REGRESSION(r223678): Cannot copy & paste a web page content into Yahoo! Mail
authorrniwa@webkit.org <rniwa@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 22 Dec 2017 20:41:48 +0000 (20:41 +0000)
committerrniwa@webkit.org <rniwa@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 22 Dec 2017 20:41:48 +0000 (20:41 +0000)
commitfc8f637e165688219dedec0c4128981b84061bad
treeee09d065146687babfcfef3e827f5d5643d5ecbb
parent80b3b816338544a1166779a17028fdb602023b91
REGRESSION(r223678): Cannot copy & paste a web page content into Yahoo! Mail
https://bugs.webkit.org/show_bug.cgi?id=181114

Reviewed by Geoffrey Garen.

Source/WebCore:

Turns out converting all URLs to blob isn't Web compatible. Don't do this conversion on HTTP, HTTP, and data URLs
since websites tend to have access to contents accessible via those protocols, and blob URL conversion would break
Yahoo! Mail, Gmail, and other major online email services.

We've also considered using data URLs instead of blob URLs for conversion but pasting a large image converted into
a data URL seems to break WordPress (it stores an empty post instead of the one with the image) so it's not likely
to be Web compatible either.

This patch therefore disables the blob conversion in sanitizeMarkupWithArchive for HTTP, HTTPS, data URLs for
cross-origin content, restoring the behavior prior to r223678. For contents converted from attributed strings,
we continue to convert to blob URL since there is no other way for websites to read local files or images references
by an in-memory web archive.

Tests: http/tests/security/clipboard/copy-paste-html-cross-in-origin-iframe-across-origin.html

* editing/cocoa/WebContentReaderCocoa.mm:
(WebCore::shouldConvertToBlob): Added.
(WebCore::sanitizeMarkupWithArchive):

LayoutTests:

Updated http/tests/security/clipboard/copy-paste-html-cross-origin-iframe-across-origin.html to test the new behavior
whereby which HTTP/HTTPs and data URLs are not converted to blob URLs.

* http/tests/security/clipboard/copy-paste-html-across-origin-sanitizes-html.html:
* http/tests/security/clipboard/copy-paste-html-cross-origin-iframe-across-origin-expected.txt: Renamed.
* http/tests/security/clipboard/copy-paste-html-cross-origin-iframe-across-origin.html: Added more test cases for data URLs.
* http/tests/security/clipboard/resources/content-to-copy.html: Notify the parent that the page had finished loading.
* http/tests/security/clipboard/resources/data-url-content-to-copy.html: Added.
* http/tests/security/clipboard/resources/subdirectory/paste-html.html: Since we can no longer access contents
in the pasted frames but scripts DO run in the pasted cross-origin iframes, rely on those frames to postMessage
this frame when the image had finished loading.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226272 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog
LayoutTests/http/tests/misc/copy-resolves-urls-expected.txt
LayoutTests/http/tests/security/clipboard/copy-paste-html-cross-origin-iframe-across-origin-expected.txt
LayoutTests/http/tests/security/clipboard/copy-paste-html-cross-origin-iframe-across-origin.html
LayoutTests/http/tests/security/clipboard/resources/content-to-copy.html
LayoutTests/http/tests/security/clipboard/resources/data-url-content-to-copy.html [new file with mode: 0644]
LayoutTests/http/tests/security/clipboard/resources/subdirectory/paste-html.html
Source/WebCore/ChangeLog
Source/WebCore/editing/cocoa/WebContentReaderCocoa.mm