obsolete (4) View All Add attachment proposed patch, testcase, etc.

Radar WebKit Bug Importer

Comment 1 2018-01-12 15:36:06 PST

<rdar://problem/36484908>

Ryosuke Niwa

Comment 2 2018-01-12 15:39:10 PST

P1 due to the security/privacy implications.

Ryosuke Niwa

Comment 3 2018-01-19 23:07:51 PST

Unfortunately, we can't make the image available in this case because Microsoft Word is putting only file URLs in the HTML content, and we can't grant access those files in the web content process. Supporting this would involve starting a new web content process, parse the HTML to be pasted, then UI process to add sandbox extensions for those files in the web content process in which the content is pasted.

Ryosuke Niwa

Comment 4 2018-01-19 23:21:20 PST

For now, I'm going to address the bug that we're expoing file URLs in the pasted content. Since Microsoft Word for Mac 2016 has been out for two years, the recommended path for users who are using 2011 version is to upgrade to 2016 version, which does put webarchive into the pasteboard, and image pasting works as expected in the latest version of Safari.

Ryosuke Niwa

Comment 5 2018-01-20 02:05:01 PST

Created attachment 331838 [details] WIP

Andrew Herron

Comment 6 2018-01-21 16:26:13 PST

That's interesting. I had assumed you solved bug 124391 by reading in the files referenced by the file URLs :)

Ryosuke Niwa

Comment 7 2018-01-21 22:34:43 PST

Created attachment 331895 [details] Fixes the bug

Ryosuke Niwa

Comment 8 2018-01-21 22:45:32 PST

Comment on attachment 331895 [details] Fixes the bug Oops, I uploaded this patch too early.

Ryosuke Niwa

Comment 9 2018-01-21 22:47:01 PST

Created attachment 331897 [details] Fixes the bug

Wenson Hsieh

Comment 10 2018-01-22 09:52:31 PST

Comment on attachment 331897 [details] Fixes the bug View in context: https://bugs.webkit.org/attachment.cgi?id=331897&action=review > Source/WebCore/ChangeLog:27 > + (WebCore::WebContentReader::readHTML): Fixed the bug by sanitizing the markup, and stripping away file URLs. Hm...this is a bit more aggressive than just stripping away file URLs, since we're stripping away all URLs that are not one of { http:, https:, data: } by using shouldReplaceSubresourceURL as the filter. I understand that maintaining a whitelist of URLs to allow is safer than the reverse approach, though...but let's make it clear in the ChangeLog. > Source/WebCore/editing/cocoa/WebContentReaderCocoa.mm:533 > + removeSubresourceURLAttributes(fragment, [] (const URL& url ) { Nit - extra space after URL& url > Source/WebCore/editing/cocoa/WebContentReaderCocoa.mm:552 > + removeSubresourceURLAttributes(fragment, [] (const URL& url ) { Nit - extra space after URL& url > Source/WebCore/editing/markup.h:54 > +String sanitizeMarkup(const String&, std::optional<std::function<void(DocumentFragment&)>> fragmentSanitizer = std::nullopt); Nit - I think we generally prefer to use WTF::Function over std::function. > Tools/TestWebKitAPI/Tests/WebKitCocoa/PasteHTML.mm:117 > +TEST(PasteHTML, StripsHTTPURLs) Did you mean "StripsFileURLs"? > Tools/TestWebKitAPI/Tests/WebKitCocoa/PasteHTML.mm:131 > +TEST(PasteHTML, DoesNotStripHTTPURLsWhenCustomPasteboardDataIsDisabled) Ditto, looks like this was meant to be "DoesNotStripFileURLsWhenCustomPasteboardDataIsDisabled"

Ryosuke Niwa

Comment 11 2018-01-22 10:05:15 PST

Created attachment 331940 [details] Patch for landing

Ryosuke Niwa

Comment 12 2018-01-22 10:06:07 PST

(In reply to Wenson Hsieh from comment #10) > Comment on attachment 331897 [details] > Fixes the bug > > View in context: > https://bugs.webkit.org/attachment.cgi?id=331897&action=review > > > Source/WebCore/ChangeLog:27 > > + (WebCore::WebContentReader::readHTML): Fixed the bug by sanitizing the markup, and stripping away file URLs. > > Hm...this is a bit more aggressive than just stripping away file URLs, since > we're stripping away all URLs that are not one of { http:, https:, data: } > by using shouldReplaceSubresourceURL as the filter. Good point. Fixed the change log. > I understand that maintaining a whitelist of URLs to allow is safer than the > reverse approach, though...but let's make it clear in the ChangeLog. > > > Source/WebCore/editing/cocoa/WebContentReaderCocoa.mm:533 > > + removeSubresourceURLAttributes(fragment, [] (const URL& url ) { > > Nit - extra space after URL& url Fixed. > > Source/WebCore/editing/cocoa/WebContentReaderCocoa.mm:552 > > + removeSubresourceURLAttributes(fragment, [] (const URL& url ) { > > Nit - extra space after URL& url Fixed. > > Source/WebCore/editing/markup.h:54 > > +String sanitizeMarkup(const String&, std::optional<std::function<void(DocumentFragment&)>> fragmentSanitizer = std::nullopt); > > Nit - I think we generally prefer to use WTF::Function over std::function. Really? I thought we wanted to use std::function instead of WTF::Function going forward. Whatever. I'd use WTF::Function. > > Tools/TestWebKitAPI/Tests/WebKitCocoa/PasteHTML.mm:117 > > +TEST(PasteHTML, StripsHTTPURLs) > > Did you mean "StripsFileURLs"? Fixed. > > Tools/TestWebKitAPI/Tests/WebKitCocoa/PasteHTML.mm:131 > > +TEST(PasteHTML, DoesNotStripHTTPURLsWhenCustomPasteboardDataIsDisabled) > > Ditto, looks like this was meant to be > "DoesNotStripFileURLsWhenCustomPasteboardDataIsDisabled" Fixed.

Wenson Hsieh

Comment 13 2018-01-22 10:12:50 PST

Comment on attachment 331897 [details] Fixes the bug View in context: https://bugs.webkit.org/attachment.cgi?id=331897&action=review >>> Source/WebCore/editing/markup.h:54 >>> +String sanitizeMarkup(const String&, std::optional<std::function<void(DocumentFragment&)>> fragmentSanitizer = std::nullopt); >> >> Nit - I think we generally prefer to use WTF::Function over std::function. > > Really? I thought we wanted to use std::function instead of WTF::Function going forward. Whatever. I'd use WTF::Function. Just asked Fil Pizlo — it's WTF::Function.

WebKit Commit Bot

Comment 14 2018-01-22 10:29:51 PST

Comment on attachment 331940 [details] Patch for landing Rejecting attachment 331940 [details] from commit-queue. Failed to run "['/Volumes/Data/EWS/WebKit/Tools/Scripts/webkit-patch', '--status-host=webkit-queues.webkit.org', '--bot-id=webkit-cq-01', 'build', '--no-clean', '--no-update', '--build-style=release', '--port=mac']" exit_code: 2 cwd: /Volumes/Data/EWS/WebKit Last 500 characters of output: urce22.cpp -o /Volumes/Data/EWS/WebKit/WebKitBuild/WebCore.build/Release/WebCore.build/Objects-normal/x86_64/UnifiedSource22.o ** BUILD FAILED ** The following build commands failed: CompileC /Volumes/Data/EWS/WebKit/WebKitBuild/WebCore.build/Release/WebCore.build/Objects-normal/x86_64/UnifiedSource8-mm.o /Volumes/Data/EWS/WebKit/WebKitBuild/Release/DerivedSources/WebCore/unified-sources/UnifiedSource8-mm.mm normal x86_64 objective-c++ com.apple.compilers.llvm.clang.1_0.compiler (1 failure) Full output: http://webkit-queues.webkit.org/results/6171151

Ryosuke Niwa

Comment 15 2018-01-22 12:38:59 PST

Created attachment 331949 [details] Patch for landing

WebKit Commit Bot

Comment 16 2018-01-22 13:13:41 PST

Comment on attachment 331949 [details] Patch for landing Clearing flags on attachment: 331949 Committed r227351: <https://trac.webkit.org/changeset/227351>

WebKit Commit Bot

Comment 17 2018-01-22 13:13:43 PST

All reviewed patches have been landed. Closing bug.

Note You need to log in before you can comment on or make changes to this bug.