WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
235616
[iOS][macOS] Block access to Icon Services
https://bugs.webkit.org/show_bug.cgi?id=235616
Summary
[iOS][macOS] Block access to Icon Services
Per Arne Vollan
Reported
2022-01-25 15:46:22 PST
Stop creating a sandbox extension for the Icon service when the attachment element is enabled, since local testing indicates that this is not needed.
Attachments
Patch
(8.64 KB, patch)
2022-01-25 15:48 PST
,
Per Arne Vollan
darin
: review+
Details
Formatted Diff
Diff
Patch
(7.55 KB, patch)
2022-01-27 13:36 PST
,
Per Arne Vollan
no flags
Details
Formatted Diff
Diff
Patch
(7.55 KB, patch)
2022-01-27 13:37 PST
,
Per Arne Vollan
no flags
Details
Formatted Diff
Diff
Show Obsolete
(1)
View All
Add attachment
proposed patch, testcase, etc.
Per Arne Vollan
Comment 1
2022-01-25 15:48:07 PST
Created
attachment 449975
[details]
Patch
Darin Adler
Comment 2
2022-01-25 17:03:30 PST
Comment on
attachment 449975
[details]
Patch View in context:
https://bugs.webkit.org/attachment.cgi?id=449975&action=review
> Source/WebKit/ChangeLog:3 > + [iOS][macOS] Block access to Icon service
I think it's "Icon Services"
> Source/WebKit/ChangeLog:9 > + Stop creating a sandbox extension for the Icon service when the attachment element is enabled, > + since local testing indicates that this is not needed.
I’m kind of surprised. Maybe we don’t put the icon into <input type=file> element on the webpage any more, like we did in the past. Did you test with a file with an unusual icon to make sure the icon was correct?
Per Arne Vollan
Comment 3
2022-01-27 13:36:58 PST
Created
attachment 450172
[details]
Patch
Per Arne Vollan
Comment 4
2022-01-27 13:37:31 PST
Created
attachment 450173
[details]
Patch
Per Arne Vollan
Comment 5
2022-01-27 13:42:58 PST
(In reply to Per Arne Vollan from
comment #1
)
> Created
attachment 449975
[details]
> Patch
(In reply to Darin Adler from
comment #2
)
> Comment on
attachment 449975
[details]
> Patch > > View in context: >
https://bugs.webkit.org/attachment.cgi?id=449975&action=review
> > > Source/WebKit/ChangeLog:3 > > + [iOS][macOS] Block access to Icon service > > I think it's "Icon Services"
> Fixed!
> > Source/WebKit/ChangeLog:9 > > + Stop creating a sandbox extension for the Icon service when the attachment element is enabled, > > + since local testing indicates that this is not needed. > > I’m kind of surprised. Maybe we don’t put the icon into <input type=file> > element on the webpage any more, like we did in the past. Did you test with > a file with an unusual icon to make sure the icon was correct?
That is a good point. This change should only affect apps that enable the attachment element, like Mail, etc. Based on your comment, I see that the original patch is incorrectly changing the sandbox, since an extension is still in use in file upload dialogs. I have updated the patch. Thanks for reviewing!
Per Arne Vollan
Comment 6
2022-01-27 16:12:18 PST
<
rdar://88158797
>
EWS
Comment 7
2022-02-16 15:24:32 PST
Committed
r289972
(
247358@main
): <
https://commits.webkit.org/247358@main
> All reviewed patches have been landed. Closing bug and clearing flags on
attachment 450173
[details]
.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug