143497 – Content extensions should block popups

Bug 143497 - Content extensions should block popups

Summary: Content extensions should block popups

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebCore Misc. (show other bugs)
Version:	528+ (Nightly build)
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Alex Christensen

URL:
Keywords:

Depends on:	143507
Blocks:
	Show dependency tree / graph

Reported:	2015-04-07 14:19 PDT by Alex Christensen
Modified:	2015-04-08 13:28 PDT (History)
CC List:	4 users (show)

See Also:

Attachments
Patch (9.38 KB, patch) 2015-04-07 14:27 PDT, Alex Christensen	no flags	Details \| Formatted Diff \| Diff
Patch (11.83 KB, patch) 2015-04-07 15:45 PDT, Alex Christensen	no flags	Details \| Formatted Diff \| Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alex Christensen 2015-04-07 14:19:58 PDT

We should.

Comment 1 Alex Christensen 2015-04-07 14:27:25 PDT

Created attachment 250301 [details]
Patch

Comment 2 Brady Eidson 2015-04-07 14:47:00 PDT

Comment on attachment 250301 [details]
Patch

As discussed in person, this prevents the creation of windows in a lot more cases than just "popups".

The check(s) should be moved to everywhere we already consult the existing popup blocker. i.e. calls to allowPopUp()

Comment 3 Alex Christensen 2015-04-07 15:45:42 PDT

Created attachment 250310 [details]
Patch

Comment 4 Geoffrey Garen 2015-04-07 16:56:58 PDT

Comment on attachment 250310 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=250310&action=review

> Source/WebCore/page/DOMWindow.cpp:2147
> +#if ENABLE(CONTENT_EXTENSIONS)
> +    if (firstFrame
> +        && firstFrame->mainFrame().page()
> +        && firstFrame->mainFrame().page()->userContentController()
> +        && firstFrame->mainFrame().document()) {
> +        ResourceLoadInfo resourceLoadInfo = {URL(ParsedURLString, urlString), firstFrame->mainFrame().document()->url(), ResourceType::Popup};
> +        Vector<ContentExtensions::Action> actions = firstFrame->mainFrame().page()->userContentController()->actionsForResourceLoad(resourceLoadInfo);
> +        for (const ContentExtensions::Action& action : actions) {
> +            if (action.type() == ContentExtensions::ActionType::BlockLoad)
> +                return nullptr;
> +        }
> +    }
> +#endif

Do we also need to consult the content extension before popping out to another app (say, from an itms:// link or some other custom scheme link)?

I think popping out to another app is very similar to popping out to another window.

Comment 5 Alex Christensen 2015-04-07 17:03:36 PDT

(In reply to comment #4)
> Do we also need to consult the content extension before popping out to
> another app (say, from an itms:// link or some other custom scheme link)?
Probably.  Where should this code be, and where are tests that test something similar?

Comment 6 WebKit Commit Bot 2015-04-07 17:39:06 PDT

Comment on attachment 250310 [details]
Patch

Clearing flags on attachment: 250310

Committed r182511: <http://trac.webkit.org/changeset/182511>

Comment 7 WebKit Commit Bot 2015-04-07 17:39:09 PDT

All reviewed patches have been landed.  Closing bug.

Comment 8 WebKit Commit Bot 2015-04-07 18:47:50 PDT

Re-opened since this is blocked by bug 143507

Comment 9 Alex Christensen 2015-04-08 11:33:15 PDT

This caused https://build.webkit.org/results/Apple%20Yosemite%20Debug%20WK2%20(Tests)/r182511%20(3359)/results.html

Comment 10 Alex Christensen 2015-04-08 13:28:18 PDT

Used Document::completeURL with proper null checks instead of URL(ParsedURLStringTag, const String&) like is done elsewhere in DOMWindow::open
Recommitted to http://trac.webkit.org/changeset/182564