183276 – Safari uses WebContent.Development when loading injected bundle embedded in its app bundle

Bug 183276 - Safari uses WebContent.Development when loading injected bundle embedded in its app bundle

Summary: Safari uses WebContent.Development when loading injected bundle embedded in i...

Status:	RESOLVED DUPLICATE of bug 183275

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	Web Inspector (show other bugs)
Version:	WebKit Local Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	mitz

URL:
Keywords:

Depends on:
Blocks:

Reported:	2018-03-01 22:52 PST by mitz
Modified:	2018-03-01 23:02 PST (History)
CC List:	3 users (show)

See Also:

Attachments
Never allow non-valid injected code into a Web Content process serving a platform binary (2.81 KB, text/plain) 2018-03-01 23:00 PST, mitz	no flags	Details
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description mitz 2018-03-01 22:52:23 PST

WebProcessProxy::shouldAllowNonValidInjectedCode checks whether the injected bundle is in /System, because everything coming from there shouldn’t commingle with non-valid code. But platforms apps may use injected bundles from outside /System (for example, Safari uses a bundle embedded in its app bundle for its website icon and snapshot fetching), and those should still not allow non-valid code.

Patch forthcoming.

Comment 1 Tim Horton 2018-03-01 22:54:32 PST


*** This bug has been marked as a duplicate of bug 183275 ***

Comment 2 mitz 2018-03-01 23:00:55 PST

Reopening to attach new patch.

Comment 3 mitz 2018-03-01 23:00:56 PST

Created attachment 334880 [details]
Never allow non-valid injected code into a Web Content process serving a platform binary

Comment 4 mitz 2018-03-01 23:02:07 PST

Oops.

*** This bug has been marked as a duplicate of bug 183275 ***