Limit allowed size of document.title to avoid locking WebKit clients
authorbfulgham@apple.com <bfulgham@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 26 Apr 2017 01:53:06 +0000 (01:53 +0000)
committerbfulgham@apple.com <bfulgham@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 26 Apr 2017 01:53:06 +0000 (01:53 +0000)
https://bugs.webkit.org/show_bug.cgi?id=165113
<rdar://problem/28324389>

Reviewed by Darin Adler.

Source/WebKit/mac:

When a web application attempts to set an extremely long title, truncate the
title to a more reasonable size.

We do this at at the presentation layer, rather than in the DOM, so that we do
not affect script function. Instead, we merely limit display to a level that is
reasonable for normal GUI widgets. Anything else needs to be truncated in the UI
layer, so it is a waste of effort to send across IPC.

* WebCoreSupport/WebFrameLoaderClient.h:
* WebCoreSupport/WebFrameLoaderClient.mm:
(WebFrameLoaderClient::dispatchDidReceiveTitle):

Source/WebKit2:

When a web application attempts to set an extremely long title, truncate the
title to a more reasonable size.

We do this at at the presentation layer, rather than in the DOM, so that we do
not affect script function. Instead, we merely limit display to a level that is
reasonable for normal GUI widgets. Anything else needs to be truncated in the UI
layer, so it is a waste of effort to send across IPC.

* WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp:
(WebKit::WebFrameLoaderClient::dispatchDidReceiveTitle):
* WebProcess/WebCoreSupport/WebFrameLoaderClient.h:

Tools:

* TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj: Add new files.
* TestWebKitAPI/Tests/WebKit2/LimitTitleSize.cpp: Added.
* TestWebKitAPI/Tests/WebKit2/set-long-title.html: Added.
* TestWebKitAPI/Tests/mac/LimitTitleSize.mm: Added.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@215784 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebCore/platform/text/StringWithDirection.h
Source/WebKit/mac/ChangeLog
Source/WebKit/mac/WebCoreSupport/WebFrameLoaderClient.mm
Source/WebKit2/ChangeLog
Source/WebKit2/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp
Tools/ChangeLog
Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj
Tools/TestWebKitAPI/Tests/WebKit2/LimitTitleSize.cpp [new file with mode: 0644]
Tools/TestWebKitAPI/Tests/WebKit2/set-long-title.html [new file with mode: 0644]
Tools/TestWebKitAPI/Tests/mac/LimitTitleSize.mm [new file with mode: 0644]

index a9e8868..6dc87d7 100644 (file)
@@ -1,5 +1,6 @@
 /*
  * Copyright (C) 2011 Google Inc. All rights reserved.
 /*
  * Copyright (C) 2011 Google Inc. All rights reserved.
+ * Copyright (C) 2017 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are
@@ -62,4 +63,11 @@ inline bool operator!=(const StringWithDirection& a, const StringWithDirection&
     return !(a == b);
 }
 
     return !(a == b);
 }
 
+inline StringWithDirection truncateFromEnd(const StringWithDirection& string, unsigned maxLength)
+{
+    if (string.direction == LTR)
+        return StringWithDirection(string.string.left(maxLength), LTR);
+    return StringWithDirection(string.string.right(maxLength), RTL);
+}
+
 }
 }
index 0bda7d6..5b22424 100644 (file)
@@ -1,3 +1,23 @@
+2017-04-25  Brent Fulgham  <bfulgham@apple.com>
+
+        Limit allowed size of document.title to avoid locking WebKit clients
+        https://bugs.webkit.org/show_bug.cgi?id=165113
+        <rdar://problem/28324389>
+
+        Reviewed by Darin Adler.
+
+        When a web application attempts to set an extremely long title, truncate the
+        title to a more reasonable size.
+
+        We do this at at the presentation layer, rather than in the DOM, so that we do
+        not affect script function. Instead, we merely limit display to a level that is
+        reasonable for normal GUI widgets. Anything else needs to be truncated in the UI
+        layer, so it is a waste of effort to send across IPC.
+
+        * WebCoreSupport/WebFrameLoaderClient.h:
+        * WebCoreSupport/WebFrameLoaderClient.mm:
+        (WebFrameLoaderClient::dispatchDidReceiveTitle):
+
 2017-04-25  Daniel Bates  <dabates@apple.com>
 
         [Cocoa][Win] Enable of X-Content-Type-Options: nosniff header
 2017-04-25  Daniel Bates  <dabates@apple.com>
 
         [Cocoa][Win] Enable of X-Content-Type-Options: nosniff header
index 28345fa..c98002d 100644 (file)
@@ -681,13 +681,17 @@ void WebFrameLoaderClient::dispatchDidStartProvisionalLoad()
         CallFrameLoadDelegate(implementations->didStartProvisionalLoadForFrameFunc, webView, @selector(webView:didStartProvisionalLoadForFrame:), m_webFrame.get());
 }
 
         CallFrameLoadDelegate(implementations->didStartProvisionalLoadForFrameFunc, webView, @selector(webView:didStartProvisionalLoadForFrame:), m_webFrame.get());
 }
 
+static constexpr unsigned maxTitleLength = 1000; // Closest power of 10 above the W3C recommendation for Title length.
+
 void WebFrameLoaderClient::dispatchDidReceiveTitle(const StringWithDirection& title)
 {
 void WebFrameLoaderClient::dispatchDidReceiveTitle(const StringWithDirection& title)
 {
+    auto truncatedTitle = truncateFromEnd(title, maxTitleLength);
+
     WebView *webView = getWebView(m_webFrame.get());   
     WebFrameLoadDelegateImplementationCache* implementations = WebViewGetFrameLoadDelegateImplementations(webView);
     if (implementations->didReceiveTitleForFrameFunc) {
         // FIXME: Use direction of title.
     WebView *webView = getWebView(m_webFrame.get());   
     WebFrameLoadDelegateImplementationCache* implementations = WebViewGetFrameLoadDelegateImplementations(webView);
     if (implementations->didReceiveTitleForFrameFunc) {
         // FIXME: Use direction of title.
-        CallFrameLoadDelegate(implementations->didReceiveTitleForFrameFunc, webView, @selector(webView:didReceiveTitle:forFrame:), (NSString *)title.string, m_webFrame.get());
+        CallFrameLoadDelegate(implementations->didReceiveTitleForFrameFunc, webView, @selector(webView:didReceiveTitle:forFrame:), (NSString *)truncatedTitle.string, m_webFrame.get());
     }
 }
 
     }
 }
 
index 930c160..b4c0873 100644 (file)
@@ -1,3 +1,23 @@
+2017-04-25  Brent Fulgham  <bfulgham@apple.com>
+
+        Limit allowed size of document.title to avoid locking WebKit clients
+        https://bugs.webkit.org/show_bug.cgi?id=165113
+        <rdar://problem/28324389>
+
+        Reviewed by Darin Adler.
+
+        When a web application attempts to set an extremely long title, truncate the
+        title to a more reasonable size.
+
+        We do this at at the presentation layer, rather than in the DOM, so that we do
+        not affect script function. Instead, we merely limit display to a level that is
+        reasonable for normal GUI widgets. Anything else needs to be truncated in the UI
+        layer, so it is a waste of effort to send across IPC.
+
+        * WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp:
+        (WebKit::WebFrameLoaderClient::dispatchDidReceiveTitle):
+        * WebProcess/WebCoreSupport/WebFrameLoaderClient.h:
+
 2017-04-25  John Wilander  <wilander@apple.com>
 
         Resource Load Statistics: Introduce shorter time-to-live for cookie partition whitelisting
 2017-04-25  John Wilander  <wilander@apple.com>
 
         Resource Load Statistics: Introduce shorter time-to-live for cookie partition whitelisting
index 5537f19..5781c86 100644 (file)
@@ -1,5 +1,5 @@
 /*
 /*
- * Copyright (C) 2010-2016 Apple Inc. All rights reserved.
+ * Copyright (C) 2010-2017 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -424,20 +424,24 @@ void WebFrameLoaderClient::dispatchDidStartProvisionalLoad()
     webPage->send(Messages::WebPageProxy::DidStartProvisionalLoadForFrame(m_frame->frameID(), provisionalLoader.navigationID(), url, unreachableURL, UserData(WebProcess::singleton().transformObjectsToHandles(userData.get()).get())));
 }
 
     webPage->send(Messages::WebPageProxy::DidStartProvisionalLoadForFrame(m_frame->frameID(), provisionalLoader.navigationID(), url, unreachableURL, UserData(WebProcess::singleton().transformObjectsToHandles(userData.get()).get())));
 }
 
+static constexpr unsigned maxTitleLength = 1000; // Closest power of 10 above the W3C recommendation for Title length.
+
 void WebFrameLoaderClient::dispatchDidReceiveTitle(const StringWithDirection& title)
 {
     WebPage* webPage = m_frame->page();
     if (!webPage)
         return;
 
 void WebFrameLoaderClient::dispatchDidReceiveTitle(const StringWithDirection& title)
 {
     WebPage* webPage = m_frame->page();
     if (!webPage)
         return;
 
+    auto truncatedTitle = truncateFromEnd(title, maxTitleLength);
+    
     RefPtr<API::Object> userData;
 
     // Notify the bundle client.
     // FIXME: Use direction of title.
     RefPtr<API::Object> userData;
 
     // Notify the bundle client.
     // FIXME: Use direction of title.
-    webPage->injectedBundleLoaderClient().didReceiveTitleForFrame(webPage, title.string, m_frame, userData);
+    webPage->injectedBundleLoaderClient().didReceiveTitleForFrame(webPage, truncatedTitle.string, m_frame, userData);
 
     // Notify the UIProcess.
 
     // Notify the UIProcess.
-    webPage->send(Messages::WebPageProxy::DidReceiveTitleForFrame(m_frame->frameID(), title.string, UserData(WebProcess::singleton().transformObjectsToHandles(userData.get()).get())));
+    webPage->send(Messages::WebPageProxy::DidReceiveTitleForFrame(m_frame->frameID(), truncatedTitle.string, UserData(WebProcess::singleton().transformObjectsToHandles(userData.get()).get())));
 }
 
 void WebFrameLoaderClient::dispatchDidCommitLoad(std::optional<HasInsecureContent> hasInsecureContent)
 }
 
 void WebFrameLoaderClient::dispatchDidCommitLoad(std::optional<HasInsecureContent> hasInsecureContent)
index 0c27539..8a89e61 100644 (file)
@@ -1,3 +1,16 @@
+2017-04-25  Brent Fulgham  <bfulgham@apple.com>
+
+        Limit allowed size of document.title to avoid locking WebKit clients
+        https://bugs.webkit.org/show_bug.cgi?id=165113
+        <rdar://problem/28324389>
+
+        Reviewed by Darin Adler.
+
+        * TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj: Add new files.
+        * TestWebKitAPI/Tests/WebKit2/LimitTitleSize.cpp: Added.
+        * TestWebKitAPI/Tests/WebKit2/set-long-title.html: Added.
+        * TestWebKitAPI/Tests/mac/LimitTitleSize.mm: Added.
+
 2017-04-25  John Wilander  <wilander@apple.com>
 
         Resource Load Statistics: Introduce shorter time-to-live for cookie partition whitelisting
 2017-04-25  John Wilander  <wilander@apple.com>
 
         Resource Load Statistics: Introduce shorter time-to-live for cookie partition whitelisting
index 6378b6d..324d093 100644 (file)
                7A010BCB1D877C0500EDE72A /* CoreGraphics.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 7A010BCA1D877C0500EDE72A /* CoreGraphics.framework */; };
                7A010BCD1D877C0D00EDE72A /* QuartzCore.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 7A010BCC1D877C0D00EDE72A /* QuartzCore.framework */; };
                7A1458FC1AD5C07000E06772 /* mouse-button-listener.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 7A1458FB1AD5C03500E06772 /* mouse-button-listener.html */; };
                7A010BCB1D877C0500EDE72A /* CoreGraphics.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 7A010BCA1D877C0500EDE72A /* CoreGraphics.framework */; };
                7A010BCD1D877C0D00EDE72A /* QuartzCore.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 7A010BCC1D877C0D00EDE72A /* QuartzCore.framework */; };
                7A1458FC1AD5C07000E06772 /* mouse-button-listener.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 7A1458FB1AD5C03500E06772 /* mouse-button-listener.html */; };
+               7A66BDB61EAF14EF00CCC924 /* LimitTitleSize.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 7A66BDB51EAF14D000CCC924 /* LimitTitleSize.cpp */; };
+               7A66BDB81EAF18D500CCC924 /* set-long-title.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 7A66BDB71EAF150100CCC924 /* set-long-title.html */; };
                7A6A2C701DCCFA8C00C0D085 /* LocalStorageQuirkTest.mm in Sources */ = {isa = PBXBuildFile; fileRef = 7A6A2C6F1DCCF87B00C0D085 /* LocalStorageQuirkTest.mm */; };
                7A6A2C721DCCFB5200C0D085 /* LocalStorageQuirkEnabled.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 7A6A2C711DCCFB0200C0D085 /* LocalStorageQuirkEnabled.html */; };
                7A6A2C701DCCFA8C00C0D085 /* LocalStorageQuirkTest.mm in Sources */ = {isa = PBXBuildFile; fileRef = 7A6A2C6F1DCCF87B00C0D085 /* LocalStorageQuirkTest.mm */; };
                7A6A2C721DCCFB5200C0D085 /* LocalStorageQuirkEnabled.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 7A6A2C711DCCFB0200C0D085 /* LocalStorageQuirkEnabled.html */; };
+               7A7B0E7F1EAFE4C3006AB8AE /* LimitTitleSize.mm in Sources */ = {isa = PBXBuildFile; fileRef = 7A7B0E7E1EAFE454006AB8AE /* LimitTitleSize.mm */; };
                7A909A7D1D877480007E10F8 /* AffineTransform.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 7A909A6F1D877475007E10F8 /* AffineTransform.cpp */; };
                7A909A7E1D877480007E10F8 /* FloatPoint.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 7A909A701D877475007E10F8 /* FloatPoint.cpp */; };
                7A909A7F1D877480007E10F8 /* FloatRect.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 7A909A711D877475007E10F8 /* FloatRect.cpp */; };
                7A909A7D1D877480007E10F8 /* AffineTransform.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 7A909A6F1D877475007E10F8 /* AffineTransform.cpp */; };
                7A909A7E1D877480007E10F8 /* FloatPoint.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 7A909A701D877475007E10F8 /* FloatPoint.cpp */; };
                7A909A7F1D877480007E10F8 /* FloatRect.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 7A909A711D877475007E10F8 /* FloatRect.cpp */; };
                                F6FDDDD614241C6F004F1729 /* push-state.html in Copy Resources */,
                                A12DDC001E8373E700CF6CAE /* rendered-image-excluding-overflow.html in Copy Resources */,
                                52B8CF9815868D9100281053 /* SetDocumentURI.html in Copy Resources */,
                                F6FDDDD614241C6F004F1729 /* push-state.html in Copy Resources */,
                                A12DDC001E8373E700CF6CAE /* rendered-image-excluding-overflow.html in Copy Resources */,
                                52B8CF9815868D9100281053 /* SetDocumentURI.html in Copy Resources */,
+                               7A66BDB81EAF18D500CCC924 /* set-long-title.html in Copy Resources */,
                                CEBABD491B71687C0051210A /* should-open-external-schemes.html in Copy Resources */,
                                1ADBEFE3130C6AA100D61D19 /* simple-accelerated-compositing.html in Copy Resources */,
                                C0ADBE9612FCA79B00D2C129 /* simple-form.html in Copy Resources */,
                                CEBABD491B71687C0051210A /* should-open-external-schemes.html in Copy Resources */,
                                1ADBEFE3130C6AA100D61D19 /* simple-accelerated-compositing.html in Copy Resources */,
                                C0ADBE9612FCA79B00D2C129 /* simple-form.html in Copy Resources */,
                7A1458FB1AD5C03500E06772 /* mouse-button-listener.html */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.html; path = "mouse-button-listener.html"; sourceTree = "<group>"; };
                7A38D7E51C752D5F004F157D /* HashCountedSet.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = HashCountedSet.cpp; sourceTree = "<group>"; };
                7A5623101AD5AF3E0096B920 /* MenuTypesForMouseEvents.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = MenuTypesForMouseEvents.cpp; sourceTree = "<group>"; };
                7A1458FB1AD5C03500E06772 /* mouse-button-listener.html */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.html; path = "mouse-button-listener.html"; sourceTree = "<group>"; };
                7A38D7E51C752D5F004F157D /* HashCountedSet.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = HashCountedSet.cpp; sourceTree = "<group>"; };
                7A5623101AD5AF3E0096B920 /* MenuTypesForMouseEvents.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = MenuTypesForMouseEvents.cpp; sourceTree = "<group>"; };
+               7A66BDB51EAF14D000CCC924 /* LimitTitleSize.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = LimitTitleSize.cpp; sourceTree = "<group>"; };
+               7A66BDB71EAF150100CCC924 /* set-long-title.html */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.html; path = "set-long-title.html"; sourceTree = "<group>"; };
                7A6A2C6F1DCCF87B00C0D085 /* LocalStorageQuirkTest.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = LocalStorageQuirkTest.mm; sourceTree = "<group>"; };
                7A6A2C711DCCFB0200C0D085 /* LocalStorageQuirkEnabled.html */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.html; path = LocalStorageQuirkEnabled.html; sourceTree = "<group>"; };
                7A6A2C6F1DCCF87B00C0D085 /* LocalStorageQuirkTest.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = LocalStorageQuirkTest.mm; sourceTree = "<group>"; };
                7A6A2C711DCCFB0200C0D085 /* LocalStorageQuirkEnabled.html */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.html; path = LocalStorageQuirkEnabled.html; sourceTree = "<group>"; };
+               7A7B0E7E1EAFE454006AB8AE /* LimitTitleSize.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = LimitTitleSize.mm; sourceTree = "<group>"; };
                7A909A6F1D877475007E10F8 /* AffineTransform.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = AffineTransform.cpp; sourceTree = "<group>"; };
                7A909A701D877475007E10F8 /* FloatPoint.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = FloatPoint.cpp; sourceTree = "<group>"; };
                7A909A711D877475007E10F8 /* FloatRect.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = FloatRect.cpp; sourceTree = "<group>"; };
                7A909A6F1D877475007E10F8 /* AffineTransform.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = AffineTransform.cpp; sourceTree = "<group>"; };
                7A909A701D877475007E10F8 /* FloatPoint.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = FloatPoint.cpp; sourceTree = "<group>"; };
                7A909A711D877475007E10F8 /* FloatRect.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = FloatRect.cpp; sourceTree = "<group>"; };
                                9B0786A21C58830F00D159E3 /* InjectedBundleMakeAllShadowRootsOpen.cpp */,
                                9B0786A41C5885C300D159E3 /* InjectedBundleMakeAllShadowRootsOpen_Bundle.cpp */,
                                93D3D19D17B1A84200C7C415 /* LayoutMilestonesWithAllContentInFrame.cpp */,
                                9B0786A21C58830F00D159E3 /* InjectedBundleMakeAllShadowRootsOpen.cpp */,
                                9B0786A41C5885C300D159E3 /* InjectedBundleMakeAllShadowRootsOpen_Bundle.cpp */,
                                93D3D19D17B1A84200C7C415 /* LayoutMilestonesWithAllContentInFrame.cpp */,
+                               7A66BDB51EAF14D000CCC924 /* LimitTitleSize.cpp */,
                                52CB47401448FB9300873995 /* LoadAlternateHTMLStringWithNonDirectoryURL.cpp */,
                                33DC8910141953A300747EF7 /* LoadCanceledNoServerRedirectCallback.cpp */,
                                33DC89131419579F00747EF7 /* LoadCanceledNoServerRedirectCallback_Bundle.cpp */,
                                52CB47401448FB9300873995 /* LoadAlternateHTMLStringWithNonDirectoryURL.cpp */,
                                33DC8910141953A300747EF7 /* LoadCanceledNoServerRedirectCallback.cpp */,
                                33DC89131419579F00747EF7 /* LoadCanceledNoServerRedirectCallback_Bundle.cpp */,
                                C99B675E1E39735C00FC6C80 /* no-autoplay-with-controls.html */,
                                CEA6CF2719CCF69D0064F5A7 /* open-and-close-window.html */,
                                F6FDDDD514241C48004F1729 /* push-state.html */,
                                C99B675E1E39735C00FC6C80 /* no-autoplay-with-controls.html */,
                                CEA6CF2719CCF69D0064F5A7 /* open-and-close-window.html */,
                                F6FDDDD514241C48004F1729 /* push-state.html */,
+                               7A66BDB71EAF150100CCC924 /* set-long-title.html */,
                                CEBABD481B71687C0051210A /* should-open-external-schemes.html */,
                                1ADBEFBC130C6A0100D61D19 /* simple-accelerated-compositing.html */,
                                C0ADBE8412FCA6B600D2C129 /* simple-form.html */,
                                CEBABD481B71687C0051210A /* should-open-external-schemes.html */,
                                1ADBEFBC130C6A0100D61D19 /* simple-accelerated-compositing.html */,
                                C0ADBE8412FCA6B600D2C129 /* simple-form.html */,
                                C507E8A614C6545B005D6B3B /* InspectorBar.mm */,
                                57F10D921C7E7B3800ECDF30 /* IsNavigationActionTrusted.mm */,
                                4BB4160116815B2600824238 /* JSWrapperForNodeInWebFrame.mm */,
                                C507E8A614C6545B005D6B3B /* InspectorBar.mm */,
                                57F10D921C7E7B3800ECDF30 /* IsNavigationActionTrusted.mm */,
                                4BB4160116815B2600824238 /* JSWrapperForNodeInWebFrame.mm */,
+                               7A7B0E7E1EAFE454006AB8AE /* LimitTitleSize.mm */,
                                57901FAE1CAF137100ED64F9 /* LoadInvalidURLRequest.mm */,
                                E1220D9F155B25480013E2FC /* MemoryCacheDisableWithinResourceLoadDelegate.mm */,
                                517E7DFB15110EA600D0B008 /* MemoryCachePruneWithinResourceLoadDelegate.mm */,
                                57901FAE1CAF137100ED64F9 /* LoadInvalidURLRequest.mm */,
                                E1220D9F155B25480013E2FC /* MemoryCacheDisableWithinResourceLoadDelegate.mm */,
                                517E7DFB15110EA600D0B008 /* MemoryCachePruneWithinResourceLoadDelegate.mm */,
                                7CCE7EA51A411A0800447C4C /* JavaScriptTestMac.mm in Sources */,
                                7CCE7EC41A411A7E00447C4C /* JSWrapperForNodeInWebFrame.mm in Sources */,
                                7CCE7F061A411AE600447C4C /* LayoutMilestonesWithAllContentInFrame.cpp in Sources */,
                                7CCE7EA51A411A0800447C4C /* JavaScriptTestMac.mm in Sources */,
                                7CCE7EC41A411A7E00447C4C /* JSWrapperForNodeInWebFrame.mm in Sources */,
                                7CCE7F061A411AE600447C4C /* LayoutMilestonesWithAllContentInFrame.cpp in Sources */,
+                               7A66BDB61EAF14EF00CCC924 /* LimitTitleSize.cpp in Sources */,
                                7CCE7EDF1A411A9200447C4C /* LayoutUnit.cpp in Sources */,
                                C25CCA061E51380B0026CB8A /* LineBreaking.mm in Sources */,
                                37D36ED71AF42ECD00BAF5D9 /* LoadAlternateHTMLString.mm in Sources */,
                                7CCE7EDF1A411A9200447C4C /* LayoutUnit.cpp in Sources */,
                                C25CCA061E51380B0026CB8A /* LineBreaking.mm in Sources */,
                                37D36ED71AF42ECD00BAF5D9 /* LoadAlternateHTMLString.mm in Sources */,
                                51714EB81CF8CA17004723C4 /* WebProcessKillIDBCleanup.mm in Sources */,
                                536770341CC8022800D425B1 /* WebScriptObjectDescription.mm in Sources */,
                                5120C83D1E6751290025B250 /* WebsiteDataStoreCustomPaths.mm in Sources */,
                                51714EB81CF8CA17004723C4 /* WebProcessKillIDBCleanup.mm in Sources */,
                                536770341CC8022800D425B1 /* WebScriptObjectDescription.mm in Sources */,
                                5120C83D1E6751290025B250 /* WebsiteDataStoreCustomPaths.mm in Sources */,
+                               7A7B0E7F1EAFE4C3006AB8AE /* LimitTitleSize.mm in Sources */,
                                5C9E56851DF9145400C9EE33 /* WebsitePolicies.mm in Sources */,
                                7CCE7ED41A411A7E00447C4C /* WebViewCanPasteURL.mm in Sources */,
                                5C0BF8911DD599A900B00328 /* WebViewCanPasteZeroPng.mm in Sources */,
                                5C9E56851DF9145400C9EE33 /* WebsitePolicies.mm in Sources */,
                                7CCE7ED41A411A7E00447C4C /* WebViewCanPasteURL.mm in Sources */,
                                5C0BF8911DD599A900B00328 /* WebViewCanPasteZeroPng.mm in Sources */,
diff --git a/Tools/TestWebKitAPI/Tests/WebKit2/LimitTitleSize.cpp b/Tools/TestWebKitAPI/Tests/WebKit2/LimitTitleSize.cpp
new file mode 100644 (file)
index 0000000..fde62c6
--- /dev/null
@@ -0,0 +1,79 @@
+/*
+ * Copyright (C) 2017 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+
+#if WK_HAVE_C_SPI
+
+#include "PlatformUtilities.h"
+#include "PlatformWebView.h"
+#include "Test.h"
+#include <WebKit/WKRetainPtr.h>
+
+namespace TestWebKitAPI {
+
+static bool waitUntilLongTitleReceived = false;
+static bool didFinishLoad = false;
+static size_t maxTitleLength = 4096;
+
+static void didFinishLoadForFrame(WKPageRef page, WKFrameRef frame, WKTypeRef userData, const void* clientInfo)
+{
+    didFinishLoad = true;
+}
+
+static void didReceiveTitleForFrame(WKPageRef page, WKStringRef title, WKFrameRef, WKTypeRef, const void*)
+{
+    WKStringRef titleString = (WKStringRef)title;
+    
+    if (WKStringIsEqualToUTF8CString(titleString, "Original Short Title"))
+        return;
+
+    EXPECT_LE(WKStringGetLength(titleString), maxTitleLength);
+    waitUntilLongTitleReceived = true;
+}
+
+TEST(WebKit2, LimitTitleSize)
+{
+    WKRetainPtr<WKContextRef> context(AdoptWK, WKContextCreate());
+    PlatformWebView webView(context.get());
+
+    WKPageLoaderClientV0 loaderClient;
+    memset(&loaderClient, 0, sizeof(loaderClient));
+
+    loaderClient.base.version = 0;
+    loaderClient.didReceiveTitleForFrame = didReceiveTitleForFrame;
+    loaderClient.didFinishLoadForFrame = didFinishLoadForFrame;
+
+    WKPageSetPageLoaderClient(webView.page(), &loaderClient.base);
+
+    WKRetainPtr<WKURLRef> url(AdoptWK, Util::createURLForResource("set-long-title", "html"));
+
+    WKPageLoadURL(webView.page(), url.get());
+    Util::run(&waitUntilLongTitleReceived);
+}
+
+} // namespace TestWebKitAPI
+
+#endif
diff --git a/Tools/TestWebKitAPI/Tests/WebKit2/set-long-title.html b/Tools/TestWebKitAPI/Tests/WebKit2/set-long-title.html
new file mode 100644 (file)
index 0000000..c31765a
--- /dev/null
@@ -0,0 +1,10 @@
+<html>
+<head>
+<title>Original Short Title</title>
+</head>
+<body>
+<script>
+document.title = Array(8096).join(String.fromCharCode(0x8181));
+</script>
+</body>
+</html>
\ No newline at end of file
diff --git a/Tools/TestWebKitAPI/Tests/mac/LimitTitleSize.mm b/Tools/TestWebKitAPI/Tests/mac/LimitTitleSize.mm
new file mode 100644 (file)
index 0000000..dd821fc
--- /dev/null
@@ -0,0 +1,73 @@
+/*
+ * Copyright (C) 2017 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#import "config.h"
+
+#import "PlatformUtilities.h"
+#import "PlatformWebView.h"
+#import <WebKit/DOMPrivate.h>
+#import <WebKit/WebViewPrivate.h>
+#import <wtf/RetainPtr.h>
+
+@interface LimitTitleSizeTest : NSObject <WebFrameLoadDelegate>
+@end
+
+static bool waitUntilLongTitleReceived = false;
+static bool didFinishLoad = false;
+
+@implementation LimitTitleSizeTest
+
+static size_t maxTitleLength = 4096;
+
+- (void)webView:(WebView *)sender didReceiveTitle:(NSString *)title forFrame:(WebFrame *)frame
+{
+    if ([title isEqualToString:@"Original Short Title"])
+        return;
+    
+    EXPECT_LE(title.length, maxTitleLength);
+    waitUntilLongTitleReceived = true;
+}
+
+- (void)webView:(WebView *)sender didFinishLoadForFrame:(WebFrame *)frame
+{
+    didFinishLoad = true;
+}
+@end
+
+namespace TestWebKitAPI {
+
+TEST(WebKit1, LimitTitleSize)
+{
+    RetainPtr<WebView> webView = adoptNS([[WebView alloc] initWithFrame:NSMakeRect(0, 0, 120, 200) frameName:nil groupName:nil]);
+    RetainPtr<LimitTitleSizeTest> testController = adoptNS([LimitTitleSizeTest new]);
+
+    webView.get().frameLoadDelegate = testController.get();
+    [[webView.get() mainFrame] loadRequest:[NSURLRequest requestWithURL:[[NSBundle mainBundle]
+        URLForResource:@"set-long-title" withExtension:@"html" subdirectory:@"TestWebKitAPI.resources"]]];
+
+    Util::run(&didFinishLoad);
+}
+
+} // namespace TestWebKitAPI