183276 – Safari uses WebContent.Development when loading injected bundle embedded in its app bundle

RESOLVED DUPLICATE of bug 183275 183276

Safari uses WebContent.Development when loading injected bundle embedded in its app bundle

https://bugs.webkit.org/show_bug.cgi?id=183276

Summary Safari uses WebContent.Development when loading injected bundle embedded in i...

mitz

Reported 2018-03-01 22:52:23 PST

WebProcessProxy::shouldAllowNonValidInjectedCode checks whether the injected bundle is in /System, because everything coming from there shouldn’t commingle with non-valid code. But platforms apps may use injected bundles from outside /System (for example, Safari uses a bundle embedded in its app bundle for its website icon and snapshot fetching), and those should still not allow non-valid code. Patch forthcoming.

Attachments
Never allow non-valid injected code into a Web Content process serving a platform binary (2.81 KB, text/plain) 2018-03-01 23:00 PST, mitz	no flags	Details
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.

Tim Horton

Comment 1 2018-03-01 22:54:32 PST

*** This bug has been marked as a duplicate of bug 183275 ***

mitz

Comment 2 2018-03-01 23:00:55 PST

Reopening to attach new patch.

mitz

Comment 3 2018-03-01 23:00:56 PST

Created attachment 334880 [details] Never allow non-valid injected code into a Web Content process serving a platform binary

mitz

Comment 4 2018-03-01 23:02:07 PST

Oops. *** This bug has been marked as a duplicate of bug 183275 ***

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution DUPLICATE

of bug 183275

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Local Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component Web Inspector

Assignee

mitz

Reported

2018-03-01 22:52 PST

Modified

2018-03-01 23:02 PST History

CC List

3 users Show

URL

Keywords

Depends on

Blocks