Epiphany and Midori both crash WebKitWebProcess (assertion fails) when dragging and dropping a .html (or other) file into the web view. This only happens if we have not previously opened a .html file through the menu. I've tested this with SVN 162714. In WebProcessProxy::checkURLReceivedFromWebProcess I see: // Any file URL is also OK if we've loaded a file URL through API before, granting universal read access. if (m_mayHaveUniversalFileReadSandboxExtension) return true; Are Epiphany and Midori are just doing something wrong (failing to grant universal read access somehow)? Output from a release build: Received an unexpected URL from the web process: 'file:///home/daniel/tmp.html' Received an invalid message "WebPageProxy.DecidePolicyForNavigationAction" from the web process. Output from a debug build: Received an unexpected URL from the web process: 'file:///home/daniel/tmp.html' Received an unexpected URL from the web process: 'file:///home/daniel/tmp.html' ASSERTION FAILED: m_process->checkURLReceivedFromWebProcess(request.url()) Source/WebKit2/UIProcess/WebPageProxy.cpp(2446) : void WebKit::WebPageProxy::decidePolicyForNavigationAction(uint64_t, uint32_t, uint32_t, int32_t, uint64_t, const WebCore::ResourceRequest&, const WebCore::ResourceRequest&, uint64_t, IPC::MessageDecoder&, bool&, uint64_t&, uint64_t&) Backtrace (debug build): 1 0x7f62248f7176 /usr/lib/libjavascriptcoregtk-3.0.so.0(WTFCrash+0x1e) [0x7f62248f7176] 2 0x7f6226fa3592 /usr/lib/libwebkit2gtk-3.0.so.25(WebKit::WebPageProxy::decidePolicyForNavigationAction(unsigned long, unsigned int, unsigned int, int, unsigned long, WebCore::ResourceRequest const&, WebCore::ResourceRequest const&, unsigned long, IPC::MessageDecoder&, bool&, unsigned long&, unsigned long&)+0x208) [0x7f6226fa3592] 3 0x7f622715984c /usr/lib/libwebkit2gtk-3.0.so.25(_ZN3IPC22callMemberFunctionImplIN6WebKit12WebPageProxyEMS2_FvmjjimRKN7WebCore15ResourceRequestES6_mRNS_14MessageDecoderERbRmSA_ESt5tupleIJmjjimS4_S4_mEEJLm0ELm1ELm2ELm3ELm4ELm5ELm6ELm7EESD_IJbmmEEJLm0ELm1ELm2EEEEvPT_T0_S8_OT1_RT3_St14index_sequenceIJXspT2_EEESN_IJXspT4_EEE+0x1b4) [0x7f622715984c] 4 0x7f62271530b3 /usr/lib/libwebkit2gtk-3.0.so.25(_ZN3IPC18callMemberFunctionIN6WebKit12WebPageProxyEMS2_FvmjjimRKN7WebCore15ResourceRequestES6_mRNS_14MessageDecoderERbRmSA_ESt5tupleIJmjjimS4_S4_mEESt19make_index_sequenceILm8EESD_IJbmmEESF_ILm3EEEEvOT1_S8_RT3_PT_T0_+0x5c) [0x7f62271530b3] 5 0x7f622714fd76 /usr/lib/libwebkit2gtk-3.0.so.25(void IPC::handleMessageVariadic<Messages::WebPageProxy::DecidePolicyForNavigationAction, WebKit::WebPageProxy, void (WebKit::WebPageProxy::*)(unsigned long, unsigned int, unsigned int, int, unsigned long, WebCore::ResourceRequest const&, WebCore::ResourceRequest const&, unsigned long, IPC::MessageDecoder&, bool&, unsigned long&, unsigned long&)>(IPC::MessageDecoder&, IPC::MessageEncoder&, WebKit::WebPageProxy*, void (WebKit::WebPageProxy::*)(unsigned long, unsigned int, unsigned int, int, unsigned long, WebCore::ResourceRequest const&, WebCore::ResourceRequest const&, unsigned long, IPC::MessageDecoder&, bool&, unsigned long&, unsigned long&))+0xce) [0x7f622714fd76] 6 0x7f6227148b92 /usr/lib/libwebkit2gtk-3.0.so.25(WebKit::WebPageProxy::didReceiveSyncMessage(IPC::Connection*, IPC::MessageDecoder&, std::unique_ptr<IPC::MessageEncoder, std::default_delete<IPC::MessageEncoder> >&)+0x9f4) [0x7f6227148b92] 7 0x7f62287a7cae /usr/lib/libwebkit2gtk-3.0.so.25(IPC::MessageReceiverMap::dispatchSyncMessage(IPC::Connection*, IPC::MessageDecoder&, std::unique_ptr<IPC::MessageEncoder, std::default_delete<IPC::MessageEncoder> >&)+0x126) [0x7f62287a7cae] 8 0x7f6226e326f2 /usr/lib/libwebkit2gtk-3.0.so.25(WebKit::ChildProcessProxy::dispatchSyncMessage(IPC::Connection*, IPC::MessageDecoder&, std::unique_ptr<IPC::MessageEncoder, std::default_delete<IPC::MessageEncoder> >&)+0x34) [0x7f6226e326f2] 9 0x7f6226fe2500 /usr/lib/libwebkit2gtk-3.0.so.25(WebKit::WebProcessProxy::didReceiveSyncMessage(IPC::Connection*, IPC::MessageDecoder&, std::unique_ptr<IPC::MessageEncoder, std::default_delete<IPC::MessageEncoder> >&)+0x30) [0x7f6226fe2500] 10 0x7f6228796d55 /usr/lib/libwebkit2gtk-3.0.so.25(IPC::Connection::dispatchSyncMessage(IPC::MessageDecoder&)+0xdf) [0x7f6228796d55] 11 0x7f6228797118 /usr/lib/libwebkit2gtk-3.0.so.25(IPC::Connection::dispatchMessage(std::unique_ptr<IPC::MessageDecoder, std::default_delete<IPC::MessageDecoder> >)+0xaa) [0x7f6228797118] 12 0x7f62287972f9 /usr/lib/libwebkit2gtk-3.0.so.25(IPC::Connection::dispatchOneMessage()+0xcd) [0x7f62287972f9] 13 0x7f62287a6eeb /usr/lib/libwebkit2gtk-3.0.so.25(+0x37afeeb) [0x7f62287a6eeb] 14 0x7f62287a6a72 /usr/lib/libwebkit2gtk-3.0.so.25(+0x37afa72) [0x7f62287a6a72] 15 0x7f6226e04d8f /usr/lib/libwebkit2gtk-3.0.so.25(+0x1e0dd8f) [0x7f6226e04d8f] 16 0x7f6226e03a8b /usr/lib/libwebkit2gtk-3.0.so.25(std::_Function_handler<void (), WTF::Function<void ()> >::_M_invoke(std::_Any_data const&)+0x20) [0x7f6226e03a8b] 17 0x7f6226dfdd5e /usr/lib/libwebkit2gtk-3.0.so.25(std::function<void ()>::operator()() const+0x32) [0x7f6226dfdd5e] 18 0x7f622490d4cd /usr/lib/libjavascriptcoregtk-3.0.so.0(WTF::RunLoop::performWork() 0xe1)+[0x7f622490d4cd] 19 0x7f622492531e /usr/lib/libjavascriptcoregtk-3.0.so.0(WTF::RunLoop::queueWork(WTF::RunLoop*)+0x18) [0x7f622492531e] 20 0x7f622082b8d5 /usr/lib/libglib-2.0.so.0(g_main_context_dispatch 0x135)+[0x7f622082b8d5] 21 0x7f622082bc38 /usr/lib/libglib-2.0.so.0(+0x48c38) [0x7f622082bc38] 22 0x7f622082bcdc /usr/lib/libglib-2.0.so.0(g_main_context_iteration+0x2c) [0x7f622082bcdc] 23 0x7f6220ddc85c /usr/lib/libgio-2.0.so.0(g_application_run+0x24c) [0x7f6220ddc85c] 24 0x42f21f epiphany(main+0x41f) [0x42f21f] 25 0x7f621f789b05 /usr/lib/libc.so.6(__libc_start_main+0xf5) [0x7f621f789b05] 26 0x42f613 epiphany() [0x42f613] LEAK: 202 RenderObject LEAK: 1 Page LEAK: 1 Frame LEAK: 8 CachedResource LEAK: 293 WebCoreNode LEAK: 28 JSLazyEventListener LEAK: 1 WebPage LEAK: 1 WebFrame
Just going to add that this is also reproducible in Source/Programs/MiniBrowser. It seems WebProcessProxy::willAcquireUniversalFileReadSandboxExtension must be called for drag-and-drop to work. In MiniBrowser, for example, you can manually type a local file URL (file:///something.html) which will end up calling willAcquireUniversalFileReadSandboxExtension. Subsequently, drag-and-drop will work.
Created attachment 236349 [details] Patch
Created attachment 236350 [details] Patch Fix a typo in the changelog entry
Comment on attachment 236350 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=236350&action=review > Source/WebKit2/UIProcess/WebPageProxy.cpp:1369 > + if (dragData.containsURL(nullptr)) > + m_process->assumeReadAccessToBaseURL(dragData.asURL(nullptr)); This is correct, but I would do something like this: String url = dragData.asURL(nullptr); if (!url.isEmpty()) m_process->assumeReadAccessToBaseURL(url); To avoid building the string URL twice, since containsURL() is indeed !asURL().isEmpty().
Created attachment 236599 [details] Patch
Comment on attachment 236599 [details] Patch Thanks!
Comment on attachment 236599 [details] Patch Clearing flags on attachment: 236599 Committed r172592: <http://trac.webkit.org/changeset/172592>
All reviewed patches have been landed. Closing bug.