File URLs with hostnames are misleading
authoryouenn@apple.com <youenn@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 8 Jun 2020 11:33:16 +0000 (11:33 +0000)
committeryouenn@apple.com <youenn@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 8 Jun 2020 11:33:16 +0000 (11:33 +0000)
https://bugs.webkit.org/show_bug.cgi?id=212739
<rdar://problem/63754917>

Reviewed by Alex Christensen.

Source/WebCore:

Showing a file URL like file://example.org/test is misleading to users.
To prevent this, we just do a redirection to the same file URL with an empty host.
Remove the port at the same time.
Covered by added API test.

* loader/DocumentLoader.cpp:
(WebCore::DocumentLoader::willSendRequest):

Tools:

* TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
* TestWebKitAPI/Tests/WebKit/open-window-with-file-url-with-host.html: Added.
* TestWebKitAPI/Tests/WebKitCocoa/OpenAndCloseWindow.mm:
(TEST):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@262707 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebCore/ChangeLog
Source/WebCore/loader/DocumentLoader.cpp
Tools/ChangeLog
Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj
Tools/TestWebKitAPI/Tests/WebKit/open-window-with-file-url-with-host.html [new file with mode: 0644]
Tools/TestWebKitAPI/Tests/WebKitCocoa/OpenAndCloseWindow.mm

index c98f545..c7b2405 100644 (file)
@@ -1,3 +1,19 @@
+2020-06-08  Youenn Fablet  <youenn@apple.com>
+
+        File URLs with hostnames are misleading
+        https://bugs.webkit.org/show_bug.cgi?id=212739
+        <rdar://problem/63754917>
+
+        Reviewed by Alex Christensen.
+
+        Showing a file URL like file://example.org/test is misleading to users.
+        To prevent this, we just do a redirection to the same file URL with an empty host.
+        Remove the port at the same time.
+        Covered by added API test.
+
+        * loader/DocumentLoader.cpp:
+        (WebCore::DocumentLoader::willSendRequest):
+
 2020-06-08  Rob Buis  <rbuis@igalia.com>
 
         Simplify fallback content handling in FrameLoader
index 8cfafab..c7a25c8 100644 (file)
@@ -654,6 +654,12 @@ void DocumentLoader::willSendRequest(ResourceRequest&& newRequest, const Resourc
         }
     }
 
+    if (!newRequest.url().host().isEmpty() && SecurityOrigin::shouldIgnoreHost(newRequest.url())) {
+        auto url = newRequest.url();
+        url.setHostAndPort({ });
+        newRequest.setURL(WTFMove(url));
+    }
+
 #if ENABLE(CONTENT_FILTERING)
     if (m_contentFilter && !m_contentFilter->continueAfterWillSendRequest(newRequest, redirectResponse))
         return completionHandler(WTFMove(newRequest));
index cb3b78f..fd061bf 100644 (file)
@@ -1,3 +1,16 @@
+2020-06-08  Youenn Fablet  <youenn@apple.com>
+
+        File URLs with hostnames are misleading
+        https://bugs.webkit.org/show_bug.cgi?id=212739
+        <rdar://problem/63754917>
+
+        Reviewed by Alex Christensen.
+
+        * TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
+        * TestWebKitAPI/Tests/WebKit/open-window-with-file-url-with-host.html: Added.
+        * TestWebKitAPI/Tests/WebKitCocoa/OpenAndCloseWindow.mm:
+        (TEST):
+
 2020-06-07  Caio Lima  <ticaiolima@gmail.com>
 
         Allow run-jsc-stress-tests still run if some of the remote hosts are not available
index 429ea99..260a50d 100644 (file)
                4135FB852011FABF00332139 /* libWebCoreTestSupport.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = 4135FB862011FABF00332139 /* libWebCoreTestSupport.dylib */; };
                414AD6862285D1C000777F2D /* StorageQuota.mm in Sources */ = {isa = PBXBuildFile; fileRef = 414AD6852285D1B000777F2D /* StorageQuota.mm */; };
                41661C662355E85E00D33C27 /* getUserMedia-webaudio.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 41661C652355D98B00D33C27 /* getUserMedia-webaudio.html */; };
+               41848F4424891879000E2588 /* open-window-with-file-url-with-host.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 41848F4324891815000E2588 /* open-window-with-file-url-with-host.html */; };
                41882F0321010C0D002FF288 /* ProcessPreWarming.mm in Sources */ = {isa = PBXBuildFile; fileRef = 41882F0221010A70002FF288 /* ProcessPreWarming.mm */; };
                44077BB123144B5000179E2D /* DataDetectorsTestIOS.mm in Sources */ = {isa = PBXBuildFile; fileRef = 44077BB0231449D200179E2D /* DataDetectorsTestIOS.mm */; };
                4433A396208044140091ED57 /* SynchronousTimeoutTests.mm in Sources */ = {isa = PBXBuildFile; fileRef = 4433A395208044130091ED57 /* SynchronousTimeoutTests.mm */; };
                                CEA6CF2819CCF69D0064F5A7 /* open-and-close-window.html in Copy Resources */,
                                7CCB99231D3B4A46003922F6 /* open-multiple-external-url.html in Copy Resources */,
                                468BC45522653A1000A36C96 /* open-window-then-write-to-it.html in Copy Resources */,
+                               41848F4424891879000E2588 /* open-window-with-file-url-with-host.html in Copy Resources */,
                                931C281E22BC579A001D98C4 /* opendatabase-always-exists.html in Copy Resources */,
                                290A9BB91735F63800D71BBC /* OpenNewWindow.html in Copy Resources */,
                                0F340779230382870060A1A0 /* overflow-scroll.html in Copy Resources */,
                4135FB862011FABF00332139 /* libWebCoreTestSupport.dylib */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.dylib"; path = libWebCoreTestSupport.dylib; sourceTree = BUILT_PRODUCTS_DIR; };
                414AD6852285D1B000777F2D /* StorageQuota.mm */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.objcpp; path = StorageQuota.mm; sourceTree = "<group>"; };
                41661C652355D98B00D33C27 /* getUserMedia-webaudio.html */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.html; path = "getUserMedia-webaudio.html"; sourceTree = "<group>"; };
+               41848F4324891815000E2588 /* open-window-with-file-url-with-host.html */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.html; path = "open-window-with-file-url-with-host.html"; sourceTree = "<group>"; };
                41882F0221010A70002FF288 /* ProcessPreWarming.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = ProcessPreWarming.mm; sourceTree = "<group>"; };
                41973B5C1AF22875006C7B36 /* SharedBuffer.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SharedBuffer.cpp; sourceTree = "<group>"; };
                44077BB0231449D200179E2D /* DataDetectorsTestIOS.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = DataDetectorsTestIOS.mm; sourceTree = "<group>"; };
                                4A410F4D19AF7BEF002EBAB6 /* ondevicechange.html */,
                                CEA6CF2719CCF69D0064F5A7 /* open-and-close-window.html */,
                                468BC454226539C800A36C96 /* open-window-then-write-to-it.html */,
+                               41848F4324891815000E2588 /* open-window-with-file-url-with-host.html */,
                                83148B08202AC76800BADE99 /* override-builtins-test.html */,
                                0EBBCC651FFF9DCE00FA42AB /* pop-up-check.html */,
                                F6FDDDD514241C48004F1729 /* push-state.html */,
diff --git a/Tools/TestWebKitAPI/Tests/WebKit/open-window-with-file-url-with-host.html b/Tools/TestWebKitAPI/Tests/WebKit/open-window-with-file-url-with-host.html
new file mode 100644 (file)
index 0000000..10a5aa0
--- /dev/null
@@ -0,0 +1,9 @@
+<!DOCTYPE html>
+<html>
+<body>
+<script>
+    if (location.hash !== "#test")
+        window.open("file://example.org" + location.pathname + "#test", "_self");
+</script>
+</body>
+</html>
index 60b11ef..5ec86de 100644 (file)
@@ -319,3 +319,23 @@ TEST(WebKit, OpenWindowThenDocumentOpen)
 
     EXPECT_TRUE([[[openedWebView _mainFrameURL] absoluteString] isEqualToString:[[webView URL] absoluteString]]);
 }
+
+TEST(WebKit, OpenFileURLWithHost)
+{
+    resetToConsistentState();
+
+    auto webView = adoptNS([[WKWebView alloc] initWithFrame:NSMakeRect(0, 0, 800, 600)]);
+
+    auto uiDelegate = adoptNS([[OpenWindowThenDocumentOpenUIDelegate alloc] init]);
+    [webView setUIDelegate:uiDelegate.get()];
+    [webView configuration].preferences.javaScriptCanOpenWindowsAutomatically = YES;
+
+    NSURLRequest *request = [NSURLRequest requestWithURL:[[NSBundle mainBundle] URLForResource:@"open-window-with-file-url-with-host" withExtension:@"html" subdirectory:@"TestWebKitAPI.resources"]];
+    [webView loadRequest:request];
+
+    while (![[[webView URL] absoluteString] hasSuffix:@"#test"])
+        TestWebKitAPI::Util::spinRunLoop();
+
+    while (![[[webView URL] absoluteString] hasPrefix:@"file:///"])
+        TestWebKitAPI::Util::spinRunLoop();
+}