Bug 86540

Summary:

MHTML files should be loadable from all schemes considered local, not just file:

Product:

WebKit

Reporter:

Greg Spencer <gspencer>

Component:

WebCore Misc.

Assignee:

Greg Spencer <gspencer>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

abarth, ap, bashi, beidson, japhet, jberlin, sam, webkit.review.bot

Priority:

Keywords:

GoogleBug

Version:

528+ (Nightly build)

Hardware:

Unspecified

OS:

Unspecified

Bug Depends on:

86583

Bug Blocks:

Attachments:

Description	Flags
A proposed patch	none
Patch	none
Patch	none
Patch	none
Patch	none

Greg Spencer

Reported 2012-05-15 15:54:22 PDT

In MainResourceLoader::continueAfterContentPolicy and in MHTMLArchive::create, there are tests to make sure that we don't load remote html archives. Both of these tests use KURL.isLocalFile(), which only checks to see if the scheme of the URL is "file:". This is fine as a first approximation, but since the SchemeRegistry has the extensible mechanism shouldTreatURLSchemeAsLocal(), we should use that instead, since on some platforms we would like to be able to register non-file schemes as being local. This is related to the Chromium bug: http://crbug.com/126955

Attachments
A proposed patch (1.93 KB, patch) 2012-05-15 15:57 PDT, Greg Spencer	no flags	Details Formatted Diff Diff
Patch (2.89 KB, patch) 2012-05-15 16:04 PDT, Greg Spencer	no flags	Details Formatted Diff Diff
Patch (2.94 KB, patch) 2012-05-15 16:23 PDT, Greg Spencer	no flags	Details Formatted Diff Diff
Patch (3.21 KB, patch) 2012-05-17 13:41 PDT, Greg Spencer	no flags	Details Formatted Diff Diff
Patch (3.36 KB, patch) 2012-05-18 11:56 PDT, Greg Spencer	no flags	Details Formatted Diff Diff
Show Obsolete (4) View All Add attachment proposed patch, testcase, etc.

Greg Spencer

Comment 1 2012-05-15 15:57:35 PDT

Created attachment 142088 [details] A proposed patch

Greg Spencer

Comment 2 2012-05-15 16:04:58 PDT

Created attachment 142089 [details] Patch

WebKit Review Bot

Comment 3 2012-05-15 16:07:21 PDT

Attachment 142089 [details] did not pass style-queue: Failed to run "['Tools/Scripts/check-webkit-style', '--diff-files', u'Source/WebCore/ChangeLog', u'Source/WebCor..." exit_code: 1 Source/WebCore/ChangeLog:10: You should remove the 'No new tests' and either add and list tests, or explain why no new tests were possible. [changelog/nonewtests] [5] Total errors found: 1 in 3 files If any of these errors are false positives, please file a bug against check-webkit-style.

Greg Spencer

Comment 4 2012-05-15 16:23:22 PDT

Created attachment 142093 [details] Patch

Greg Spencer

Comment 5 2012-05-15 16:39:11 PDT

Adding Adam as a potential reviewer.

Adam Barth

Comment 6 2012-05-15 18:27:56 PDT

Comment on attachment 142093 [details] Patch Makes sense to me.

WebKit Review Bot

Comment 7 2012-05-15 19:48:28 PDT

Comment on attachment 142093 [details] Patch Clearing flags on attachment: 142093 Committed r117206: <http://trac.webkit.org/changeset/117206>

WebKit Review Bot

Comment 8 2012-05-15 19:48:33 PDT

All reviewed patches have been landed. Closing bug.

WebKit Review Bot

Comment 9 2012-05-16 00:16:40 PDT

Re-opened since this is blocked by 86583

Kenichi Ishibashi

Comment 10 2012-05-16 00:18:26 PDT

The patch also breaks chromium's browser_tests. http://test-results.appspot.com/dashboards/flakiness_dashboard.html#testType=browser_tests&tests=RenderViewHostTest.BaseURLParam I'm going to revert the patch.

Alexey Proskuryakov

Comment 11 2012-05-16 10:38:46 PDT

How does the change to MainResourceLoader::continueAfterContentPolicy affect WebArchives?

Adam Barth

Comment 12 2012-05-16 19:25:53 PDT

Comment on attachment 142093 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=142093&action=review > Source/WebCore/loader/MainResourceLoader.cpp:270 > - && !m_substituteData.isValid() && !url.isLocalFile(); > + && !m_substituteData.isValid() && !SchemeRegistry::shouldTreatURLSchemeAsLocal(url); Sorry, I gave you a bad review. This function just take the scheme, not the whole URL: http://trac.webkit.org/browser/trunk/Source/WebCore/platform/SchemeRegistry.cpp#L167

Adam Barth

Comment 13 2012-05-16 19:26:54 PDT

> How does the change to MainResourceLoader::continueAfterContentPolicy affect WebArchives? It should make it possible to load web archives from all "local" URLs, not just file URLs. Normally, "file" is the only local URL scheme, but embedders can add other URL schemes that they want to work the same way as file URLs.

Greg Spencer

Comment 14 2012-05-17 08:42:18 PDT

Comment on attachment 142093 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=142093&action=review >> Source/WebCore/loader/MainResourceLoader.cpp:270 >> + && !m_substituteData.isValid() && !SchemeRegistry::shouldTreatURLSchemeAsLocal(url); > > Sorry, I gave you a bad review. This function just take the scheme, not the whole URL: > > http://trac.webkit.org/browser/trunk/Source/WebCore/platform/SchemeRegistry.cpp#L167 Heh. No, you didn't give me a bad review, I gave you bad code. Clearly I should have run more of the test suite. I'll upload a new patch today.

Alexey Proskuryakov

Comment 15 2012-05-17 10:56:09 PDT

WebArchive behavior change makes me nervous, because these are always dangerous, and I don't understand our local schemes well enough. Perhaps Brady or Jessie could ponder whether it's safe.

Adam Barth

Comment 16 2012-05-17 11:29:59 PDT

(In reply to comment #15) > WebArchive behavior change makes me nervous, because these are always dangerous, and I don't understand our local schemes well enough. Perhaps Brady or Jessie could ponder whether it's safe. One easy way to determine whether it's safe is to look at the list of schemes Safari registers as local. I suspect it's just "file" and possibly a scheme for error pages (which won't have any WebArchive resources).

Greg Spencer

Comment 17 2012-05-17 13:41:55 PDT

Created attachment 142540 [details] Patch

Greg Spencer

Comment 18 2012-05-17 14:14:08 PDT

OK, the latest patch should do the right thing, and the chromium browser tests that failed before are passing now (locally on my machine at least).

Adam Barth

Comment 19 2012-05-17 15:11:47 PDT

(In reply to comment #18) > OK, the latest patch should do the right thing, and the chromium browser tests that failed before are passing now (locally on my machine at least). Have we resolved Alexey's concern? To follow the approach in Comment #16, you can just build a debug version of the apple-mac port and set a breakpoint in the function that registers local schemes. If you run that WebKit DLL in Safari, that will let us see what all Safari is registering

Greg Spencer

Comment 20 2012-05-17 15:22:52 PDT

(In reply to comment #19) > Have we resolved Alexey's concern? To follow the approach in Comment #16, > you can just build a debug version of the apple-mac port and set a > breakpoint in the function that registers local schemes. If you run that > WebKit DLL in Safari, that will let us see what all Safari is registering Well, but that would mean I would have to have a mac with XCode and know how to build the apple-mac version of WebKit. :-) I can learn how to do that, but it'll take me a day or two to set up.

Adam Barth

Comment 21 2012-05-17 15:38:13 PDT

If you remind me on Monday, I'd be happy to run that experiment for you. (I'm currently traveling and don't have a build environment.)

Jessie Berlin

Comment 22 2012-05-18 11:07:49 PDT

(In reply to comment #16) > (In reply to comment #15) > > WebArchive behavior change makes me nervous, because these are always dangerous, and I don't understand our local schemes well enough. Perhaps Brady or Jessie could ponder whether it's safe. > > One easy way to determine whether it's safe is to look at the list of schemes Safari registers as local. I suspect it's just "file" and possibly a scheme for error pages (which won't have any WebArchive resources). I checked, and this is not a concern for Safari.

Adam Barth

Comment 23 2012-05-18 11:35:25 PDT

Thanks Jessie.

Adam Barth

Comment 24 2012-05-18 11:39:51 PDT

Comment on attachment 142540 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=142540&action=review > Source/WebCore/loader/archive/mhtml/MHTMLArchive.cpp:106 > // For security reasons we only load MHTML pages from the local file system. I'd change this comment slightly to say "from local URLs" rather than "from the local file system".

Greg Spencer

Comment 25 2012-05-18 11:56:42 PDT

Created attachment 142756 [details] Patch

Greg Spencer

Comment 26 2012-05-18 11:57:31 PDT

(In reply to comment #24) > I'd change this comment slightly to say "from local URLs" rather than "from the local file system". OK, done.

Greg Spencer

Comment 27 2012-05-24 11:09:01 PDT

Adam, is there anything else I need to do to commit this? (your "review+" doesn't seem to have done it, and I'm not familiar enough with WebKit submissions to know what's missing).

Alexey Proskuryakov

Comment 28 2012-05-24 11:39:22 PDT

As described in <http://www.webkit.org/coding/contributing.html>, please set "commit-queue?" flag.

Adam Barth

Comment 29 2012-05-24 11:42:38 PDT

Comment on attachment 142756 [details] Patch As ap says, you can set the commit-queue? flag to ask folks to mark your patch for commit.

WebKit Review Bot

Comment 30 2012-05-24 12:26:51 PDT

Comment on attachment 142756 [details] Patch Clearing flags on attachment: 142756 Committed r118402: <http://trac.webkit.org/changeset/118402>

WebKit Review Bot

Comment 31 2012-05-24 12:26:58 PDT

All reviewed patches have been landed. Closing bug.

Note You need to log in before you can comment on or make changes to this bug.