<rdar://problem/36336837>
Created attachment 330709 [details] Patch
Created attachment 330714 [details] Fix non-macOS ports
Created attachment 330719 [details] Remove AttachmentRequestOptions
Comment on attachment 330719 [details] Remove AttachmentRequestOptions View in context: https://bugs.webkit.org/attachment.cgi?id=330719&action=review > Source/WebKit/Shared/WebCoreArgumentCoders.cpp:2796 > + if (!decoder.decode(info.filePath)) > + return false; Sending filesystem paths from a potentially-compromised Web Content process to the UI process scares me. Do we have to do this? How do we make it safe? Maybe look at MESSAGE_CHECK_URL for ideas? Keep a set of files that you sent or something?
(In reply to Tim Horton from comment #4) > Comment on attachment 330719 [details] > Remove AttachmentRequestOptions > > View in context: > https://bugs.webkit.org/attachment.cgi?id=330719&action=review > > > Source/WebKit/Shared/WebCoreArgumentCoders.cpp:2796 > > + if (!decoder.decode(info.filePath)) > > + return false; > > Sending filesystem paths from a potentially-compromised Web Content process > to the UI process scares me. Do we have to do this? How do we make it safe? > Maybe look at MESSAGE_CHECK_URL for ideas? Keep a set of files that you sent > or something? Good point. Added a MESSAGE_CHECK_URL when receiving an AttachmentInfo.
Created attachment 330744 [details] Add a URL message check in WebPageProxy
Comment on attachment 330744 [details] Add a URL message check in WebPageProxy View in context: https://bugs.webkit.org/attachment.cgi?id=330744&action=review > Source/WebKit/UIProcess/WebPageProxy.cpp:5219 > + if (!info.filePath.isEmpty()) I just realized that this check isn't necessary — I've removed it.
Created attachment 330765 [details] Patch for landing
Comment on attachment 330765 [details] Patch for landing Clearing flags on attachment: 330765 Committed r226604: <https://trac.webkit.org/changeset/226604>