Add setting to disable Java for local files even if it is otherwise enabled
authorweinig@apple.com <weinig@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 2 Apr 2012 16:22:25 +0000 (16:22 +0000)
committerweinig@apple.com <weinig@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 2 Apr 2012 16:22:25 +0000 (16:22 +0000)
https://bugs.webkit.org/show_bug.cgi?id=82685

Reviewed by Anders Carlsson.

Source/WebCore:

* WebCore.exp.in:
Export setting setter.

* html/HTMLAppletElement.cpp:
(WebCore::HTMLAppletElement::canEmbedJava):
* loader/SubframeLoader.cpp:
(WebCore::SubframeLoader::requestPlugin):
* page/Navigator.cpp:
(WebCore::Navigator::javaEnabled):
Check for both isJavaEnabled and isJavaEnabledForLocalFiles.

* page/Settings.cpp:
(WebCore::Settings::setJavaEnabledForLocalFiles):
* page/Settings.h:
(WebCore::Settings::isJavaEnabledForLocalFiles):
Add new setting.

Source/WebKit2:

* Shared/WebPreferencesStore.h:
* UIProcess/API/C/WKPreferences.cpp:
(WKPreferencesSetJavaEnabledForLocalFiles):
(WKPreferencesGetJavaEnabledForLocalFiles):
* UIProcess/API/C/WKPreferencesPrivate.h:
* WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::updatePreferences):
Add pref as SPI and forward to WebCore.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@112894 268f45cc-cd09-0410-ab3c-d52691b4dbfc

12 files changed:
Source/WebCore/ChangeLog
Source/WebCore/WebCore.exp.in
Source/WebCore/html/HTMLAppletElement.cpp
Source/WebCore/loader/SubframeLoader.cpp
Source/WebCore/page/Navigator.cpp
Source/WebCore/page/Settings.cpp
Source/WebCore/page/Settings.h
Source/WebKit2/ChangeLog
Source/WebKit2/Shared/WebPreferencesStore.h
Source/WebKit2/UIProcess/API/C/WKPreferences.cpp
Source/WebKit2/UIProcess/API/C/WKPreferencesPrivate.h
Source/WebKit2/WebProcess/WebPage/WebPage.cpp

index fcc3ca6..ad86d8f 100644 (file)
@@ -1,3 +1,27 @@
+2012-03-29  Sam Weinig  <sam@webkit.org>
+
+        Add setting to disable Java for local files even if it is otherwise enabled
+        https://bugs.webkit.org/show_bug.cgi?id=82685
+
+        Reviewed by Anders Carlsson.
+
+        * WebCore.exp.in:
+        Export setting setter.
+
+        * html/HTMLAppletElement.cpp:
+        (WebCore::HTMLAppletElement::canEmbedJava):
+        * loader/SubframeLoader.cpp:
+        (WebCore::SubframeLoader::requestPlugin):
+        * page/Navigator.cpp:
+        (WebCore::Navigator::javaEnabled):
+        Check for both isJavaEnabled and isJavaEnabledForLocalFiles.
+
+        * page/Settings.cpp:
+        (WebCore::Settings::setJavaEnabledForLocalFiles):
+        * page/Settings.h:
+        (WebCore::Settings::isJavaEnabledForLocalFiles):
+        Add new setting.
+
 2012-04-02  Alexander Pavlov  <apavlov@chromium.org>
 
         Web Inspector: Implement frontend for device metrics emulation
index 2fb3cbe..a96580b 100644 (file)
@@ -991,7 +991,6 @@ __ZN7WebCore8Settings19minDOMTimerIntervalEv
 __ZN7WebCore8Settings19setShowDebugBordersEb
 __ZN7WebCore8Settings20setCursiveFontFamilyERKN3WTF12AtomicStringE11UScriptCode
 __ZN7WebCore8Settings20setFantasyFontFamilyERKN3WTF12AtomicStringE11UScriptCode
-__ZN7WebCore8Settings37setFixedElementsLayoutRelativeToFrameEb
 __ZN7WebCore8Settings20setXSSAuditorEnabledEb
 __ZN7WebCore8Settings21mockScrollbarsEnabledEv
 __ZN7WebCore8Settings21setShowRepaintCounterEb
@@ -1023,6 +1022,7 @@ __ZN7WebCore8Settings26defaultMinDOMTimerIntervalEv
 __ZN7WebCore8Settings26setDefaultTextEncodingNameERKN3WTF6StringE
 __ZN7WebCore8Settings26setNeedsSiteSpecificQuirksEb
 __ZN7WebCore8Settings27setFTPDirectoryTemplatePathERKN3WTF6StringE
+__ZN7WebCore8Settings27setJavaEnabledForLocalFilesEb
 __ZN7WebCore8Settings27setLoadsImagesAutomaticallyEb
 __ZN7WebCore8Settings27setLocalStorageDatabasePathERKN3WTF6StringE
 __ZN7WebCore8Settings27setSpatialNavigationEnabledEb
@@ -1045,6 +1045,7 @@ __ZN7WebCore8Settings35setEnforceCSSMIMETypeInNoQuirksModeEb
 __ZN7WebCore8Settings35setExperimentalNotificationsEnabledEb
 __ZN7WebCore8Settings35setTreatsAnyTextCSSLinkAsStylesheetEb
 __ZN7WebCore8Settings36setOfflineWebApplicationCacheEnabledEb
+__ZN7WebCore8Settings37setFixedElementsLayoutRelativeToFrameEb
 __ZN7WebCore8Settings40setJavaScriptCanOpenWindowsAutomaticallyEb
 __ZN7WebCore8Settings40setTextDirectionSubmenuInclusionBehaviorENS_37TextDirectionSubmenuInclusionBehaviorE
 __ZN7WebCore8Settings41setNeedsKeyboardEventDisambiguationQuirksEb
index af63d26..2274d8d 100644 (file)
@@ -128,7 +128,16 @@ bool HTMLAppletElement::canEmbedJava() const
         return false;
 
     Settings* settings = document()->settings();
-    return settings && settings->isJavaEnabled();
+    if (!settings)
+        return false;
+
+    if (!settings->isJavaEnabled())
+        return false;
+
+    if (document()->securityOrigin()->isLocal() && !settings->isJavaEnabledForLocalFiles())
+        return false;
+
+    return true;
 }
 
 void HTMLAppletElement::finishParsingChildren()
index 4576c94..1ff47e6 100644 (file)
@@ -104,14 +104,22 @@ bool SubframeLoader::resourceWillUsePlugin(const String& url, const String& mime
 bool SubframeLoader::requestPlugin(HTMLPlugInImageElement* ownerElement, const KURL& url, const String& mimeType, const Vector<String>& paramNames, const Vector<String>& paramValues, bool useFallback)
 {
     Settings* settings = m_frame->settings();
-    if ((!allowPlugins(AboutToInstantiatePlugin)
-         // Application plug-ins are plug-ins implemented by the user agent, for example Qt plug-ins,
-         // as opposed to third-party code such as Flash. The user agent decides whether or not they are
-         // permitted, rather than WebKit.
-         && !MIMETypeRegistry::isApplicationPluginMIMEType(mimeType))
-        || ((!settings || !settings->isJavaEnabled()) && MIMETypeRegistry::isJavaAppletMIMEType(mimeType)))
+    if (!settings)
         return false;
 
+    // Application plug-ins are plug-ins implemented by the user agent, for example Qt plug-ins,
+    // as opposed to third-party code such as Flash. The user agent decides whether or not they are
+    // permitted, rather than WebKit.
+    if ((!allowPlugins(AboutToInstantiatePlugin) && !MIMETypeRegistry::isApplicationPluginMIMEType(mimeType)))
+        return false;
+
+    if (MIMETypeRegistry::isJavaAppletMIMEType(mimeType)) {
+        if (!settings->isJavaEnabled())
+            return false;
+        if (m_frame->document() && m_frame->document()->securityOrigin()->isLocal() && !settings->isJavaEnabledForLocalFiles())
+            return false;
+    }
+
     if (m_frame->document()) {
         if (m_frame->document()->isSandboxed(SandboxPlugins))
             return false;
index 49e362b..3af6f07 100644 (file)
 #include "FrameLoader.h"
 #include "FrameLoaderClient.h"
 #include "Geolocation.h"
-#include "Page.h"
-#include "PointerLock.h"
 #include "Language.h"
+#include "Page.h"
 #include "PluginData.h"
+#include "PointerLock.h"
+#include "SecurityOrigin.h"
 #include "Settings.h"
 #include "StorageNamespace.h"
 #include <wtf/HashSet.h>
@@ -126,7 +127,12 @@ bool Navigator::javaEnabled() const
     if (!m_frame || !m_frame->settings())
         return false;
 
-    return m_frame->settings()->isJavaEnabled();
+    if (!m_frame->settings()->isJavaEnabled())
+        return false;
+    if (m_frame->document()->securityOrigin()->isLocal() && !m_frame->settings()->isJavaEnabledForLocalFiles())
+        return false;
+
+    return true;
 }
 
 #if ENABLE(POINTER_LOCK)
index 6372318..35b0f58 100644 (file)
@@ -134,6 +134,7 @@ Settings::Settings(Page* page)
     , m_maximumHTMLParserDOMTreeDepth(defaultMaximumHTMLParserDOMTreeDepth)
     , m_isSpatialNavigationEnabled(false)
     , m_isJavaEnabled(false)
+    , m_isJavaEnabledForLocalFiles(true)
     , m_loadsImagesAutomatically(false)
     , m_loadsSiteIconsIgnoringImageLoadingSetting(false)
     , m_privateBrowsingEnabled(false)
@@ -430,6 +431,11 @@ void Settings::setJavaEnabled(bool isJavaEnabled)
     m_isJavaEnabled = isJavaEnabled;
 }
 
+void Settings::setJavaEnabledForLocalFiles(bool isJavaEnabledForLocalFiles)
+{
+    m_isJavaEnabledForLocalFiles = isJavaEnabledForLocalFiles;
+}
+
 void Settings::setImagesEnabled(bool areImagesEnabled)
 {
     m_areImagesEnabled = areImagesEnabled;
index 08ac598..a02a236 100644 (file)
@@ -143,6 +143,10 @@ namespace WebCore {
         void setJavaEnabled(bool);
         bool isJavaEnabled() const { return m_isJavaEnabled; }
 
+        // This settings is only consulted if isJavaEnabled() returns true;
+        void setJavaEnabledForLocalFiles(bool);
+        bool isJavaEnabledForLocalFiles() const { return m_isJavaEnabledForLocalFiles; }
+
         void setImagesEnabled(bool);
         bool areImagesEnabled() const { return m_areImagesEnabled; }
 
@@ -581,6 +585,7 @@ namespace WebCore {
         unsigned m_maximumHTMLParserDOMTreeDepth;
         bool m_isSpatialNavigationEnabled : 1;
         bool m_isJavaEnabled : 1;
+        bool m_isJavaEnabledForLocalFiles : 1;
         bool m_loadsImagesAutomatically : 1;
         bool m_loadsSiteIconsIgnoringImageLoadingSetting : 1;
         bool m_privateBrowsingEnabled : 1;
index 0010181..b648fdc 100644 (file)
@@ -1,3 +1,19 @@
+2012-03-29  Sam Weinig  <sam@webkit.org>
+
+        Add setting to disable Java for local files even if it is otherwise enabled
+        https://bugs.webkit.org/show_bug.cgi?id=82685
+
+        Reviewed by Anders Carlsson.
+
+        * Shared/WebPreferencesStore.h:
+        * UIProcess/API/C/WKPreferences.cpp:
+        (WKPreferencesSetJavaEnabledForLocalFiles):
+        (WKPreferencesGetJavaEnabledForLocalFiles):
+        * UIProcess/API/C/WKPreferencesPrivate.h:
+        * WebProcess/WebPage/WebPage.cpp:
+        (WebKit::WebPage::updatePreferences):
+        Add pref as SPI and forward to WebCore.
+
 2012-04-02  Balazs Kelemen  <kbalazs@webkit.org>
 
         [Qt][WK2] Set up plugin process on Unix
index 0e86d85..8cc2b23 100644 (file)
@@ -54,6 +54,7 @@ namespace WebKit {
     macro(LoadsSiteIconsIgnoringImageLoadingPreference, loadsSiteIconsIgnoringImageLoadingPreference, Bool, bool, false) \
     macro(PluginsEnabled, pluginsEnabled, Bool, bool, true) \
     macro(JavaEnabled, javaEnabled, Bool, bool, true) \
+    macro(JavaEnabledForLocalFiles, javaEnabledForLocalFiles, Bool, bool, true) \
     macro(OfflineWebApplicationCacheEnabled, offlineWebApplicationCacheEnabled, Bool, bool, false) \
     macro(LocalStorageEnabled, localStorageEnabled, Bool, bool, true) \
     macro(DatabasesEnabled, databasesEnabled, Bool, bool, true) \
index 6c899f9..2c04045 100644 (file)
@@ -158,6 +158,16 @@ bool WKPreferencesGetJavaEnabled(WKPreferencesRef preferencesRef)
     return toImpl(preferencesRef)->javaEnabled();
 }
 
+void WKPreferencesSetJavaEnabledForLocalFiles(WKPreferencesRef preferencesRef, bool javaEnabledForLocalFiles)
+{
+    toImpl(preferencesRef)->setJavaEnabledForLocalFiles(javaEnabledForLocalFiles);
+}
+
+bool WKPreferencesGetJavaEnabledForLocalFiles(WKPreferencesRef preferencesRef)
+{
+    return toImpl(preferencesRef)->javaEnabledForLocalFiles();
+}
+
 void WKPreferencesSetJavaScriptCanOpenWindowsAutomatically(WKPreferencesRef preferencesRef, bool javaScriptCanOpenWindowsAutomatically)
 {
     toImpl(preferencesRef)->setJavaScriptCanOpenWindowsAutomatically(javaScriptCanOpenWindowsAutomatically);
index 5bd96d5..16d74e6 100644 (file)
@@ -175,6 +175,10 @@ WK_EXPORT bool WKPreferencesGetApplicationChromeModeEnabled(WKPreferencesRef pre
 WK_EXPORT void WKPreferencesSetInspectorUsesWebKitUserInterface(WKPreferencesRef preferencesRef, bool enabled);
 WK_EXPORT bool WKPreferencesGetInspectorUsesWebKitUserInterface(WKPreferencesRef preferencesRef);
 
+// Defaults to true.
+WK_EXPORT void WKPreferencesSetJavaEnabledForLocalFiles(WKPreferencesRef preferences, bool javaEnabled);
+WK_EXPORT bool WKPreferencesGetJavaEnabledForLocalFiles(WKPreferencesRef preferences);
+
 WK_EXPORT void WKPreferencesResetTestRunnerOverrides(WKPreferencesRef preferencesRef);
 
 #ifdef __cplusplus
index ebf6739..9dce293 100644 (file)
@@ -1872,6 +1872,7 @@ void WebPage::updatePreferences(const WebPreferencesStore& store)
     settings->setLoadsSiteIconsIgnoringImageLoadingSetting(store.getBoolValueForKey(WebPreferencesKey::loadsSiteIconsIgnoringImageLoadingPreferenceKey()));
     settings->setPluginsEnabled(store.getBoolValueForKey(WebPreferencesKey::pluginsEnabledKey()));
     settings->setJavaEnabled(store.getBoolValueForKey(WebPreferencesKey::javaEnabledKey()));
+    settings->setJavaEnabledForLocalFiles(store.getBoolValueForKey(WebPreferencesKey::javaEnabledForLocalFilesKey()));    
     settings->setOfflineWebApplicationCacheEnabled(store.getBoolValueForKey(WebPreferencesKey::offlineWebApplicationCacheEnabledKey()));
     settings->setLocalStorageEnabled(store.getBoolValueForKey(WebPreferencesKey::localStorageEnabledKey()));
     settings->setXSSAuditorEnabled(store.getBoolValueForKey(WebPreferencesKey::xssAuditorEnabledKey()));