[iOS] QuickLook documents loaded over https do not load their subresources
authoraestes@apple.com <aestes@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 15 Oct 2015 00:21:27 +0000 (00:21 +0000)
committeraestes@apple.com <aestes@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 15 Oct 2015 00:21:27 +0000 (00:21 +0000)
https://bugs.webkit.org/show_bug.cgi?id=150145
<rdar://problem/22884521>

Reviewed by Alexey Proskuryakov.

Source/WebCore:

When QuickLook generates an HTML preview of a document, subresources are referenced using the x-apple-ql-id scheme,
for which QuickLook installs an NSURLProtocol. If a document is loaded over https, then this scheme needs to be
considered secure in order to avoid mixed content errors.

Test: http/tests/quicklook/secure-document-with-subresources.html

* platform/SchemeRegistry.cpp:
(WebCore::secureSchemes): Registered QLPreviewProtocol() as a secure scheme.

LayoutTests:

* TestExpectations: Skipped http/tests/quicklook on all platforms.
* http/tests/quicklook/resources/secure-document-with-subresources-expected/index.css: Added.
* http/tests/quicklook/resources/secure-document-with-subresources-expected/index.html: Added.
* http/tests/quicklook/resources/secure-document-with-subresources.pages: Added.
* http/tests/quicklook/resources/webkit-icon.tiff: Added.
* http/tests/quicklook/secure-document-with-subresources-expected.html: Added.
* http/tests/quicklook/secure-document-with-subresources.html: Added.
* platform/ios-simulator/TestExpectations: Expected http/tests/quicklook to pass on iOS.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@191076 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/ChangeLog
LayoutTests/TestExpectations
LayoutTests/http/tests/quicklook/resources/secure-document-with-subresources-expected/index.css [new file with mode: 0644]
LayoutTests/http/tests/quicklook/resources/secure-document-with-subresources-expected/index.html [new file with mode: 0644]
LayoutTests/http/tests/quicklook/resources/secure-document-with-subresources.pages [new file with mode: 0644]
LayoutTests/http/tests/quicklook/resources/webkit-icon.tiff [new file with mode: 0644]
LayoutTests/http/tests/quicklook/secure-document-with-subresources-expected.html [new file with mode: 0644]
LayoutTests/http/tests/quicklook/secure-document-with-subresources.html [new file with mode: 0644]
LayoutTests/platform/ios-simulator/TestExpectations
Source/WebCore/ChangeLog
Source/WebCore/platform/SchemeRegistry.cpp

index bbe3e486c6575e6a167a678b9ee605e50827ddfc..db454884ff565d7681831898ab02340401ff6233 100644 (file)
@@ -1,3 +1,20 @@
+2015-10-14  Andy Estes  <aestes@apple.com>
+
+        [iOS] QuickLook documents loaded over https do not load their subresources
+        https://bugs.webkit.org/show_bug.cgi?id=150145
+        <rdar://problem/22884521>
+
+        Reviewed by Alexey Proskuryakov.
+
+        * TestExpectations: Skipped http/tests/quicklook on all platforms.
+        * http/tests/quicklook/resources/secure-document-with-subresources-expected/index.css: Added.
+        * http/tests/quicklook/resources/secure-document-with-subresources-expected/index.html: Added.
+        * http/tests/quicklook/resources/secure-document-with-subresources.pages: Added.
+        * http/tests/quicklook/resources/webkit-icon.tiff: Added.
+        * http/tests/quicklook/secure-document-with-subresources-expected.html: Added.
+        * http/tests/quicklook/secure-document-with-subresources.html: Added.
+        * platform/ios-simulator/TestExpectations: Expected http/tests/quicklook to pass on iOS.
+
 2015-10-14  Wenson Hsieh  <wenson_hsieh@apple.com>
 
         Web pages with unscalable viewports shouldn't have a single tap delay
index ee1b9fdcbe9c99a12b54428a28839196b20b30c5..2ff5ad2d05f209846f93f53652a8c37e23efa393 100644 (file)
@@ -39,6 +39,7 @@ fast/events/mouse-force-up.html [ Skip ]
 
 # Only iOS supports QuickLook
 quicklook [ Skip ]
+http/tests/quicklook [ Skip ]
 
 # This test is WebKit2-only
 http/tests/appcache/decide-navigation-policy-after-delay.html [ Skip ]
diff --git a/LayoutTests/http/tests/quicklook/resources/secure-document-with-subresources-expected/index.css b/LayoutTests/http/tests/quicklook/resources/secure-document-with-subresources-expected/index.css
new file mode 100644 (file)
index 0000000..a583212
--- /dev/null
@@ -0,0 +1,81 @@
+.fl {float: left; clear: left; padding: 0; width: 0px; height: 10px;}
+
+.fr {float: right; clear: right; padding: 0; width: 0px; height: 10px;}
+
+.p1 {
+    padding: 0px 0px 0px 0px;
+    text-align: left;
+    margin-top: 0;
+    font-weight: normal;
+    text-indent: 0px;
+    font-family: 'Helvetica';
+    font-size: 12;
+    color: rgb(0,0,0);
+    text-transform: none;
+    margin-bottom: 0;
+    font-style: normal;
+    line-height: 13px;
+}
+
+.it1 {
+    margin-top: 0;
+    margin-bottom: 0;
+    text-align: left;
+}
+
+.g1 {
+    opacity: 1.00;
+    border: none;
+    background-color: transparent;
+    background-image: none;
+}
+
+.p2 {
+    padding: 0px 0px 0px 0px;
+    text-align: left;
+    margin-top: 0;
+    font-weight: normal;
+    text-indent: 0px;
+    font-family: 'Helvetica';
+    font-size: 12;
+    color: rgb(0,0,0);
+    text-transform: none;
+    margin-bottom: 0;
+    font-style: normal;
+    line-height: 13px;
+}
+
+.it2 {
+    font-weight: bold;
+    line-height: 17px;
+    font-family: 'LucidaGrande';
+    font-size: 16;
+    margin-top: 0;
+    color: rgb(4,40,0);
+}
+
+.it3 {
+    margin-bottom: 0;
+    line-height: 13px;
+    font-family: 'LucidaGrande';
+    color: rgb(38,38,38);
+}
+
+.it4 {
+    color: rgb(31,120,15);
+    text-decoration: none;
+}
+
+.dzo {
+    z-index: 100;
+}
+
+.i1 { background: #ACB2BB;  }
+.i2 { min-height: 812px; position: relative; -webkit-box-shadow: 0px 5px 5px rgba(0, 0, 0, 0.5); margin-left: 0px; margin-bottom: 5px; width: 612px; background: white; margin-right: 0px; overflow: hidden; margin-top: 0px;  }
+.i3 { padding-top: 36px; top: 0px; overflow: hidden; width: 468px; position: absolute; left: 72px;  }
+.i4 { width: 215; height: 174;  }
+.i5 { bottom: 43px; width: 468px; position: absolute; left: 72px;  }
+.i6 { position: absolute; padding-left: 72px; min-height: 527px; width: 468px; padding-top: 222px;  }
+.i7 { display: inline; background: #FFFFFF;  }
+.i8 { text-decoration: none;  }
+.i9 { visibility: hidden; margin-bottom: 43px; width: 468px; left: 72px;  }
diff --git a/LayoutTests/http/tests/quicklook/resources/secure-document-with-subresources-expected/index.html b/LayoutTests/http/tests/quicklook/resources/secure-document-with-subresources-expected/index.html
new file mode 100644 (file)
index 0000000..41abd36
--- /dev/null
@@ -0,0 +1,31 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+    <meta http-equiv="Content-type" content="text/html; charset=UTF-8">
+    <link rel="stylesheet" type="text/css" href="index.css">
+    <meta name="viewport" content="width=630.000000">
+</head>
+<body class="i1 ">
+    <div class="dzo i2 ">
+        <div>
+            <div id="SFWPDefaultOddHeaderIdentifier" class="dzo i3 ">
+                <p class="p1 it1">
+                    <span>        </span><img class="i4 g1  " src="../webkit-icon.tiff">
+                </p>
+            </div>
+            <div id="SFWPDefaultOddFooterIdentifier" class="dzo i5 "></div>
+            <div class="dzo i6 ">
+                <div class="i7 ">
+                    <p class="p2 it2">
+                        <span class="i8 ">Welcome to the website for the WebKit Open Source Project!</span><br>
+                    </p>
+                    <p class="p2 it3">
+                        <span class="i8 ">WebKit is an open source web browser engine. WebKit is also the name of the OS X system framework version of the engine that's used by </span><a href="http://www.apple.com/safari/" title="http://www.apple.com/safari/"><span class="it4">Safari</span></a><span class="i8 ">, Dashboard, Mail, and many other OS X applications. WebKit's HTML and JavaScript code began as a branch of the </span><a href="http://konqueror.kde.org/features/browser.php" title="http://konqueror.kde.org/features/browser.php"><span class="it4">KHTML</span></a><span class="i8 "> and KJS libraries from </span><a href="http://kde.org/" title="http://kde.org/"><span class="it4">KDE</span></a><span class="i8 ">.</span>
+                    </p>
+                </div>
+            </div>
+        </div>
+        <div class="dzo i9 "></div>
+    </div>
+</body>
+</html>
diff --git a/LayoutTests/http/tests/quicklook/resources/secure-document-with-subresources.pages b/LayoutTests/http/tests/quicklook/resources/secure-document-with-subresources.pages
new file mode 100644 (file)
index 0000000..6104289
Binary files /dev/null and b/LayoutTests/http/tests/quicklook/resources/secure-document-with-subresources.pages differ
diff --git a/LayoutTests/http/tests/quicklook/resources/webkit-icon.tiff b/LayoutTests/http/tests/quicklook/resources/webkit-icon.tiff
new file mode 100644 (file)
index 0000000..bfd3e03
Binary files /dev/null and b/LayoutTests/http/tests/quicklook/resources/webkit-icon.tiff differ
diff --git a/LayoutTests/http/tests/quicklook/secure-document-with-subresources-expected.html b/LayoutTests/http/tests/quicklook/secure-document-with-subresources-expected.html
new file mode 100644 (file)
index 0000000..402539a
--- /dev/null
@@ -0,0 +1,8 @@
+<!DOCTYPE html>
+<style>
+iframe {
+    width: 100vw;
+    height: 100vh;
+}
+</style>
+<iframe src="resources/secure-document-with-subresources-expected/index.html"></iframe>
diff --git a/LayoutTests/http/tests/quicklook/secure-document-with-subresources.html b/LayoutTests/http/tests/quicklook/secure-document-with-subresources.html
new file mode 100644 (file)
index 0000000..8da3226
--- /dev/null
@@ -0,0 +1,8 @@
+<!DOCTYPE html>
+<style>
+iframe {
+    width: 100vw;
+    height: 100vh;
+}
+</style>
+<iframe src="https://127.0.0.1:8443/quicklook/resources/secure-document-with-subresources.pages"></iframe>
index 3481766cccc05a609812442b340dec0ed8acf056..04d8bc75941e01d437789b50a2162a866c4999c8 100644 (file)
@@ -8,6 +8,7 @@
 
 accessibility/ios-simulator [ Pass ]
 quicklook [ Pass ]
+http/tests/quicklook [ Pass ]
 
 # <rdar://problem/22898927> Crashes in iWorkImport.framework
 quicklook/pages.html [ Pass Crash ]
index e69012f0d82f59564342b6881207736aa76c9847..4f94d31090d60f9e1d5bdb17cbc2dbd5e002f5de 100644 (file)
@@ -1,3 +1,20 @@
+2015-10-14  Andy Estes  <aestes@apple.com>
+
+        [iOS] QuickLook documents loaded over https do not load their subresources
+        https://bugs.webkit.org/show_bug.cgi?id=150145
+        <rdar://problem/22884521>
+
+        Reviewed by Alexey Proskuryakov.
+
+        When QuickLook generates an HTML preview of a document, subresources are referenced using the x-apple-ql-id scheme,
+        for which QuickLook installs an NSURLProtocol. If a document is loaded over https, then this scheme needs to be
+        considered secure in order to avoid mixed content errors.
+
+        Test: http/tests/quicklook/secure-document-with-subresources.html
+
+        * platform/SchemeRegistry.cpp:
+        (WebCore::secureSchemes): Registered QLPreviewProtocol() as a secure scheme.
+
 2015-10-14  Jiewen Tan  <jiewen_tan@apple.com>
 
         Postpone mutation events before invoke Editor::Command command(Document*, const String&, bool).
index d7af48202c35f57416d4da918cdca7af5f025d30..a8b0a1150c43e12a1aabbd0f0eae2247e11b3a19 100644 (file)
 #include <wtf/MainThread.h>
 #include <wtf/NeverDestroyed.h>
 
+#if USE(QUICK_LOOK)
+#include "QuickLook.h"
+#endif
+
 namespace WebCore {
 
 static URLSchemesMap& localURLSchemes()
@@ -59,6 +63,9 @@ static URLSchemesMap& secureSchemes()
         secureSchemes.add("about");
         secureSchemes.add("data");
         secureSchemes.add("wss");
+#if USE(QUICK_LOOK)
+        secureSchemes.add(QLPreviewProtocol());
+#endif
     }
 
     return secureSchemes;