The encoding/decoding routines used by WebKit’s InjectedBundles are based on NSCoding. While we have changed WebKit internals to use NSSecureCoding, there are a number of injected bundles that need to serialize custom classes between the InjectedBundle and the relevant WebKit UIProcess. We need to lock down this communications channel by enforcing NSSecureCoding. This patch creates new SPI to allow the UIProcess to specify classes that it will accept in messages from the WebContet Process (and Injected Bundle). It adds the following property to the WKProcessPoolConfiguration: @property (nonatomic, copy) NSSet<Class> *customClassesForParameterCoder; Clients that wish to serialize custom classes would do something like the following: _WKProcessPoolConfiguration *configuration = [[_WKProcessPoolConfiguration alloc] init]; ... various setup steps ... // An InjectedBundle will be used: [configuration setInjectedBundleURL:[[NSBundle mainBundle].builtInPlugInsURL URLByAppendingPathComponent:@"Example.wkbundle" isDirectory:YES]]; // So specify any custom classes for the use case: [configuration setCustomClassesForParameterCoder:[NSSet setWithObjects:[Example1 class], [Example2 class], [Example3 class], nil]]; If no custom classes are specified, the standard serialization primitives are supported: NSArray, NSData, NSDate, NSDictionary, NSNull, NSNumber, NSSet, NSString, NSTimeZone, NSURL, and NSUUID.
<rdar://problem/55265713>
Created attachment 378827 [details] Patch
Created attachment 378829 [details] Patch
WIP patch uploaded for initial discussion of SPI design.
Comment on attachment 378829 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=378829&action=review > Source/WebKit/ChangeLog:7 > + The encoding/decoding routines used by WebKitâs InjectedBundles are based on NSCoding. WebKitâs
Created attachment 379009 [details] Patch for landing
Created attachment 379010 [details] Patch for landing
Created attachment 379012 [details] Patch for landing
Created attachment 379015 [details] Patch
Created attachment 379086 [details] Patch
The WinCairo error is a bot issue.
Created attachment 379135 [details] Patch for landing
Comment on attachment 379135 [details] Patch for landing Clearing flags on attachment: 379135 Committed r250093: <https://trac.webkit.org/changeset/250093>
All reviewed patches have been landed. Closing bug.