RESOLVED FIXED 142422
Content extensions need triggers dependent on 3rd party and content type 
https://bugs.webkit.org/show_bug.cgi?id=142422
Summary Content extensions need triggers dependent on 3rd party and content type
Alex Christensen
Reported 2015-03-06 17:46:44 PST
This is one of many ways to implement this. Some of them are: 1) Prepending non-ascii characters to the url containing the flags. This is 2) Putting the flags in the compiled action description. This would create many false positives that would be filtered out after interpreting. 3) Make many smaller DFAs for each combination of flags. 4) Put the flags in the byte code if needed. This is similar to 2. I implemented number 4. Comments?
Attachments
Patch (30.27 KB, patch)
2015-03-06 17:50 PST, Alex Christensen 		no flags
DetailsFormatted DiffDiff
Patch (38.72 KB, patch)
2015-03-11 13:44 PDT, Alex Christensen 		no flags
DetailsFormatted DiffDiff
Patch (43.72 KB, patch)
2015-03-11 14:26 PDT, Alex Christensen 		no flags
DetailsFormatted DiffDiff
Patch (44.40 KB, patch)
2015-03-11 15:56 PDT, Alex Christensen 		no flags
DetailsFormatted DiffDiff
Show Obsolete (3) View All Add attachment proposed patch, testcase, etc.
Alex Christensen
Comment 1 2015-03-06 17:50:50 PST
Created attachment 248123 [details] Patch
Benjamin Poulain
Comment 2 2015-03-06 21:22:45 PST
Comment on attachment 248123 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=248123&action=review > Source/WebCore/contentextensions/ContentExtensionParser.cpp:80 > + JSValue imagesOnlyObject = triggerObject.get(&exec, Identifier(&exec, "images-only")); > + if (imagesOnlyObject && !exec.hadException() && imagesOnlyObject.isBoolean()) > + trigger.imageOnly = imagesOnlyObject.toBoolean(&exec); > + > + JSValue thirdPartyObject = triggerObject.get(&exec, Identifier(&exec, "third-party")); > + if (thirdPartyObject && !exec.hadException() && thirdPartyObject.isBoolean()) > + trigger.thirdPartyOnly = thirdPartyObject.toBoolean(&exec); I am unconvinced we should handle flags at the top level. Say you have "image-only:true" and "stylesheet-only:true", what should that match? Maybe we should have: resourceType: ["image", "stylesheet", "script"] loadType: ["first-party", "third-party", ""] > Source/WebCore/contentextensions/DFABytecode.h:49 > + // The flags to check before appending (1 byte), I think we'll need more than that :) > Source/WebCore/loader/ResourceLoadInfo.cpp:33 > +ResourceType toResourceType(CachedResource::Type type) Sam had a clear spec somewhere giving all the types we should expose. > Source/WebCore/loader/ResourceLoadInfo.cpp:70 > + // This definition of third party needs to be refined. This is just a proof-of-concept. My guess is we should the exact same definition we use for cookies.
Benjamin Poulain
Comment 3 2015-03-06 21:26:28 PST
Sam, do you know if we defer to some CFNetwork API to know if a request is third party?
Sam Weinig
Comment 4 2015-03-06 21:34:13 PST
(In reply to comment #2) > Comment on attachment 248123 [details] > > Source/WebCore/loader/ResourceLoadInfo.cpp:33 > > +ResourceType toResourceType(CachedResource::Type type) > > Sam had a clear spec somewhere giving all the types we should expose. https://fetch.spec.whatwg.org/#concept-request-context
Sam Weinig
Comment 5 2015-03-06 21:36:36 PST
(In reply to comment #3) > Sam, do you know if we defer to some CFNetwork API to know if a request is > third party? For third party cookie blocking, yes, but only because that is where cookies are handled. For this, I think we should just do it based on the same origin policy. That means, that if the SecurityOrigin of the resource being requested does not match the SecurityOrigin of the top level frame, it is third party. We can revise the meaning later if necessary.
Alex Christensen
Comment 6 2015-03-11 13:44:47 PDT
Created attachment 248445 [details] Patch
Alex Christensen
Comment 7 2015-03-11 14:26:50 PDT
Created attachment 248448 [details] Patch
Alex Christensen
Comment 8 2015-03-11 14:28:00 PDT
Rebased patch. Tests conflicted with http://trac.webkit.org/changeset/181405
Benjamin Poulain
Comment 9 2015-03-11 15:00:59 PDT
Comment on attachment 248445 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=248445&action=review Ok, I may be wrong but from a quick look I think this is incorrect. Since you are merging the flags into the actions at the machine level, you need to differentiate 2 actions of same type with different conditions. Say I have 2 rules: 1) BLock *.swf on thirdparty 2) Block foobar.pdf always When you merge the actions in serializeActions(), you must differentiate those two. Since now you are adding the flags after merging the rules, both filters would be conditional on third-party. > Source/WebCore/contentextensions/ContentExtensionParser.cpp:49 > +static bool getTypeFlags(ExecState& exec, const JSValue& typeValue, ResourceFlags& flags, uint16_t(*reader)(const String&)) reader -> stringToType? > Source/WebCore/contentextensions/ContentExtensionParser.cpp:56 > + WTFLogAlways("Invalid array"); We'll have to improve those error messages. Here is it not clear which array is invalid. > Source/WebCore/contentextensions/DFABytecode.h:51 > + AppendConditionalAction, A bit weird to have "Conditional Action" AppendActionConditionallyOnFlags TestFlagsAndAppendAction ? > Source/WebCore/loader/ResourceLoadInfo.cpp:38 > + case CachedResource::SVGDocumentResource: You don't use the SVGDocument type? > Source/WebCore/loader/ResourceLoadInfo.cpp:62 > + case CachedResource::TextTrackResource: > + return ResourceType::Media; Hum, I don't know if that's right. > Source/WebCore/loader/cache/CachedResourceLoader.cpp:513 > + URL mainDocumentURL; > + if (frame() && frame()->document()) > + mainDocumentURL = frame()->document()->url(); If you are in a embedded frame (e.g. iFrame), shouldn't mainDocumentURL be the one of the top level frame?
Alex Christensen
Comment 10 2015-03-11 15:48:37 PDT
Comment on attachment 248445 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=248445&action=review >> Source/WebCore/loader/ResourceLoadInfo.cpp:38 >> + case CachedResource::SVGDocumentResource: > > You don't use the SVGDocument type? Oops. You're right. >> Source/WebCore/loader/ResourceLoadInfo.cpp:62 >> + return ResourceType::Media; > > Hum, I don't know if that's right. It seems like TextTrackResource would always be related to media, which we would need a separate device to block. >> Source/WebCore/loader/cache/CachedResourceLoader.cpp:513 >> + mainDocumentURL = frame()->document()->url(); > > If you are in a embedded frame (e.g. iFrame), shouldn't mainDocumentURL be the one of the top level frame? I think so. Should we also use the mainFrame's userContentController?
Alex Christensen
Comment 11 2015-03-11 15:51:02 PDT
(In reply to comment #9) > Ok, I may be wrong but from a quick look I think this is incorrect. > > Since you are merging the flags into the actions at the machine level, you > need to differentiate 2 actions of same type with different conditions. > Say I have 2 rules: > 1) BLock *.swf on thirdparty > 2) Block foobar.pdf always > > When you merge the actions in serializeActions(), you must differentiate > those two. > Since now you are adding the flags after merging the rules, both filters > would be conditional on third-party. The conditionality is in the trigger in the DFA byte code. In this case it would behave correctly: It would append the block action unconditionally for foobar.pdf and it would append the same block action after testing flags for *.swf. That is a good test case, though. I'm including it.
Alex Christensen
Comment 12 2015-03-11 15:56:39 PDT
Created attachment 248460 [details] Patch
WebKit Commit Bot
Comment 13 2015-03-11 18:04:14 PDT
Comment on attachment 248460 [details] Patch Clearing flags on attachment: 248460 Committed r181421: <http://trac.webkit.org/changeset/181421>
WebKit Commit Bot
Comment 14 2015-03-11 18:04:18 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.