172468 – Resources in cached parsed stylesheets may bypass content blockers

RESOLVED FIXED 172468

Resources in cached parsed stylesheets may bypass content blockers

https://bugs.webkit.org/show_bug.cgi?id=172468

Summary Resources in cached parsed stylesheets may bypass content blockers

Chris Dumez

Reported 2017-05-22 13:31:32 PDT

Resources in cached parsed stylesheets can bypass content blockers when they are in the memory cache and they do not need revalidation.

Attachments
WIP Patch (5.80 KB, patch) 2017-05-22 13:32 PDT, Chris Dumez	no flags	Details Formatted Diff Diff
Patch (7.60 KB, patch) 2017-05-22 14:45 PDT, Chris Dumez	no flags	Details Formatted Diff Diff
Patch (7.62 KB, patch) 2017-05-22 15:21 PDT, Chris Dumez	no flags	Details Formatted Diff Diff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.

Chris Dumez

Comment 1 2017-05-22 13:31:50 PDT

<rdar://problem/31972693>

Chris Dumez

Comment 2 2017-05-22 13:32:52 PDT

Created attachment 310909 [details] WIP Patch Fixes the issue.

Chris Dumez

Comment 3 2017-05-22 13:39:15 PDT

(In reply to Chris Dumez from comment #2) > Created attachment 310909 [details] > WIP Patch > > Fixes the issue. This WIP patch makes the parsed stylesheet cache aware of content blocker so that we do not reuse a cached parsed stylesheet if any of its sub resources is blocked by the content blocker, (in addition to the existing resource revalidation check).

Chris Dumez

Comment 4 2017-05-22 14:45:12 PDT

Created attachment 310924 [details] Patch

Geoffrey Garen

Comment 5 2017-05-22 14:51:25 PDT

Comment on attachment 310924 [details] Patch r=me

Chris Dumez

Comment 6 2017-05-22 15:21:48 PDT

Created attachment 310936 [details] Patch

Chris Dumez

Comment 7 2017-05-22 15:22:43 PDT

Comment on attachment 310936 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=310936&action=review > Source/WebCore/css/StyleSheetContents.cpp:513 > + if (blockedStatus.blockedLoad || blockedStatus.madeHTTPS) I added "|| blockedStatus.madeHTTPS" based on feedback from Alex and Andreas.

WebKit Commit Bot

Comment 8 2017-05-22 16:27:20 PDT

Comment on attachment 310936 [details] Patch Clearing flags on attachment: 310936 Committed r217256: <http://trac.webkit.org/changeset/217256>

WebKit Commit Bot

Comment 9 2017-05-22 16:27:22 PDT

All reviewed patches have been landed. Closing bug.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component CSS

Assignee

Chris Dumez

Reported

2017-05-22 13:31 PDT

Modified

2017-05-22 16:27 PDT History

CC List

7 users Show

URL

Keywords InRadar

Depends on

Blocks