Blob conversion and sanitization doesn't work with Microsoft Word for Mac 2011
authorrniwa@webkit.org <rniwa@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 22 Jan 2018 21:13:37 +0000 (21:13 +0000)
committerrniwa@webkit.org <rniwa@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 22 Jan 2018 21:13:37 +0000 (21:13 +0000)
commit89b87b51b3211b416c5b92bc3099f1ecd5d1b0b4
tree21ace2cbc00cb55e711c18a50b3053c132f8c78b
parenta53c82cdff336c890afa2d3d387f94c1b83b9af6
Blob conversion and sanitization doesn't work with Microsoft Word for Mac 2011
https://bugs.webkit.org/show_bug.cgi?id=181616
<rdar://problem/36484908>

Reviewed by Wenson Hsieh.

Source/WebCore:

The bug was caused by WebContentReader::readHTML and WebContentMarkupReader::readHTML not sanitizing plain HTML string
as done for web archives even when custom pasteboard data is enabled. Fixed the bug by doing the sanitization.

Unfortunately, we can't make file URLs available in this case because WebContent process doesn't have sandbox extensions
to access local files referenced by the HTML source in the clipboard, and we can't make WebContent process request for
a sandbox extension¸on an arbitrary local file, as it would defeat the whole point of sandboxing.

Instead, we strip away all HTML attributes referencing a URL whose scheme is not HTTP, HTTPS, or data when sanitizing
text/html from the clipboard to avoid exposing local file paths, which can reveal privacy & security sensitive data
such as the user's full name, and the location of private containers of other applications in the system.

Tests: PasteHTML.DoesNotSanitizeHTMLWhenCustomPasteboardDataIsDisabled
       PasteHTML.DoesNotStripFileURLsWhenCustomPasteboardDataIsDisabled
       PasteHTML.ExposesHTMLTypeInDataTransfer
       PasteHTML.KeepsHTTPURLs
       PasteHTML.SanitizesHTML
       PasteHTML.StripsFileURLs

* editing/cocoa/WebContentReaderCocoa.mm:
(WebCore::WebContentReader::readHTML): Fixed the bug by sanitizing the markup, and stripping away file URLs.
(WebCore::WebContentMarkupReader::readHTML): Ditto.
* editing/markup.cpp:
(WebCore::removeSubresourceURLAttributes): Added.
(WebCore::sanitizeMarkup): Added.
* editing/markup.h:

Tools:

Added tests to make sure we sanitize plain HTML, not just web archives,
when and only when custom pasteboard data is enabled.

* TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
* TestWebKitAPI/Tests/WebKitCocoa/PasteHTML.mm: Added.
(writeHTMLToPasteboard): Added.
(createWebViewWithCustomPasteboardDataSetting): Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227351 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Source/WebCore/ChangeLog
Source/WebCore/editing/cocoa/WebContentReaderCocoa.mm
Source/WebCore/editing/markup.cpp
Source/WebCore/editing/markup.h
Tools/ChangeLog
Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj
Tools/TestWebKitAPI/Tests/WebKitCocoa/PasteHTML.mm [new file with mode: 0644]