Bug 183276

Summary:

Safari uses WebContent.Development when loading injected bundle embedded in its app bundle

Product:

WebKit

Reporter:

mitz

Component:

Web Inspector

Assignee:

mitz

Status:

RESOLVED DUPLICATE

Severity:

Normal

CC:

andersca, inspector-bugzilla-changes, thorton

Priority:

Version:

WebKit Local Build

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
Never allow non-valid injected code into a Web Content process serving a platform binary	none

Description mitz 2018-03-01 22:52:23 PST

WebProcessProxy::shouldAllowNonValidInjectedCode checks whether the injected bundle is in /System, because everything coming from there shouldn’t commingle with non-valid code. But platforms apps may use injected bundles from outside /System (for example, Safari uses a bundle embedded in its app bundle for its website icon and snapshot fetching), and those should still not allow non-valid code.

Patch forthcoming.

Comment 1 Tim Horton 2018-03-01 22:54:32 PST


*** This bug has been marked as a duplicate of bug 183275 ***

Comment 2 mitz 2018-03-01 23:00:55 PST

Reopening to attach new patch.

Comment 3 mitz 2018-03-01 23:00:56 PST

Created attachment 334880 [details]
Never allow non-valid injected code into a Web Content process serving a platform binary

Comment 4 mitz 2018-03-01 23:02:07 PST

Oops.

*** This bug has been marked as a duplicate of bug 183275 ***