REGRESSION (r167856): Unable to log into HSBC app
authordbates@webkit.org <dbates@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 18 Jun 2014 21:52:45 +0000 (21:52 +0000)
committerdbates@webkit.org <dbates@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 18 Jun 2014 21:52:45 +0000 (21:52 +0000)
https://bugs.webkit.org/show_bug.cgi?id=133991
<rdar://problem/17044839>

Reviewed by David Kilzer.

Source/WebCore:
Following <http://trac.webkit.org/changeset/167856> we disallow "navigation to any URL that is
invalid, except for JavaScript URLs, which need not be valid." A byproduct of this policy
decision is that we no longer notify the WebKit client to about a navigation if the destination
URL is invalid. And some apps, including the HSBC app for iOS, have logic to intercept URLs
as a means to pass data from their WebView-embedded web app to the WebView. We should expose a
setting called allowNavigationToInvalidURL (disabled by default on all ports and conditionally
enabled on iOS) to toggle whether WebCore allows navigation to any URL, even if its invalid,
so as to not break clients that intercept URLs and have custom logic to handle them.

Tests: fast/loader/allow-redirect-to-invalid-url-using-javascript.html
       fast/loader/allow-redirect-to-invalid-url-using-meta-refresh.html
       fast/loader/disallow-redirect-to-invalid-url-using-javascript.html
       fast/loader/disallow-redirect-to-invalid-url-using-meta-refresh.html

* loader/NavigationScheduler.cpp:
(WebCore::NavigationScheduler::shouldScheduleNavigation): Modified to only validate
the URL when the setting allowNavigationToInvalidURL is disabled.
* page/Settings.in: Added setting allowNavigationToInvalidURL (disabled by default).

Source/WebKit/mac:
Only enable the setting allowNavigationToInvalidURL for iOS app linked against WebKit/UIKit before iOS 8.

* Misc/WebKitVersionChecks.h: Added macro constant WEBKIT_FIRST_VERSION_WITH_NAVIGATION_URL_VALIDATION.
* WebView/WebView.mm:
(-[WebView _preferencesChanged:]): Enable or disable the setting allowNavigationToInvalidURL as appropriate.

LayoutTests:
Add tests to ensure that the WebKit client will be notified to service a redirect to an invalid
URL when the setting allowNavigationToInvalidURL is enabled and will not be notified when
the setting is disabled.

* fast/loader/allow-redirect-to-invalid-url-using-javascript-expected.txt: Added.
* fast/loader/allow-redirect-to-invalid-url-using-javascript.html: Added.
* fast/loader/allow-redirect-to-invalid-url-using-meta-refresh-expected.txt: Added.
* fast/loader/allow-redirect-to-invalid-url-using-meta-refresh.html: Added.
* fast/loader/disallow-redirect-to-invalid-url-using-javascript-expected.txt: Added.
* fast/loader/disallow-redirect-to-invalid-url-using-javascript.html: Added.
* fast/loader/disallow-redirect-to-invalid-url-using-meta-refresh-expected.txt: Added.
* fast/loader/disallow-redirect-to-invalid-url-using-meta-refresh.html: Added.
* fast/loader/resources/redirect-to-invalid-url-using-javascript.html: Added.
* fast/loader/resources/redirect-to-invalid-url-using-meta-refresh.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@170120 268f45cc-cd09-0410-ab3c-d52691b4dbfc

17 files changed:
LayoutTests/ChangeLog
LayoutTests/fast/loader/allow-redirect-to-invalid-url-using-javascript-expected.txt [new file with mode: 0644]
LayoutTests/fast/loader/allow-redirect-to-invalid-url-using-javascript.html [new file with mode: 0644]
LayoutTests/fast/loader/allow-redirect-to-invalid-url-using-meta-refresh-expected.txt [new file with mode: 0644]
LayoutTests/fast/loader/allow-redirect-to-invalid-url-using-meta-refresh.html [new file with mode: 0644]
LayoutTests/fast/loader/disallow-redirect-to-invalid-url-using-javascript-expected.txt [new file with mode: 0644]
LayoutTests/fast/loader/disallow-redirect-to-invalid-url-using-javascript.html [new file with mode: 0644]
LayoutTests/fast/loader/disallow-redirect-to-invalid-url-using-meta-refresh-expected.txt [new file with mode: 0644]
LayoutTests/fast/loader/disallow-redirect-to-invalid-url-using-meta-refresh.html [new file with mode: 0644]
LayoutTests/fast/loader/resources/redirect-to-invalid-url-using-javascript.html [new file with mode: 0644]
LayoutTests/fast/loader/resources/redirect-to-invalid-url-using-meta-refresh.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/loader/NavigationScheduler.cpp
Source/WebCore/page/Settings.in
Source/WebKit/mac/ChangeLog
Source/WebKit/mac/Misc/WebKitVersionChecks.h
Source/WebKit/mac/WebView/WebView.mm

index 45012cd..c273b71 100644 (file)
@@ -1,3 +1,26 @@
+2014-06-18  Daniel Bates  <dabates@apple.com>
+
+        REGRESSION (r167856): Unable to log into HSBC app
+        https://bugs.webkit.org/show_bug.cgi?id=133991
+        <rdar://problem/17044839>
+
+        Reviewed by David Kilzer.
+
+        Add tests to ensure that the WebKit client will be notified to service a redirect to an invalid
+        URL when the setting allowNavigationToInvalidURL is enabled and will not be notified when
+        the setting is disabled.
+
+        * fast/loader/allow-redirect-to-invalid-url-using-javascript-expected.txt: Added.
+        * fast/loader/allow-redirect-to-invalid-url-using-javascript.html: Added.
+        * fast/loader/allow-redirect-to-invalid-url-using-meta-refresh-expected.txt: Added.
+        * fast/loader/allow-redirect-to-invalid-url-using-meta-refresh.html: Added.
+        * fast/loader/disallow-redirect-to-invalid-url-using-javascript-expected.txt: Added.
+        * fast/loader/disallow-redirect-to-invalid-url-using-javascript.html: Added.
+        * fast/loader/disallow-redirect-to-invalid-url-using-meta-refresh-expected.txt: Added.
+        * fast/loader/disallow-redirect-to-invalid-url-using-meta-refresh.html: Added.
+        * fast/loader/resources/redirect-to-invalid-url-using-javascript.html: Added.
+        * fast/loader/resources/redirect-to-invalid-url-using-meta-refresh.html: Added.
+
 2014-06-18  Commit Queue  <commit-queue@webkit.org>
 
         Unreviewed, rolling out r170099.
diff --git a/LayoutTests/fast/loader/allow-redirect-to-invalid-url-using-javascript-expected.txt b/LayoutTests/fast/loader/allow-redirect-to-invalid-url-using-javascript-expected.txt
new file mode 100644 (file)
index 0000000..31f1942
--- /dev/null
@@ -0,0 +1,13 @@
+frame "frame" - didStartProvisionalLoadForFrame
+main frame - didFinishDocumentLoadForFrame
+frame "frame" - didCommitLoadForFrame
+frame "frame" - willPerformClientRedirectToURL: x-dummy://A=a&B=b 
+frame "frame" - didFinishDocumentLoadForFrame
+main frame - didHandleOnloadEventsForFrame
+frame "frame" - didFinishLoadForFrame
+main frame - didFinishLoadForFrame
+Tests that we allow redirection to an invalid URL initiated by JavaScript when setting allowNavigationToInvalidURL is true. This test PASSED if you see an entry in the dumped frame load callbacks of the form: "willPerformClientRedirectToURL: x-dummy://A=a&B=b".
+
+Note, this test must be run in DumpRenderTree.
+
+
diff --git a/LayoutTests/fast/loader/allow-redirect-to-invalid-url-using-javascript.html b/LayoutTests/fast/loader/allow-redirect-to-invalid-url-using-javascript.html
new file mode 100644 (file)
index 0000000..5d5e04b
--- /dev/null
@@ -0,0 +1,29 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script>
+if (window.testRunner) {
+    testRunner.dumpAsText();
+    testRunner.dumpFrameLoadCallbacks();
+    testRunner.waitUntilDone();
+}
+
+if (window.internals)
+    window.internals.settings.setAllowNavigationToInvalidURL(true);
+</script>
+</head>
+<body>
+<p>Tests that we allow redirection to an invalid URL initiated by JavaScript when setting allowNavigationToInvalidURL is true. This test PASSED if you see an entry in the dumped frame load callbacks of the form: &quot;willPerformClientRedirectToURL: x-dummy://A=a&amp;B=b&quot;.</p>
+<p>Note, this test must be run in DumpRenderTree.</p>
+<iframe id="frame" src="resources/redirect-to-invalid-url-using-javascript.html"></iframe>
+<script>
+function done()
+{
+    if (window.testRunner)
+        testRunner.notifyDone();
+}
+
+window.setTimeout(done, 0);
+</script>
+</body>
+</html>
diff --git a/LayoutTests/fast/loader/allow-redirect-to-invalid-url-using-meta-refresh-expected.txt b/LayoutTests/fast/loader/allow-redirect-to-invalid-url-using-meta-refresh-expected.txt
new file mode 100644 (file)
index 0000000..b5ff850
--- /dev/null
@@ -0,0 +1,14 @@
+frame "frame" - didStartProvisionalLoadForFrame
+main frame - didFinishDocumentLoadForFrame
+frame "frame" - didCommitLoadForFrame
+frame "frame" - didFinishDocumentLoadForFrame
+frame "frame" - didHandleOnloadEventsForFrame
+main frame - didHandleOnloadEventsForFrame
+frame "frame" - willPerformClientRedirectToURL: x-dummy://A=a&B=b 
+frame "frame" - didFinishLoadForFrame
+main frame - didFinishLoadForFrame
+Tests that we allow redirection to an invalid URL initiated by <meta http-equiv="refresh"> when setting allowNavigationToInvalidURL is true. This test PASSED if you see an entry in the dumped frame load callbacks of the form: "willPerformClientRedirectToURL: x-dummy://A=a&B=b".
+
+Note, this test must be run in DumpRenderTree.
+
+
diff --git a/LayoutTests/fast/loader/allow-redirect-to-invalid-url-using-meta-refresh.html b/LayoutTests/fast/loader/allow-redirect-to-invalid-url-using-meta-refresh.html
new file mode 100644 (file)
index 0000000..df88a9d
--- /dev/null
@@ -0,0 +1,29 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script>
+if (window.testRunner) {
+    testRunner.dumpAsText();
+    testRunner.dumpFrameLoadCallbacks();
+    testRunner.waitUntilDone();
+}
+
+if (window.internals)
+    window.internals.settings.setAllowNavigationToInvalidURL(true);
+</script>
+</head>
+<body>
+<p>Tests that we allow redirection to an invalid URL initiated by &lt;meta http-equiv=&quot;refresh&quot;&gt; when setting allowNavigationToInvalidURL is true. This test PASSED if you see an entry in the dumped frame load callbacks of the form: &quot;willPerformClientRedirectToURL: x-dummy://A=a&amp;B=b&quot;.</p>
+<p>Note, this test must be run in DumpRenderTree.</p>
+<iframe id="frame" src="resources/redirect-to-invalid-url-using-meta-refresh.html"></iframe>
+<script>
+function done()
+{
+    if (window.testRunner)
+        testRunner.notifyDone();
+}
+
+window.setTimeout(done, 0);
+</script>
+</body>
+</html>
diff --git a/LayoutTests/fast/loader/disallow-redirect-to-invalid-url-using-javascript-expected.txt b/LayoutTests/fast/loader/disallow-redirect-to-invalid-url-using-javascript-expected.txt
new file mode 100644 (file)
index 0000000..dba9f22
--- /dev/null
@@ -0,0 +1,13 @@
+frame "frame" - didStartProvisionalLoadForFrame
+main frame - didFinishDocumentLoadForFrame
+frame "frame" - didCommitLoadForFrame
+frame "frame" - didFinishDocumentLoadForFrame
+frame "frame" - didHandleOnloadEventsForFrame
+main frame - didHandleOnloadEventsForFrame
+frame "frame" - didFinishLoadForFrame
+main frame - didFinishLoadForFrame
+Tests that we do not redirect to an invalid URL initiated by JavaScript when setting allowNavigationToInvalidURL is false. This test PASSED if you do not see an entry in the dumped frame load callbacks of the form: "willPerformClientRedirectToURL: x-dummy://A=a&B=b".
+
+Note, this test must be run in DumpRenderTree.
+
+
diff --git a/LayoutTests/fast/loader/disallow-redirect-to-invalid-url-using-javascript.html b/LayoutTests/fast/loader/disallow-redirect-to-invalid-url-using-javascript.html
new file mode 100644 (file)
index 0000000..fef4056
--- /dev/null
@@ -0,0 +1,29 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script>
+if (window.testRunner) {
+    testRunner.dumpAsText();
+    testRunner.dumpFrameLoadCallbacks();
+    testRunner.waitUntilDone();
+}
+
+if (window.internals)
+    window.internals.settings.setAllowNavigationToInvalidURL(false);
+</script>
+</head>
+<body>
+<p>Tests that we do not redirect to an invalid URL initiated by JavaScript when setting allowNavigationToInvalidURL is false. This test PASSED if you do not see an entry in the dumped frame load callbacks of the form: &quot;willPerformClientRedirectToURL: x-dummy://A=a&amp;B=b&quot;.</p>
+<p>Note, this test must be run in DumpRenderTree.</p>
+<iframe id="frame" src="resources/redirect-to-invalid-url-using-javascript.html"></iframe>
+<script>
+function done()
+{
+    if (window.testRunner)
+        testRunner.notifyDone();
+}
+
+window.setTimeout(done, 0);
+</script>
+</body>
+</html>
diff --git a/LayoutTests/fast/loader/disallow-redirect-to-invalid-url-using-meta-refresh-expected.txt b/LayoutTests/fast/loader/disallow-redirect-to-invalid-url-using-meta-refresh-expected.txt
new file mode 100644 (file)
index 0000000..5a4901e
--- /dev/null
@@ -0,0 +1,13 @@
+frame "frame" - didStartProvisionalLoadForFrame
+main frame - didFinishDocumentLoadForFrame
+frame "frame" - didCommitLoadForFrame
+frame "frame" - didFinishDocumentLoadForFrame
+frame "frame" - didHandleOnloadEventsForFrame
+main frame - didHandleOnloadEventsForFrame
+frame "frame" - didFinishLoadForFrame
+main frame - didFinishLoadForFrame
+Tests that we do not redirect to an invalid URL initiated by <meta http-equiv="refresh"> when setting allowNavigationToInvalidURL is false. This test PASSED if you do not see an entry in the dumped frame load callbacks of the form: "willPerformClientRedirectToURL: x-dummy://A=a&B=b".
+
+Note, this test must be run in DumpRenderTree.
+
+
diff --git a/LayoutTests/fast/loader/disallow-redirect-to-invalid-url-using-meta-refresh.html b/LayoutTests/fast/loader/disallow-redirect-to-invalid-url-using-meta-refresh.html
new file mode 100644 (file)
index 0000000..108b4a5
--- /dev/null
@@ -0,0 +1,29 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script>
+if (window.testRunner) {
+    testRunner.dumpAsText();
+    testRunner.dumpFrameLoadCallbacks();
+    testRunner.waitUntilDone();
+}
+
+if (window.internals)
+    window.internals.settings.setAllowNavigationToInvalidURL(false);
+</script>
+</head>
+<body>
+<p>Tests that we do not redirect to an invalid URL initiated by &lt;meta http-equiv=&quot;refresh&quot;&gt; when setting allowNavigationToInvalidURL is false. This test PASSED if you do not see an entry in the dumped frame load callbacks of the form: &quot;willPerformClientRedirectToURL: x-dummy://A=a&amp;B=b&quot;.</p>
+<p>Note, this test must be run in DumpRenderTree.</p>
+<iframe id="frame" src="resources/redirect-to-invalid-url-using-meta-refresh.html"></iframe>
+<script>
+function done()
+{
+    if (window.testRunner)
+        testRunner.notifyDone();
+}
+
+window.setTimeout(done, 0);
+</script>
+</body>
+</html>
diff --git a/LayoutTests/fast/loader/resources/redirect-to-invalid-url-using-javascript.html b/LayoutTests/fast/loader/resources/redirect-to-invalid-url-using-javascript.html
new file mode 100644 (file)
index 0000000..c07f21d
--- /dev/null
@@ -0,0 +1,4 @@
+<!DOCTYPE html>
+<script>
+window.location.href = "x-dummy://A=a&B=b";
+</script>
diff --git a/LayoutTests/fast/loader/resources/redirect-to-invalid-url-using-meta-refresh.html b/LayoutTests/fast/loader/resources/redirect-to-invalid-url-using-meta-refresh.html
new file mode 100644 (file)
index 0000000..55b65da
--- /dev/null
@@ -0,0 +1,6 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <meta http-equiv="refresh" content="0; url=x-dummy://A=a&B=b">
+</head>
+</html>
index 4e98d2c..842db09 100644 (file)
@@ -1,3 +1,30 @@
+2014-06-18  Daniel Bates  <dabates@apple.com>
+
+        REGRESSION (r167856): Unable to log into HSBC app
+        https://bugs.webkit.org/show_bug.cgi?id=133991
+        <rdar://problem/17044839>
+
+        Reviewed by David Kilzer.
+
+        Following <http://trac.webkit.org/changeset/167856> we disallow "navigation to any URL that is
+        invalid, except for JavaScript URLs, which need not be valid." A byproduct of this policy
+        decision is that we no longer notify the WebKit client to about a navigation if the destination
+        URL is invalid. And some apps, including the HSBC app for iOS, have logic to intercept URLs
+        as a means to pass data from their WebView-embedded web app to the WebView. We should expose a
+        setting called allowNavigationToInvalidURL (disabled by default on all ports and conditionally
+        enabled on iOS) to toggle whether WebCore allows navigation to any URL, even if its invalid,
+        so as to not break clients that intercept URLs and have custom logic to handle them.
+
+        Tests: fast/loader/allow-redirect-to-invalid-url-using-javascript.html
+               fast/loader/allow-redirect-to-invalid-url-using-meta-refresh.html
+               fast/loader/disallow-redirect-to-invalid-url-using-javascript.html
+               fast/loader/disallow-redirect-to-invalid-url-using-meta-refresh.html
+
+        * loader/NavigationScheduler.cpp:
+        (WebCore::NavigationScheduler::shouldScheduleNavigation): Modified to only validate
+        the URL when the setting allowNavigationToInvalidURL is disabled.
+        * page/Settings.in: Added setting allowNavigationToInvalidURL (disabled by default).
+
 2014-06-18  Simon Fraser  <simon.fraser@apple.com>
 
         Make ScrollingStateNodes refcounted, and other minor cleanup
index 350567e..3931343 100644 (file)
@@ -48,6 +48,7 @@
 #include "InspectorInstrumentation.h"
 #include "Page.h"
 #include "ScriptController.h"
+#include "Settings.h"
 #include "UserGestureIndicator.h"
 #include <wtf/CurrentTime.h>
 #include <wtf/Ref.h>
@@ -310,7 +311,7 @@ inline bool NavigationScheduler::shouldScheduleNavigation(const URL& url) const
         return false;
     if (protocolIsJavaScript(url))
         return true;
-    if (!url.isValid())
+    if (!url.isValid() && !m_frame.settings().allowNavigationToInvalidURL())
         return false;
     return NavigationDisablerForBeforeUnload::isNavigationAllowed();
 }
index 19428c2..9bc06c6 100644 (file)
@@ -223,3 +223,7 @@ aggressiveTileRetentionEnabled initial=false
 temporaryTileCohortRetentionEnabled initial=true
 
 useImageDocumentForSubframePDF initial=false
+
+# Allow clients to permit navigation to an invalid URL. Some apps may use invalid URLs
+# as a means to pass data from the web-portion of their app to the native portion.
+allowNavigationToInvalidURL initial=false
index 1880109..405c722 100644 (file)
@@ -1,3 +1,17 @@
+2014-06-18  Daniel Bates  <dabates@apple.com>
+
+        REGRESSION (r167856): Unable to log into HSBC app
+        https://bugs.webkit.org/show_bug.cgi?id=133991
+        <rdar://problem/17044839>
+
+        Reviewed by David Kilzer.
+
+        Only enable the setting allowNavigationToInvalidURL for iOS app linked against WebKit/UIKit before iOS 8.
+
+        * Misc/WebKitVersionChecks.h: Added macro constant WEBKIT_FIRST_VERSION_WITH_NAVIGATION_URL_VALIDATION.
+        * WebView/WebView.mm:
+        (-[WebView _preferencesChanged:]): Enable or disable the setting allowNavigationToInvalidURL as appropriate.
+
 2014-06-18  Anders Carlsson  <andersca@apple.com>
 
         Adopt modern C++11 loops and fix WebArchive creation functions
index c22d3f9..91e9192 100644 (file)
@@ -73,6 +73,7 @@
 #define WEBKIT_FIRST_VERSION_WITH_CSS_ATTRIBUTE_SETTERS_IGNORING_PRIORITY 2239 // iOS 6.0
 #define WEBKIT_FIRST_VERSION_WITH_YOUTUBE_EMBED_IFRAME_TRANSFORM 2239 // iOS 6.0
 #define WEBKIT_FIRST_VERSION_WITHOUT_LEGACY_BACKGROUNDSIZE_SHORTHAND_BEHAVIOR 2665 // iOS 7.0
+#define WEBKIT_FIRST_VERSION_WITH_NAVIGATION_URL_VALIDATION 3185 // iOS 8.0
 #endif // PLATFORM(IOS)
 
 #ifdef __cplusplus
index 3ad2537..ca96cb8 100644 (file)
@@ -2342,6 +2342,8 @@ static bool needsSelfRetainWhileLoadingQuirk()
 #if ENABLE(IOS_TEXT_AUTOSIZING)
     settings.setMinimumZoomFontSize([preferences _minimumZoomFontSize]);
 #endif
+
+    settings.setAllowNavigationToInvalidURL(!WebKitLinkedOnOrAfter(WEBKIT_FIRST_VERSION_WITH_NAVIGATION_URL_VALIDATION));
 #endif // PLATFORM(IOS)
 
 #if PLATFORM(MAC)