RESOLVED FIXED 143497
Content extensions should block popups 
https://bugs.webkit.org/show_bug.cgi?id=143497
Summary Content extensions should block popups
Alex Christensen
Reported 2015-04-07 14:19:58 PDT
We should.
Attachments
Patch (9.38 KB, patch)
2015-04-07 14:27 PDT, Alex Christensen 		no flags
DetailsFormatted DiffDiff
Patch (11.83 KB, patch)
2015-04-07 15:45 PDT, Alex Christensen 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Alex Christensen
Comment 1 2015-04-07 14:27:25 PDT
Created attachment 250301 [details] Patch
Brady Eidson
Comment 2 2015-04-07 14:47:00 PDT
Comment on attachment 250301 [details] Patch As discussed in person, this prevents the creation of windows in a lot more cases than just "popups". The check(s) should be moved to everywhere we already consult the existing popup blocker. i.e. calls to allowPopUp()
Alex Christensen
Comment 3 2015-04-07 15:45:42 PDT
Created attachment 250310 [details] Patch
Geoffrey Garen
Comment 4 2015-04-07 16:56:58 PDT
Comment on attachment 250310 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=250310&action=review > Source/WebCore/page/DOMWindow.cpp:2147 > +#if ENABLE(CONTENT_EXTENSIONS) > + if (firstFrame > + && firstFrame->mainFrame().page() > + && firstFrame->mainFrame().page()->userContentController() > + && firstFrame->mainFrame().document()) { > + ResourceLoadInfo resourceLoadInfo = {URL(ParsedURLString, urlString), firstFrame->mainFrame().document()->url(), ResourceType::Popup}; > + Vector<ContentExtensions::Action> actions = firstFrame->mainFrame().page()->userContentController()->actionsForResourceLoad(resourceLoadInfo); > + for (const ContentExtensions::Action& action : actions) { > + if (action.type() == ContentExtensions::ActionType::BlockLoad) > + return nullptr; > + } > + } > +#endif Do we also need to consult the content extension before popping out to another app (say, from an itms:// link or some other custom scheme link)? I think popping out to another app is very similar to popping out to another window.
Alex Christensen
Comment 5 2015-04-07 17:03:36 PDT
(In reply to comment #4) > Do we also need to consult the content extension before popping out to > another app (say, from an itms:// link or some other custom scheme link)? Probably. Where should this code be, and where are tests that test something similar?
WebKit Commit Bot
Comment 6 2015-04-07 17:39:06 PDT
Comment on attachment 250310 [details] Patch Clearing flags on attachment: 250310 Committed r182511: <http://trac.webkit.org/changeset/182511>
WebKit Commit Bot
Comment 7 2015-04-07 17:39:09 PDT
All reviewed patches have been landed. Closing bug.
WebKit Commit Bot
Comment 8 2015-04-07 18:47:50 PDT
Re-opened since this is blocked by bug 143507
Alex Christensen
Comment 10 2015-04-08 13:28:18 PDT
Used Document::completeURL with proper null checks instead of URL(ParsedURLStringTag, const String&) like is done elsewhere in DOMWindow::open Recommitted to http://trac.webkit.org/changeset/182564
Note You need to log in before you can comment on or make changes to this bug.