[Apple Pay] Payment APIs should be completely disabled in web views into which client...
authoraestes@apple.com <aestes@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 14 May 2019 22:50:21 +0000 (22:50 +0000)
committeraestes@apple.com <aestes@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 14 May 2019 22:50:21 +0000 (22:50 +0000)
commite091246626516ebd388faec38fe44fd2615245a8
tree24db6950c4c916a086b18b9a57de56876bf4ff44
parente60ad58f96f95e855673935356a3bd510b4bf3a4
[Apple Pay] Payment APIs should be completely disabled in web views into which clients have injected user scripts
https://bugs.webkit.org/show_bug.cgi?id=197751
<rdar://problem/50631563>

Reviewed by Alex Christensen.

Source/WebCore:

In r243324, when a document has had user agent scripts injected into it, payment APIs were
disabled at runtime by having all entry points return falsy values or throw exceptions
(e.g., ApplePaySession.canMakePayments() returns false).

In the case of user scripts in particular (e.g., WKUserScript), since we know whether these
exist at the time we create a document's DOMWindow, we can do better than r243324 by
completely disabling the payment APIs in the presence of user scripts.

To achieve this, this change introduces the 'EnabledByContext' extended attribute for
interfaces, which instructs the bindings generator to add a conjunct to the payment API
constructors that asks the interface's implementation class whether it should be enabled for
a given ScriptExecutionContext. The PaymentRequest and ApplePaySession interfaces adopt this
new extended attribute to implement the new user script check.

Added new API tests.

* Modules/applepay/ApplePaySession.idl:
* Modules/applepay/PaymentCoordinator.cpp:
(WebCore::PaymentCoordinator::shouldEnableApplePayAPIs const):
* Modules/applepay/PaymentCoordinator.h:
* Modules/applepay/PaymentSession.cpp:
(WebCore::PaymentSession::enabledForContext):
* Modules/applepay/PaymentSession.h:
* Modules/paymentrequest/PaymentHandler.cpp:
(WebCore::PaymentHandler::enabledForContext):
* Modules/paymentrequest/PaymentHandler.h:
* Modules/paymentrequest/PaymentRequest.cpp:
(WebCore::PaymentRequest::enabledForContext):
* Modules/paymentrequest/PaymentRequest.h:
* Modules/paymentrequest/PaymentRequest.idl:
* bindings/scripts/CodeGeneratorJS.pm:
(NeedsRuntimeCheck):
(GenerateRuntimeEnableConditionalString):
* bindings/scripts/IDLAttributes.json:
* bindings/scripts/preprocess-idls.pl:
(GenerateConstructorAttributes):
* bindings/scripts/test/JS/JSTestEnabledForContext.cpp: Added.
* bindings/scripts/test/JS/JSTestEnabledForContext.h: Added.
* bindings/scripts/test/JS/JSTestGlobalObject.cpp:
(WebCore::JSTestGlobalObject::finishCreation):
(WebCore::jsTestGlobalObjectTestEnabledForContextConstructorGetter):
(WebCore::jsTestGlobalObjectTestEnabledForContextConstructor):
(WebCore::setJSTestGlobalObjectTestEnabledForContextConstructorSetter):
(WebCore::setJSTestGlobalObjectTestEnabledForContextConstructor):
* bindings/scripts/test/TestEnabledForContext.idl: Added.

Tools:

Added new API tests.

* TestWebKitAPI/Tests/WebKitCocoa/ApplePay.mm:
(-[TestApplePayScriptMessageHandler initWithAPIsAvailableExpectation:canMakePaymentsExpectation:]):
(-[TestApplePayScriptMessageHandler userContentController:didReceiveScriptMessage:]):
(TestWebKitAPI::TEST):
(-[TestApplePayScriptMessageHandler initWithExpectation:]): Deleted.
* TestWebKitAPI/Tests/WebKitCocoa/apple-pay-availability.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@245314 268f45cc-cd09-0410-ab3c-d52691b4dbfc
21 files changed:
Source/WebCore/ChangeLog
Source/WebCore/Modules/applepay/ApplePaySession.idl
Source/WebCore/Modules/applepay/PaymentCoordinator.cpp
Source/WebCore/Modules/applepay/PaymentCoordinator.h
Source/WebCore/Modules/applepay/PaymentSession.cpp
Source/WebCore/Modules/applepay/PaymentSession.h
Source/WebCore/Modules/paymentrequest/PaymentHandler.cpp
Source/WebCore/Modules/paymentrequest/PaymentHandler.h
Source/WebCore/Modules/paymentrequest/PaymentRequest.cpp
Source/WebCore/Modules/paymentrequest/PaymentRequest.h
Source/WebCore/Modules/paymentrequest/PaymentRequest.idl
Source/WebCore/bindings/scripts/CodeGeneratorJS.pm
Source/WebCore/bindings/scripts/IDLAttributes.json
Source/WebCore/bindings/scripts/preprocess-idls.pl
Source/WebCore/bindings/scripts/test/JS/JSTestEnabledForContext.cpp [new file with mode: 0644]
Source/WebCore/bindings/scripts/test/JS/JSTestEnabledForContext.h [new file with mode: 0644]
Source/WebCore/bindings/scripts/test/JS/JSTestGlobalObject.cpp
Source/WebCore/bindings/scripts/test/TestEnabledForContext.idl [new file with mode: 0644]
Tools/ChangeLog
Tools/TestWebKitAPI/Tests/WebKitCocoa/ApplePay.mm
Tools/TestWebKitAPI/Tests/WebKitCocoa/apple-pay-availability.html