Bug 239651

Summary: [GLib] Make WebKitSettings XSS auditor functions no-op
Product: WebKit Reporter: Zan Dobersek <zan>
Component: New BugsAssignee: Michael Catanzaro <mcatanzaro>
Status: RESOLVED FIXED    
Severity: Normal CC: aperez, commit-queue, mcatanzaro, pnormand, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=239538
https://bugs.webkit.org/show_bug.cgi?id=240993
https://bugs.webkit.org/show_bug.cgi?id=235151
Bug Depends on: 239772    
Bug Blocks:    
Attachments:
Description Flags
Patch none

Zan Dobersek
Reported 2022-04-22 03:54:29 PDT
[GLib] Make WebKitSettings XSS auditor functions no-op
Attachments
Patch (2.31 KB, patch)
2022-04-22 03:55 PDT, Zan Dobersek 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Zan Dobersek
Comment 1 2022-04-22 03:55:52 PDT
Created attachment 458135 [details] Patch
Adrian Perez
Comment 2 2022-04-22 04:03:53 PDT
Comment on attachment 458135 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=458135&action=review > Source/WebKit/UIProcess/API/glib/WebKitSettings.cpp:1824 > + g_warning("webkit_settings_get_enable_xss_auditor is deprecated and always returns FALSE. XSS auditor is no longer supported."); It would be nice to use g_warning_once(), but that was added in GLib 2.64 which is newer than our minimum GLib requirement, so let's just leave this as-is. Anyway, I don't expect any program to have many calls to these functions, and therefore there shouldn't be logging spam due to this 🤔️
Zan Dobersek
Comment 3 2022-04-22 04:09:12 PDT
Comment on attachment 458135 [details] Patch Clearing flags on attachment: 458135 Committed r293215 (249884@trunk): <https://commits.webkit.org/249884@trunk>
Zan Dobersek
Comment 4 2022-04-22 04:09:17 PDT
All reviewed patches have been landed. Closing bug.
Radar WebKit Bug Importer
Comment 5 2022-04-25 17:37:34 PDT
<rdar://problem/92304443>
Michael Catanzaro
Comment 6 2022-04-25 17:38:02 PDT
Would be good to deprecate these too
Michael Catanzaro
Comment 7 2022-04-26 09:20:26 PDT
Ah, oops, we actually need to revert this: it prints whenever constructing a WebKitSettings object because the property setter calls these functions. I don't think we need runtime warnings. It would be sufficient to just deprecate the functions (WEBKIT_API -> WEBKIT_DEPRECATED in the header file, and Deprecated: 2.38 annotation in the source file). I'll follow up on that in bug #239538 if you don't beat me to it.
WebKit Commit Bot
Comment 8 2022-04-26 09:21:33 PDT
Re-opened since this is blocked by bug 239772
Michael Catanzaro
Comment 9 2022-04-26 09:49:30 PDT
Actually I'll just do that here, it's quick/easy.
Michael Catanzaro
Comment 10 2022-04-26 10:13:56 PDT
(In reply to Michael Catanzaro from comment #7) > Ah, oops, we actually need to revert this: it prints whenever constructing a > WebKitSettings object because the property setter calls these functions. Also it looks like this broke >200 API tests, but nobody noticed. The API tests were already in bad shape.
Michael Catanzaro
Comment 11 2022-04-26 10:16:44 PDT
https://github.com/WebKit/WebKit/pull/389
EWS
Comment 12 2022-04-27 06:16:53 PDT
Committed r293507 (250038@main): <https://commits.webkit.org/250038@main> Reviewed commits have been landed. Closing PR #389 and removing active labels.
Philippe Normand
Comment 13 2022-04-29 02:00:10 PDT
And now we get a bunch of build warnings, can this be avoided? [1727/2070] Building CXX object Source/WebKit/CMakeFiles/WebKit.dir/UIProcess/API/glib/WebKitSettings.cpp.o /app/webkit/Source/WebKit/UIProcess/API/glib/WebKitSettings.cpp:232:9: warning: 'webkit_settings_set_enable_xss_auditor' is deprecated [-Wdeprecated-declarations] webkit_settings_set_enable_xss_auditor(settings, g_value_get_boolean(value)); ^ /app/webkit/Source/WebKit/UIProcess/API/gtk/WebKitSettings.h:141:55: note: 'webkit_settings_set_enable_xss_auditor' has been explicitly marked deprecated here __attribute__((visibility("default"))) __attribute__((__deprecated__)) void ^ /app/webkit/Source/WebKit/UIProcess/API/glib/WebKitSettings.cpp:434:36: warning: 'webkit_settings_get_enable_xss_auditor' is deprecated [-Wdeprecated-declarations] g_value_set_boolean(value, webkit_settings_get_enable_xss_auditor(settings)); ^ /app/webkit/Source/WebKit/UIProcess/API/gtk/WebKitSettings.h:138:55: note: 'webkit_settings_get_enable_xss_auditor' has been explicitly marked deprecated here __attribute__((visibility("default"))) __attribute__((__deprecated__)) gboolean ^ 2 warnings generated. [1934/2070] Building CXX object Tools/TestWebKitAPI/glib/CMakeFiles/TestWebKitSettings.dir/__/Tests/WebKitGLib/TestWebKitSettings.cpp.o /app/webkit/Tools/TestWebKitAPI/Tests/WebKitGLib/TestWebKitSettings.cpp:76:76: warning: 'webkit_settings_get_enable_xss_auditor' is deprecated [-Wdeprecated-declarations] do { if (__builtin_expect (__extension__ ({ int _g_boolean_var_; if (!(webkit_settings_get_enable_xss_auditor(settings))) _g_boolean_var_ = 1; else _g_boolean_var_ = 0; _g_boolean_var_; }), 1)) ; else g_assertion_message (((gchar*) 0), "/app/webkit/Tools/TestWebKitAPI/Tests/WebKitGLib/TestWebKitSettings.cpp", 76, ((const char*) (__PRETTY_FUNCTION__)), "'" "webkit_settings_get_enable_xss_auditor(settings)" "' should be FALSE"); } while (0); ^ /app/webkit/WebKitBuild/Release/WebKit2Gtk/Headers/webkit2/WebKitSettings.h:138:55: note: 'webkit_settings_get_enable_xss_auditor' has been explicitly marked deprecated here __attribute__((visibility("default"))) __attribute__((__deprecated__)) gboolean ^ /app/webkit/Tools/TestWebKitAPI/Tests/WebKitGLib/TestWebKitSettings.cpp:77:5: warning: 'webkit_settings_set_enable_xss_auditor' is deprecated [-Wdeprecated-declarations] webkit_settings_set_enable_xss_auditor(settings, (!(0))); ^ /app/webkit/WebKitBuild/Release/WebKit2Gtk/Headers/webkit2/WebKitSettings.h:141:55: note: 'webkit_settings_set_enable_xss_auditor' has been explicitly marked deprecated here __attribute__((visibility("default"))) __attribute__((__deprecated__)) void ^ /app/webkit/Tools/TestWebKitAPI/Tests/WebKitGLib/TestWebKitSettings.cpp:78:76: warning: 'webkit_settings_get_enable_xss_auditor' is deprecated [-Wdeprecated-declarations] do { if (__builtin_expect (__extension__ ({ int _g_boolean_var_; if (!(webkit_settings_get_enable_xss_auditor(settings))) _g_boolean_var_ = 1; else _g_boolean_var_ = 0; _g_boolean_var_; }), 1)) ; else g_assertion_message (((gchar*) 0), "/app/webkit/Tools/TestWebKitAPI/Tests/WebKitGLib/TestWebKitSettings.cpp", 78, ((const char*) (__PRETTY_FUNCTION__)), "'" "webkit_settings_get_enable_xss_auditor(settings)" "' should be FALSE"); } while (0); ^ /app/webkit/WebKitBuild/Release/WebKit2Gtk/Headers/webkit2/WebKitSettings.h:138:55: note: 'webkit_settings_get_enable_xss_auditor' has been explicitly marked deprecated here __attribute__((visibility("default"))) __attribute__((__deprecated__)) gboolean ^ 3 warnings generated.
Michael Catanzaro
Comment 14 2022-04-29 06:50:22 PDT
(In reply to Philippe Normand from comment #13) > And now we get a bunch of build warnings, can this be avoided? Oops, not sure how I missed this. Yes, they should be suppressed.
Michael Catanzaro
Comment 15 2022-04-29 07:11:01 PDT
(In reply to Michael Catanzaro from comment #14) > Oops, not sure how I missed this. Ah, the answer is: too many other warnings that I haven't fixed yet.
Michael Catanzaro
Comment 16 2022-04-29 11:52:17 PDT
Pull request: https://github.com/WebKit/WebKit/pull/441
EWS
Comment 17 2022-05-02 02:32:41 PDT
Committed r293660 (250164@main): <https://commits.webkit.org/250164@main> Reviewed commits have been landed. Closing PR #441 and removing active labels.
Michael Catanzaro
Comment 18 2022-05-26 18:05:48 PDT
I forgot to deprecate the property WebKitSettings:enable-xss-auditor, because I am incompetent. I think we all knew that already, though. ;)
Michael Catanzaro
Comment 19 2022-05-26 18:09:17 PDT
Bug #240993.
Note You need to log in before you can comment on or make changes to this bug.