REGRESSION (r167856): Unable to log into HSBC app
authordbates@webkit.org <dbates@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 18 Jun 2014 21:52:45 +0000 (21:52 +0000)
committerdbates@webkit.org <dbates@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 18 Jun 2014 21:52:45 +0000 (21:52 +0000)
https://bugs.webkit.org/show_bug.cgi?id=133991
<rdar://problem/17044839>

Reviewed by David Kilzer.

Source/WebCore:
Following <http://trac.webkit.org/changeset/167856> we disallow "navigation to any URL that is
invalid, except for JavaScript URLs, which need not be valid." A byproduct of this policy
decision is that we no longer notify the WebKit client to about a navigation if the destination
URL is invalid. And some apps, including the HSBC app for iOS, have logic to intercept URLs
as a means to pass data from their WebView-embedded web app to the WebView. We should expose a
setting called allowNavigationToInvalidURL (disabled by default on all ports and conditionally
enabled on iOS) to toggle whether WebCore allows navigation to any URL, even if its invalid,
so as to not break clients that intercept URLs and have custom logic to handle them.

Tests: fast/loader/allow-redirect-to-invalid-url-using-javascript.html
       fast/loader/allow-redirect-to-invalid-url-using-meta-refresh.html
       fast/loader/disallow-redirect-to-invalid-url-using-javascript.html
       fast/loader/disallow-redirect-to-invalid-url-using-meta-refresh.html

* loader/NavigationScheduler.cpp:
(WebCore::NavigationScheduler::shouldScheduleNavigation): Modified to only validate
the URL when the setting allowNavigationToInvalidURL is disabled.
* page/Settings.in: Added setting allowNavigationToInvalidURL (disabled by default).

Source/WebKit/mac:
Only enable the setting allowNavigationToInvalidURL for iOS app linked against WebKit/UIKit before iOS 8.

* Misc/WebKitVersionChecks.h: Added macro constant WEBKIT_FIRST_VERSION_WITH_NAVIGATION_URL_VALIDATION.
* WebView/WebView.mm:
(-[WebView _preferencesChanged:]): Enable or disable the setting allowNavigationToInvalidURL as appropriate.

LayoutTests:
Add tests to ensure that the WebKit client will be notified to service a redirect to an invalid
URL when the setting allowNavigationToInvalidURL is enabled and will not be notified when
the setting is disabled.

* fast/loader/allow-redirect-to-invalid-url-using-javascript-expected.txt: Added.
* fast/loader/allow-redirect-to-invalid-url-using-javascript.html: Added.
* fast/loader/allow-redirect-to-invalid-url-using-meta-refresh-expected.txt: Added.
* fast/loader/allow-redirect-to-invalid-url-using-meta-refresh.html: Added.
* fast/loader/disallow-redirect-to-invalid-url-using-javascript-expected.txt: Added.
* fast/loader/disallow-redirect-to-invalid-url-using-javascript.html: Added.
* fast/loader/disallow-redirect-to-invalid-url-using-meta-refresh-expected.txt: Added.
* fast/loader/disallow-redirect-to-invalid-url-using-meta-refresh.html: Added.
* fast/loader/resources/redirect-to-invalid-url-using-javascript.html: Added.
* fast/loader/resources/redirect-to-invalid-url-using-meta-refresh.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@170120 268f45cc-cd09-0410-ab3c-d52691b4dbfc

17 files changed:
LayoutTests/ChangeLog
LayoutTests/fast/loader/allow-redirect-to-invalid-url-using-javascript-expected.txt [new file with mode: 0644]
LayoutTests/fast/loader/allow-redirect-to-invalid-url-using-javascript.html [new file with mode: 0644]
LayoutTests/fast/loader/allow-redirect-to-invalid-url-using-meta-refresh-expected.txt [new file with mode: 0644]
LayoutTests/fast/loader/allow-redirect-to-invalid-url-using-meta-refresh.html [new file with mode: 0644]
LayoutTests/fast/loader/disallow-redirect-to-invalid-url-using-javascript-expected.txt [new file with mode: 0644]
LayoutTests/fast/loader/disallow-redirect-to-invalid-url-using-javascript.html [new file with mode: 0644]
LayoutTests/fast/loader/disallow-redirect-to-invalid-url-using-meta-refresh-expected.txt [new file with mode: 0644]
LayoutTests/fast/loader/disallow-redirect-to-invalid-url-using-meta-refresh.html [new file with mode: 0644]
LayoutTests/fast/loader/resources/redirect-to-invalid-url-using-javascript.html [new file with mode: 0644]
LayoutTests/fast/loader/resources/redirect-to-invalid-url-using-meta-refresh.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/loader/NavigationScheduler.cpp
Source/WebCore/page/Settings.in
Source/WebKit/mac/ChangeLog
Source/WebKit/mac/Misc/WebKitVersionChecks.h
Source/WebKit/mac/WebView/WebView.mm

index 45012cd93a345aca9e8b0115fbc1ea99d4f6de3d..c273b71a2af57f035a8376c87f604762dbecea7e 100644 (file)
@@ -1,3 +1,26 @@
+2014-06-18  Daniel Bates  <dabates@apple.com>
+
+        REGRESSION (r167856): Unable to log into HSBC app
+        https://bugs.webkit.org/show_bug.cgi?id=133991
+        <rdar://problem/17044839>
+
+        Reviewed by David Kilzer.
+
+        Add tests to ensure that the WebKit client will be notified to service a redirect to an invalid
+        URL when the setting allowNavigationToInvalidURL is enabled and will not be notified when
+        the setting is disabled.
+
+        * fast/loader/allow-redirect-to-invalid-url-using-javascript-expected.txt: Added.
+        * fast/loader/allow-redirect-to-invalid-url-using-javascript.html: Added.
+        * fast/loader/allow-redirect-to-invalid-url-using-meta-refresh-expected.txt: Added.
+        * fast/loader/allow-redirect-to-invalid-url-using-meta-refresh.html: Added.
+        * fast/loader/disallow-redirect-to-invalid-url-using-javascript-expected.txt: Added.
+        * fast/loader/disallow-redirect-to-invalid-url-using-javascript.html: Added.
+        * fast/loader/disallow-redirect-to-invalid-url-using-meta-refresh-expected.txt: Added.
+        * fast/loader/disallow-redirect-to-invalid-url-using-meta-refresh.html: Added.
+        * fast/loader/resources/redirect-to-invalid-url-using-javascript.html: Added.
+        * fast/loader/resources/redirect-to-invalid-url-using-meta-refresh.html: Added.
+
 2014-06-18  Commit Queue  <commit-queue@webkit.org>
 
         Unreviewed, rolling out r170099.
diff --git a/LayoutTests/fast/loader/allow-redirect-to-invalid-url-using-javascript-expected.txt b/LayoutTests/fast/loader/allow-redirect-to-invalid-url-using-javascript-expected.txt
new file mode 100644 (file)
index 0000000..31f1942
--- /dev/null
@@ -0,0 +1,13 @@
+frame "frame" - didStartProvisionalLoadForFrame
+main frame - didFinishDocumentLoadForFrame
+frame "frame" - didCommitLoadForFrame
+frame "frame" - willPerformClientRedirectToURL: x-dummy://A=a&B=b 
+frame "frame" - didFinishDocumentLoadForFrame
+main frame - didHandleOnloadEventsForFrame
+frame "frame" - didFinishLoadForFrame
+main frame - didFinishLoadForFrame
+Tests that we allow redirection to an invalid URL initiated by JavaScript when setting allowNavigationToInvalidURL is true. This test PASSED if you see an entry in the dumped frame load callbacks of the form: "willPerformClientRedirectToURL: x-dummy://A=a&B=b".
+
+Note, this test must be run in DumpRenderTree.
+
+
diff --git a/LayoutTests/fast/loader/allow-redirect-to-invalid-url-using-javascript.html b/LayoutTests/fast/loader/allow-redirect-to-invalid-url-using-javascript.html
new file mode 100644 (file)
index 0000000..5d5e04b
--- /dev/null
@@ -0,0 +1,29 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script>
+if (window.testRunner) {
+    testRunner.dumpAsText();
+    testRunner.dumpFrameLoadCallbacks();
+    testRunner.waitUntilDone();
+}
+
+if (window.internals)
+    window.internals.settings.setAllowNavigationToInvalidURL(true);
+</script>
+</head>
+<body>
+<p>Tests that we allow redirection to an invalid URL initiated by JavaScript when setting allowNavigationToInvalidURL is true. This test PASSED if you see an entry in the dumped frame load callbacks of the form: &quot;willPerformClientRedirectToURL: x-dummy://A=a&amp;B=b&quot;.</p>
+<p>Note, this test must be run in DumpRenderTree.</p>
+<iframe id="frame" src="resources/redirect-to-invalid-url-using-javascript.html"></iframe>
+<script>
+function done()
+{
+    if (window.testRunner)
+        testRunner.notifyDone();
+}
+
+window.setTimeout(done, 0);
+</script>
+</body>
+</html>
diff --git a/LayoutTests/fast/loader/allow-redirect-to-invalid-url-using-meta-refresh-expected.txt b/LayoutTests/fast/loader/allow-redirect-to-invalid-url-using-meta-refresh-expected.txt
new file mode 100644 (file)
index 0000000..b5ff850
--- /dev/null
@@ -0,0 +1,14 @@
+frame "frame" - didStartProvisionalLoadForFrame
+main frame - didFinishDocumentLoadForFrame
+frame "frame" - didCommitLoadForFrame
+frame "frame" - didFinishDocumentLoadForFrame
+frame "frame" - didHandleOnloadEventsForFrame
+main frame - didHandleOnloadEventsForFrame
+frame "frame" - willPerformClientRedirectToURL: x-dummy://A=a&B=b 
+frame "frame" - didFinishLoadForFrame
+main frame - didFinishLoadForFrame
+Tests that we allow redirection to an invalid URL initiated by <meta http-equiv="refresh"> when setting allowNavigationToInvalidURL is true. This test PASSED if you see an entry in the dumped frame load callbacks of the form: "willPerformClientRedirectToURL: x-dummy://A=a&B=b".
+
+Note, this test must be run in DumpRenderTree.
+
+
diff --git a/LayoutTests/fast/loader/allow-redirect-to-invalid-url-using-meta-refresh.html b/LayoutTests/fast/loader/allow-redirect-to-invalid-url-using-meta-refresh.html
new file mode 100644 (file)
index 0000000..df88a9d
--- /dev/null
@@ -0,0 +1,29 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script>
+if (window.testRunner) {
+    testRunner.dumpAsText();
+    testRunner.dumpFrameLoadCallbacks();
+    testRunner.waitUntilDone();
+}
+
+if (window.internals)
+    window.internals.settings.setAllowNavigationToInvalidURL(true);
+</script>
+</head>
+<body>
+<p>Tests that we allow redirection to an invalid URL initiated by &lt;meta http-equiv=&quot;refresh&quot;&gt; when setting allowNavigationToInvalidURL is true. This test PASSED if you see an entry in the dumped frame load callbacks of the form: &quot;willPerformClientRedirectToURL: x-dummy://A=a&amp;B=b&quot;.</p>
+<p>Note, this test must be run in DumpRenderTree.</p>
+<iframe id="frame" src="resources/redirect-to-invalid-url-using-meta-refresh.html"></iframe>
+<script>
+function done()
+{
+    if (window.testRunner)
+        testRunner.notifyDone();
+}
+
+window.setTimeout(done, 0);
+</script>
+</body>
+</html>
diff --git a/LayoutTests/fast/loader/disallow-redirect-to-invalid-url-using-javascript-expected.txt b/LayoutTests/fast/loader/disallow-redirect-to-invalid-url-using-javascript-expected.txt
new file mode 100644 (file)
index 0000000..dba9f22
--- /dev/null
@@ -0,0 +1,13 @@
+frame "frame" - didStartProvisionalLoadForFrame
+main frame - didFinishDocumentLoadForFrame
+frame "frame" - didCommitLoadForFrame
+frame "frame" - didFinishDocumentLoadForFrame
+frame "frame" - didHandleOnloadEventsForFrame
+main frame - didHandleOnloadEventsForFrame
+frame "frame" - didFinishLoadForFrame
+main frame - didFinishLoadForFrame
+Tests that we do not redirect to an invalid URL initiated by JavaScript when setting allowNavigationToInvalidURL is false. This test PASSED if you do not see an entry in the dumped frame load callbacks of the form: "willPerformClientRedirectToURL: x-dummy://A=a&B=b".
+
+Note, this test must be run in DumpRenderTree.
+
+
diff --git a/LayoutTests/fast/loader/disallow-redirect-to-invalid-url-using-javascript.html b/LayoutTests/fast/loader/disallow-redirect-to-invalid-url-using-javascript.html
new file mode 100644 (file)
index 0000000..fef4056
--- /dev/null
@@ -0,0 +1,29 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script>
+if (window.testRunner) {
+    testRunner.dumpAsText();
+    testRunner.dumpFrameLoadCallbacks();
+    testRunner.waitUntilDone();
+}
+
+if (window.internals)
+    window.internals.settings.setAllowNavigationToInvalidURL(false);
+</script>
+</head>
+<body>
+<p>Tests that we do not redirect to an invalid URL initiated by JavaScript when setting allowNavigationToInvalidURL is false. This test PASSED if you do not see an entry in the dumped frame load callbacks of the form: &quot;willPerformClientRedirectToURL: x-dummy://A=a&amp;B=b&quot;.</p>
+<p>Note, this test must be run in DumpRenderTree.</p>
+<iframe id="frame" src="resources/redirect-to-invalid-url-using-javascript.html"></iframe>
+<script>
+function done()
+{
+    if (window.testRunner)
+        testRunner.notifyDone();
+}
+
+window.setTimeout(done, 0);
+</script>
+</body>
+</html>
diff --git a/LayoutTests/fast/loader/disallow-redirect-to-invalid-url-using-meta-refresh-expected.txt b/LayoutTests/fast/loader/disallow-redirect-to-invalid-url-using-meta-refresh-expected.txt
new file mode 100644 (file)
index 0000000..5a4901e
--- /dev/null
@@ -0,0 +1,13 @@
+frame "frame" - didStartProvisionalLoadForFrame
+main frame - didFinishDocumentLoadForFrame
+frame "frame" - didCommitLoadForFrame
+frame "frame" - didFinishDocumentLoadForFrame
+frame "frame" - didHandleOnloadEventsForFrame
+main frame - didHandleOnloadEventsForFrame
+frame "frame" - didFinishLoadForFrame
+main frame - didFinishLoadForFrame
+Tests that we do not redirect to an invalid URL initiated by <meta http-equiv="refresh"> when setting allowNavigationToInvalidURL is false. This test PASSED if you do not see an entry in the dumped frame load callbacks of the form: "willPerformClientRedirectToURL: x-dummy://A=a&B=b".
+
+Note, this test must be run in DumpRenderTree.
+
+
diff --git a/LayoutTests/fast/loader/disallow-redirect-to-invalid-url-using-meta-refresh.html b/LayoutTests/fast/loader/disallow-redirect-to-invalid-url-using-meta-refresh.html
new file mode 100644 (file)
index 0000000..108b4a5
--- /dev/null
@@ -0,0 +1,29 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script>
+if (window.testRunner) {
+    testRunner.dumpAsText();
+    testRunner.dumpFrameLoadCallbacks();
+    testRunner.waitUntilDone();
+}
+
+if (window.internals)
+    window.internals.settings.setAllowNavigationToInvalidURL(false);
+</script>
+</head>
+<body>
+<p>Tests that we do not redirect to an invalid URL initiated by &lt;meta http-equiv=&quot;refresh&quot;&gt; when setting allowNavigationToInvalidURL is false. This test PASSED if you do not see an entry in the dumped frame load callbacks of the form: &quot;willPerformClientRedirectToURL: x-dummy://A=a&amp;B=b&quot;.</p>
+<p>Note, this test must be run in DumpRenderTree.</p>
+<iframe id="frame" src="resources/redirect-to-invalid-url-using-meta-refresh.html"></iframe>
+<script>
+function done()
+{
+    if (window.testRunner)
+        testRunner.notifyDone();
+}
+
+window.setTimeout(done, 0);
+</script>
+</body>
+</html>
diff --git a/LayoutTests/fast/loader/resources/redirect-to-invalid-url-using-javascript.html b/LayoutTests/fast/loader/resources/redirect-to-invalid-url-using-javascript.html
new file mode 100644 (file)
index 0000000..c07f21d
--- /dev/null
@@ -0,0 +1,4 @@
+<!DOCTYPE html>
+<script>
+window.location.href = "x-dummy://A=a&B=b";
+</script>
diff --git a/LayoutTests/fast/loader/resources/redirect-to-invalid-url-using-meta-refresh.html b/LayoutTests/fast/loader/resources/redirect-to-invalid-url-using-meta-refresh.html
new file mode 100644 (file)
index 0000000..55b65da
--- /dev/null
@@ -0,0 +1,6 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <meta http-equiv="refresh" content="0; url=x-dummy://A=a&B=b">
+</head>
+</html>
index 4e98d2c109adfa0a03050dc94b5ec39b3581db8b..842db09d927ef624fce5cd7a58d40dd76ab10a87 100644 (file)
@@ -1,3 +1,30 @@
+2014-06-18  Daniel Bates  <dabates@apple.com>
+
+        REGRESSION (r167856): Unable to log into HSBC app
+        https://bugs.webkit.org/show_bug.cgi?id=133991
+        <rdar://problem/17044839>
+
+        Reviewed by David Kilzer.
+
+        Following <http://trac.webkit.org/changeset/167856> we disallow "navigation to any URL that is
+        invalid, except for JavaScript URLs, which need not be valid." A byproduct of this policy
+        decision is that we no longer notify the WebKit client to about a navigation if the destination
+        URL is invalid. And some apps, including the HSBC app for iOS, have logic to intercept URLs
+        as a means to pass data from their WebView-embedded web app to the WebView. We should expose a
+        setting called allowNavigationToInvalidURL (disabled by default on all ports and conditionally
+        enabled on iOS) to toggle whether WebCore allows navigation to any URL, even if its invalid,
+        so as to not break clients that intercept URLs and have custom logic to handle them.
+
+        Tests: fast/loader/allow-redirect-to-invalid-url-using-javascript.html
+               fast/loader/allow-redirect-to-invalid-url-using-meta-refresh.html
+               fast/loader/disallow-redirect-to-invalid-url-using-javascript.html
+               fast/loader/disallow-redirect-to-invalid-url-using-meta-refresh.html
+
+        * loader/NavigationScheduler.cpp:
+        (WebCore::NavigationScheduler::shouldScheduleNavigation): Modified to only validate
+        the URL when the setting allowNavigationToInvalidURL is disabled.
+        * page/Settings.in: Added setting allowNavigationToInvalidURL (disabled by default).
+
 2014-06-18  Simon Fraser  <simon.fraser@apple.com>
 
         Make ScrollingStateNodes refcounted, and other minor cleanup
index 350567e51880c44da04e68a11d8c31f63ef261ae..3931343e39e34ccf4bcc306483208ead1288853d 100644 (file)
@@ -48,6 +48,7 @@
 #include "InspectorInstrumentation.h"
 #include "Page.h"
 #include "ScriptController.h"
+#include "Settings.h"
 #include "UserGestureIndicator.h"
 #include <wtf/CurrentTime.h>
 #include <wtf/Ref.h>
@@ -310,7 +311,7 @@ inline bool NavigationScheduler::shouldScheduleNavigation(const URL& url) const
         return false;
     if (protocolIsJavaScript(url))
         return true;
-    if (!url.isValid())
+    if (!url.isValid() && !m_frame.settings().allowNavigationToInvalidURL())
         return false;
     return NavigationDisablerForBeforeUnload::isNavigationAllowed();
 }
index 19428c221a15b0c660111104e5d1eda59993b8eb..9bc06c6d550cf531b411daa95d51ec1e434cf236 100644 (file)
@@ -223,3 +223,7 @@ aggressiveTileRetentionEnabled initial=false
 temporaryTileCohortRetentionEnabled initial=true
 
 useImageDocumentForSubframePDF initial=false
+
+# Allow clients to permit navigation to an invalid URL. Some apps may use invalid URLs
+# as a means to pass data from the web-portion of their app to the native portion.
+allowNavigationToInvalidURL initial=false
index 1880109d27842f5e8945f04a0d833002085c6fad..405c722f22131e86767016372742f34b9d1cfa89 100644 (file)
@@ -1,3 +1,17 @@
+2014-06-18  Daniel Bates  <dabates@apple.com>
+
+        REGRESSION (r167856): Unable to log into HSBC app
+        https://bugs.webkit.org/show_bug.cgi?id=133991
+        <rdar://problem/17044839>
+
+        Reviewed by David Kilzer.
+
+        Only enable the setting allowNavigationToInvalidURL for iOS app linked against WebKit/UIKit before iOS 8.
+
+        * Misc/WebKitVersionChecks.h: Added macro constant WEBKIT_FIRST_VERSION_WITH_NAVIGATION_URL_VALIDATION.
+        * WebView/WebView.mm:
+        (-[WebView _preferencesChanged:]): Enable or disable the setting allowNavigationToInvalidURL as appropriate.
+
 2014-06-18  Anders Carlsson  <andersca@apple.com>
 
         Adopt modern C++11 loops and fix WebArchive creation functions
index c22d3f9a87a8ec6f6382ce685c9d0a7e42f9debe..91e9192edcfca98d81fcbdfdd31e5c6f67bf9494 100644 (file)
@@ -73,6 +73,7 @@
 #define WEBKIT_FIRST_VERSION_WITH_CSS_ATTRIBUTE_SETTERS_IGNORING_PRIORITY 2239 // iOS 6.0
 #define WEBKIT_FIRST_VERSION_WITH_YOUTUBE_EMBED_IFRAME_TRANSFORM 2239 // iOS 6.0
 #define WEBKIT_FIRST_VERSION_WITHOUT_LEGACY_BACKGROUNDSIZE_SHORTHAND_BEHAVIOR 2665 // iOS 7.0
+#define WEBKIT_FIRST_VERSION_WITH_NAVIGATION_URL_VALIDATION 3185 // iOS 8.0
 #endif // PLATFORM(IOS)
 
 #ifdef __cplusplus
index 3ad25375e0208a2a977250fa1178255607218e51..ca96cb807235001dca0bb7d57d1b984a9c26eb0c 100644 (file)
@@ -2342,6 +2342,8 @@ static bool needsSelfRetainWhileLoadingQuirk()
 #if ENABLE(IOS_TEXT_AUTOSIZING)
     settings.setMinimumZoomFontSize([preferences _minimumZoomFontSize]);
 #endif
+
+    settings.setAllowNavigationToInvalidURL(!WebKitLinkedOnOrAfter(WEBKIT_FIRST_VERSION_WITH_NAVIGATION_URL_VALIDATION));
 #endif // PLATFORM(IOS)
 
 #if PLATFORM(MAC)