209049 – Unique origins should not be Potentially Trustworthy

Bug 209049 - Unique origins should not be Potentially Trustworthy

Summary: Unique origins should not be Potentially Trustworthy

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	Page Loading (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	youenn fablet

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2020-03-13 05:34 PDT by youenn fablet
Modified:	2020-03-23 03:51 PDT (History)
CC List:	12 users (show)

See Also:

Attachments
Patch (4.00 KB, patch) 2020-03-13 05:46 PDT, youenn fablet	no flags	Details \| Formatted Diff \| Diff
Patch (12.24 KB, patch) 2020-03-13 09:25 PDT, youenn fablet	no flags	Details \| Formatted Diff \| Diff
Patch (12.16 KB, patch) 2020-03-13 09:26 PDT, youenn fablet	no flags	Details \| Formatted Diff \| Diff
Patch (12.08 KB, patch) 2020-03-13 10:37 PDT, youenn fablet	no flags	Details \| Formatted Diff \| Diff
Patch for landing (11.99 KB, patch) 2020-03-16 01:29 PDT, youenn fablet	no flags	Details \| Formatted Diff \| Diff
Patch for landing - fixing test (14.79 KB, patch) 2020-03-16 04:29 PDT, youenn fablet	no flags	Details \| Formatted Diff \| Diff
Show Obsolete (5) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description youenn fablet 2020-03-13 05:34:47 PDT

As per https://w3c.github.io/webappsec-secure-contexts/#is-origin-trustworthy

Comment 1 youenn fablet 2020-03-13 05:46:44 PDT

Created attachment 393474 [details]
Patch

Comment 2 youenn fablet 2020-03-13 06:23:34 PDT

<rdar://problem/57827160>

Comment 3 youenn fablet 2020-03-13 09:25:45 PDT

Created attachment 393488 [details]
Patch

Comment 4 youenn fablet 2020-03-13 09:26:59 PDT

Created attachment 393489 [details]
Patch

Comment 5 youenn fablet 2020-03-13 10:37:20 PDT

Created attachment 393501 [details]
Patch

Comment 6 Darin Adler 2020-03-15 17:45:20 PDT

Comment on attachment 393501 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=393501&action=review

> Source/WebCore/dom/Document.cpp:6025
> +static inline bool isURLPotentiallyTrustworthy(const URL& url)

Seems overkill to write inline here.

> Source/WebCore/dom/Document.cpp:6027
> +    if (url.protocol() == "about"_s)

Should use URL::protocolIsAbout.

If not, then no need to use ASCIILiteral (the _s suffix) with ==; in fact I think it currently makes the == operator less efficient, although we could fix that. In general, to check protocols, I think we should use URL::protocolIs rather than URL::protocol with ==.

> Source/WebCore/dom/Document.cpp:6028
> +        return url.path() == "blank"_s || url.path() == "srcdoc"_s;

For about:blank we already have URL::isBlankURL. I suggest consider adding something similar for "srcdoc" instead of writing out like this.

Is it correct for this to be case-sensitive or do we want case folding? If we want case folding we should use equalLettersIgnoringASCIICase.

Same comment about using ASCIILiteral (the _s suffix).

Also, should change URL::path to return a StringView for efficiency.

> Source/WebCore/dom/Document.cpp:6029
> +    if (url.protocol() == "data"_s)

URL::protocolIsData

Comment 7 youenn fablet 2020-03-16 01:29:21 PDT

Created attachment 393636 [details]
Patch for landing

Comment 8 youenn fablet 2020-03-16 04:29:30 PDT

Created attachment 393647 [details]
Patch for landing - fixing test

Comment 9 youenn fablet 2020-03-16 05:35:47 PDT

Right, this makes sense.
I updated the patch accordingly.

(In reply to Darin Adler from comment #6)
> Comment on attachment 393501 [details]
> Patch
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=393501&action=review
> 
> > Source/WebCore/dom/Document.cpp:6025
> > +static inline bool isURLPotentiallyTrustworthy(const URL& url)
> 
> Seems overkill to write inline here.
> 
> > Source/WebCore/dom/Document.cpp:6027
> > +    if (url.protocol() == "about"_s)
> 
> Should use URL::protocolIsAbout.
> 
> If not, then no need to use ASCIILiteral (the _s suffix) with ==; in fact I
> think it currently makes the == operator less efficient, although we could
> fix that. In general, to check protocols, I think we should use
> URL::protocolIs rather than URL::protocol with ==.
> 
> > Source/WebCore/dom/Document.cpp:6028
> > +        return url.path() == "blank"_s || url.path() == "srcdoc"_s;
> 
> For about:blank we already have URL::isBlankURL. I suggest consider adding
> something similar for "srcdoc" instead of writing out like this.
> 
> Is it correct for this to be case-sensitive or do we want case folding? If
> we want case folding we should use equalLettersIgnoringASCIICase.
> 
> Same comment about using ASCIILiteral (the _s suffix).
> 
> Also, should change URL::path to return a StringView for efficiency.
> 
> > Source/WebCore/dom/Document.cpp:6029
> > +    if (url.protocol() == "data"_s)
> 
> URL::protocolIsData

Comment 10 WebKit Commit Bot 2020-03-16 06:15:57 PDT

Comment on attachment 393647 [details]
Patch for landing - fixing test

Clearing flags on attachment: 393647

Committed r258494: <https://trac.webkit.org/changeset/258494>

Comment 11 WebKit Commit Bot 2020-03-16 06:15:59 PDT

All reviewed patches have been landed.  Closing bug.

Comment 12 Darin Adler 2020-03-16 11:25:22 PDT

Comment on attachment 393647 [details]
Patch for landing - fixing test

View in context: https://bugs.webkit.org/attachment.cgi?id=393647&action=review

> Source/WebCore/dom/Document.cpp:6044
> +        return equalIgnoringASCIICase(url.string(), WTF::blankURL()) || equalLettersIgnoringASCIICase(url.string(), "about:srcdoc");

Should be using:

    url.isBlankURL()

instead of comparing string with WTF::blankURL. But then I discovered that URL::isBlankURL is declared in URL.h but not defined! Would you be willing to either delete it, or implement and use it?

Comment 13 youenn fablet 2020-03-16 11:30:38 PDT

(In reply to Darin Adler from comment #12)
> Comment on attachment 393647 [details]
> Patch for landing - fixing test
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=393647&action=review
> 
> > Source/WebCore/dom/Document.cpp:6044
> > +        return equalIgnoringASCIICase(url.string(), WTF::blankURL()) || equalLettersIgnoringASCIICase(url.string(), "about:srcdoc");
> 
> Should be using:
> 
>     url.isBlankURL()
> 
> instead of comparing string with WTF::blankURL. But then I discovered that
> URL::isBlankURL is declared in URL.h but not defined! Would you be willing
> to either delete it, or implement and use it?

Right I saw that.
Will fix it tomorrow.

Comment 14 Darin Adler 2020-03-16 12:03:19 PDT

Comment on attachment 393647 [details]
Patch for landing - fixing test

View in context: https://bugs.webkit.org/attachment.cgi?id=393647&action=review

>>> Source/WebCore/dom/Document.cpp:6044
>>> +        return equalIgnoringASCIICase(url.string(), WTF::blankURL()) || equalLettersIgnoringASCIICase(url.string(), "about:srcdoc");
>> 
>> Should be using:
>> 
>>     url.isBlankURL()
>> 
>> instead of comparing string with WTF::blankURL. But then I discovered that URL::isBlankURL is declared in URL.h but not defined! Would you be willing to either delete it, or implement and use it?
> 
> Right I saw that.
> Will fix it tomorrow.

Might be better to delete it. Some places want to treat any "about:" URL the same, others specifically want to check for "about:blank". Not clear which of those isBlankURL means in a way. So maybe we should just delete it.

Comment 15 youenn fablet 2020-03-17 02:59:59 PDT

Filed bug 209173 and bug 209174.
I think it makes sense to introduce isAboutBlank/isSrcDoc, since, at least in theory, I think we should check the scheme case insensitive and path case sensitive.