Bug 296770
| Summary: | NotificationJSONParser::parseNotificationPayload gets mutable from wrong object | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Kagami Sascha Rosylight <saschanaz> |
| Component: | DOM | Assignee: | Anne van Kesteren <annevk> |
| Status: | RESOLVED FIXED | ||
| Severity: | Normal | CC: | annevk, ap, beidson, webkit-bug-importer |
| Priority: | P2 | Keywords: | InRadar |
| Version: | WebKit Nightly Build | ||
| Hardware: | All | ||
| OS: | All | ||
| See Also: | https://bugs.webkit.org/show_bug.cgi?id=296773 | ||
Kagami Sascha Rosylight
https://searchfox.org/wubkat/rev/c46918d1cba365017d1df98e3d14f04db42320bc/Source/WebCore/Modules/notifications/NotificationJSONParser.cpp#112-113,142-143
```cpp
bool isMutable = false;
if (auto value = protectedObject->getValue(mutableKey)) {
```
But `protectedObject` is for `notification` object, while the proposed PR puts it in the top level push payload.
See also https://github.com/w3c/push-api/pull/385#issuecomment-3141427555
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Alexey Proskuryakov
Thank you for the report! To clarify, are you intending to post a PR? It sounded like perhaps you already did, but I cannot find it on https://github.com/WebKit/WebKit/pulls
Kagami Sascha Rosylight
No, I just found it while evaluating web specification implementation.
Anne van Kesteren
It seems that app_badge is retrieved from the outerObject though?
This seems straightforward to fix, but we probably need to continue to support it on "protectedObject" as well for a while to aid in migration.
Radar WebKit Bug Importer
<rdar://problem/157475553>
Anne van Kesteren
Pull request: https://github.com/WebKit/WebKit/pull/48896
Kagami Sascha Rosylight
Ah, I see https://github.com/WebKit/WebKit/pull/45798 fixed it for badge.
EWS
Committed 298677@main (88f9bc0282fa): <https://commits.webkit.org/298677@main>
Reviewed commits have been landed. Closing PR #48896 and removing active labels.