Bug 183276

Summary:

Safari uses WebContent.Development when loading injected bundle embedded in its app bundle

Product:

WebKit

Reporter:

mitz

Component:

Web Inspector

Assignee:

mitz

Status:

RESOLVED DUPLICATE

Severity:

Normal

CC:

andersca, inspector-bugzilla-changes, thorton

Priority:

Version:

WebKit Local Build

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
Never allow non-valid injected code into a Web Content process serving a platform binary	none

mitz

Reported 2018-03-01 22:52:23 PST

WebProcessProxy::shouldAllowNonValidInjectedCode checks whether the injected bundle is in /System, because everything coming from there shouldn’t commingle with non-valid code. But platforms apps may use injected bundles from outside /System (for example, Safari uses a bundle embedded in its app bundle for its website icon and snapshot fetching), and those should still not allow non-valid code. Patch forthcoming.

Attachments
Never allow non-valid injected code into a Web Content process serving a platform binary (2.81 KB, text/plain) 2018-03-01 23:00 PST, mitz	no flags	Details
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.

Tim Horton

Comment 1 2018-03-01 22:54:32 PST

*** This bug has been marked as a duplicate of bug 183275 ***

mitz

Comment 2 2018-03-01 23:00:55 PST

Reopening to attach new patch.

mitz

Comment 3 2018-03-01 23:00:56 PST

Created attachment 334880 [details] Never allow non-valid injected code into a Web Content process serving a platform binary

mitz

Comment 4 2018-03-01 23:02:07 PST

Oops. *** This bug has been marked as a duplicate of bug 183275 ***

Note You need to log in before you can comment on or make changes to this bug.