Bug 250510
| Summary: | Validate animation key paths sent over IPC | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Antoine Quint <graouts> |
| Component: | Animations | Assignee: | Antoine Quint <graouts> |
| Status: | RESOLVED FIXED | ||
| Severity: | Normal | CC: | commit-queue, dino, graouts, simon.fraser, webkit-bug-importer |
| Priority: | P2 | Keywords: | InRadar |
| Version: | Safari Technology Preview | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Bug Depends on: | 250509, 250519, 250520, 250641, 250642, 250744 | ||
| Bug Blocks: | |||
Antoine Quint
We currently send a CAAnimation's keyPath over IPC as a String. We should send this as a struct for the string to be generated in the UI Process for added security.
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Antoine Quint
rdar://102433824
Antoine Quint
Pull request: https://github.com/WebKit/WebKit/pull/8587
Antoine Quint
Simon suggested that we keep using strings to represent animation key paths but instead validate the string in the UIProcess once received before creating the CAAnimation. Renaming bug to track this effort.
Antoine Quint
Pull request: https://github.com/WebKit/WebKit/pull/8680
EWS
Committed 258986@main (a4467affde12): <https://commits.webkit.org/258986@main>
Reviewed commits have been landed. Closing PR #8680 and removing active labels.
WebKit Commit Bot
Re-opened since this is blocked by bug 250744
Antoine Quint
Pull request: https://github.com/WebKit/WebKit/pull/8760
EWS
Committed 259066@main (f554fc01c126): <https://commits.webkit.org/259066@main>
Reviewed commits have been landed. Closing PR #8760 and removing active labels.
Antoine Quint
Re-opening for pull request https://github.com/WebKit/WebKit/pull/9466
Antoine Quint
Mistakenly re-opened this, closing it again.