[Apple Pay] Disable script injection when canMakePayment APIs are called and return...
authoraestes@apple.com <aestes@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 4 Jun 2019 06:36:05 +0000 (06:36 +0000)
committeraestes@apple.com <aestes@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 4 Jun 2019 06:36:05 +0000 (06:36 +0000)
commitce44f8e766a756fa416d2b1a6fdf1ed49813e719
tree9ec0ce82bc60096fb80aac36d9231d99721cda52
parent7116f8a6515f7bc4cb931d23402c807db073f7e7
[Apple Pay] Disable script injection when canMakePayment APIs are called and return true
https://bugs.webkit.org/show_bug.cgi?id=198448
<rdar://problem/51323694>

Reviewed by Alex Christensen.

Source/WebCore:

Previously, only an active Apple Pay session would disable script injection in restricted
WKWebViews. However, this can result in websites rendering non-functional Apple Pay buttons
due to the race between the hosting app calling -evaluateJavaScript:completionHandler: and
the website calling canMakePayment APIs to determine whether to draw a button.

This patch makes it so that, if a website calls ApplePaySession's canMakePayments or
canMakePaymentsWithActiveCard, or PaymentRequest's canMakePayment, in a web view that has no
injected scripts, and those calls return true, future script injections from the hosting app
will be blocked.

Also, this patch removes the restrictions on the openPaymentSetup, supportsVersion, and
validatedPaymentNetwork APIs, since those APIs do not reveal transaction information and are
not used to determine whether to draw buttons.

Added new API tests.

* Modules/applepay/PaymentCoordinator.cpp:
(WebCore::PaymentCoordinator::supportsVersion const):
(WebCore::PaymentCoordinator::canMakePayments):
(WebCore::PaymentCoordinator::canMakePaymentsWithActiveCard):
(WebCore::PaymentCoordinator::openPaymentSetup):
(WebCore::PaymentCoordinator::beginPaymentSession):
(WebCore::PaymentCoordinator::validatedPaymentNetwork const):
(WebCore::PaymentCoordinator::setApplePayIsActiveIfAllowed const):
(WebCore::PaymentCoordinator::shouldAllowUserAgentScripts const):
(WebCore::PaymentCoordinator::shouldAllowApplePay const): Deleted.
* Modules/applepay/PaymentCoordinator.h:
* dom/Document.cpp:
(WebCore::Document::isApplePayActive const):
(WebCore::Document::setApplePayIsActive):
(WebCore::Document::hasStartedApplePaySession const): Deleted.
(WebCore::Document::setHasStartedApplePaySession): Deleted.
* dom/Document.h:
* testing/Internals.cpp:
(WebCore::Internals::setApplePayIsActive):
(WebCore::Internals::setHasStartedApplePaySession): Deleted.
* testing/Internals.h:
* testing/Internals.idl:

Tools:

* TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
* TestWebKitAPI/Tests/WebKitCocoa/ApplePay.mm:
(-[TestApplePayAvailableScriptMessageHandler userContentController:didReceiveScriptMessage:]):
(-[TestApplePayActiveSessionScriptMessageHandler userContentController:didReceiveScriptMessage:]):
(TestWebKitAPI::TEST):
(TestWebKitAPI::runActiveSessionTest):
(-[TestApplePayScriptMessageHandler initWithAPIsAvailableExpectation:canMakePaymentsExpectation:]): Deleted.
(-[TestApplePayScriptMessageHandler userContentController:didReceiveScriptMessage:]): Deleted.
* TestWebKitAPI/Tests/WebKitCocoa/apple-pay-active-session.html:
* TestWebKitAPI/Tests/WebKitCocoa/apple-pay-availability-existing-object.html: Added.
* TestWebKitAPI/Tests/WebKitCocoa/apple-pay-availability-in-iframe.html:
* TestWebKitAPI/Tests/WebKitCocoa/apple-pay-availability.html:
* TestWebKitAPI/Tests/WebKitCocoa/apple-pay-can-make-payment.html: Added.
* TestWebKitAPI/Tests/WebKitCocoa/apple-pay-can-make-payments-with-active-card.html: Added.
* TestWebKitAPI/Tests/WebKitCocoa/apple-pay-can-make-payments.html: Added.
* TestWebKitAPI/Tests/WebKitCocoa/apple-pay.js: Added.
(applePayRequestBase):
(applePayPaymentRequest):
(applePayMethod):
* TestWebKitAPI/cocoa/TestProtocol.mm:
(-[TestProtocol startLoading]):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@246056 268f45cc-cd09-0410-ab3c-d52691b4dbfc
21 files changed:
Source/WebCore/ChangeLog
Source/WebCore/Modules/applepay/PaymentCoordinator.cpp
Source/WebCore/Modules/applepay/PaymentCoordinator.h
Source/WebCore/dom/Document.cpp
Source/WebCore/dom/Document.h
Source/WebCore/testing/Internals.cpp
Source/WebCore/testing/Internals.h
Source/WebCore/testing/Internals.idl
Tools/ChangeLog
Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj
Tools/TestWebKitAPI/Tests/WebKitCocoa/ApplePay.mm
Tools/TestWebKitAPI/Tests/WebKitCocoa/Download.mm
Tools/TestWebKitAPI/Tests/WebKitCocoa/apple-pay-active-session.html
Tools/TestWebKitAPI/Tests/WebKitCocoa/apple-pay-availability-existing-object.html [new file with mode: 0644]
Tools/TestWebKitAPI/Tests/WebKitCocoa/apple-pay-availability-in-iframe.html
Tools/TestWebKitAPI/Tests/WebKitCocoa/apple-pay-availability.html
Tools/TestWebKitAPI/Tests/WebKitCocoa/apple-pay-can-make-payment.html [new file with mode: 0644]
Tools/TestWebKitAPI/Tests/WebKitCocoa/apple-pay-can-make-payments-with-active-card.html [new file with mode: 0644]
Tools/TestWebKitAPI/Tests/WebKitCocoa/apple-pay-can-make-payments.html [new file with mode: 0644]
Tools/TestWebKitAPI/Tests/WebKitCocoa/apple-pay.js [new file with mode: 0644]
Tools/TestWebKitAPI/cocoa/TestProtocol.mm