Bug 226215

Summary:

SecurityPolicyViolationEvent.constructor do not throw any exception as expected when eventInitDict param do not include all the members required

Product:

WebKit

Reporter:

zyscoder <zyscoder>

Component:

Bindings

Assignee:

Chris Dumez <cdumez>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

achristensen, bfulgham, cdumez, darin, esprehn+autocc, ews-watchlist, ggaren, gsnedders, kangil.han, kondapallykalyan, mkwst, sam, webkit-bug-importer

Priority:

Keywords:

InRadar

Version:

WebKit Local Build

Hardware:

Unspecified

OS:

Linux

URL:

https://w3c.github.io/webappsec-csp/#securitypolicyviolationevent

See Also:

https://bugs.webkit.org/show_bug.cgi?id=226220
https://bugs.webkit.org/show_bug.cgi?id=226270

Attachments:

Description	Flags
Patch	none
Patch	none
Patch	none
Patch	none
Patch	ews-feeder: commit-queue-

zyscoder@gmail.com

Reported 2021-05-25 03:19:10 PDT

Steps to reproduce: (1) Open a tab and navigate to any URL; (2) Run the following code in the Console of Devtools: ``` new SecurityPolicyViolationEvent('', {}); ``` (3) Then this code would be evaluated successfully without throwing any exception. Actual results: This code is evaluated successfully without throwing any exception. Expected results: As https://docs.w3cub.com/dom/securitypolicyviolationevent/securitypolicyviolationevent says, "eventInitDict is a dictionary object containing information about the properties of the SecurityPolicyViolationEvent to be constructed. This can include the following properties, but bear in mind that if you do include an eventInitDict, certain properties must be included (marked below with required, like disposition)." That means the code above should throw an exception since the required members are undefined, just like what the Chrome would throw: Uncaught TypeError: Failed to construct 'SecurityPolicyViolationEvent': required member disposition is undefined.

Attachments
Patch (27.06 KB, patch) 2021-05-25 09:40 PDT, Chris Dumez	no flags	Details Formatted Diff Diff
Patch (26.86 KB, patch) 2021-05-25 09:41 PDT, Chris Dumez	no flags	Details Formatted Diff Diff
Patch (27.19 KB, patch) 2021-05-25 09:43 PDT, Chris Dumez	no flags	Details Formatted Diff Diff
Patch (29.86 KB, patch) 2021-05-25 11:04 PDT, Chris Dumez	no flags	Details Formatted Diff Diff
Patch (29.83 KB, patch) 2021-05-25 12:05 PDT, Chris Dumez	ews-feeder: commit-queue-	Details Formatted Diff Diff
Show Obsolete (4) View All Add attachment proposed patch, testcase, etc.

Sam Sneddon [:gsnedders]

Comment 1 2021-05-25 07:14:04 PDT

This is likely a more general bindings bug. https://heycam.github.io/webidl/#es-dictionary is the relevant spec here.

Chris Dumez

Comment 2 2021-05-25 07:46:44 PDT

(In reply to Sam Sneddon [:gsnedders] from comment #1) > This is likely a more general bindings bug. > > https://heycam.github.io/webidl/#es-dictionary is the relevant spec here. Not a bindings bug. Our IDL simply doesn't match the spec here. Dictionary members are not marked as required when they should be.

Chris Dumez

Comment 3 2021-05-25 08:21:06 PDT

(In reply to Chris Dumez from comment #2) > (In reply to Sam Sneddon [:gsnedders] from comment #1) > > This is likely a more general bindings bug. > > > > https://heycam.github.io/webidl/#es-dictionary is the relevant spec here. > > Not a bindings bug. Our IDL simply doesn't match the spec here. Dictionary > members are not marked as required when they should be. I am taking a quick stab at it to see if I can align with Blink at least. Aligning exactly with the spec would carry compatibility risks as it does not match our current behavior or Blink's.

Chris Dumez

Comment 4 2021-05-25 09:40:41 PDT

Created attachment 429659 [details] Patch

Chris Dumez

Comment 5 2021-05-25 09:41:45 PDT

Created attachment 429660 [details] Patch

Chris Dumez

Comment 6 2021-05-25 09:43:23 PDT

Created attachment 429662 [details] Patch

Chris Dumez

Comment 7 2021-05-25 11:04:08 PDT

Created attachment 429666 [details] Patch

Darin Adler

Comment 8 2021-05-25 11:40:32 PDT

Chris Dumez

Comment 9 2021-05-25 11:44:30 PDT

(In reply to Darin Adler from comment #8) > Comment on attachment 429666 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=429666&action=review > > > Source/WebCore/dom/SecurityPolicyViolationEvent.h:38 > > + Init() { } > > Why is this needed? I would not expect it to have any effect. Well, I did not expect it either! I had to do this to work around the compiler being silly. I think the compiler is having trouble generating the default constructor (`Init() = default;` also fails): ``` In file included from /Volumes/Data/WebKit/OpenSource/Source/WebCore/Modules/encryptedmedia/CDM.cpp:33: In file included from /Volumes/Data/WebKit/OpenSource/Source/WebCore/dom/Document.h:57: /Volumes/Data/WebKit/OpenSource/Source/WebCore/dom/SecurityPolicyViolationEvent.h:55:105: error: default member initializer for 'disposition' needed within definition of enclosing class 'SecurityPolicyViolationEvent' outside of member functions static Ref<SecurityPolicyViolationEvent> create(const AtomString& type, const Init& initializer = { }, IsTrusted isTrusted = IsTrusted::No) /Volumes/Data/WebKit/OpenSource/Source/WebCore/dom/SecurityPolicyViolationEvent.h:46:21: note: default member initializer declared here Disposition disposition { Disposition::Enforce }; /Volumes/Data/WebKit/OpenSource/Source/WebCore/dom/SecurityPolicyViolationEvent.h:55:89: error: unused parameter 'initializer' [-Werror,-Wunused-parameter] static Ref<SecurityPolicyViolationEvent> create(const AtomString& type, const Init& initializer = { }, IsTrusted isTrusted = IsTrusted::No) ```

Darin Adler

Comment 10 2021-05-25 11:50:23 PDT

Comment on attachment 429666 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=429666&action=review > Source/WebCore/dom/SecurityPolicyViolationEvent.h:35 > + enum class Disposition : uint8_t { Enforce, Report }; Could use bool instead of uint8_t here. >>> Source/WebCore/dom/SecurityPolicyViolationEvent.h:38 >>> + Init() { } >> >> Why is this needed? I would not expect it to have any effect. > > Well, I did not expect it either! > > I had to do this to work around the compiler being silly. I think the compiler is having trouble generating the default constructor (`Init() = default;` also fails): > > ``` > In file included from /Volumes/Data/WebKit/OpenSource/Source/WebCore/Modules/encryptedmedia/CDM.cpp:33: > In file included from /Volumes/Data/WebKit/OpenSource/Source/WebCore/dom/Document.h:57: > /Volumes/Data/WebKit/OpenSource/Source/WebCore/dom/SecurityPolicyViolationEvent.h:55:105: error: default member initializer for 'disposition' needed within definition of enclosing class 'SecurityPolicyViolationEvent' outside of member functions > static Ref<SecurityPolicyViolationEvent> create(const AtomString& type, const Init& initializer = { }, IsTrusted isTrusted = IsTrusted::No) > /Volumes/Data/WebKit/OpenSource/Source/WebCore/dom/SecurityPolicyViolationEvent.h:46:21: note: default member initializer declared here > Disposition disposition { Disposition::Enforce }; > /Volumes/Data/WebKit/OpenSource/Source/WebCore/dom/SecurityPolicyViolationEvent.h:55:89: error: unused parameter 'initializer' [-Werror,-Wunused-parameter] > static Ref<SecurityPolicyViolationEvent> create(const AtomString& type, const Init& initializer = { }, IsTrusted isTrusted = IsTrusted::No) > > ``` I am having a lot of trouble understanding this error message. If we understood the complaint, I bet we could fix it!

Chris Dumez

Comment 11 2021-05-25 12:05:17 PDT

Created attachment 429673 [details] Patch

EWS

Comment 12 2021-05-25 13:31:19 PDT

Committed r278042 (238134@main): <https://commits.webkit.org/238134@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 429673 [details].

Radar WebKit Bug Importer

Comment 13 2021-05-25 13:32:24 PDT

<rdar://problem/78473411>

Chris Dumez

Comment 14 2021-05-25 13:47:25 PDT

I have filed: https://github.com/w3c/webappsec-csp/issues/498

Note You need to log in before you can comment on or make changes to this bug.