WebKit Bugzilla
Attachment 347880 Details for
Bug 188871
: Implement safe browsing in WebKit
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-188871-20180822171728.patch (text/plain), 59.80 KB, created by
Alex Christensen
on 2018-08-22 17:17:29 PDT
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Alex Christensen
Created:
2018-08-22 17:17:29 PDT
Size:
59.80 KB
patch
obsolete
>Index: Source/WebCore/ChangeLog >=================================================================== >--- Source/WebCore/ChangeLog (revision 235156) >+++ Source/WebCore/ChangeLog (working copy) >@@ -1,3 +1,18 @@ >+2018-08-22 Alex Christensen <achristensen@webkit.org> >+ >+ Implement safe browsing in WebKit >+ https://bugs.webkit.org/show_bug.cgi?id=188871 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ This takes Safari's warning pages and shows them in WebKit during navigation. >+ Covered by API tests. You can also verify this manually by going to http://testsafebrowsing.appspot.com in MiniBrowser. >+ >+ * dom/Document.cpp: >+ (WebCore::loadURLWithoutSafeBrowsingCheck): >+ (WebCore::Document::injectLoadURLWithoutSafeBrowsingCheck): >+ * dom/Document.h: >+ > 2018-08-21 Wenson Hsieh <wenson_hsieh@apple.com> > > [Attachment Support] Remove _WKAttachments and notify the UI client upon mainframe navigation >Index: Source/WebCore/dom/Document.cpp >=================================================================== >--- Source/WebCore/dom/Document.cpp (revision 235156) >+++ Source/WebCore/dom/Document.cpp (working copy) >@@ -72,6 +72,7 @@ > #include "FontFaceSet.h" > #include "FormController.h" > #include "Frame.h" >+#include "FrameLoadRequest.h" > #include "FrameLoader.h" > #include "FrameLoaderClient.h" > #include "FrameView.h" >@@ -112,6 +113,7 @@ > #include "IntersectionObserver.h" > #include "JSCustomElementInterface.h" > #include "JSDOMPromiseDeferred.h" >+#include "JSDocument.h" > #include "JSLazyEventListener.h" > #include "KeyboardEvent.h" > #include "KeyframeEffectReadOnly.h" >@@ -222,6 +224,7 @@ > #include "XPathNSResolver.h" > #include "XPathResult.h" > #include <JavaScriptCore/ConsoleMessage.h> >+#include <JavaScriptCore/IdentifierInlines.h> > #include <JavaScriptCore/RegularExpression.h> > #include <JavaScriptCore/ScriptCallStack.h> > #include <JavaScriptCore/VM.h> >@@ -902,6 +905,34 @@ static ExceptionOr<Ref<Element>> createH > return Ref<Element> { createUpgradeCandidateElement(document, name) }; > } > >+static JSC::EncodedJSValue JSC_HOST_CALL loadURLWithoutSafeBrowsingCheck(JSC::ExecState* exec) >+{ >+ if (!exec->argumentCount()) >+ return { }; >+ auto url = URL(URL(), exec->argument(0).getString(exec)); >+ if (!url.isValid()) >+ return { }; >+ >+ auto* globalObject = JSC::jsCast<JSDOMGlobalObject*>(exec->lexicalGlobalObject()); >+ auto* document = downcast<Document>(globalObject->scriptExecutionContext()); >+ auto* frame = document->frame(); >+ if (!frame) >+ return { }; >+ >+ FrameLoadRequest request { *document, document->securityOrigin(), ResourceRequest(URL(URL(), url), frame->loader().outgoingReferrer()), { }, LockHistory::Yes, LockBackForwardList::Yes, MaybeSendReferrer, AllowNavigationToInvalidURL::No, NewFrameOpenerPolicy::Suppress, ShouldOpenExternalURLsPolicy::ShouldNotAllow, InitiatedByMainFrame::Unknown }; >+ request.setShouldSkipSafeBrowsingCheck(ShouldSkipSafeBrowsingCheck::Yes); >+ frame->loader().load(WTFMove(request)); >+ return { }; >+} >+ >+void Document::injectLoadURLWithoutSafeBrowsingCheck() >+{ >+ auto* exec = execState(); >+ JSC::JSLockHolder loc(exec->vm()); >+ auto* globalObject = JSC::jsCast<JSDOMGlobalObject*>(exec->lexicalGlobalObject()); >+ globalObject->putDirectNativeFunction(exec->vm(), globalObject, JSC::Identifier::fromString(exec, "loadURLWithoutSafeBrowsingCheck"), 1, loadURLWithoutSafeBrowsingCheck, JSC::NoIntrinsic, 0); >+} >+ > ExceptionOr<Ref<Element>> Document::createElementForBindings(const AtomicString& name) > { > if (isHTMLDocument()) >Index: Source/WebCore/dom/Document.h >=================================================================== >--- Source/WebCore/dom/Document.h (revision 235156) >+++ Source/WebCore/dom/Document.h (working copy) >@@ -1273,6 +1273,8 @@ public: > IntSize initialViewportSize() const; > #endif > >+ WEBCORE_EXPORT void injectLoadURLWithoutSafeBrowsingCheck(); >+ > void convertAbsoluteToClientQuads(Vector<FloatQuad>&, const RenderStyle&); > void convertAbsoluteToClientRects(Vector<FloatRect>&, const RenderStyle&); > void convertAbsoluteToClientRect(FloatRect&, const RenderStyle&); >Index: Source/WebKit/ChangeLog >=================================================================== >--- Source/WebKit/ChangeLog (revision 235157) >+++ Source/WebKit/ChangeLog (working copy) >@@ -1,3 +1,32 @@ >+2018-08-22 Alex Christensen <achristensen@webkit.org> >+ >+ Implement safe browsing in WebKit >+ https://bugs.webkit.org/show_bug.cgi?id=188871 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ * Resources/SafeBrowsingLocalizedStrings.js: Added. >+ * Resources/SafeBrowsingWarning.html: Added. >+ * UIProcess/API/C/mac/WKContextPrivateMac.mm: >+ (WKContextHandlesSafeBrowsing): >+ * UIProcess/Cocoa/WebPageProxyCocoa.mm: >+ (WebKit::detailsURL): >+ (WebKit::learnMoreURL): >+ (WebKit::reportAnErrorURL): >+ (WebKit::providerName): >+ (WebKit::alertType): >+ (WebKit::variableDeclarations): >+ (WebKit::WebPageProxy::safeBrowsingWarningHTML): >+ * UIProcess/WebPageProxy.cpp: >+ (WebKit::WebPageProxy::decidePolicyForNavigationAction): >+ (WebKit::safeBrowsingWarningHTML): >+ * UIProcess/WebPageProxy.h: >+ * WebKit.xcodeproj/project.pbxproj: >+ * WebProcess/WebPage/WebPage.cpp: >+ (WebKit::WebPage::loadAlternateHTML): >+ (WebKit::WebPage::didFinishLoad): >+ * WebProcess/WebPage/WebPage.h: >+ > 2018-08-21 Alex Christensen <achristensen@webkit.org> > > Roll out r235139 and r235146 >Index: Source/WebKit/Resources/SafeBrowsingLocalizedStrings.js >=================================================================== >--- Source/WebKit/Resources/SafeBrowsingLocalizedStrings.js (nonexistent) >+++ Source/WebKit/Resources/SafeBrowsingLocalizedStrings.js (working copy) >@@ -0,0 +1,32 @@ >+var localizedStrings = { >+"Close Page": "Close Page", >+"Deceptive Website Warning": "Deceptive Website Warning", >+"Go Back": "Go Back", >+"If you believe this website is safe, you can %report-an-error%. Or, if you understand the risks involved, you can %bypass-link%.": "If you believe this website is safe, you can %report-an-error%. Or, if you understand the risks involved, you can %bypass-link%.", >+"If you understand the risks involved, you can %visit-this-site-link%.": "If you understand the risks involved, you can %visit-this-site-link%.", >+"If you understand the risks involved, you can %visit-this-unsafe-site-link%.": "If you understand the risks involved, you can %visit-this-unsafe-site-link%.", >+"Ignore Warning": "Ignore Warning", >+"Learn moreâ¦": "Learn moreâ¦", >+"Malware Website Warning": "Malware Website Warning", >+"Phishing websites are designed to trick you into disclosing personal or financial information, usually by creating a copy of a legitimate website, such as a bankâs.": "Phishing websites are designed to trick you into disclosing personal or financial information, usually by creating a copy of a legitimate website, such as a bankâs.", >+"Possible Phishing Website": "Possible Phishing Website", >+"Show Details": "Show Details", >+"The address for the website youâre visiting contains a username or password. This may be a âphishingâ website.": "The address for the website youâre visiting contains a username or password. This may be a âphishingâ website.", >+"This website may attempt to install dangerous software, which could harm your computer or steal your personal or financial information, like passwords, photos, or credit cards.": "This website may attempt to install dangerous software, which could harm your computer or steal your personal or financial information, like passwords, photos, or credit cards.", >+"This website may try to trick you into doing something dangerous, like installing software or disclosing personal or financial information, like passwords, phone numbers, or credit cards.": "This website may try to trick you into doing something dangerous, like installing software or disclosing personal or financial information, like passwords, phone numbers, or credit cards.", >+"This website may try to trick you into installing software that harms your browsing experience, like changing your settings without your permission or showing you unwanted ads. Once installed, it may be difficult to remove.": "This website may try to trick you into installing software that harms your browsing experience, like changing your settings without your permission or showing you unwanted ads. Once installed, it may be difficult to remove.", >+"This website was detected as containing harmful software by â%@â.": "This website was detected as containing harmful software by â%@â.", >+"This website was detected as containing malicious software by â%@â.": "This website was detected as containing malicious software by â%@â.", >+"This website was reported as a deceptive website by â%@â.": "This website was reported as a deceptive website by â%@â.", >+"Warnings are shown for websites that have been reported as deceptive. Deceptive websites try to trick you into believing they are legitimate websites you trust.": "Warnings are shown for websites that have been reported as deceptive. Deceptive websites try to trick you into believing they are legitimate websites you trust.", >+"Warnings are shown for websites that have been reported as deceptive. Deceptive websites try to trick you into believing they are legitimate websites you trust. %phishing-learn-more%": "Warnings are shown for websites that have been reported as deceptive. Deceptive websites try to trick you into believing they are legitimate websites you trust. %phishing-learn-more%", >+"Warnings are shown for websites where harmful software has been detected.": "Warnings are shown for websites where harmful software has been detected.", >+"Warnings are shown for websites where harmful software has been detected. You can check %the-status-of-site% on the %safeBrowsingProvider% diagnostic page.": "Warnings are shown for websites where harmful software has been detected. You can check %the-status-of-site% on the %safeBrowsingProvider% diagnostic page.", >+"Warnings are shown for websites where malicious software has been detected.": "Warnings are shown for websites where malicious software has been detected.", >+"Warnings are shown for websites where malicious software has been detected. You can check the %status-link% on the %safeBrowsingProvider% diagnostic page.": "Warnings are shown for websites where malicious software has been detected. You can check the %status-link% on the %safeBrowsingProvider% diagnostic page.", >+"Website With Harmful Software Warning": "Website With Harmful Software Warning", >+"malware status of â%site%â": "malware status of â%site%â", >+"report an error": "report an error", >+"the status of â%site%â": "the status of â%site%â", >+"visit this unsafe website": "visit this unsafe website", >+}; >Index: Source/WebKit/Resources/SafeBrowsingWarning.html >=================================================================== >--- Source/WebKit/Resources/SafeBrowsingWarning.html (nonexistent) >+++ Source/WebKit/Resources/SafeBrowsingWarning.html (working copy) >@@ -0,0 +1,722 @@ >+<!-- >+ Copyright (C) 2010-2018 Apple Inc. All rights reserved. >+ >+ Redistribution and use in source and binary forms, with or without >+ modification, are permitted provided that the following conditions >+ are met: >+ >+ 1. Redistributions of source code must retain the above copyright >+ notice, this list of conditions and the following disclaimer. >+ 2. Redistributions in binary form must reproduce the above copyright >+ notice, this list of conditions and the following disclaimer in the >+ documentation and/or other materials provided with the distribution. >+ 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of >+ its contributors may be used to endorse or promote products derived >+ from this software without specific prior written permission. >+ >+ THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY >+ EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED >+ WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE >+ DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY >+ DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES >+ (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; >+ LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND >+ ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT >+ (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF >+ THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. >+ --> >+ >+<style> >+body { >+ --font-color: #434343; >+ --compact-font-color: white; >+ --red-color: #fc3d39; >+ --blue-color: rgb(0, 122, 255); >+ --horizontal-padding: 32px; >+ --compact-horizontal-padding: 20px; >+ --border-radius: 6px; >+ --ios-border-radius: 10px; >+} >+ >+* { >+ padding: 0; >+ margin: 0; >+} >+ >+body:not(.ios) * { >+ font-family: -apple-system-font; >+} >+ >+html, body { >+ height: 100%; >+ width: 100%; >+} >+ >+body { >+ font-size: 13px; >+ background: var(--red-color); >+ cursor: default; >+ -webkit-user-select: none; >+} >+ >+#title { >+ overflow: hidden; >+ padding-top: 3px; >+} >+ >+.alert { >+ background-color: white; >+ min-width: 320px; >+ max-width: 672px; >+ position: relative; >+ margin: 0 auto; >+ padding-top: 28px; >+ border-radius: var(--border-radius); >+ box-shadow: 0px 6px 12px rgba(0, 0, 0, 0.2); >+} >+ >+.alert-body .phishing, >+.alert-body .malware, >+.alert-body .unwantedSoftware, >+.alert-body .userinfo { >+ display: none; >+} >+ >+.alert-body { >+ margin: 21px 0 0 0; >+ padding-left: var(--horizontal-padding); >+ padding-right: var(--horizontal-padding); >+ padding-bottom: 24px; >+ color: var(--font-color); >+} >+ >+.alert-body p:first-of-type { >+ margin-bottom: 15px; >+ margin-top: 20px; >+} >+ >+.alert-body p:last-of-type { >+ margin-bottom: 0; >+} >+ >+.bottom-bar { >+ margin-top: 1.3em; >+ height: 22px; >+} >+ >+.bottom-bar button { >+ float: right; >+ font-size: 13px; >+ line-height: 21px; >+ min-width: 90px; >+ margin: 0 4px; >+ vertical-align: bottom; >+ padding: 0 12px; >+} >+ >+.bottom-bar .details { >+ float: left; >+} >+ >+.bottom-bar .details a { >+ cursor: pointer; >+ font-size: 14px; >+ margin-top: 2px; >+} >+ >+#details { >+ display: none; >+ padding: 22px var(--horizontal-padding) 10px var(--horizontal-padding); >+ border-top: 1px solid rgb(217, 217, 217); >+ color: var(--font-color); >+ background-color: rgb(243, 243, 243); >+ border-bottom-left-radius: var(--border-radius); >+ border-bottom-right-radius: var(--border-radius); >+} >+ >+.bottom-bar.goBack .closePage, .bottom-bar.closePage .goBack, #ignoreWarning { >+ display: none; >+} >+ >+a { >+ color: inherit; >+ text-decoration: underline; >+ cursor: pointer; >+} >+ >+#exclamation { >+ float: left; >+ width: 30px; >+ top: 4px; >+ margin-right: 15px; >+ position: relative; >+} >+ >+.exclamation-element { >+ fill: var(--red-color); >+} >+ >+h1 { >+ color: var(--red-color); >+ font-size: 2em; >+ font-weight: 700; >+ line-height: 30px; >+ padding: 0 var(--horizontal-padding); >+ margin-bottom: -6px; >+} >+ >+p { >+ font-size: 14px; >+ line-height: 19px; >+ margin-bottom: 1em; >+ word-wrap: break-word; >+} >+ >+body.ios .alert { >+ box-shadow: none; >+ border-radius: var(--ios-border-radius); >+ max-width: 640px; >+} >+ >+body.ios .alert-body { >+ font: -apple-system-body; >+} >+ >+body.ios #details { >+ font: -apple-system-body; >+ border-bottom-left-radius: var(--ios-border-radius); >+ border-bottom-right-radius: var(--ios-border-radius); >+} >+ >+body.ios h1 { >+ font-size: 26px; >+ font-family: -webkit-system-font; >+} >+ >+body.ios p { >+ font-size: 1.1em; >+ line-height: unset; >+} >+ >+body.ios button { >+ background: none; >+ border: none; >+ color: var(--blue-color); >+ font: -apple-system-short-body; >+} >+ >+body.ios #detailsButton { >+ color: var(--font-color); >+} >+ >+@media screen and (max-width: 666px) { >+ /* iPhone 6 in landscape (667px) and smaller, including all iPhones in portrait */ >+ body { >+ color: var(--compact-font-color); >+ } >+ >+ .alert { >+ box-shadow: none; >+ background-color: var(--red-color); >+ } >+ >+ .alert-body { >+ color: var(--compact-font-color); >+ padding-left: var(--compact-horizontal-padding); >+ padding-right: var(--compact-horizontal-padding); >+ padding-bottom: 30px; >+ } >+ >+ h1 { >+ color: var(--compact-font-color); >+ padding: 0 var(--compact-horizontal-padding); >+ } >+ >+ body.ios button, >+ body.ios #detailsButton { >+ color: white; >+ text-decoration: underline; >+ } >+ >+ #details { >+ color: rgba(255, 255, 255, .85); >+ background-color: var(--red-color); >+ padding: 22px var(--compact-horizontal-padding) 22px var(--compact-horizontal-padding); >+ border-top-width: 1px; >+ border-top-color: rgba(255, 255, 255, .35); >+ } >+ >+ .exclamation-element { >+ fill: var(--compact-font-color); >+ } >+} >+ >+/* RTL support */ >+ >+html[dir="rtl"] .bottom-bar button { >+ float: left; >+} >+ >+html[dir="rtl"] #exclamation { >+ float: right; >+ margin-left: 15px; >+ margin-right: 0; >+} >+@media (prefers-dark-interface) { >+ body { >+ --font-color: rgb(181, 182, 184); >+ --title-color: rgb(224, 225, 225); >+ --red-color: rgb(255, 78, 69); >+ } >+ >+ #title { >+ color: var(--title-color); >+ } >+ >+ .exclamation-element { >+ fill: var(--title-color); >+ } >+ >+ .alert { >+ background-color: rgb(56, 57, 59); >+ box-shadow: 0 6px 12px rgba(0, 0, 0, .24); >+ } >+ >+ #details { >+ background-color: rgb(46, 47, 49); >+ border-top-color: rgb(90, 92, 93); >+ } >+} >+</style> >+<script type="text/javascript"> >+ >+Object.type = function(obj, win) >+{ >+ if (obj === null) >+ return "null"; >+ >+ var type = typeof obj; >+ if (type !== "object" && type !== "function") >+ return type; >+ >+ win = win || window; >+ >+ if (obj instanceof win.Node) >+ return "node"; >+ if (obj instanceof win.String) >+ return "string"; >+ if (obj instanceof win.Array) >+ return "array"; >+ if (obj instanceof win.Boolean) >+ return "boolean"; >+ if (obj instanceof win.Number) >+ return "number"; >+ if (obj instanceof win.Date) >+ return "date"; >+ if (obj instanceof win.RegExp) >+ return "regexp"; >+ if (obj instanceof win.Error) >+ return "error"; >+ return type; >+} >+ >+String.prototype.format = function() >+{ >+ var stringParts = this.split("%@"); >+ for (var i = 0; i < arguments.length; ++i) >+ stringParts.splice(i * 2 + 1, 0, arguments[i].toString()); >+ return stringParts.join(""); >+} >+ >+Array.prototype.remove = function(value, onlyFirst) >+{ >+ if (onlyFirst) { >+ var index = this.indexOf(value); >+ if (index !== -1) >+ this.splice(index, 1); >+ return; >+ } >+ >+ var length = this.length; >+ for (var i = 0; i < length; ++i) { >+ if (this[i] === value) >+ this.splice(i, 1); >+ } >+} >+ >+var HTMLViewController = { >+ trySubmit: function(button) >+ { >+ var computedStyle = window.getComputedStyle(button); >+ // Don't use button.type here, since the default type for button is annoyingly "submit". >+ // Check for an explicit type attribute value of "submit". >+ if (button.getAttribute("type") !== "submit" || computedStyle.visibility === "hidden" || computedStyle.display === "none") >+ return false; >+ button.click(); >+ return true; >+ }, >+ >+ // On Mac, the submit button always has the default button look. >+ keyDown: function(event) >+ { >+ if (event.target.tagName === "TEXTAREA" || event.keyIdentifier !== "Enter") >+ return; >+ >+ var buttons = document.getElementsByTagName("button"); >+ for (var i = 0; i < buttons.length; ++i) { >+ if (HTMLViewController.trySubmit(buttons[i])) { >+ event.preventDefault(); >+ return; >+ } >+ } >+ >+ var inputButtons = document.getElementsByTagName("input"); >+ for (var i = 0; i < inputButtons.length; ++i) { >+ if (HTMLViewController.trySubmit(inputButtons[i])) { >+ event.preventDefault(); >+ return; >+ } >+ } >+ }, >+ >+ addClass: function(itemID, itemClass) >+ { >+ document.getElementById(itemID).classList.add(itemClass); >+ }, >+ >+ removeClass: function(itemID, itemClass) >+ { >+ document.getElementById(itemID).classList.remove(itemClass); >+ }, >+ >+ contextMenu: function(event) >+ { >+ if (event.target.tagName === "TEXTAREA") >+ return; >+ >+ if (event.target.tagName === "INPUT" && (event.target.type === "password" || event.target.type === "text" || event.target.type == "search")) >+ return; >+ >+ event.preventDefault(); >+ }, >+ >+ pageLoaded: function() >+ { >+ document.body.addEventListener("keydown", HTMLViewController.keyDown); >+ document.addEventListener("contextmenu", HTMLViewController.contextMenu); >+ >+ HTMLViewController.localize(); >+ }, >+ >+ UIString: function(string) >+ { >+ if (window.localizedStrings && string in window.localizedStrings) >+ string = window.localizedStrings[string]; >+ else { >+ console.error("Localized string \"" + string + "\" not found."); >+ string = "LOCALIZED STRING NOT FOUND"; >+ } >+ return string; >+ }, >+ >+ localize: function() >+ { >+ var elements = document.getElementsByClassName("l12n"); >+ for (var i = 0; i < elements.length; ++i) >+ elements[i].firstChild.data = HTMLViewController.UIString(elements[i].firstChild.data); >+ } >+} >+ >+ >+var PhishingAlert = { >+ _host: undefined, >+ _source: undefined, >+ _type: undefined, >+ _currentURL: undefined, >+ _extensionDisplayName: undefined, >+ >+ get host() >+ { >+ return this._host >+ }, >+ >+ set host(value) >+ { >+ if (this._host === value) >+ return; >+ this._host = value; >+ >+ this.updateDetailsStrings(); >+ }, >+ >+ get currentURL() >+ { >+ return this._currentURL; >+ }, >+ >+ set currentURL(value) >+ { >+ if (this._currentURL === value) >+ return; >+ this._currentURL = value; >+ >+ document.getElementById("report-an-error").href = "%@&url=%@&hl=%@".format(reportAnErrorURL, escape(this.currentURL), navigator.language); >+ }, >+ >+ get source() >+ { >+ return this._source; >+ }, >+ >+ set source(value) >+ { >+ this._source = value; >+ }, >+ >+ get type() >+ { >+ return this._type; >+ }, >+ >+ set type(value) >+ { >+ this._type = value; >+ }, >+ >+ get extensionDisplayName() >+ { >+ return this._extensionDisplayName; >+ }, >+ >+ set extensionDisplayName(value) >+ { >+ if (this._extensionDisplayName === value) >+ return; >+ >+ this._extensionDisplayName = value; >+ this.updateDetailsStrings(); >+ }, >+ >+ pageLoaded: function() >+ { >+ if (platformMac) >+ document.body.classList.add("mac"); >+ else >+ document.body.classList.add("ios"); >+ >+ HTMLViewController.pageLoaded(); >+ window.addEventListener("resize", layOut, false); >+ layOut(); >+ }, >+ >+ updateUI: function(source, type, host, canGoBack, currentURL, extensionDisplayName) >+ { >+ if (this.source != source || this.type != type) { >+ document.querySelector(".alert ." + type).style.display = "block"; >+ this.source = source; >+ this.type = type; >+ } >+ >+ var title; >+ if (type === "malware") >+ title = HTMLViewController.UIString("Malware Website Warning"); >+ else if (type === "phishing") >+ title = HTMLViewController.UIString("Deceptive Website Warning"); >+ else if (type === "unwantedSoftware") >+ title = HTMLViewController.UIString("Website With Harmful Software Warning"); >+ else if (type === "userinfo") >+ title = HTMLViewController.UIString("Possible Phishing Website"); >+ else >+ console.error("Unknown type (%s) passed to updateUI.", type); >+ >+ document.title = title; >+ document.getElementById("title").innerText = title; >+ >+ if (canGoBack) { >+ HTMLViewController.addClass("bottom-bar", "goBack"); >+ HTMLViewController.removeClass("bottom-bar", "closePage"); >+ } else { >+ HTMLViewController.addClass("bottom-bar", "closePage"); >+ HTMLViewController.removeClass("bottom-bar", "goBack"); >+ } >+ >+ this.extensionDisplayName = extensionDisplayName; >+ this.host = host; >+ this.currentURL = currentURL; >+ }, >+ >+ updateDetailsStrings: function() >+ { >+ var source = this.source; >+ var extensionDisplayName = this.extensionDisplayName; >+ >+ var bypassWarningParagraph = HTMLViewController.UIString("If you understand the risks involved, you can %visit-this-unsafe-site-link%."); >+ var visitThisUnsafeSiteAnchorHTML = "<a role='button' onClick=\"window.loadURLWithoutSafeBrowsingCheck(unsafeURL);\">%@</a>".format(HTMLViewController.UIString("visit this unsafe website")); >+ bypassWarningParagraph = bypassWarningParagraph.replace("%visit-this-unsafe-site-link%", visitThisUnsafeSiteAnchorHTML); >+ >+ switch (this.type) { >+ case "malware": >+ var details = document.getElementById("malware-details"); >+ >+ var firstParagraph; >+ >+ if (extensionDisplayName) >+ firstParagraph = HTMLViewController.UIString("Warnings are shown for websites where malicious software has been detected."); >+ else { >+ firstParagraph = HTMLViewController.UIString("Warnings are shown for websites where malicious software has been detected. You can check the %status-link% on the %safeBrowsingProvider% diagnostic page.").replace("%safeBrowsingProvider%", safeBrowsingProvider); >+ var statusLinkHTML = "<a href=\"%@&site=%@&hl=%@\">%@</a>".format(malwareDetailsURL, escape(this.host), navigator.language, HTMLViewController.UIString("malware status of â%site%â").replace("%site%", this.host)); >+ firstParagraph = firstParagraph.replace("%status-link%", statusLinkHTML); >+ } >+ >+ details.innerHTML = "<p>" + firstParagraph + "</p><p>" + bypassWarningParagraph + "</p>"; >+ break; >+ >+ case "phishing": >+ var details = document.getElementById("phishing-details"); >+ >+ var firstParagraph; >+ if (extensionDisplayName) >+ firstParagraph = HTMLViewController.UIString("Warnings are shown for websites that have been reported as deceptive. Deceptive websites try to trick you into believing they are legitimate websites you trust."); >+ else { >+ firstParagraph = HTMLViewController.UIString("Warnings are shown for websites that have been reported as deceptive. Deceptive websites try to trick you into believing they are legitimate websites you trust. %phishing-learn-more%"); >+ >+ var learnMoreAnchor = document.createElement("a"); >+ learnMoreAnchor.innerText = HTMLViewController.UIString("Learn moreâ¦"); >+ learnMoreAnchor.href = "%@&hl=%@".format(learnMoreAboutPhishingURL, navigator.language); >+ firstParagraph = firstParagraph.replace("%phishing-learn-more%", learnMoreAnchor.outerHTML) >+ } >+ >+ var secondParagraph; >+ if (extensionDisplayName) >+ secondParagraph = bypassWarningParagraph; >+ else { >+ var secondParagraph = HTMLViewController.UIString("If you believe this website is safe, you can %report-an-error%. Or, if you understand the risks involved, you can %bypass-link%."); >+ secondParagraph = secondParagraph.replace("%bypass-link%", visitThisUnsafeSiteAnchorHTML); >+ >+ var reportAnErrorAnchor = document.createElement("a"); >+ reportAnErrorAnchor.id = "report-an-error"; >+ reportAnErrorAnchor.innerText = HTMLViewController.UIString("report an error"); >+ secondParagraph = secondParagraph.replace("%report-an-error%", reportAnErrorAnchor.outerHTML) >+ } >+ >+ details.innerHTML = "<p>" + firstParagraph + "</p><p>" + secondParagraph + "</p>"; >+ break; >+ >+ case "unwantedSoftware": >+ var details = document.getElementById("unwantedSoftware-details"); >+ >+ var firstParagraph; >+ if (extensionDisplayName) >+ firstParagraph = HTMLViewController.UIString("Warnings are shown for websites where harmful software has been detected."); >+ else { >+ firstParagraph = HTMLViewController.UIString("Warnings are shown for websites where harmful software has been detected. You can check %the-status-of-site% on the %safeBrowsingProvider% diagnostic page.").replace("%safeBrowsingProvider%", safeBrowsingProvider); >+ var statusLinkHTML = "<a href=\"%@&site=%@&hl=%@\">%@</a>".format(malwareDetailsURL, escape(this.host), navigator.language, HTMLViewController.UIString("the status of â%site%â").replace("%site%", this.host)); >+ firstParagraph = firstParagraph.replace("%the-status-of-site%", statusLinkHTML); >+ } >+ >+ details.innerHTML = "<p>" + firstParagraph + "</p><p>" + bypassWarningParagraph + "</p>"; >+ break; >+ >+ case "userinfo": >+ document.getElementById("ignoreWarning").style.display = "block"; >+ break; >+ } >+ >+ if (extensionDisplayName) { >+ document.getElementById("malwareExtensionDetails").innerText = HTMLViewController.UIString("This website was detected as containing malicious software by â%@â.").format(extensionDisplayName); >+ document.getElementById("phishingExtensionDetails").innerText = HTMLViewController.UIString("This website was reported as a deceptive website by â%@â.").format(extensionDisplayName); >+ document.getElementById("unwantedSoftwareExtensionDetails").innerText = HTMLViewController.UIString("This website was detected as containing harmful software by â%@â.").format(extensionDisplayName); >+ } else { >+ document.getElementById("malwareExtensionDetails").innerText = ""; >+ document.getElementById("phishingExtensionDetails").innerText = ""; >+ document.getElementById("unwantedSoftwareExtensionDetails").innerText = ""; >+ } >+ >+ setDetailsVisibility(false); >+ if (this.type === "userinfo") >+ document.getElementById("detailsButton").style.display = "none"; >+ }, >+}; >+ >+function setDetailsVisibility(show) >+{ >+ var detailsDiv = document.getElementById("details"); >+ if (show) { >+ detailsDiv.style.display = "block"; >+ document.getElementById("detailsButton").style.display = "none"; >+ detailsDiv.scrollIntoViewIfNeeded(); >+ } else { >+ detailsDiv.style.display = "none"; >+ document.getElementById("detailsButton").style.display = "block"; >+ } >+ >+ layOut(); >+} >+ >+function layOut() >+{ >+ const minimumMarginTop = 22; >+ const maximumMarginTop = 156; >+ var alertBox = document.getElementById("alert"); >+ var alertHeight = alertBox.getBoundingClientRect().height; >+ var viewportHeight = window.innerHeight; >+ if (viewportHeight > alertHeight + 2 * maximumMarginTop) >+ alertBox.style.top = maximumMarginTop + "px"; >+ else >+ alertBox.style.top = Math.max(minimumMarginTop, (viewportHeight - alertHeight) / 2) + "px"; >+} >+ >+window.addEventListener("load", function() { >+ PhishingAlert.pageLoaded(); >+ PhishingAlert.updateUI(safeBrowsingProvider, typeUIValue, hostUIValue, canGoBack, unsafeURL); >+}, false); >+</script> >+</head> >+ >+<body> >+ <div id="alert" class="alert phishing google"> >+ <h1> >+ <svg id="exclamation" x="0px" y="0px" viewBox="0 0 150 150" style="enable-background:new 0 0 150 150;" xml:space="preserve"> >+ <path class="exclamation-element" d="M75,0C33.6,0,0,33.6,0,75c0,41.4,33.6,75,75,75s75-33.6,75-75C150,33.6,116.4,0,75,0z M66,34c0-5,4-9,9-9 >+ s9,4,9,9v51c0,5-4,9-9,9s-9-4-9-9V34z M75,128c-6.1,0-11-4.9-11-11s4.9-11,11-11s11,4.9,11,11S81.1,128,75,128z"/> >+ </svg> >+ >+ <div id="title"></div> >+ </h1> >+ <div class="alert-body"> >+ <div class="malware"> >+ <p class="l12n">This website may attempt to install dangerous software, which could harm your computer or steal your personal or financial information, like passwords, photos, or credit cards.</p> >+ <p class="google" id="google-malware-details"></p> >+ <p id="malwareExtensionDetails"></p> >+ </div> >+ >+ <div class="phishing"> >+ <p class="l12n">This website may try to trick you into doing something dangerous, like installing software or disclosing personal or financial information, like passwords, phone numbers, or credit cards.</p> >+ <p id="phishingExtensionDetails"></p> >+ </div> >+ >+ <div class="unwantedSoftware"> >+ <p class="l12n">This website may try to trick you into installing software that harms your browsing experience, like changing your settings without your permission or showing you unwanted ads. Once installed, it may be difficult to remove.</p> >+ <p id="unwantedSoftwareExtensionDetails"></p> >+ </div> >+ >+ <div class="userinfo"> >+ <p class="l12n">The address for the website youâre visiting contains a username or password. This may be a âphishingâ website.</p> >+ <p class="l12n">Phishing websites are designed to trick you into disclosing personal or financial information, usually by creating a copy of a legitimate website, such as a bankâs.</p> >+ </div> >+ >+ <div class="bottom-bar goBack closePage" id="bottom-bar"> >+ <button type="button" class="l12n goBack" onClick="window.history.back();">Go Back</button> >+ <button type="button" class="l12n closePage" onClick="window.close();window.location='about:blank'">Close Page</button> >+ <button type="button" id="ignoreWarning" class="l12n" onClick="window.loadURLWithoutSafeBrowsingCheck(unsafeURL);">Ignore Warning</button> >+ <button type="button" id="detailsButton" class="l12n" onClick="setDetailsVisibility(true);">Show Details</button> >+ </div> >+ </div> >+ <div id="details"> >+ <div id="malware-details"></div> >+ <div id="phishing-details"></div> >+ <div id="unwantedSoftware-details"></div> >+ </div> >+ </div> >+</body> >+</html> >Index: Source/WebKit/UIProcess/WebPageProxy.cpp >=================================================================== >--- Source/WebKit/UIProcess/WebPageProxy.cpp (revision 235157) >+++ Source/WebKit/UIProcess/WebPageProxy.cpp (working copy) >@@ -4036,8 +4036,15 @@ void WebPageProxy::decidePolicyForNaviga > UNUSED_PARAM(newNavigationID); > #endif > >- auto listener = makeRef(frame->setUpPolicyListenerProxy([this, protectedThis = makeRef(*this), frame = makeRef(*frame), sender = sender.copyRef(), navigation] (WebCore::PolicyAction policyAction, API::WebsitePolicies* policies, ShouldProcessSwapIfPossible swap, Vector<SafeBrowsingResult>&&) mutable { >- // FIXME: do something with the SafeBrowsingResults. >+ auto listener = makeRef(frame->setUpPolicyListenerProxy([this, protectedThis = makeRef(*this), frame = makeRef(*frame), sender = sender.copyRef(), navigation] (WebCore::PolicyAction policyAction, API::WebsitePolicies* policies, ShouldProcessSwapIfPossible swap, Vector<SafeBrowsingResult>&& results) mutable { >+ >+ bool willBeAbleToGoBack = !!backForwardList().currentItem(); >+ if (auto buffer = safeBrowsingWarningHTML(results, willBeAbleToGoBack)) { >+ receivedPolicyDecision(PolicyAction::Ignore, navigation.get(), std::nullopt, WTFMove(sender)); >+ // FIXME: Use SharedBufferDataReference instead of calling data() and don't copy it into the LoadParameters. >+ loadAlternateHTML({ reinterpret_cast<const uint8_t*>(buffer->data()), buffer->size() }, "UTF-8"_s, navigation->currentRequest().url(), navigation->currentRequest().url(), nullptr, true); >+ return; >+ } > > std::optional<WebsitePoliciesData> data; > if (policies) { >@@ -7839,6 +7846,10 @@ void WebPageProxy::invalidateAllAttachme > } > > #if !PLATFORM(COCOA) >+RefPtr<SharedBuffer> safeBrowsingWarningHTML(const Vector<SafeBrowsingResult>&, bool) >+{ >+ return nullptr; >+} > > void WebPageProxy::platformRegisterAttachment(Ref<API::Attachment>&&, const String&, const IPC::DataReference&) > { >Index: Source/WebKit/UIProcess/WebPageProxy.h >=================================================================== >--- Source/WebKit/UIProcess/WebPageProxy.h (revision 235157) >+++ Source/WebKit/UIProcess/WebPageProxy.h (working copy) >@@ -1427,6 +1427,7 @@ private: > void decidePolicyForResponse(uint64_t frameID, const WebCore::SecurityOriginData& frameSecurityOrigin, uint64_t navigationID, const WebCore::ResourceResponse&, const WebCore::ResourceRequest&, bool canShowMIMEType, uint64_t listenerID, const UserData&); > void unableToImplementPolicy(uint64_t frameID, const WebCore::ResourceError&, const UserData&); > void beginSafeBrowsingCheck(const WebCore::URL&, WebFramePolicyListenerProxy&); >+ RefPtr<WebCore::SharedBuffer> safeBrowsingWarningHTML(const Vector<SafeBrowsingResult>&, bool); > > void willSubmitForm(uint64_t frameID, uint64_t sourceFrameID, const Vector<std::pair<String, String>>& textFieldValues, uint64_t listenerID, const UserData&); > >Index: Source/WebKit/UIProcess/API/C/mac/WKContextPrivateMac.mm >=================================================================== >--- Source/WebKit/UIProcess/API/C/mac/WKContextPrivateMac.mm (revision 235156) >+++ Source/WebKit/UIProcess/API/C/mac/WKContextPrivateMac.mm (working copy) >@@ -175,5 +175,5 @@ bool WKContextShouldSuggestBlockWebGL() > > bool WKContextHandlesSafeBrowsing() > { >- return false; >+ return true; > } >Index: Source/WebKit/UIProcess/Cocoa/WebPageProxyCocoa.mm >=================================================================== >--- Source/WebKit/UIProcess/Cocoa/WebPageProxyCocoa.mm (revision 235156) >+++ Source/WebKit/UIProcess/Cocoa/WebPageProxyCocoa.mm (working copy) >@@ -62,6 +62,92 @@ void WebPageProxy::saveRecentSearches(co > WebCore::saveRecentSearches(name, searchItems); > } > >+// FIXME: These ought to be API calls to the SafariSafeBrowsing framework. >+static const char* detailsURL(const String& provider) >+{ >+ if (provider == String(SSBProviderTencent)) >+ return "https://www.urlsec.qq.com/check.html?tpl=safari"; >+ return "https://google.com/safebrowsing/diagnostic?tpl=safari"; >+} >+static const char* learnMoreURL(const String& provider) >+{ >+ if (provider == String(SSBProviderTencent)) >+ return "https://www.urlsec.qq.com/standard/s1.html?tpl=safari"; >+ return "https://www.google.com/support/bin/answer.py?answer=106318"; >+} >+static const char* reportAnErrorURL(const String& provider) >+{ >+ if (provider == String(SSBProviderTencent)) >+ return "https://www.urlsec.qq.com/complain.html?tpl=safari"; >+ return "https://www.google.com/safebrowsing/report_error/?tpl=safari"; >+} >+static const char* providerName(const String& provider) >+{ >+ if (provider == String(SSBProviderTencent)) >+ return "tencent"; >+ return "google"; >+} >+ >+static const char* alertType(const SafeBrowsingResult& result) >+{ >+ // These correspond to the cases in updateDetailsStrings >+ if (result.isPhishing()) >+ return "phishing"; >+ if (result.isMalware()) >+ return "malware"; >+ if (result.isUnwantedSoftware()) >+ return "unwantedSoftware"; >+ ASSERT(result.isKnownToBeUnsafe()); >+ return "userinfo"; >+} >+ >+static CString variableDeclarations(const SafeBrowsingResult& result, bool canGoBack) >+{ >+ return makeString("var safeBrowsingProvider = '", >+ providerName(result.provider()), >+ "';\n var malwareDetailsURL = '", >+ detailsURL(result.provider()), >+ "';\n var learnMoreAboutPhishingURL = '", >+ learnMoreURL(result.provider()), >+ "';\n var reportAnErrorURL = '", >+ reportAnErrorURL(result.provider()), >+ "';\n var typeUIValue = '", >+ alertType(result), >+ "';\n var hostUIValue = '", >+ result.url().host(), >+ "';\n var canGoBack = ", >+ canGoBack ? "true" : "false", >+ ";\n var unsafeURL = '", >+ result.url().string(), >+ "';\n var platformMac = ", >+#if PLATFORM(MAC) >+ "true", >+#else >+ "false", >+#endif >+ ";\n</script>").utf8(); >+} >+ >+RefPtr<SharedBuffer> WebPageProxy::safeBrowsingWarningHTML(const Vector<SafeBrowsingResult>& results, bool canGoBack) >+{ >+ for (const auto& result : results) { >+ if (result.isPhishing() || result.isMalware() || result.isUnwantedSoftware() || result.isKnownToBeUnsafe()) { >+ NSBundle *bundle = [NSBundle bundleWithIdentifier:@"com.apple.WebKit"]; >+ const char* begin = "<!DOCTYPE html><html><head><meta http-equiv='content-type' content='text/html; charset=utf-8'><meta name='viewport' content='width=device-width'><script>"; >+ NSData *localizedStrings = [NSData dataWithContentsOfFile:[bundle pathForResource:@"SafeBrowsingLocalizedStrings" ofType:@"js"] options:NSDataReadingMappedIfSafe error:nil]; >+ auto declarations = variableDeclarations(result, canGoBack); >+ NSData *html = [NSData dataWithContentsOfFile:[bundle pathForResource:@"SafeBrowsingWarning" ofType:@"html"] options:NSDataReadingMappedIfSafe error:nil]; >+ >+ auto buffer = SharedBuffer::create(begin, strlen(begin)); >+ buffer->append(localizedStrings); >+ buffer->append(declarations.data(), declarations.length()); >+ buffer->append(html); >+ return buffer; >+ } >+ } >+ return nullptr; >+} >+ > void WebPageProxy::loadRecentSearches(const String& name, Vector<WebCore::RecentSearch>& searchItems) > { > if (!name) { >Index: Source/WebKit/WebKit.xcodeproj/project.pbxproj >=================================================================== >--- Source/WebKit/WebKit.xcodeproj/project.pbxproj (revision 235156) >+++ Source/WebKit/WebKit.xcodeproj/project.pbxproj (working copy) >@@ -1338,6 +1338,8 @@ > 5C9E56831DF7F1B300C9EE33 /* WKWebsitePolicies.h in Headers */ = {isa = PBXBuildFile; fileRef = 5C9E56811DF7F05500C9EE33 /* WKWebsitePolicies.h */; settings = {ATTRIBUTES = (Private, ); }; }; > 5CA9854A210BEB640057EB6B /* SafeBrowsingResult.h in Headers */ = {isa = PBXBuildFile; fileRef = 5CA98549210BEB5A0057EB6B /* SafeBrowsingResult.h */; }; > 5CA9854C210BEB7D0057EB6B /* SafeBrowsingResultCocoa.mm in Sources */ = {isa = PBXBuildFile; fileRef = 5CA9854B210BEB730057EB6B /* SafeBrowsingResultCocoa.mm */; }; >+ 5CA9855C211CB9180057EB6B /* SafeBrowsingLocalizedStrings.js in Resources */ = {isa = PBXBuildFile; fileRef = 5CA9855B211CB9170057EB6B /* SafeBrowsingLocalizedStrings.js */; }; >+ 5CA9855E211CB9570057EB6B /* SafeBrowsingWarning.html in Resources */ = {isa = PBXBuildFile; fileRef = 5CA9855D211CB9570057EB6B /* SafeBrowsingWarning.html */; }; > 5CB2378B1DF0DE5300117AA3 /* _WKWebsitePolicies.mm in Sources */ = {isa = PBXBuildFile; fileRef = 5CB2378A1DF0DD4300117AA3 /* _WKWebsitePolicies.mm */; }; > 5CB2378C1DF0DE6E00117AA3 /* _WKWebsitePolicies.h in Headers */ = {isa = PBXBuildFile; fileRef = 5CB237891DF0DD4300117AA3 /* _WKWebsitePolicies.h */; settings = {ATTRIBUTES = (Private, ); }; }; > 5CB2378E1DF0E0D300117AA3 /* _WKWebsitePoliciesInternal.h in Headers */ = {isa = PBXBuildFile; fileRef = 5CB2378D1DF0E0C200117AA3 /* _WKWebsitePoliciesInternal.h */; }; >@@ -3956,6 +3958,8 @@ > 5C9E56811DF7F05500C9EE33 /* WKWebsitePolicies.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = WKWebsitePolicies.h; sourceTree = "<group>"; }; > 5CA98549210BEB5A0057EB6B /* SafeBrowsingResult.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SafeBrowsingResult.h; sourceTree = "<group>"; }; > 5CA9854B210BEB730057EB6B /* SafeBrowsingResultCocoa.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = SafeBrowsingResultCocoa.mm; sourceTree = "<group>"; }; >+ 5CA9855B211CB9170057EB6B /* SafeBrowsingLocalizedStrings.js */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.javascript; name = SafeBrowsingLocalizedStrings.js; path = Resources/SafeBrowsingLocalizedStrings.js; sourceTree = "<group>"; }; >+ 5CA9855D211CB9570057EB6B /* SafeBrowsingWarning.html */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.html; name = SafeBrowsingWarning.html; path = Resources/SafeBrowsingWarning.html; sourceTree = "<group>"; }; > 5CB237891DF0DD4300117AA3 /* _WKWebsitePolicies.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = _WKWebsitePolicies.h; sourceTree = "<group>"; }; > 5CB2378A1DF0DD4300117AA3 /* _WKWebsitePolicies.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = _WKWebsitePolicies.mm; sourceTree = "<group>"; }; > 5CB2378D1DF0E0C200117AA3 /* _WKWebsitePoliciesInternal.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = _WKWebsitePoliciesInternal.h; sourceTree = "<group>"; }; >@@ -5134,6 +5138,8 @@ > 6D8A91A511F0EFD100DD01FE /* com.apple.WebProcess.sb.in */, > 8DC2EF5A0486A6940098B216 /* Info.plist */, > 089C1666FE841158C02AAC07 /* InfoPlist.strings */, >+ 5CA9855B211CB9170057EB6B /* SafeBrowsingLocalizedStrings.js */, >+ 5CA9855D211CB9570057EB6B /* SafeBrowsingWarning.html */, > E1D26A4C1759634E0095BFD1 /* WebContentProcess.xib */, > E133FD891423DD7F00FC7BFB /* WebKit.icns */, > ); >@@ -10561,6 +10567,8 @@ > 8DC2EF530486A6940098B216 /* InfoPlist.strings in Resources */, > 3FB08E431F60B240005E5312 /* iOS.xcassets in Resources */, > 93A2A3461D246125002B59D3 /* mediaIcon.pdf in Resources */, >+ 5CA9855C211CB9180057EB6B /* SafeBrowsingLocalizedStrings.js in Resources */, >+ 5CA9855E211CB9570057EB6B /* SafeBrowsingWarning.html in Resources */, > ); > runOnlyForDeploymentPostprocessing = 0; > }; >Index: Source/WebKit/WebProcess/WebPage/WebPage.cpp >=================================================================== >--- Source/WebKit/WebProcess/WebPage/WebPage.cpp (revision 235156) >+++ Source/WebKit/WebProcess/WebPage/WebPage.cpp (working copy) >@@ -1322,6 +1322,9 @@ void WebPage::loadAlternateHTML(const Lo > URL baseURL = loadParameters.baseURLString.isEmpty() ? blankURL() : URL(URL(), loadParameters.baseURLString); > URL unreachableURL = loadParameters.unreachableURLString.isEmpty() ? URL() : URL(URL(), loadParameters.unreachableURLString); > URL provisionalLoadErrorURL = loadParameters.provisionalLoadErrorURLString.isEmpty() ? URL() : URL(URL(), loadParameters.provisionalLoadErrorURLString); >+ >+ m_loadingSafeBrowsingWarning = loadParameters.forSafeBrowsing; >+ > auto sharedBuffer = SharedBuffer::create(reinterpret_cast<const char*>(loadParameters.data.data()), loadParameters.data.size()); > m_mainFrame->coreFrame()->loader().setProvisionalLoadErrorBeingHandledURL(provisionalLoadErrorURL); > loadDataImpl(loadParameters.navigationID, WTFMove(sharedBuffer), loadParameters.MIMEType, loadParameters.encodingName, baseURL, unreachableURL, loadParameters.userData); >@@ -5338,6 +5341,9 @@ void WebPage::didCommitLoad(WebFrame* fr > > void WebPage::didFinishLoad(WebFrame* frame) > { >+ if (std::exchange(m_loadingSafeBrowsingWarning, false)) >+ m_mainFrame->coreFrame()->document()->injectLoadURLWithoutSafeBrowsingCheck(); >+ > #if ENABLE(PRIMARY_SNAPSHOTTED_PLUGIN_HEURISTIC) > if (!frame->isMainFrame()) > return; >Index: Source/WebKit/WebProcess/WebPage/WebPage.h >=================================================================== >--- Source/WebKit/WebProcess/WebPage/WebPage.h (revision 235156) >+++ Source/WebKit/WebProcess/WebPage/WebPage.h (working copy) >@@ -1739,6 +1739,7 @@ private: > #endif > > bool m_isSuspended { false }; >+ bool m_loadingSafeBrowsingWarning { false }; > }; > > } // namespace WebKit >Index: Tools/ChangeLog >=================================================================== >--- Tools/ChangeLog (revision 235211) >+++ Tools/ChangeLog (working copy) >@@ -1,3 +1,28 @@ >+2018-08-22 Alex Christensen <achristensen@webkit.org> >+ >+ Implement safe browsing in WebKit >+ https://bugs.webkit.org/show_bug.cgi?id=188871 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ * TestWebKitAPI/Tests/WebKitCocoa/SafeBrowsing.mm: >+ (-[SafeBrowsingDelegate webView:didFinishNavigation:]): >+ (-[SafeBrowsingDelegate webViewDidClose:]): >+ (-[TestLookupContext lookUpURL:completionHandler:]): >+ (initializeTestContext): >+ (resourceURL): >+ (safeResult): >+ (phishingResult): >+ (malwareResult): >+ (unwantedSoftwareResult): >+ (resultKnownToBeUnsafe): >+ (checkBackForwardList): >+ (runJavaScript): >+ (emptyWebView): >+ (simpleWebViewWithWarning): >+ (TEST): >+ (-[SafeBrowsingNavigationDelegate webView:didFinishNavigation:]): Deleted. >+ > 2018-08-22 Wenson Hsieh <wenson_hsieh@apple.com> > > [Attachment Support] Support dragging attachment elements out as files on macOS >Index: Tools/TestWebKitAPI/Tests/WebKitCocoa/SafeBrowsing.mm >=================================================================== >--- Tools/TestWebKitAPI/Tests/WebKitCocoa/SafeBrowsing.mm (revision 235156) >+++ Tools/TestWebKitAPI/Tests/WebKitCocoa/SafeBrowsing.mm (working copy) >@@ -30,20 +30,28 @@ > #import "ClassMethodSwizzler.h" > #import "PlatformUtilities.h" > #import "TestWKWebView.h" >-#import <WebKit/WKNavigationDelegate.h> > #import <WebKit/WKWebViewPrivate.h> >+#import <WebKit/WebKit.h> >+#import <wtf/BlockPtr.h> > #import <wtf/RetainPtr.h> >+#import <wtf/text/WTFString.h> > >-static bool done; >+static bool navigationFinished; >+static bool viewClosed; > >-@interface SafeBrowsingNavigationDelegate : NSObject <WKNavigationDelegate> >+@interface SafeBrowsingDelegate : NSObject <WKNavigationDelegate, WKUIDelegate> > @end > >-@implementation SafeBrowsingNavigationDelegate >+@implementation SafeBrowsingDelegate > > - (void)webView:(WKWebView *)webView didFinishNavigation:(null_unspecified WKNavigation *)navigation > { >- done = true; >+ navigationFinished = true; >+} >+ >+- (void)webViewDidClose:(WKWebView *)webView >+{ >+ viewClosed = true; > } > > @end >@@ -126,6 +134,8 @@ - (NSArray<TestServiceLookupResult *> *) > > @end > >+static Vector<std::pair<RetainPtr<NSURL>, RetainPtr<TestServiceLookupResult>>> lookupBehavior; >+ > @interface TestLookupContext : NSObject > @end > >@@ -139,25 +149,178 @@ + (TestLookupContext *)sharedLookupConte > > - (void)lookUpURL:(NSURL *)URL completionHandler:(void (^)(TestLookupResult *, NSError *))completionHandler > { >- completionHandler([TestLookupResult resultWithResults:@[[TestServiceLookupResult resultWithProvider:@"TestProvider" phishing:YES malware:NO unwantedSoftware:NO knownToBeUnsafe:NO]]], nil); >+ for (auto pair : lookupBehavior) { >+ if ([pair.first isEqual:URL]) >+ return completionHandler([TestLookupResult resultWithResults:@[pair.second.get()]], nil); >+ } >+ EXPECT_FALSE(true); >+ completionHandler(nil, nil); > } > > @end > >-TEST(WebKit, SafeBrowsing) >+static void initializeTestContext(Vector<std::pair<RetainPtr<NSURL>, RetainPtr<TestServiceLookupResult>>>&& behavior) > { >- TestWebKitAPI::ClassMethodSwizzler swizzler(objc_getClass("SSBLookupContext"), @selector(sharedLookupContext), [TestLookupContext methodForSelector:@selector(sharedLookupContext)]); >+ static TestWebKitAPI::ClassMethodSwizzler swizzler(objc_getClass("SSBLookupContext"), @selector(sharedLookupContext), [TestLookupContext methodForSelector:@selector(sharedLookupContext)]); >+ lookupBehavior = WTFMove(behavior); >+} > >- auto navigationDelegate = adoptNS([[SafeBrowsingNavigationDelegate alloc] init]); >- auto webView = adoptNS([[WKWebView alloc] init]); >- [webView setNavigationDelegate:navigationDelegate.get()]; >- [webView loadRequest:[NSURLRequest requestWithURL:[[NSBundle mainBundle] URLForResource:@"simple" withExtension:@"html" subdirectory:@"TestWebKitAPI.resources"]]]; >+static RetainPtr<NSURL> resourceURL(String&& resource) >+{ >+ return [[NSBundle mainBundle] URLForResource:resource withExtension:@"html" subdirectory:@"TestWebKitAPI.resources"]; >+} > >- // FIXME: Check that the loading happens as expected once we do something with safe browsing results. >+static RetainPtr<TestServiceLookupResult> safeResult() >+{ >+ return [TestServiceLookupResult resultWithProvider:@"TestProvider" phishing:NO malware:NO unwantedSoftware:NO knownToBeUnsafe:NO]; >+} >+ >+static RetainPtr<TestServiceLookupResult> phishingResult() >+{ >+ return [TestServiceLookupResult resultWithProvider:@"TestProvider" phishing:YES malware:NO unwantedSoftware:NO knownToBeUnsafe:NO]; >+} > >+static RetainPtr<TestServiceLookupResult> malwareResult() >+{ >+ return [TestServiceLookupResult resultWithProvider:@"TestProvider" phishing:NO malware:YES unwantedSoftware:NO knownToBeUnsafe:NO]; >+} >+ >+static RetainPtr<TestServiceLookupResult> unwantedSoftwareResult() >+{ >+ return [TestServiceLookupResult resultWithProvider:@"TestProvider" phishing:NO malware:NO unwantedSoftware:YES knownToBeUnsafe:NO]; >+} >+ >+static RetainPtr<TestServiceLookupResult> resultKnownToBeUnsafe() >+{ >+ return [TestServiceLookupResult resultWithProvider:@"TestProvider" phishing:NO malware:NO unwantedSoftware:NO knownToBeUnsafe:YES]; >+} >+ >+static void checkBackForwardList(const RetainPtr<WKWebView>& view, Vector<String>&& back, String current, Vector<String>&& forward) >+{ >+ auto compareItems = [] (WKBackForwardListItem *a, const String& b) { >+ EXPECT_STREQ(a.URL.absoluteString.UTF8String, [[NSBundle mainBundle] URLForResource:b withExtension:@"html" subdirectory:@"TestWebKitAPI.resources"].absoluteString.UTF8String); >+ }; >+ auto compareArrays = [&] (NSArray<WKBackForwardListItem *> *a, const Vector<String>& b) { >+ EXPECT_EQ(a.count, b.size()); >+ if (a.count == b.size()) { >+ for (size_t i = 0; i < b.size(); ++i) >+ compareItems(a[i], b[i]); >+ } >+ }; >+ compareArrays(view.get().backForwardList.backList, back); >+ compareItems(view.get().backForwardList.currentItem, current); >+ compareArrays(view.get().backForwardList.forwardList, forward); >+} >+ >+static void runJavaScript(const RetainPtr<WKWebView>& view, String&& script, String&& expectedResult = "(null)") >+{ >+ bool done = false; >+ [view evaluateJavaScript:script completionHandler:BlockPtr<void(id, NSError *)>::fromCallable([expectedResult = WTFMove(expectedResult), done = &done] (id result, NSError *error) { >+ EXPECT_TRUE(error == nil); >+ NSString *resultString = [NSString stringWithFormat:@"%@", result]; >+ EXPECT_STREQ(expectedResult.utf8().data(), resultString.UTF8String); >+ *done = true; >+ }).get()]; > TestWebKitAPI::Util::run(&done); > } > >+static void runJavaScript(const RetainPtr<WKWebView>& view, Vector<std::pair<String, String>>&& scriptResultPairs) >+{ >+ for (auto&& pair : scriptResultPairs) >+ runJavaScript(view, WTFMove(pair.first), WTFMove(pair.second)); >+} >+ >+RetainPtr<WKWebView> emptyWebView() >+{ >+ static auto delegate = adoptNS([[SafeBrowsingDelegate alloc] init]); >+ auto webView = adoptNS([[WKWebView alloc] init]); >+ [webView setNavigationDelegate:delegate.get()]; >+ [webView setUIDelegate:delegate.get()]; >+ checkBackForwardList(webView, { }, "(null)", { }); >+ return webView; >+} >+ >+RetainPtr<WKWebView> simpleWebViewWithWarning(RetainPtr<TestServiceLookupResult>&& result) >+{ >+ auto simpleURL = resourceURL("simple"); >+ initializeTestContext({{simpleURL, result.get()}}); >+ auto webView = emptyWebView(); >+ navigationFinished = false; >+ [webView loadRequest:[NSURLRequest requestWithURL:simpleURL.get()]]; >+ TestWebKitAPI::Util::run(&navigationFinished); >+ runJavaScript(webView, { >+ {"canGoBack", "0"}, >+ }); >+ checkBackForwardList(webView, { }, "simple", { }); >+ return webView; >+} >+ >+const char* buttonDisplayValues = "Array.from(document.querySelectorAll('button')).map(x=>x.style.display).toString()"; >+ >+TEST(SafeBrowsing, IgnorePhishingWarning) >+{ >+ auto webView = simpleWebViewWithWarning(phishingResult()); >+ >+ // Clicking "Show Details" should make the button invisible >+ runJavaScript(webView, { >+ {buttonDisplayValues, ",,,block"}, >+ {"typeUIValue", "phishing"}, >+ {"document.querySelector('button#detailsButton').click()", "(null)"}, >+ {buttonDisplayValues, ",,,none"}, >+ }); >+ >+ // Clicking "visit this unsafe website" should navigate to the site. >+ navigationFinished = false; >+ runJavaScript(webView, "document.querySelector('a[role=\"button\"]').click()"); >+ TestWebKitAPI::Util::run(&navigationFinished); >+ >+ runJavaScript(webView, "document.body.innerHTML.trim()", "Simple HTML file."); >+ checkBackForwardList(webView, { }, "simple", { }); >+} >+ >+TEST(SafeBrowsing, ClosePage) >+{ >+ auto webView = simpleWebViewWithWarning(phishingResult()); >+ runJavaScript(webView, "document.querySelector('button.closePage').click()"); >+ TestWebKitAPI::Util::run(&viewClosed); >+} >+ >+TEST(SafeBrowsing, GoBack) >+{ >+ auto simpleURL = resourceURL("simple"); >+ auto simple2URL = resourceURL("simple2"); >+ initializeTestContext({ >+ {simpleURL, safeResult() }, >+ {simple2URL, phishingResult() }, >+ }); >+ auto webView = emptyWebView(); >+ [webView loadRequest:[NSURLRequest requestWithURL:simpleURL.get()]]; >+ TestWebKitAPI::Util::run(&navigationFinished); >+ checkBackForwardList(webView, { }, "simple", { }); >+ navigationFinished = false; >+ [webView loadRequest:[NSURLRequest requestWithURL:simple2URL.get()]]; >+ TestWebKitAPI::Util::run(&navigationFinished); >+ checkBackForwardList(webView, {"simple"}, "simple2", { }); >+ runJavaScript(webView, { >+ {buttonDisplayValues, ",,,block"}, >+ {"canGoBack", "1"}, >+ {"document.querySelector('button.goBack').click()", "(null)"}, >+ }); >+ checkBackForwardList(webView, { "simple" }, "simple2", { }); >+ navigationFinished = false; >+ TestWebKitAPI::Util::run(&navigationFinished); >+ checkBackForwardList(webView, { }, "simple", { "simple2" }); >+} >+ >+TEST(SafeBrowsing, ResultTypes) >+{ >+ auto getTitle = "document.querySelector('#title').innerHTML"; >+ runJavaScript(simpleWebViewWithWarning(phishingResult()), getTitle, "Deceptive Website Warning"); >+ runJavaScript(simpleWebViewWithWarning(malwareResult()), getTitle, "Malware Website Warning"); >+ runJavaScript(simpleWebViewWithWarning(unwantedSoftwareResult()), getTitle, "Website With Harmful Software Warning"); >+ runJavaScript(simpleWebViewWithWarning(resultKnownToBeUnsafe()), getTitle, "Possible Phishing Website"); >+} >+ > @interface NullLookupContext : NSObject > @end > @implementation NullLookupContext >@@ -167,7 +330,7 @@ + (NullLookupContext *)sharedLookupConte > } > @end > >-TEST(WebKit, NoSafeBrowsing) >+TEST(SafeBrowsing, BaseSystemMissingFramework) > { > TestWebKitAPI::ClassMethodSwizzler swizzler(objc_getClass("SSBLookupContext"), @selector(sharedLookupContext), [NullLookupContext methodForSelector:@selector(sharedLookupContext)]); > auto webView = adoptNS([[TestWKWebView alloc] initWithFrame:CGRectMake(0, 0, 800, 600)]);
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=347880">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 188871
:
347880
|
347888
|
347904
|
349327
|
349334
|
349462
|
349793
|
350060
|
350071
|
350738
|
350808
|
350813
|
350826
|
350872
|
352850
|
353655
|
353711
|
353715
|
353740
|
353776
|
353780
|
353792
|
353870
|
353915
|
353918
|
353928