[GTK][WPE] Add enable-javascript-markup setting
authorcarlosgc@webkit.org <carlosgc@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 11 Feb 2019 06:36:04 +0000 (06:36 +0000)
committercarlosgc@webkit.org <carlosgc@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 11 Feb 2019 06:36:04 +0000 (06:36 +0000)
https://bugs.webkit.org/show_bug.cgi?id=193439

Reviewed by Michael Catanzaro.

Source/WebKit:

Expose JavaScriptMarkupEnabled setting in the GLib API.

* UIProcess/API/glib/WebKitSettings.cpp:
(webKitSettingsSetProperty):
(webKitSettingsGetProperty):
(webkit_settings_class_init):
(webkit_settings_get_enable_javascript_markup):
(webkit_settings_set_enable_javascript_markup):
* UIProcess/API/gtk/WebKitSettings.h:
* UIProcess/API/gtk/docs/webkit2gtk-4.0-sections.txt:
* UIProcess/API/wpe/WebKitSettings.h:
* UIProcess/API/wpe/docs/wpe-0.1-sections.txt:

Tools:

Add test cases to check the new setting.

* TestWebKitAPI/Tests/WebKitGLib/TestWebKitSettings.cpp:
(testWebKitSettings):
(testWebKitSettingsJavaScriptMarkup):
(beforeAll):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@241258 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebKit/ChangeLog
Source/WebKit/UIProcess/API/glib/WebKitSettings.cpp
Source/WebKit/UIProcess/API/gtk/WebKitSettings.h
Source/WebKit/UIProcess/API/gtk/docs/webkit2gtk-4.0-sections.txt
Source/WebKit/UIProcess/API/wpe/WebKitSettings.h
Source/WebKit/UIProcess/API/wpe/docs/wpe-0.1-sections.txt
Tools/ChangeLog
Tools/TestWebKitAPI/Tests/WebKitGLib/TestWebKitSettings.cpp

index a4332c1..4cddacd 100644 (file)
@@ -1,3 +1,23 @@
+2019-02-04  Carlos Garcia Campos  <cgarcia@igalia.com>
+
+        [GTK][WPE] Add enable-javascript-markup setting
+        https://bugs.webkit.org/show_bug.cgi?id=193439
+
+        Reviewed by Michael Catanzaro.
+
+        Expose JavaScriptMarkupEnabled setting in the GLib API.
+
+        * UIProcess/API/glib/WebKitSettings.cpp:
+        (webKitSettingsSetProperty):
+        (webKitSettingsGetProperty):
+        (webkit_settings_class_init):
+        (webkit_settings_get_enable_javascript_markup):
+        (webkit_settings_set_enable_javascript_markup):
+        * UIProcess/API/gtk/WebKitSettings.h:
+        * UIProcess/API/gtk/docs/webkit2gtk-4.0-sections.txt:
+        * UIProcess/API/wpe/WebKitSettings.h:
+        * UIProcess/API/wpe/docs/wpe-0.1-sections.txt:
+
 2019-02-10  Darin Adler  <darin@apple.com>
 
         Switch uses of StringBuilder with String::format for hex numbers to use HexNumber.h instead
index a757094..5133b46 100644 (file)
@@ -166,6 +166,7 @@ enum {
     PROP_HARDWARE_ACCELERATION_POLICY,
     PROP_ENABLE_BACK_FORWARD_NAVIGATION_GESTURES,
 #endif
+    PROP_ENABLE_JAVASCRIPT_MARKUP,
 };
 
 static void webKitSettingsDispose(GObject* object)
@@ -389,6 +390,9 @@ static void webKitSettingsSetProperty(GObject* object, guint propId, const GValu
         webkit_settings_set_enable_back_forward_navigation_gestures(settings, g_value_get_boolean(value));
         break;
 #endif
+    case PROP_ENABLE_JAVASCRIPT_MARKUP:
+        webkit_settings_set_enable_javascript_markup(settings, g_value_get_boolean(value));
+        break;
     default:
         G_OBJECT_WARN_INVALID_PROPERTY_ID(object, propId, paramSpec);
         break;
@@ -571,6 +575,9 @@ static void webKitSettingsGetProperty(GObject* object, guint propId, GValue* val
         g_value_set_boolean(value, webkit_settings_get_enable_back_forward_navigation_gestures(settings));
         break;
 #endif
+    case PROP_ENABLE_JAVASCRIPT_MARKUP:
+        g_value_set_boolean(value, webkit_settings_get_enable_javascript_markup(settings));
+        break;
     default:
         G_OBJECT_WARN_INVALID_PROPERTY_ID(object, propId, paramSpec);
         break;
@@ -1469,6 +1476,23 @@ static void webkit_settings_class_init(WebKitSettingsClass* klass)
             FALSE,
             readWriteConstructParamFlags));
 #endif // PLATFOTM(GTK)
+
+    /**
+     * WebKitSettings:enable-javascript-markup:
+     *
+     * Determines whether or not JavaScript markup is allowed in document. When this setting is disabled,
+     * all JavaScript-related elements and attributes are removed from the document during parsing. Note that
+     * executing JavaScript is still allowed if #WebKitSettings:enable-javascript is %TRUE.
+     *
+     * Since: 2.24
+     */
+    g_object_class_install_property(gObjectClass,
+        PROP_ENABLE_JAVASCRIPT_MARKUP,
+        g_param_spec_boolean("enable-javascript-markup",
+            _("Enable JavaScript Markup"),
+            _("Enable JavaScript in document markup."),
+            TRUE,
+            readWriteConstructParamFlags));
 }
 
 WebPreferences* webkitSettingsGetPreferences(WebKitSettings* settings)
@@ -3611,3 +3635,42 @@ guint32 webkit_settings_font_size_to_pixels(guint32 points)
     return std::round(points * WebCore::screenDPI() / 72);
 }
 #endif // PLATFORM(GTK)
+
+/**
+ * webkit_settings_get_enable_javascript_markup:
+ * @settings: a #WebKitSettings
+ *
+ * Get the #WebKitSettings:enable-javascript-markup property.
+ *
+ * Returns: %TRUE if JavaScript markup is enabled or %FALSE otherwise.
+ *
+ * Since: 2.24
+ */
+gboolean webkit_settings_get_enable_javascript_markup(WebKitSettings* settings)
+{
+    g_return_val_if_fail(WEBKIT_IS_SETTINGS(settings), FALSE);
+
+    return settings->priv->preferences->javaScriptMarkupEnabled();
+}
+
+/**
+ * webkit_settings_set_enable_javascript_markup:
+ * @settings: a #WebKitSettings
+ * @enabled: Value to be set
+ *
+ * Set the #WebKitSettings:enable-javascript-markup property.
+ *
+ * Since: 2.24
+ */
+void webkit_settings_set_enable_javascript_markup(WebKitSettings* settings, gboolean enabled)
+{
+    g_return_if_fail(WEBKIT_IS_SETTINGS(settings));
+
+    WebKitSettingsPrivate* priv = settings->priv;
+    bool currentValue = priv->preferences->javaScriptMarkupEnabled();
+    if (currentValue == enabled)
+        return;
+
+    priv->preferences->setJavaScriptMarkupEnabled(enabled);
+    g_object_notify(G_OBJECT(settings), "enable-javascript-markup");
+}
index 42092ad..00a8ebb 100644 (file)
@@ -485,6 +485,13 @@ webkit_settings_font_size_to_points                            (guint32 pixels);
 WEBKIT_API guint32
 webkit_settings_font_size_to_pixels                            (guint32 points);
 
+WEBKIT_API gboolean
+webkit_settings_get_enable_javascript_markup                   (WebKitSettings *settings);
+
+WEBKIT_API void
+webkit_settings_set_enable_javascript_markup                   (WebKitSettings *settings,
+                                                                gboolean        enabled);
+
 G_END_DECLS
 
 #endif /* WebKitSettings_h */
index 6088fcf..4efb952 100644 (file)
@@ -393,6 +393,8 @@ webkit_settings_get_enable_java
 webkit_settings_set_enable_java
 webkit_settings_get_enable_javascript
 webkit_settings_set_enable_javascript
+webkit_settings_get_enable_javascript_markup
+webkit_settings_set_enable_javascript_markup
 webkit_settings_get_enable_offline_web_application_cache
 webkit_settings_set_enable_offline_web_application_cache
 webkit_settings_get_enable_plugins
index 2ec0c9e..a7921ab 100644 (file)
@@ -442,6 +442,13 @@ WEBKIT_API void
 webkit_settings_set_allow_universal_access_from_file_urls      (WebKitSettings *settings,
                                                                 gboolean        allowed);
 
+WEBKIT_API gboolean
+webkit_settings_get_enable_javascript_markup                   (WebKitSettings *settings);
+
+WEBKIT_API void
+webkit_settings_set_enable_javascript_markup                   (WebKitSettings *settings,
+                                                                gboolean        enabled);
+
 G_END_DECLS
 
 #endif /* WebKitSettings_h */
index 99650cd..a5ecfe4 100644 (file)
@@ -376,6 +376,8 @@ webkit_settings_get_enable_java
 webkit_settings_set_enable_java
 webkit_settings_get_enable_javascript
 webkit_settings_set_enable_javascript
+webkit_settings_get_enable_javascript_markup
+webkit_settings_set_enable_javascript_markup
 webkit_settings_get_enable_offline_web_application_cache
 webkit_settings_set_enable_offline_web_application_cache
 webkit_settings_get_enable_plugins
index da47d7d..2f46602 100644 (file)
@@ -1,3 +1,17 @@
+2019-02-04  Carlos Garcia Campos  <cgarcia@igalia.com>
+
+        [GTK][WPE] Add enable-javascript-markup setting
+        https://bugs.webkit.org/show_bug.cgi?id=193439
+
+        Reviewed by Michael Catanzaro.
+
+        Add test cases to check the new setting.
+
+        * TestWebKitAPI/Tests/WebKitGLib/TestWebKitSettings.cpp:
+        (testWebKitSettings):
+        (testWebKitSettingsJavaScriptMarkup):
+        (beforeAll):
+
 2019-02-10  Darin Adler  <darin@apple.com>
 
         Switch uses of StringBuilder with String::format for hex numbers to use HexNumber.h instead
index 157f0a6..50ef3d1 100644 (file)
@@ -355,6 +355,11 @@ static void testWebKitSettings(Test*, gconstpointer)
     g_assert_true(webkit_settings_get_enable_back_forward_navigation_gestures(settings));
 #endif
 
+    // JavaScript markup is enabled by default.
+    g_assert_true(webkit_settings_get_enable_javascript_markup(settings));
+    webkit_settings_set_enable_javascript_markup(settings, FALSE);
+    g_assert_false(webkit_settings_get_enable_javascript_markup(settings));
+
     g_object_unref(G_OBJECT(settings));
 }
 
@@ -425,6 +430,31 @@ static void testWebKitSettingsUserAgent(WebViewTest* test, gconstpointer)
 }
 #endif // PLATFORM(GTK)
 
+static void testWebKitSettingsJavaScriptMarkup(WebViewTest* test, gconstpointer)
+{
+    webkit_settings_set_enable_javascript_markup(webkit_web_view_get_settings(test->m_webView), FALSE);
+    static const char* html =
+        "<html>"
+        " <head>"
+        "  <title>No JavaScript allowed</title>"
+        "  <script>document.title = 'JavaScript allowed from head script'</script>"
+        " </head>"
+        " <body onload='document.title = \"JavaScript allowed from body onload attribute\"'>"
+        "  <p>No JavaScript markup should be allowed</p>"
+        "  <script>document.title = 'JavaScript allowed from body script'</script>"
+        " </body>"
+        "</html>";
+    test->loadHtml(html, nullptr);
+    test->waitUntilLoadFinished();
+
+    g_assert_cmpstr(webkit_web_view_get_title(test->m_webView), ==, "No JavaScript allowed");
+    auto* jsResult = test->runJavaScriptAndWaitUntilFinished("document.getElementsByTagName('script').length", nullptr);
+    g_assert(jsResult);
+    g_assert_cmpfloat(WebViewTest::javascriptResultToNumber(jsResult), ==, 0);
+
+    webkit_settings_set_enable_javascript_markup(webkit_web_view_get_settings(test->m_webView), TRUE);
+}
+
 static void serverCallback(SoupServer* server, SoupMessage* message, const char* path, GHashTable*, SoupClientContext*, gpointer)
 {
     if (message->method != SOUP_METHOD_GET) {
@@ -451,6 +481,7 @@ void beforeAll()
 #if PLATFORM(GTK)
     WebViewTest::add("WebKitSettings", "user-agent", testWebKitSettingsUserAgent);
 #endif
+    WebViewTest::add("WebKitSettings", "javascript-markup", testWebKitSettingsJavaScriptMarkup);
 }
 
 void afterAll()