Local HTML should be blocked from localStorage access unless "Disable Local File...
authorbfulgham@apple.com <bfulgham@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 10 Nov 2016 00:58:35 +0000 (00:58 +0000)
committerbfulgham@apple.com <bfulgham@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 10 Nov 2016 00:58:35 +0000 (00:58 +0000)
https://bugs.webkit.org/show_bug.cgi?id=155185
<rdar://problem/11101440>

Reviewed by Brady Eidson.

Source/WebCore:

Add a new quirk for localStorage that defaults to 'on'. When active, this quirk says that
localStorage access should be granted, without needing to grant universal file access.

If the quirk is turned off, then localStorage is blocked unless the WebKit client explicitly
grants universal file access.

Tests: storage/domstorage/localstorage/blocked-file-access-permitted-by-quirk.html
       storage/domstorage/localstorage/blocked-file-access.html

* dom/Document.cpp:
(WebCore::Document::initSecurityContext): Set localStorage quirk mode based on settings.
* page/SecurityOrigin.cpp:
(WebCore::SecurityOrigin::SecurityOrigin): Use more C++11 initializers.
(WebCore::SecurityOrigin::canAccessStorage): If the origin is a local file, and we are NOT in
localStorage quirks mode, and we have not been granted universal file access, prevent access
to DOM localStorage.
(WebCore::SecurityOrigin::setNeedsLocalStorageQuirk): Added.
* page/SecurityOrigin.h:
(WebCore::SecurityOrigin::needsLocalStorageQuirk): Added.
* page/Settings.in:
* workers/WorkerGlobalScope.cpp:
(WebCore::WorkerGlobalScope::WorkerGlobalScope): Make sure Workers know what the
localStorage quirks mode is set to.

Source/WebKit/mac:

Provide SPI to access the new quirk for localStorage. The quirk defaults to 'on'. When active, this
quirk says that localStorage access should be granted, without needing to grant universal file access.

If the quirk is turned off, then localStorage is blocked unless the WebKit client explicitly
grants universal file access.

* WebView/WebPreferenceKeysPrivate.h:
* WebView/WebPreferences.mm:
(-[WebPreferences needsLocalStorageQuirk]): Added.
(-[WebPreferences setNeedsLocalStorageQuirk:]): Added.
* WebView/WebPreferencesPrivate.h:
* WebView/WebView.mm:
(-[WebView _preferencesChanged:]): Honor the new localStorage quirk.

Source/WebKit2:

Provide SPI to access the new quirk for localStorage. The quirk defaults to 'on'. When active, this
quirk says that localStorage access should be granted, without needing to grant universal file access.

If the quirk is turned off, then localStorage is blocked unless the WebKit client explicitly
grants universal file access.

Tested by existing TestWebKitAPI tests and WebKit2.LocalStorageQuirkTest

* Shared/WebPreferencesDefinitions.h:
* UIProcess/API/C/WKPreferences.cpp:
(WKPreferencesSetNeedsLocalStorageQuirk): Added.
(WKPreferencesGetNeedsLocalStorageQuirk): Added.
* UIProcess/API/C/WKPreferencesRefPrivate.h:
* UIProcess/API/Cocoa/WKWebView.mm:
(-[WKWebView _initializeWithConfiguration:]): Honor the new localStorage quirk.
* UIProcess/API/Cocoa/WKWebViewConfiguration.mm:
(-[WKWebViewConfiguration init]): Honor the new localStorage quirk flag.
(-[WKWebViewConfiguration copyWithZone:]): Ditto.
(-[WKWebViewConfiguration _needsLocalStorageQuirk]): Added.
(-[WKWebViewConfiguration _setNeedsLocalStorageQuirk:]): Added.
* UIProcess/API/Cocoa/WKWebViewConfigurationPrivate.h:
* WebProcess/InjectedBundle/API/c/WKBundle.cpp:
(WKBundleSetNeedsLocalStorageQuirk): Added.
* WebProcess/InjectedBundle/API/c/WKBundlePrivate.h:
* WebProcess/InjectedBundle/InjectedBundle.cpp:
(WebKit::InjectedBundle::setNeedsLocalStorageQuirk): Added.
* WebProcess/InjectedBundle/InjectedBundle.h:
* WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::updatePreferences): Honor the new localStorage quirk flag.

Tools:

* DumpRenderTree/TestRunner.cpp:
(setNeedsLocalStorageQuirkCallback): Added.
(TestRunner::staticFunctions):
* DumpRenderTree/TestRunner.h:
* DumpRenderTree/mac/DumpRenderTree.mm:
(resetWebPreferencesToConsistentValues): Update for new quirk setting.
* DumpRenderTree/mac/TestRunnerMac.mm:
(TestRunner::setNeedsLocalStorageQuirk):
* TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
* TestWebKitAPI/Tests/WebKit2/CloseFromWithinCreatePage.cpp:
* TestWebKitAPI/Tests/WebKit2Cocoa/LocalStorageClear.mm:
* TestWebKitAPI/Tests/WebKit2Cocoa/LocalStorageNullEntries.mm:
* TestWebKitAPI/Tests/WebKit2Cocoa/LocalStorageQuirkEnabled.html: Added.
* TestWebKitAPI/Tests/WebKit2Cocoa/LocalStorageQuirkTest.mm: Added.
(-[LocalStorageQuirkMessageHandler userContentController:didReceiveScriptMessage:]):
* WebKitTestRunner/InjectedBundle/Bindings/TestRunner.idl:
* WebKitTestRunner/InjectedBundle/InjectedBundle.cpp:
(WTR::InjectedBundle::beginTesting): Update for new quirk setting.
* WebKitTestRunner/InjectedBundle/TestRunner.cpp:
(WTR::TestRunner::setNeedsLocalStorageQuirk): Added.
* WebKitTestRunner/InjectedBundle/TestRunner.h:

LayoutTests:

* storage/domstorage/localstorage/blocked-file-access-expected.txt: Added.
* storage/domstorage/localstorage/blocked-file-access-permitted-by-quirk-expected.txt: Added.
* storage/domstorage/localstorage/blocked-file-access-permitted-by-quirk.html: Added.
* storage/domstorage/localstorage/blocked-file-access.html: Added.
* storage/domstorage/localstorage/resources/allowed-example.html: Added.
* storage/domstorage/localstorage/resources/blocked-example.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@208509 268f45cc-cd09-0410-ab3c-d52691b4dbfc

46 files changed:
LayoutTests/ChangeLog
LayoutTests/storage/domstorage/localstorage/blocked-file-access-expected.txt [new file with mode: 0644]
LayoutTests/storage/domstorage/localstorage/blocked-file-access-permitted-by-quirk-expected.txt [new file with mode: 0644]
LayoutTests/storage/domstorage/localstorage/blocked-file-access-permitted-by-quirk.html [new file with mode: 0644]
LayoutTests/storage/domstorage/localstorage/blocked-file-access.html [new file with mode: 0644]
LayoutTests/storage/domstorage/localstorage/file-can-access.html
LayoutTests/storage/domstorage/localstorage/resources/allowed-example.html [new file with mode: 0644]
LayoutTests/storage/domstorage/localstorage/resources/blocked-example.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/dom/Document.cpp
Source/WebCore/page/SecurityOrigin.cpp
Source/WebCore/page/SecurityOrigin.h
Source/WebCore/page/Settings.in
Source/WebCore/workers/WorkerGlobalScope.cpp
Source/WebKit/mac/ChangeLog
Source/WebKit/mac/WebView/WebPreferenceKeysPrivate.h
Source/WebKit/mac/WebView/WebPreferences.mm
Source/WebKit/mac/WebView/WebPreferencesPrivate.h
Source/WebKit/mac/WebView/WebView.mm
Source/WebKit2/ChangeLog
Source/WebKit2/Shared/WebPreferencesDefinitions.h
Source/WebKit2/UIProcess/API/C/WKPreferences.cpp
Source/WebKit2/UIProcess/API/C/WKPreferencesRefPrivate.h
Source/WebKit2/UIProcess/API/Cocoa/WKWebView.mm
Source/WebKit2/UIProcess/API/Cocoa/WKWebViewConfiguration.mm
Source/WebKit2/UIProcess/API/Cocoa/WKWebViewConfigurationPrivate.h
Source/WebKit2/WebProcess/InjectedBundle/API/c/WKBundle.cpp
Source/WebKit2/WebProcess/InjectedBundle/API/c/WKBundlePrivate.h
Source/WebKit2/WebProcess/InjectedBundle/InjectedBundle.cpp
Source/WebKit2/WebProcess/InjectedBundle/InjectedBundle.h
Source/WebKit2/WebProcess/WebPage/WebPage.cpp
Tools/ChangeLog
Tools/DumpRenderTree/TestRunner.cpp
Tools/DumpRenderTree/TestRunner.h
Tools/DumpRenderTree/mac/DumpRenderTree.mm
Tools/DumpRenderTree/mac/TestRunnerMac.mm
Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj
Tools/TestWebKitAPI/Tests/WebKit2/CloseFromWithinCreatePage.cpp
Tools/TestWebKitAPI/Tests/WebKit2Cocoa/LocalStorageClear.mm
Tools/TestWebKitAPI/Tests/WebKit2Cocoa/LocalStorageNullEntries.mm
Tools/TestWebKitAPI/Tests/WebKit2Cocoa/LocalStorageQuirkEnabled.html [new file with mode: 0644]
Tools/TestWebKitAPI/Tests/WebKit2Cocoa/LocalStorageQuirkTest.mm [new file with mode: 0644]
Tools/WebKitTestRunner/InjectedBundle/Bindings/TestRunner.idl
Tools/WebKitTestRunner/InjectedBundle/InjectedBundle.cpp
Tools/WebKitTestRunner/InjectedBundle/TestRunner.cpp
Tools/WebKitTestRunner/InjectedBundle/TestRunner.h

index 6ebce91..94ef6c8 100644 (file)
@@ -1,3 +1,18 @@
+2016-11-04  Brent Fulgham  <bfulgham@apple.com>
+
+        Local HTML should be blocked from localStorage access unless "Disable Local File Restrictions" is checked
+        https://bugs.webkit.org/show_bug.cgi?id=155185
+        <rdar://problem/11101440>
+
+        Reviewed by Brady Eidson.
+
+        * storage/domstorage/localstorage/blocked-file-access-expected.txt: Added.
+        * storage/domstorage/localstorage/blocked-file-access-permitted-by-quirk-expected.txt: Added.
+        * storage/domstorage/localstorage/blocked-file-access-permitted-by-quirk.html: Added.
+        * storage/domstorage/localstorage/blocked-file-access.html: Added.
+        * storage/domstorage/localstorage/resources/allowed-example.html: Added.
+        * storage/domstorage/localstorage/resources/blocked-example.html: Added.
+
 2016-11-09  Alex Christensen  <achristensen@webkit.org>
 
         URLParser should not consider path of URLs with no host to start at the first slash after the colon
diff --git a/LayoutTests/storage/domstorage/localstorage/blocked-file-access-expected.txt b/LayoutTests/storage/domstorage/localstorage/blocked-file-access-expected.txt
new file mode 100644 (file)
index 0000000..95a04bb
--- /dev/null
@@ -0,0 +1,4 @@
+CONSOLE MESSAGE: line 11: PASS: window.localStorage is NOT accessible
+CONSOLE MESSAGE: line 12: Exception: The operation is insecure.
+
+Test that we cannot access localStorage from a file URL if unversal access is turned off.
diff --git a/LayoutTests/storage/domstorage/localstorage/blocked-file-access-permitted-by-quirk-expected.txt b/LayoutTests/storage/domstorage/localstorage/blocked-file-access-permitted-by-quirk-expected.txt
new file mode 100644 (file)
index 0000000..31674d3
--- /dev/null
@@ -0,0 +1,3 @@
+CONSOLE MESSAGE: line 8: PASS: window.localStorage WAS accessible
+
+Test that the local storage quirk allows us to access localStorage from a file URL, even if unversal access is turned off.
diff --git a/LayoutTests/storage/domstorage/localstorage/blocked-file-access-permitted-by-quirk.html b/LayoutTests/storage/domstorage/localstorage/blocked-file-access-permitted-by-quirk.html
new file mode 100644 (file)
index 0000000..4272252
--- /dev/null
@@ -0,0 +1,18 @@
+<html>
+<head>
+<script>
+if (window.testRunner) {
+    // 'NeedsLocalStorageQuirk' is the default state, but I set it explicitly in case this ever changes.
+    testRunner.setNeedsStorageAccessFromFileURLsQuirk(true);
+    testRunner.setAllowUniversalAccessFromFileURLs(false);
+    testRunner.dumpAsText();
+    testRunner.waitUntilDone();
+}
+</script>
+</head>
+<body>
+<iframe src="resources/allowed-example.html"></iframe>
+<div id="results"></div>
+Test that the local storage quirk allows us to access localStorage from a file URL, even if unversal access is turned off.
+</body>
+</html>
\ No newline at end of file
diff --git a/LayoutTests/storage/domstorage/localstorage/blocked-file-access.html b/LayoutTests/storage/domstorage/localstorage/blocked-file-access.html
new file mode 100644 (file)
index 0000000..e772f53
--- /dev/null
@@ -0,0 +1,17 @@
+<html>
+<head>
+<script>
+if (window.testRunner) {
+    testRunner.setNeedsStorageAccessFromFileURLsQuirk(false);
+    testRunner.setAllowUniversalAccessFromFileURLs(false);
+    testRunner.dumpAsText();
+    testRunner.waitUntilDone();
+}
+</script>
+</head>
+<body>
+<iframe src="resources/blocked-example.html"></iframe>
+<div id="results"></div>
+Test that we cannot access localStorage from a file URL if unversal access is turned off.
+</body>
+</html>
\ No newline at end of file
index a83050e..a5cf636 100644 (file)
@@ -2,6 +2,7 @@
 <head>
 <script>
 if (window.testRunner) {
+    testRunner.setNeedsStorageAccessFromFileURLsQuirk(true);
     testRunner.setAllowUniversalAccessFromFileURLs(false);
     testRunner.dumpAsText();
     testRunner.waitUntilDone();
diff --git a/LayoutTests/storage/domstorage/localstorage/resources/allowed-example.html b/LayoutTests/storage/domstorage/localstorage/resources/allowed-example.html
new file mode 100644 (file)
index 0000000..2a7d955
--- /dev/null
@@ -0,0 +1,22 @@
+<html>
+<head>
+<script>
+function runTest()
+{
+    try {
+        if (window.localStorage) {
+            console.log("PASS: window.localStorage WAS accessible");
+        }
+    } catch(e) {
+        console.log("FAIL: window.localStorage is NOT accessible");
+        console.log("Exception: " + e.message);
+    }
+    if (window.testRunner)
+        testRunner.notifyDone();
+}
+
+</script>
+</head>
+<body onload="runTest()">
+</body>
+</html>
\ No newline at end of file
diff --git a/LayoutTests/storage/domstorage/localstorage/resources/blocked-example.html b/LayoutTests/storage/domstorage/localstorage/resources/blocked-example.html
new file mode 100644 (file)
index 0000000..973b1bd
--- /dev/null
@@ -0,0 +1,22 @@
+<html>
+<head>
+<script>
+function runTest()
+{
+    try {
+        if (window.localStorage) {
+            console.log("FAIL: window.localStorage WAS accessible");
+        }
+    } catch(e) {
+        console.log("PASS: window.localStorage is NOT accessible");
+        console.log("Exception: " + e.message);
+    }
+    if (window.testRunner)
+        testRunner.notifyDone();
+}
+
+</script>
+</head>
+<body onload="runTest()">
+</body>
+</html>
\ No newline at end of file
index eec81b3..5e72a58 100644 (file)
@@ -1,3 +1,35 @@
+2016-11-04  Brent Fulgham  <bfulgham@apple.com>
+
+        Local HTML should be blocked from localStorage access unless "Disable Local File Restrictions" is checked
+        https://bugs.webkit.org/show_bug.cgi?id=155185
+        <rdar://problem/11101440>
+
+        Reviewed by Brady Eidson.
+
+        Add a new quirk for localStorage that defaults to 'on'. When active, this quirk says that
+        localStorage access should be granted, without needing to grant universal file access.
+
+        If the quirk is turned off, then localStorage is blocked unless the WebKit client explicitly
+        grants universal file access.
+
+        Tests: storage/domstorage/localstorage/blocked-file-access-permitted-by-quirk.html
+               storage/domstorage/localstorage/blocked-file-access.html
+
+        * dom/Document.cpp:
+        (WebCore::Document::initSecurityContext): Set localStorage quirk mode based on settings.
+        * page/SecurityOrigin.cpp:
+        (WebCore::SecurityOrigin::SecurityOrigin): Use more C++11 initializers.
+        (WebCore::SecurityOrigin::canAccessStorage): If the origin is a local file, and we are NOT in
+        localStorage quirks mode, and we have not been granted universal file access, prevent access
+        to DOM localStorage.
+        (WebCore::SecurityOrigin::setNeedsLocalStorageQuirk): Added.
+        * page/SecurityOrigin.h:
+        (WebCore::SecurityOrigin::needsLocalStorageQuirk): Added.
+        * page/Settings.in:
+        * workers/WorkerGlobalScope.cpp:
+        (WebCore::WorkerGlobalScope::WorkerGlobalScope): Make sure Workers know what the
+        localStorage quirks mode is set to.
+
 2016-11-09  Alex Christensen  <achristensen@webkit.org>
 
         URLParser should not consider path of URLs with no host to start at the first slash after the colon
index ad961e0..b0e0b7a 100644 (file)
@@ -5123,6 +5123,8 @@ void Document::initSecurityContext()
 #endif
 
     if (Settings* settings = this->settings()) {
+        if (settings->needsStorageAccessFromFileURLsQuirk())
+            securityOrigin()->grantStorageAccessFromFileURLsQuirk();
         if (!settings->webSecurityEnabled()) {
             // Web security is turned off. We should let this document access every other document. This is used primary by testing
             // harnesses for web sites.
index 3359507..a939e2b 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2007 Apple Inc. All rights reserved.
+ * Copyright (C) 2007-2016 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -105,11 +105,6 @@ SecurityOrigin::SecurityOrigin(const URL& url)
     : m_protocol(url.protocol().isNull() ? emptyString() : url.protocol().toString().convertToASCIILowercase())
     , m_host(url.host().isNull() ? emptyString() : url.host().convertToASCIILowercase())
     , m_port(url.port())
-    , m_isUnique(false)
-    , m_universalAccess(false)
-    , m_domainWasSetInDOM(false)
-    , m_storageBlockingPolicy(AllowAllStorage)
-    , m_enforceFilePathSeparation(false)
 {
     // document.domain starts as m_host, but can be set by the DOM.
     m_domain = m_host;
@@ -129,11 +124,6 @@ SecurityOrigin::SecurityOrigin()
     , m_host(emptyString())
     , m_domain(emptyString())
     , m_isUnique(true)
-    , m_universalAccess(false)
-    , m_domainWasSetInDOM(false)
-    , m_canLoadLocalResources(false)
-    , m_storageBlockingPolicy(AllowAllStorage)
-    , m_enforceFilePathSeparation(false)
 {
 }
 
@@ -149,6 +139,7 @@ SecurityOrigin::SecurityOrigin(const SecurityOrigin* other)
     , m_canLoadLocalResources(other->m_canLoadLocalResources)
     , m_storageBlockingPolicy(other->m_storageBlockingPolicy)
     , m_enforceFilePathSeparation(other->m_enforceFilePathSeparation)
+    , m_needsStorageAccessFromFileURLsQuirk(other->m_needsStorageAccessFromFileURLsQuirk)
 {
 }
 
@@ -337,6 +328,9 @@ bool SecurityOrigin::canAccessStorage(const SecurityOrigin* topOrigin, ShouldAll
     if (isUnique())
         return false;
 
+    if (isLocal() && !needsStorageAccessFromFileURLsQuirk() && !m_universalAccess)
+        return false;
+    
     if (m_storageBlockingPolicy == BlockAllStorage)
         return false;
 
@@ -393,6 +387,11 @@ void SecurityOrigin::grantUniversalAccess()
     m_universalAccess = true;
 }
 
+void SecurityOrigin::grantStorageAccessFromFileURLsQuirk()
+{
+    m_needsStorageAccessFromFileURLsQuirk = true;
+}
+
 #if ENABLE(CACHE_PARTITIONING)
 String SecurityOrigin::domainForCachePartition() const
 {
index 2809a3d..2888699 100644 (file)
@@ -141,6 +141,9 @@ public:
 
     void setStorageBlockingPolicy(StorageBlockingPolicy policy) { m_storageBlockingPolicy = policy; }
 
+    void grantStorageAccessFromFileURLsQuirk();
+    bool needsStorageAccessFromFileURLsQuirk() const { return m_needsStorageAccessFromFileURLsQuirk; }
+
 #if ENABLE(CACHE_PARTITIONING)
     WEBCORE_EXPORT String domainForCachePartition() const;
 #endif
@@ -226,12 +229,13 @@ private:
     String m_domain;
     String m_filePath;
     Optional<uint16_t> m_port;
-    bool m_isUnique;
-    bool m_universalAccess;
-    bool m_domainWasSetInDOM;
-    bool m_canLoadLocalResources;
-    StorageBlockingPolicy m_storageBlockingPolicy;
-    bool m_enforceFilePathSeparation;
+    bool m_isUnique { false };
+    bool m_universalAccess { false };
+    bool m_domainWasSetInDOM { false };
+    bool m_canLoadLocalResources { false };
+    StorageBlockingPolicy m_storageBlockingPolicy { AllowAllStorage };
+    bool m_enforceFilePathSeparation { false };
+    bool m_needsStorageAccessFromFileURLsQuirk { false };
 };
 
 // Returns true if the Origin header values serialized from these two origins would be the same.
index 244d6cc..14ac703 100644 (file)
@@ -50,6 +50,7 @@ preventKeyboardDOMEventDispatch initial=false
 localStorageEnabled initial=false
 allowUniversalAccessFromFileURLs initial=true
 allowFileAccessFromFileURLs initial=true
+needsStorageAccessFromFileURLsQuirk initial=true
 javaScriptCanOpenWindowsAutomatically initial=false
 javaScriptCanAccessClipboard initial=false
 shouldPrintBackgrounds initial=false
index d4f875f..299f53b 100644 (file)
@@ -78,6 +78,8 @@ WorkerGlobalScope::WorkerGlobalScope(const URL& url, const String& userAgent, Wo
     auto origin = SecurityOrigin::create(url);
     if (m_topOrigin->hasUniversalAccess())
         origin->grantUniversalAccess();
+    if (m_topOrigin->needsStorageAccessFromFileURLsQuirk())
+        origin->grantStorageAccessFromFileURLsQuirk();
 
     setSecurityOriginPolicy(SecurityOriginPolicy::create(WTFMove(origin)));
     setContentSecurityPolicy(std::make_unique<ContentSecurityPolicy>(*this));
index e05ebd1..e8f8e10 100644 (file)
@@ -1,3 +1,25 @@
+2016-11-04  Brent Fulgham  <bfulgham@apple.com>
+
+        Local HTML should be blocked from localStorage access unless "Disable Local File Restrictions" is checked
+        https://bugs.webkit.org/show_bug.cgi?id=155185
+        <rdar://problem/11101440>
+
+        Reviewed by Brady Eidson.
+
+        Provide SPI to access the new quirk for localStorage. The quirk defaults to 'on'. When active, this
+        quirk says that localStorage access should be granted, without needing to grant universal file access.
+
+        If the quirk is turned off, then localStorage is blocked unless the WebKit client explicitly
+        grants universal file access.
+
+        * WebView/WebPreferenceKeysPrivate.h:
+        * WebView/WebPreferences.mm:
+        (-[WebPreferences needsLocalStorageQuirk]): Added.
+        (-[WebPreferences setNeedsLocalStorageQuirk:]): Added.
+        * WebView/WebPreferencesPrivate.h:
+        * WebView/WebView.mm:
+        (-[WebView _preferencesChanged:]): Honor the new localStorage quirk.
+
 2016-11-09  Alex Christensen  <achristensen@webkit.org>
 
         Clean up Storage code
index 706cc9a..c00c85b 100644 (file)
@@ -56,6 +56,7 @@
 #define WebKitWebSecurityEnabledPreferenceKey @"WebKitWebSecurityEnabled"
 #define WebKitAllowUniversalAccessFromFileURLsPreferenceKey @"WebKitAllowUniversalAccessFromFileURLs"
 #define WebKitAllowFileAccessFromFileURLsPreferenceKey @"WebKitAllowFileAccessFromFileURLs"
+#define WebKitNeedsStorageAccessFromFileURLsQuirkKey @"WebKitNeedsStorageAccessFromFileURLsQuirk"
 #define WebKitJavaScriptCanOpenWindowsAutomaticallyPreferenceKey @"WebKitJavaScriptCanOpenWindowsAutomatically"
 #define WebKitPluginsEnabledPreferenceKey @"WebKitPluginsEnabled"
 #define WebKitDatabasesEnabledPreferenceKey @"WebKitDatabasesEnabledPreferenceKey"
index 6c34825..c8c482e 100644 (file)
@@ -627,6 +627,7 @@ public:
         [NSNumber numberWithBool:NO], WebKitWebAnimationsEnabledPreferenceKey,
 #endif
         [NSNumber numberWithBool:NO], WebKitVisualViewportEnabledPreferenceKey,
+        [NSNumber numberWithBool:YES], WebKitNeedsStorageAccessFromFileURLsQuirkKey,
         nil];
 
 #if !PLATFORM(IOS)
@@ -1445,6 +1446,16 @@ public:
     [self _setBoolValue: flag forKey: WebKitAllowFileAccessFromFileURLsPreferenceKey];
 }
 
+- (BOOL)needsStorageAccessFromFileURLsQuirk
+{
+    return [self _boolValueForKey: WebKitNeedsStorageAccessFromFileURLsQuirkKey];
+}
+
+-(void)setNeedsStorageAccessFromFileURLsQuirk:(BOOL)flag
+{
+    [self _setBoolValue: flag forKey: WebKitNeedsStorageAccessFromFileURLsQuirkKey];
+}
+
 - (NSTimeInterval)_backForwardCacheExpirationInterval
 {
     return (NSTimeInterval)[self _floatValueForKey:WebKitBackForwardCacheExpirationIntervalKey];
index c2c630d..f52ab84 100644 (file)
@@ -139,6 +139,9 @@ extern NSString *WebPreferencesCacheModelChangedInternalNotification;
 - (BOOL)allowFileAccessFromFileURLs;
 - (void)setAllowFileAccessFromFileURLs:(BOOL)flag;
 
+- (BOOL)needsStorageAccessFromFileURLsQuirk;
+- (void)setNeedsStorageAccessFromFileURLsQuirk:(BOOL)flag;
+
 - (BOOL)zoomsTextOnly;
 - (void)setZoomsTextOnly:(BOOL)zoomsTextOnly;
 
index 93aa089..7e09065 100644 (file)
@@ -2605,6 +2605,7 @@ static bool needsSelfRetainWhileLoadingQuirk()
     settings.setWebSecurityEnabled([preferences isWebSecurityEnabled]);
     settings.setAllowUniversalAccessFromFileURLs([preferences allowUniversalAccessFromFileURLs]);
     settings.setAllowFileAccessFromFileURLs([preferences allowFileAccessFromFileURLs]);
+    settings.setNeedsStorageAccessFromFileURLsQuirk([preferences needsStorageAccessFromFileURLsQuirk]);
     settings.setJavaScriptCanOpenWindowsAutomatically([preferences javaScriptCanOpenWindowsAutomatically]);
     settings.setMinimumFontSize([preferences minimumFontSize]);
     settings.setMinimumLogicalFontSize([preferences minimumLogicalFontSize]);
index 359a760..ddefb6c 100644 (file)
@@ -1,3 +1,41 @@
+2016-11-04  Brent Fulgham  <bfulgham@apple.com>
+
+        Local HTML should be blocked from localStorage access unless "Disable Local File Restrictions" is checked
+        https://bugs.webkit.org/show_bug.cgi?id=155185
+        <rdar://problem/11101440>
+
+        Reviewed by Brady Eidson.
+
+        Provide SPI to access the new quirk for localStorage. The quirk defaults to 'on'. When active, this
+        quirk says that localStorage access should be granted, without needing to grant universal file access.
+
+        If the quirk is turned off, then localStorage is blocked unless the WebKit client explicitly
+        grants universal file access.
+        
+        Tested by existing TestWebKitAPI tests and WebKit2.LocalStorageQuirkTest
+
+        * Shared/WebPreferencesDefinitions.h:
+        * UIProcess/API/C/WKPreferences.cpp:
+        (WKPreferencesSetNeedsLocalStorageQuirk): Added.
+        (WKPreferencesGetNeedsLocalStorageQuirk): Added.
+        * UIProcess/API/C/WKPreferencesRefPrivate.h:
+        * UIProcess/API/Cocoa/WKWebView.mm:
+        (-[WKWebView _initializeWithConfiguration:]): Honor the new localStorage quirk.
+        * UIProcess/API/Cocoa/WKWebViewConfiguration.mm:
+        (-[WKWebViewConfiguration init]): Honor the new localStorage quirk flag.
+        (-[WKWebViewConfiguration copyWithZone:]): Ditto.
+        (-[WKWebViewConfiguration _needsLocalStorageQuirk]): Added.
+        (-[WKWebViewConfiguration _setNeedsLocalStorageQuirk:]): Added.
+        * UIProcess/API/Cocoa/WKWebViewConfigurationPrivate.h:
+        * WebProcess/InjectedBundle/API/c/WKBundle.cpp:
+        (WKBundleSetNeedsLocalStorageQuirk): Added.
+        * WebProcess/InjectedBundle/API/c/WKBundlePrivate.h:
+        * WebProcess/InjectedBundle/InjectedBundle.cpp:
+        (WebKit::InjectedBundle::setNeedsLocalStorageQuirk): Added.
+        * WebProcess/InjectedBundle/InjectedBundle.h:
+        * WebProcess/WebPage/WebPage.cpp:
+        (WebKit::WebPage::updatePreferences): Honor the new localStorage quirk flag.
+
 2016-11-09  Simon Fraser  <simon.fraser@apple.com>
 
         Implement visual-viewport based position:fixed handling for Mac async scrolling
index a3b743e..f1e774b 100644 (file)
     macro(ApplePayEnabled, applePayEnabled, Bool, bool, false, "", "") \
     macro(ApplePayCapabilityDisclosureAllowed, applePayCapabilityDisclosureAllowed, Bool, bool, true, "", "") \
     macro(VisualViewportEnabled, visualViewportEnabled, Bool, bool, false, "", "") \
+    macro(NeedsStorageAccessFromFileURLsQuirk, needsStorageAccessFromFileURLsQuirk, Bool, bool, true, "", "") \
     macro(AsyncImageDecodingEnabled, asyncImageDecodingEnabled, Bool, bool, true, "", "") \
     macro(CustomElementsEnabled, customElementsEnabled, Bool, bool, true, "", "") \
     \
index a7cbae8..29b2179 100644 (file)
@@ -733,6 +733,16 @@ bool WKPreferencesGetFileAccessFromFileURLsAllowed(WKPreferencesRef preferencesR
     return toImpl(preferencesRef)->allowFileAccessFromFileURLs();
 }
 
+void WKPreferencesSetNeedsStorageAccessFromFileURLsQuirk(WKPreferencesRef preferencesRef, bool needsQuirk)
+{
+    toImpl(preferencesRef)->setNeedsStorageAccessFromFileURLsQuirk(needsQuirk);
+}
+
+bool WKPreferencesGetNeedsStorageAccessFromFileURLsQuirk(WKPreferencesRef preferencesRef)
+{
+    return toImpl(preferencesRef)->needsStorageAccessFromFileURLsQuirk();
+}
+
 void WKPreferencesSetHixie76WebSocketProtocolEnabled(WKPreferencesRef, bool /*enabled*/)
 {
 }
index a2dde09..acbba5d 100644 (file)
@@ -168,6 +168,10 @@ WK_EXPORT bool WKPreferencesGetUniversalAccessFromFileURLsAllowed(WKPreferencesR
 WK_EXPORT void WKPreferencesSetFileAccessFromFileURLsAllowed(WKPreferencesRef preferences, bool allowed);
 WK_EXPORT bool WKPreferencesGetFileAccessFromFileURLsAllowed(WKPreferencesRef preferences);
 
+// Defaults to true
+WK_EXPORT void WKPreferencesSetNeedsStorageAccessFromFileURLsQuirk(WKPreferencesRef preferences, bool needsQuirk);
+WK_EXPORT bool WKPreferencesGetNeedsStorageAccessFromFileURLsQuirk(WKPreferencesRef preferences);
+
 // Defaults to true.
 WK_EXPORT void WKPreferencesSetHixie76WebSocketProtocolEnabled(WKPreferencesRef preferencesRef, bool enabled);
 WK_EXPORT bool WKPreferencesGetHixie76WebSocketProtocolEnabled(WKPreferencesRef preferencesRef);
index 931e4d0..4f8b35f 100644 (file)
@@ -498,6 +498,8 @@ static uint32_t convertSystemLayoutDirection(NSUserInterfaceLayoutDirection dire
     pageConfiguration->preferenceValues().set(WebKit::WebPreferencesKey::applePayEnabledKey(), WebKit::WebPreferencesStore::Value(!![_configuration _applePayEnabled]));
 #endif
 
+    pageConfiguration->preferenceValues().set(WebKit::WebPreferencesKey::needsStorageAccessFromFileURLsQuirkKey(), WebKit::WebPreferencesStore::Value(!![_configuration _needsStorageAccessFromFileURLsQuirk]));
+
 #if PLATFORM(IOS)
     CGRect bounds = self.bounds;
     _scrollView = adoptNS([[WKScrollView alloc] initWithFrame:bounds]);
index 5424de2..ef38909 100644 (file)
@@ -128,6 +128,7 @@ private:
 #if ENABLE(APPLE_PAY)
     BOOL _applePayEnabled;
 #endif
+    BOOL _needsStorageAccessFromFileURLsQuirk;
 }
 
 - (instancetype)init
@@ -187,6 +188,7 @@ private:
     _allowsMetaRefresh = YES;
     _allowUniversalAccessFromFileURLs = NO;
     _treatsSHA1SignedCertificatesAsInsecure = YES;
+    _needsStorageAccessFromFileURLsQuirk = YES;
 
     return self;
 }
@@ -313,6 +315,7 @@ private:
 #if ENABLE(APPLE_PAY)
     configuration->_applePayEnabled = self->_applePayEnabled;
 #endif
+    configuration->_needsStorageAccessFromFileURLsQuirk = self->_needsStorageAccessFromFileURLsQuirk;
 
     return configuration;
 }
@@ -727,6 +730,16 @@ static NSString *defaultApplicationNameForUserAgent()
 #endif
 }
 
+- (BOOL)_needsStorageAccessFromFileURLsQuirk
+{
+    return _needsStorageAccessFromFileURLsQuirk;
+}
+
+- (void)_setNeedsStorageAccessFromFileURLsQuirk:(BOOL)needsLocalStorageQuirk
+{
+    _needsStorageAccessFromFileURLsQuirk = needsLocalStorageQuirk;
+}
+
 @end
 
 @implementation WKWebViewConfiguration (WKDeprecated)
index 2320eda..4b3292f 100644 (file)
@@ -49,6 +49,7 @@
 @property (nonatomic, setter=_setConvertsPositionStyleOnCopy:) BOOL _convertsPositionStyleOnCopy WK_API_AVAILABLE(macosx(10.12), ios(10.0));
 @property (nonatomic, setter=_setAllowsMetaRefresh:) BOOL _allowsMetaRefresh WK_API_AVAILABLE(macosx(10.12), ios(10.0));
 @property (nonatomic, setter=_setAllowUniversalAccessFromFileURLs:) BOOL _allowUniversalAccessFromFileURLs WK_API_AVAILABLE(macosx(10.12), ios(10.0));
+@property (nonatomic, setter=_setNeedsStorageAccessFromFileURLsQuirk:) BOOL _needsStorageAccessFromFileURLsQuirk WK_API_AVAILABLE(macosx(WK_MAC_TBA), ios(WK_IOS_TBA));
 @property (nonatomic, setter=_setMainContentUserGestureOverrideEnabled:) BOOL _mainContentUserGestureOverrideEnabled WK_API_AVAILABLE(macosx(10.12), ios(10.0));
 @property (nonatomic, setter=_setInvisibleAutoplayNotPermitted:) BOOL _invisibleAutoplayNotPermitted WK_API_AVAILABLE(macosx(10.12), ios(10.0));
 @property (nonatomic, setter=_setMediaDataLoadsAutomatically:) BOOL _mediaDataLoadsAutomatically WK_API_AVAILABLE(macosx(10.12), ios(10.0));
index 9ec773f..1fe3274 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2010 Apple Inc. All rights reserved.
+ * Copyright (C) 2010-2016 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -135,6 +135,11 @@ void WKBundleSetAllowFileAccessFromFileURLs(WKBundleRef bundleRef, WKBundlePageG
     toImpl(bundleRef)->setAllowFileAccessFromFileURLs(toImpl(pageGroupRef), enabled);
 }
 
+void WKBundleSetAllowStorageAccessFromFileURLS(WKBundleRef bundleRef, WKBundlePageGroupRef pageGroupRef, bool needsQuirk)
+{
+    toImpl(bundleRef)->setNeedsStorageAccessFromFileURLsQuirk(toImpl(pageGroupRef), needsQuirk);
+}
+
 void WKBundleSetMinimumLogicalFontSize(WKBundleRef bundleRef, WKBundlePageGroupRef pageGroupRef, int size)
 {
     toImpl(bundleRef)->setMinimumLogicalFontSize(toImpl(pageGroupRef), size);
index cc127c7..8dee2e0 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2010 Apple Inc. All rights reserved.
+ * Copyright (C) 2010-2016 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -45,6 +45,7 @@ extern "C" {
 WK_EXPORT void WKBundleOverrideBoolPreferenceForTestRunner(WKBundleRef bundle, WKBundlePageGroupRef pageGroup, WKStringRef preference, bool enabled);
 WK_EXPORT void WKBundleSetAllowUniversalAccessFromFileURLs(WKBundleRef bundle, WKBundlePageGroupRef pageGroup, bool enabled);
 WK_EXPORT void WKBundleSetAllowFileAccessFromFileURLs(WKBundleRef bundle, WKBundlePageGroupRef pageGroup, bool enabled);
+WK_EXPORT void WKBundleSetAllowStorageAccessFromFileURLS(WKBundleRef bundle, WKBundlePageGroupRef pageGroup, bool needsQuirk);
 WK_EXPORT void WKBundleSetMinimumLogicalFontSize(WKBundleRef bundleRef, WKBundlePageGroupRef pageGroupRef, int size);
 WK_EXPORT void WKBundleSetFrameFlatteningEnabled(WKBundleRef bundle, WKBundlePageGroupRef pageGroup, bool enabled);
 WK_EXPORT void WKBundleSetPluginsEnabled(WKBundleRef bundle, WKBundlePageGroupRef pageGroup, bool enabled);
index 9b61b46..e1eb437 100644 (file)
@@ -281,6 +281,13 @@ void InjectedBundle::setAllowFileAccessFromFileURLs(WebPageGroupProxy* pageGroup
         (*iter)->settings().setAllowFileAccessFromFileURLs(enabled);
 }
 
+void InjectedBundle::setNeedsStorageAccessFromFileURLsQuirk(WebPageGroupProxy* pageGroup, bool needsQuirk)
+{
+    const HashSet<Page*>& pages = PageGroup::pageGroup(pageGroup->identifier())->pages();
+    for (auto page : pages)
+        page->settings().setNeedsStorageAccessFromFileURLsQuirk(needsQuirk);
+}
+
 void InjectedBundle::setMinimumLogicalFontSize(WebPageGroupProxy* pageGroup, int size)
 {
     const HashSet<Page*>& pages = PageGroup::pageGroup(pageGroup->identifier())->pages();
index 7fdf5c6..f823e30 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2010 Apple Inc. All rights reserved.
+ * Copyright (C) 2010-2016 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -102,6 +102,7 @@ public:
     void overrideXSSAuditorEnabledForTestRunner(WebPageGroupProxy* pageGroup, bool enabled);
     void setAllowUniversalAccessFromFileURLs(WebPageGroupProxy*, bool);
     void setAllowFileAccessFromFileURLs(WebPageGroupProxy*, bool);
+    void setNeedsStorageAccessFromFileURLsQuirk(WebPageGroupProxy*, bool);
     void setMinimumLogicalFontSize(WebPageGroupProxy*, int size);
     void setFrameFlatteningEnabled(WebPageGroupProxy*, bool);
     void setPluginsEnabled(WebPageGroupProxy*, bool);
index 3f56505..e4bd911 100644 (file)
@@ -2980,6 +2980,7 @@ void WebPage::updatePreferences(const WebPreferencesStore& store)
     settings.setWebSecurityEnabled(store.getBoolValueForKey(WebPreferencesKey::webSecurityEnabledKey()));
     settings.setAllowUniversalAccessFromFileURLs(store.getBoolValueForKey(WebPreferencesKey::allowUniversalAccessFromFileURLsKey()));
     settings.setAllowFileAccessFromFileURLs(store.getBoolValueForKey(WebPreferencesKey::allowFileAccessFromFileURLsKey()));
+    settings.setNeedsStorageAccessFromFileURLsQuirk(store.getBoolValueForKey(WebPreferencesKey::needsStorageAccessFromFileURLsQuirkKey()));
 
     settings.setMinimumFontSize(store.getDoubleValueForKey(WebPreferencesKey::minimumFontSizeKey()));
     settings.setMinimumLogicalFontSize(store.getDoubleValueForKey(WebPreferencesKey::minimumLogicalFontSizeKey()));
index 2a6a6d1..f5b17d3 100644 (file)
@@ -1,3 +1,33 @@
+2016-11-04  Brent Fulgham  <bfulgham@apple.com>
+
+        Local HTML should be blocked from localStorage access unless "Disable Local File Restrictions" is checked
+        https://bugs.webkit.org/show_bug.cgi?id=155185
+        <rdar://problem/11101440>
+
+        Reviewed by Brady Eidson.
+
+        * DumpRenderTree/TestRunner.cpp:
+        (setNeedsLocalStorageQuirkCallback): Added.
+        (TestRunner::staticFunctions):
+        * DumpRenderTree/TestRunner.h:
+        * DumpRenderTree/mac/DumpRenderTree.mm:
+        (resetWebPreferencesToConsistentValues): Update for new quirk setting.
+        * DumpRenderTree/mac/TestRunnerMac.mm:
+        (TestRunner::setNeedsLocalStorageQuirk):
+        * TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
+        * TestWebKitAPI/Tests/WebKit2/CloseFromWithinCreatePage.cpp:
+        * TestWebKitAPI/Tests/WebKit2Cocoa/LocalStorageClear.mm:
+        * TestWebKitAPI/Tests/WebKit2Cocoa/LocalStorageNullEntries.mm:
+        * TestWebKitAPI/Tests/WebKit2Cocoa/LocalStorageQuirkEnabled.html: Added.
+        * TestWebKitAPI/Tests/WebKit2Cocoa/LocalStorageQuirkTest.mm: Added.
+        (-[LocalStorageQuirkMessageHandler userContentController:didReceiveScriptMessage:]):
+        * WebKitTestRunner/InjectedBundle/Bindings/TestRunner.idl:
+        * WebKitTestRunner/InjectedBundle/InjectedBundle.cpp:
+        (WTR::InjectedBundle::beginTesting): Update for new quirk setting.
+        * WebKitTestRunner/InjectedBundle/TestRunner.cpp:
+        (WTR::TestRunner::setNeedsLocalStorageQuirk): Added.
+        * WebKitTestRunner/InjectedBundle/TestRunner.h:
+
 2016-11-09  Alex Christensen  <achristensen@webkit.org>
 
         URLParser should not consider path of URLs with no host to start at the first slash after the colon
index a3f6818..3661a4a 100644 (file)
@@ -1218,6 +1218,18 @@ static JSValueRef setAllowFileAccessFromFileURLsCallback(JSContextRef context, J
     return JSValueMakeUndefined(context);
 }
 
+static JSValueRef setNeedsStorageAccessFromFileURLsQuirkCallback(JSContextRef context, JSObjectRef function, JSObjectRef thisObject, size_t argumentCount, const JSValueRef arguments[], JSValueRef* exception)
+{
+    // Has mac & windows implementation
+    if (argumentCount < 1)
+        return JSValueMakeUndefined(context);
+    
+    TestRunner* controller = static_cast<TestRunner*>(JSObjectGetPrivate(thisObject));
+    controller->setNeedsStorageAccessFromFileURLsQuirk(JSValueToBoolean(context, arguments[0]));
+    
+    return JSValueMakeUndefined(context);
+}
+
 static JSValueRef setTabKeyCyclesThroughElementsCallback(JSContextRef context, JSObjectRef function, JSObjectRef thisObject, size_t argumentCount, const JSValueRef arguments[], JSValueRef* exception)
 {
     // Has mac & windows implementation
@@ -2125,6 +2137,7 @@ JSStaticFunction* TestRunner::staticFunctions()
         { "setAcceptsEditing", setAcceptsEditingCallback, kJSPropertyAttributeReadOnly | kJSPropertyAttributeDontDelete },
         { "setAllowUniversalAccessFromFileURLs", setAllowUniversalAccessFromFileURLsCallback, kJSPropertyAttributeReadOnly | kJSPropertyAttributeDontDelete },
         { "setAllowFileAccessFromFileURLs", setAllowFileAccessFromFileURLsCallback, kJSPropertyAttributeReadOnly | kJSPropertyAttributeDontDelete },
+        { "setNeedsStorageAccessFromFileURLsQuirk", setNeedsStorageAccessFromFileURLsQuirkCallback, kJSPropertyAttributeReadOnly | kJSPropertyAttributeDontDelete },
         { "setAllowsAnySSLCertificate", setAllowsAnySSLCertificateCallback, kJSPropertyAttributeReadOnly | kJSPropertyAttributeDontDelete },
         { "setAlwaysAcceptCookies", setAlwaysAcceptCookiesCallback, kJSPropertyAttributeReadOnly | kJSPropertyAttributeDontDelete },
         { "setAppCacheMaximumSize", setAppCacheMaximumSizeCallback, kJSPropertyAttributeReadOnly | kJSPropertyAttributeDontDelete },
index 7b8b358..a8d49c6 100644 (file)
@@ -94,6 +94,7 @@ public:
     void setFetchAPIEnabled(bool);
     void setAllowUniversalAccessFromFileURLs(bool);
     void setAllowFileAccessFromFileURLs(bool);
+    void setNeedsStorageAccessFromFileURLsQuirk(bool);
     void setAppCacheMaximumSize(unsigned long long quota);
     void setAuthorAndUserStylesEnabled(bool);
     void setCacheModel(int);
index 1d449a4..c80c14e 100644 (file)
@@ -899,6 +899,7 @@ static void resetWebPreferencesToConsistentValues()
 {
     WebPreferences *preferences = [WebPreferences standardPreferences];
 
+    [preferences setNeedsStorageAccessFromFileURLsQuirk: NO];
     [preferences setAllowUniversalAccessFromFileURLs:YES];
     [preferences setAllowFileAccessFromFileURLs:YES];
     [preferences setStandardFontFamily:@"Times"];
index ebe4333..c57582c 100644 (file)
@@ -503,6 +503,11 @@ void TestRunner::setAllowFileAccessFromFileURLs(bool enabled)
     [[[mainFrame webView] preferences] setAllowFileAccessFromFileURLs:enabled];
 }
 
+void TestRunner::setNeedsStorageAccessFromFileURLsQuirk(bool needsQuirk)
+{
+    [[[mainFrame webView] preferences] setNeedsStorageAccessFromFileURLsQuirk:needsQuirk];
+}
+
 void TestRunner::setPopupBlockingEnabled(bool popupBlockingEnabled)
 {
     [[[mainFrame webView] preferences] setJavaScriptCanOpenWindowsAutomatically:!popupBlockingEnabled];
index bcca8e1..0b251ba 100644 (file)
                7A010BCB1D877C0500EDE72A /* CoreGraphics.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 7A010BCA1D877C0500EDE72A /* CoreGraphics.framework */; };
                7A010BCD1D877C0D00EDE72A /* QuartzCore.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 7A010BCC1D877C0D00EDE72A /* QuartzCore.framework */; };
                7A1458FC1AD5C07000E06772 /* mouse-button-listener.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 7A1458FB1AD5C03500E06772 /* mouse-button-listener.html */; };
+               7A6A2C701DCCFA8C00C0D085 /* LocalStorageQuirkTest.mm in Sources */ = {isa = PBXBuildFile; fileRef = 7A6A2C6F1DCCF87B00C0D085 /* LocalStorageQuirkTest.mm */; };
+               7A6A2C721DCCFB5200C0D085 /* LocalStorageQuirkEnabled.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 7A6A2C711DCCFB0200C0D085 /* LocalStorageQuirkEnabled.html */; };
                7A909A7D1D877480007E10F8 /* AffineTransform.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 7A909A6F1D877475007E10F8 /* AffineTransform.cpp */; };
                7A909A7E1D877480007E10F8 /* FloatPoint.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 7A909A701D877475007E10F8 /* FloatPoint.cpp */; };
                7A909A7F1D877480007E10F8 /* FloatRect.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 7A909A711D877475007E10F8 /* FloatRect.cpp */; };
                                46C519E61D3563FD00DAA51A /* LocalStorageNullEntries.html in Copy Resources */,
                                46C519E71D3563FD00DAA51A /* LocalStorageNullEntries.localstorage in Copy Resources */,
                                46C519E81D3563FD00DAA51A /* LocalStorageNullEntries.localstorage-shm in Copy Resources */,
+                               7A6A2C721DCCFB5200C0D085 /* LocalStorageQuirkEnabled.html in Copy Resources */,
                                9361002914DC95A70061379D /* lots-of-iframes.html in Copy Resources */,
                                93AF4ED11506F130007FD57E /* lots-of-images.html in Copy Resources */,
                                2DD7D3AF178227B30026E1E3 /* lots-of-text-vertical-lr.html in Copy Resources */,
                7A1458FB1AD5C03500E06772 /* mouse-button-listener.html */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.html; path = "mouse-button-listener.html"; sourceTree = "<group>"; };
                7A38D7E51C752D5F004F157D /* HashCountedSet.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = HashCountedSet.cpp; sourceTree = "<group>"; };
                7A5623101AD5AF3E0096B920 /* MenuTypesForMouseEvents.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = MenuTypesForMouseEvents.cpp; sourceTree = "<group>"; };
+               7A6A2C6F1DCCF87B00C0D085 /* LocalStorageQuirkTest.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = LocalStorageQuirkTest.mm; sourceTree = "<group>"; };
+               7A6A2C711DCCFB0200C0D085 /* LocalStorageQuirkEnabled.html */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.html; path = LocalStorageQuirkEnabled.html; sourceTree = "<group>"; };
                7A909A6F1D877475007E10F8 /* AffineTransform.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = AffineTransform.cpp; sourceTree = "<group>"; };
                7A909A701D877475007E10F8 /* FloatPoint.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = FloatPoint.cpp; sourceTree = "<group>"; };
                7A909A711D877475007E10F8 /* FloatRect.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = FloatRect.cpp; sourceTree = "<group>"; };
                                57901FAC1CAF12C200ED64F9 /* LoadInvalidURLRequest.mm */,
                                51E6A8921D2F1BEC00C004B6 /* LocalStorageClear.mm */,
                                46C519D81D355A7300DAA51A /* LocalStorageNullEntries.mm */,
+                               7A6A2C6F1DCCF87B00C0D085 /* LocalStorageQuirkTest.mm */,
                                51CD1C6A1B38CE3600142CA5 /* ModalAlerts.mm */,
                                1ABC3DED1899BE6D004F0626 /* Navigation.mm */,
                                2ECFF5541D9B12F800B55394 /* NowPlayingControlsTests.mm */,
                                2E1DFDEC1D42A41C00714A00 /* large-videos-with-audio.html */,
                                51E6A8951D2F1C7700C004B6 /* LocalStorageClear.html */,
                                46C519E21D35629600DAA51A /* LocalStorageNullEntries.html */,
+                               7A6A2C711DCCFB0200C0D085 /* LocalStorageQuirkEnabled.html */,
                                46C519E31D35629600DAA51A /* LocalStorageNullEntries.localstorage */,
                                46C519E41D35629600DAA51A /* LocalStorageNullEntries.localstorage-shm */,
                                7CCB99221D3B44E7003922F6 /* open-multiple-external-url.html */,
                                7CCE7ED31A411A7E00447C4C /* TypingStyleCrash.mm in Sources */,
                                7CCE7EDE1A411A9200447C4C /* URL.cpp in Sources */,
                                7CCE7EB01A411A4400447C4C /* URLExtras.mm in Sources */,
+                               7A6A2C701DCCFA8C00C0D085 /* LocalStorageQuirkTest.mm in Sources */,
                                2DFF7B6D1DA487AF00814614 /* SnapshotStore.mm in Sources */,
                                5C6E65441D5CEFD400F7862E /* URLParser.cpp in Sources */,
                                7CCE7F271A411AF600447C4C /* UserContentController.mm in Sources */,
index a416cd4..fabfd2d 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014 Apple Inc. All rights reserved.
+ * Copyright (C) 2014-2016 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
index 42a77fa..07f2e7d 100644 (file)
@@ -58,6 +58,7 @@ TEST(WKWebView, LocalStorageClear)
     RetainPtr<WKWebViewConfiguration> configuration = adoptNS([[WKWebViewConfiguration alloc] init]);
     [[configuration userContentController] addScriptMessageHandler:handler.get() name:@"testHandler"];
 
+    [configuration _setNeedsStorageAccessFromFileURLsQuirk:NO];
     [configuration _setAllowUniversalAccessFromFileURLs:YES];
 
     RetainPtr<WKWebView> webView = adoptNS([[WKWebView alloc] initWithFrame:NSMakeRect(0, 0, 800, 600) configuration:configuration.get()]);
index 8787c71..9eb41ac 100644 (file)
@@ -57,6 +57,7 @@ TEST(WKWebView, LocalStorageNullEntries)
     RetainPtr<WKWebViewConfiguration> configuration = adoptNS([[WKWebViewConfiguration alloc] init]);
     [[configuration userContentController] addScriptMessageHandler:handler.get() name:@"testHandler"];
 
+    [configuration _setNeedsStorageAccessFromFileURLsQuirk:NO];
     [configuration _setAllowUniversalAccessFromFileURLs:YES];
 
     // Copy the inconsistent database files to the LocalStorage directory
diff --git a/Tools/TestWebKitAPI/Tests/WebKit2Cocoa/LocalStorageQuirkEnabled.html b/Tools/TestWebKitAPI/Tests/WebKit2Cocoa/LocalStorageQuirkEnabled.html
new file mode 100644 (file)
index 0000000..c53f1de
--- /dev/null
@@ -0,0 +1,10 @@
+<script>
+
+try {
+    if (window.localStorage)
+        window.webkit.messageHandlers.testHandler.postMessage('PASS');
+} catch(e) {
+    window.webkit.messageHandlers.testHandler.postMessage('FAIL');
+}
+
+</script>
diff --git a/Tools/TestWebKitAPI/Tests/WebKit2Cocoa/LocalStorageQuirkTest.mm b/Tools/TestWebKitAPI/Tests/WebKit2Cocoa/LocalStorageQuirkTest.mm
new file mode 100644 (file)
index 0000000..d4a5d78
--- /dev/null
@@ -0,0 +1,125 @@
+/*
+ * Copyright (C) 2016 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#import "config.h"
+
+#import "PlatformUtilities.h"
+#import "Test.h"
+#import <WebKit/WKProcessPoolPrivate.h>
+#import <WebKit/WKUserContentControllerPrivate.h>
+#import <WebKit/WKWebViewConfigurationPrivate.h>
+#import <WebKit/WebKit.h>
+#import <WebKit/_WKProcessPoolConfiguration.h>
+#import <WebKit/_WKUserStyleSheet.h>
+#import <wtf/RetainPtr.h>
+
+#if WK_API_ENABLED
+
+static bool readyToContinue;
+static RetainPtr<WKScriptMessage> lastScriptMessage;
+
+@interface LocalStorageQuirkMessageHandler : NSObject <WKScriptMessageHandler>
+@end
+
+@implementation LocalStorageQuirkMessageHandler
+
+- (void)userContentController:(WKUserContentController *)userContentController didReceiveScriptMessage:(WKScriptMessage *)message
+{
+    lastScriptMessage = message;
+    readyToContinue = true;
+}
+
+@end
+
+TEST(WKWebView, LocalStorageQuirkEnabled)
+{
+    RetainPtr<LocalStorageQuirkMessageHandler> handler = adoptNS([[LocalStorageQuirkMessageHandler alloc] init]);
+    RetainPtr<WKWebViewConfiguration> configuration = adoptNS([[WKWebViewConfiguration alloc] init]);
+    [[configuration userContentController] addScriptMessageHandler:handler.get() name:@"testHandler"];
+
+    // Test that the quirk permits us to access the local storage, even though local file access is disabled.
+    [configuration _setNeedsStorageAccessFromFileURLsQuirk:YES];
+    [configuration _setAllowUniversalAccessFromFileURLs:NO];
+
+    RetainPtr<WKWebView> webView = adoptNS([[WKWebView alloc] initWithFrame:NSMakeRect(0, 0, 800, 600) configuration:configuration.get()]);
+
+    NSURLRequest *request = [NSURLRequest requestWithURL:[[NSBundle mainBundle] URLForResource:@"LocalStorageQuirkEnabled" withExtension:@"html" subdirectory:@"TestWebKitAPI.resources"]];
+    [webView loadRequest:request];
+
+    readyToContinue = false;
+    TestWebKitAPI::Util::run(&readyToContinue);
+
+    webView = nil;
+
+    EXPECT_STREQ([(NSString *)[lastScriptMessage body] UTF8String], "PASS");
+}
+
+TEST(WKWebView, LocalStorageQuirkDisabledAccessPermitted)
+{
+    RetainPtr<LocalStorageQuirkMessageHandler> handler = adoptNS([[LocalStorageQuirkMessageHandler alloc] init]);
+    RetainPtr<WKWebViewConfiguration> configuration = adoptNS([[WKWebViewConfiguration alloc] init]);
+    [[configuration userContentController] addScriptMessageHandler:handler.get() name:@"testHandler"];
+    
+    // Test that the quirk permits us to access the local storage, even though local file access is disabled.
+    [configuration _setNeedsStorageAccessFromFileURLsQuirk:NO];
+    [configuration _setAllowUniversalAccessFromFileURLs:YES];
+    
+    RetainPtr<WKWebView> webView = adoptNS([[WKWebView alloc] initWithFrame:NSMakeRect(0, 0, 800, 600) configuration:configuration.get()]);
+    
+    NSURLRequest *request = [NSURLRequest requestWithURL:[[NSBundle mainBundle] URLForResource:@"LocalStorageQuirkEnabled" withExtension:@"html" subdirectory:@"TestWebKitAPI.resources"]];
+    [webView loadRequest:request];
+    
+    readyToContinue = false;
+    TestWebKitAPI::Util::run(&readyToContinue);
+    
+    webView = nil;
+    
+    EXPECT_STREQ([(NSString *)[lastScriptMessage body] UTF8String], "PASS");
+}
+
+TEST(WKWebView, LocalStorageQuirkDisabledAccessDenied)
+{
+    RetainPtr<LocalStorageQuirkMessageHandler> handler = adoptNS([[LocalStorageQuirkMessageHandler alloc] init]);
+    RetainPtr<WKWebViewConfiguration> configuration = adoptNS([[WKWebViewConfiguration alloc] init]);
+    [[configuration userContentController] addScriptMessageHandler:handler.get() name:@"testHandler"];
+    
+    // Test that the quirk permits us to access the local storage, even though local file access is disabled.
+    [configuration _setNeedsStorageAccessFromFileURLsQuirk:NO];
+    [configuration _setAllowUniversalAccessFromFileURLs:NO];
+    
+    RetainPtr<WKWebView> webView = adoptNS([[WKWebView alloc] initWithFrame:NSMakeRect(0, 0, 800, 600) configuration:configuration.get()]);
+    
+    NSURLRequest *request = [NSURLRequest requestWithURL:[[NSBundle mainBundle] URLForResource:@"LocalStorageQuirkEnabled" withExtension:@"html" subdirectory:@"TestWebKitAPI.resources"]];
+    [webView loadRequest:request];
+    
+    readyToContinue = false;
+    TestWebKitAPI::Util::run(&readyToContinue);
+    
+    webView = nil;
+    
+    EXPECT_STREQ([(NSString *)[lastScriptMessage body] UTF8String], "FAIL");
+}
+
+#endif
index 54dc768..db9daca 100644 (file)
@@ -60,6 +60,7 @@ interface TestRunner {
     void setXSSAuditorEnabled(boolean value);
     void setAllowUniversalAccessFromFileURLs(boolean value);
     void setAllowFileAccessFromFileURLs(boolean value);
+    void setNeedsStorageAccessFromFileURLsQuirk(boolean value);
     void setPluginsEnabled(boolean value);
     void setJavaScriptCanAccessClipboard(boolean value);
     void setPrivateBrowsingEnabled(boolean value);
index 2f5c3e4..23e9759 100644 (file)
@@ -305,6 +305,7 @@ void InjectedBundle::beginTesting(WKDictionaryRef settings)
     WKBundleSetAllowFileAccessFromFileURLs(m_bundle, m_pageGroup, true);
     WKBundleSetPluginsEnabled(m_bundle, m_pageGroup, true);
     WKBundleSetPopupBlockingEnabled(m_bundle, m_pageGroup, false);
+    WKBundleSetAllowStorageAccessFromFileURLS(m_bundle, m_pageGroup, false);
 
 #if PLATFORM(IOS)
     WKBundlePageSetUseTestingViewportConfiguration(page()->page(), !booleanForKey(settings, "UseFlexibleViewport"));
index 50ed7a5..c1ee29a 100644 (file)
@@ -406,6 +406,12 @@ void TestRunner::setAllowFileAccessFromFileURLs(bool enabled)
     WKBundleSetAllowFileAccessFromFileURLs(injectedBundle.bundle(), injectedBundle.pageGroup(), enabled);
 }
 
+void TestRunner::setNeedsStorageAccessFromFileURLsQuirk(bool needsQuirk)
+{
+    auto& injectedBundle = InjectedBundle::singleton();
+    WKBundleSetAllowStorageAccessFromFileURLS(injectedBundle.bundle(), injectedBundle.pageGroup(), needsQuirk);
+}
+    
 void TestRunner::setPluginsEnabled(bool enabled)
 {
     auto& injectedBundle = InjectedBundle::singleton();
index fec09f1..4fa4c09 100644 (file)
@@ -107,6 +107,7 @@ public:
     void setFetchAPIEnabled(bool);
     void setAllowUniversalAccessFromFileURLs(bool);
     void setAllowFileAccessFromFileURLs(bool);
+    void setNeedsStorageAccessFromFileURLsQuirk(bool);
     void setPluginsEnabled(bool);
     void setJavaScriptCanAccessClipboard(bool);
     void setPrivateBrowsingEnabled(bool);