Bug 209368 - Add checks for app-bound navigations when evaluating user style sheets
Summary: Add checks for app-bound navigations when evaluating user style sheets
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKit Misc. (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: katherine_cheney
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2020-03-20 16:54 PDT by katherine_cheney
Modified: 2020-03-23 12:15 PDT (History)
8 users (show)

See Also:


Attachments
Patch (10.64 KB, patch)
2020-03-20 17:08 PDT, katherine_cheney
no flags Details | Formatted Diff | Diff
Patch (10.87 KB, patch)
2020-03-23 08:41 PDT, katherine_cheney
no flags Details | Formatted Diff | Diff
Patch (10.88 KB, patch)
2020-03-23 09:32 PDT, katherine_cheney
no flags Details | Formatted Diff | Diff
Patch for landing (11.10 KB, patch)
2020-03-23 11:11 PDT, katherine_cheney
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description katherine_cheney 2020-03-20 16:54:18 PDT
We should check for app-bound navigations when we update user style sheets for pages.
Comment 1 katherine_cheney 2020-03-20 16:55:27 PDT
<rdar://problem/60204230>
Comment 2 katherine_cheney 2020-03-20 17:08:08 PDT
Created attachment 394150 [details]
Patch
Comment 3 katherine_cheney 2020-03-23 08:41:48 PDT
Created attachment 394263 [details]
Patch
Comment 4 katherine_cheney 2020-03-23 09:32:28 PDT
Created attachment 394266 [details]
Patch
Comment 5 Brent Fulgham 2020-03-23 10:40:27 PDT
Comment on attachment 394266 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=394266&action=review

Awesome! Thank you for creating useful tests for this. r=me, but please add the logging I suggest.

> Source/WebCore/page/Page.cpp:3078
> +    if (m_mainFrame->loader().client().hasNavigatedAwayFromAppBoundDomain())

I feel like we should issue some kind of console message so developers will know what's going on. Look for instances of 'document->addConsoleMessage' (or context->addConsoleMessage) for examples.

> Source/WebCore/style/StyleScopeRuleSets.cpp:98
> +        collectRulesFromUserStyleSheets(extensionStyleSheets.injectedUserStyleSheets(), tempUserStyle.get(), mediaQueryEvaluator);

I suggest:

auto* page = m_styleResolver.document().page();
if (page && page->mainFrame().loader().client().hasNavigatedAwayFromAppBoundDomain())
    m_styleResolver.document().addConsoleMessage(MessageSource::Security, MessageLevel::Warning, "Ignoring user style sheet for non-app bound domain."_s);
else
    collectRulesFromUserStyleSheets(extensionStyleSheets.injectedUserStyleSheets(), tempUserStyle.get(), mediaQueryEvaluator);

> Tools/TestWebKitAPI/Tests/WebKitCocoa/InAppBrowserPrivacy.mm:76
> +        response = @"<body style='background-color: red;'><iframe src='in-app-browser:///in-app-browser-privacy-test-user-style-sheets'></iframe></body>";

Nice!
Comment 6 katherine_cheney 2020-03-23 11:11:44 PDT
Created attachment 394279 [details]
Patch for landing
Comment 7 katherine_cheney 2020-03-23 11:12:40 PDT
(In reply to Brent Fulgham from comment #5)
> Comment on attachment 394266 [details]
> Patch
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=394266&action=review
> 
> Awesome! Thank you for creating useful tests for this. r=me, but please add
> the logging I suggest.

Thanks! I added the logging you suggested.
Comment 8 EWS 2020-03-23 11:47:53 PDT
Committed r258863: <https://trac.webkit.org/changeset/258863>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 394279 [details].