Bug 196749 - [iOS] QuickLook documents loaded from file: URLs should be allowed to perform same-document navigations
Summary: [iOS] QuickLook documents loaded from file: URLs should be allowed to perform...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: New Bugs (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Andy Estes
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2019-04-09 16:02 PDT by Andy Estes
Modified: 2019-04-23 17:24 PDT (History)
10 users (show)

See Also:

Attachments
Patch (17.55 KB, patch)
2019-04-09 16:13 PDT, Andy Estes 		no flags Details | Formatted Diff | Diff
Archive of layout-test-results from ews202 for win-future (12.88 MB, application/zip)
2019-04-09 18:25 PDT, EWS Watchlist 		no flags Details
Patch (17.46 KB, patch)
2019-04-11 21:50 PDT, Andy Estes 		no flags Details | Formatted Diff | Diff
Show Obsolete (2) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Andy Estes 2019-04-09 16:02:59 PDT 
[iOS] QuickLook documents loaded from file: URLs should be allowed to perform same-document navigations
Comment 1 Andy Estes 2019-04-09 16:03:12 PDT 
rdar://problem/35773454
Comment 2 Andy Estes 2019-04-09 16:13:09 PDT Comment hidden (obsolete)
Comment 3 EWS Watchlist 2019-04-09 18:25:33 PDT Comment hidden (obsolete)
Comment 4 EWS Watchlist 2019-04-09 18:25:44 PDT Comment hidden (obsolete)
Comment 5 Andy Estes 2019-04-11 21:50:28 PDT 
Created attachment 367288 [details]
Patch
Comment 6 Daniel Bates 2019-04-22 10:19:24 PDT 
Comment on attachment 367288 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=367288&action=review

> Source/WebCore/page/SecurityOrigin.cpp:378
> +    if (url.isLocalFile() && url.fileSystemPath() == m_filePath)
> +        return true;
> +

This is ok as-is. It's a hack of the SecurityOrigin design 😕. I think what we want is a new concept for fine-grained file system permission for what path(s) a Security Origin can access. You're running into the the all-or-nothing design (<--- what grantLoadLocalResources() is controlling) we have now and hacking it to support a single non-file URL that maps to a single file path. Works for QuickLook and I think that's all we need to care about (though depends on the impl detail that QuickLook can load multiple? files from the same file path, right? – we're only equal matching one path, not even checking if url.fileSystemPath() is a sub-directory or file under the "dirname(m_filePath)"). 

Maybe all this concept is semi-related if not entirely SecurityPolicy. Something about this code feels weird, but seems like it will work for now. Might want to take a look at SecurityPolicy.
Comment 7 Andy Estes 2019-04-23 17:02:36 PDT 
(In reply to Daniel Bates from comment #6)
> though depends on the impl detail that QuickLook can load multiple? files from the same file path, right?

Right. QuickLook should never generate a preview document that loads other file: URLs. It should only generate a preview document that loads x-apple-ql-id: URLs.

> Maybe all this concept is semi-related if not entirely SecurityPolicy. Something about this code feels weird, but seems like it will work for now. Might want to take a look at SecurityPolicy.

FWIW, I did look at solving this with a combination of SecurityOriginPolicy and SecurityPolicy's origin access whitelist, but decided against it because it ended up being significantly more complicated for something that only QuickLook seems to need. I'm open to other designs, though.

Thanks for reviewing!
Comment 8 WebKit Commit Bot 2019-04-23 17:24:33 PDT 
Comment on attachment 367288 [details]
Patch

Clearing flags on attachment: 367288

Committed r244573: <https://trac.webkit.org/changeset/244573>
Comment 9 WebKit Commit Bot 2019-04-23 17:24:35 PDT 
All reviewed patches have been landed.  Closing bug.