Bug 205169

Summary: SecurityOrigin should be unique for null blob URLs that have been unregistered
Product: WebKit Reporter: youenn fablet <youennf>
Component: Page LoadingAssignee: youenn fablet <youennf>
Status: RESOLVED FIXED    
Severity: Normal CC: achristensen, beidson, bfulgham, commit-queue, darin, dbates, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
none
Patch
none
Patch
none
Patch
none
Patch
none
Patch for landing none

Description youenn fablet 2019-12-12 09:49:20 PST
SecurityOrigin should be unique for null blob URLs that have been unregistered
Comment 1 youenn fablet 2019-12-12 09:51:32 PST
Created attachment 385504 [details]
Patch
Comment 2 youenn fablet 2019-12-12 10:43:02 PST
Created attachment 385513 [details]
Patch
Comment 3 youenn fablet 2019-12-12 11:38:08 PST
Created attachment 385518 [details]
Patch
Comment 4 youenn fablet 2019-12-13 06:35:11 PST
Created attachment 385598 [details]
Patch
Comment 5 youenn fablet 2019-12-13 07:30:41 PST
<rdar://problem/57827825>
Comment 6 youenn fablet 2019-12-13 07:42:55 PST
Created attachment 385601 [details]
Patch
Comment 7 Darin Adler 2019-12-13 13:57:04 PST
Comment on attachment 385601 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=385601&action=review

> Source/WebCore/fileapi/ThreadableBlobRegistry.cpp:166
> +    if (!url.protocolIsBlob() || BlobURL::getOrigin(url) != "null")
> +        return nullptr;

Seems like the special name "null" should be gotten from calling a function rather than a hardcoded string constant.
Comment 8 youenn fablet 2019-12-15 23:15:03 PST
Created attachment 385739 [details]
Patch for landing
Comment 9 youenn fablet 2019-12-15 23:16:00 PST
(In reply to Darin Adler from comment #7)
> Comment on attachment 385601 [details]
> Patch
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=385601&action=review
> 
> > Source/WebCore/fileapi/ThreadableBlobRegistry.cpp:166
> > +    if (!url.protocolIsBlob() || BlobURL::getOrigin(url) != "null")
> > +        return nullptr;
> 
> Seems like the special name "null" should be gotten from calling a function
> rather than a hardcoded string constant.

I introduced a helper routine isBlobURLContainsNullOrigin.
Comment 10 WebKit Commit Bot 2019-12-16 03:04:48 PST
Comment on attachment 385739 [details]
Patch for landing

Clearing flags on attachment: 385739

Committed r253544: <https://trac.webkit.org/changeset/253544>
Comment 11 WebKit Commit Bot 2019-12-16 03:04:50 PST
All reviewed patches have been landed.  Closing bug.