WebKit Bugzilla
Attachment 357063 Details for
Bug 192595
: Restrict DeviceMotion / DeviceOrientation APIs to secure contexts
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-192595-20181211103835.patch (text/plain), 16.09 KB, created by
Chris Dumez
on 2018-12-11 10:38:36 PST
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Chris Dumez
Created:
2018-12-11 10:38:36 PST
Size:
16.09 KB
patch
obsolete
>Subversion Revision: 239030 >diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog >index bc129d35e2d4d43170dc62faaecca8662395bfee..7ce35886e3d55c3e72747f704922a1a8a8832e82 100644 >--- a/Source/WebCore/ChangeLog >+++ b/Source/WebCore/ChangeLog >@@ -1,3 +1,24 @@ >+2018-12-11 Chris Dumez <cdumez@apple.com> >+ >+ Restrict DeviceMotion / DeviceOrientation APIs to secure contexts >+ https://bugs.webkit.org/show_bug.cgi?id=192595 >+ <rdar://problem/46382603> >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ Tests: http/tests/events/device-orientation-motion-non-secure-context.html >+ http/tests/events/device-orientation-motion-secure-context.html >+ >+ * page/DOMWindow.cpp: >+ (WebCore::DOMWindow::addEventListener): >+ * page/SecurityOrigin.h: >+ (WebCore::SecurityOrigin::setIsPotentiallyTrustworthy): >+ * testing/Internals.cpp: >+ (WebCore::Internals::markContextAsInsecure): >+ (WebCore::Internals::postTask): >+ * testing/Internals.h: >+ * testing/Internals.idl: >+ > 2018-12-10 Youenn Fablet <youenn@apple.com> > > MockLibWebRTCPeerConnectionFactory should isolate copy its test case >diff --git a/Source/WebCore/page/DOMWindow.cpp b/Source/WebCore/page/DOMWindow.cpp >index 793f7aae9ebaa1d7751e4a1287e227dae7625612..3211907ea0b361f32d8bb6704c4bb188f7c7e7bf 100644 >--- a/Source/WebCore/page/DOMWindow.cpp >+++ b/Source/WebCore/page/DOMWindow.cpp >@@ -1824,27 +1824,35 @@ bool DOMWindow::addEventListener(const AtomicString& eventType, Ref<EventListene > #if ENABLE(DEVICE_ORIENTATION) > #if PLATFORM(IOS_FAMILY) > else if ((eventType == eventNames().devicemotionEvent || eventType == eventNames().deviceorientationEvent) && document()) { >- if (isSameSecurityOriginAsMainFrame()) { >+ if (isSameSecurityOriginAsMainFrame() && isSecureContext()) { > if (eventType == eventNames().deviceorientationEvent) > document()->deviceOrientationController()->addDeviceEventListener(this); > else > document()->deviceMotionController()->addDeviceEventListener(this); >- } else if (document()) >- document()->addConsoleMessage(MessageSource::JS, MessageLevel::Warning, "Blocked attempt add device motion or orientation listener from child frame that wasn't the same security origin as the main page."_s); >+ } else if (document()) { >+ if (isSecureContext()) >+ document()->addConsoleMessage(MessageSource::JS, MessageLevel::Warning, "Blocked attempt add device motion or orientation listener from child frame that wasn't the same security origin as the main page."_s); >+ else >+ document()->addConsoleMessage(MessageSource::JS, MessageLevel::Warning, "Blocked attempt add device motion or orientation listener because the browsing context is not secure."_s); >+ } > } > #else > else if (eventType == eventNames().devicemotionEvent) { >- if (isSameSecurityOriginAsMainFrame()) { >+ if (isSameSecurityOriginAsMainFrame() && isSecureContext()) { > if (DeviceMotionController* controller = DeviceMotionController::from(page())) > controller->addDeviceEventListener(this); > } else if (document()) > document()->addConsoleMessage(MessageSource::JS, MessageLevel::Warning, "Blocked attempt add device motion listener from child frame that wasn't the same security origin as the main page."_s); > } else if (eventType == eventNames().deviceorientationEvent) { >- if (isSameSecurityOriginAsMainFrame()) { >+ if (isSameSecurityOriginAsMainFrame() && isSecureContext()) { > if (DeviceOrientationController* controller = DeviceOrientationController::from(page())) > controller->addDeviceEventListener(this); >- } else if (document()) >- document()->addConsoleMessage(MessageSource::JS, MessageLevel::Warning, "Blocked attempt add device orientation listener from child frame that wasn't the same security origin as the main page."_s); >+ } else if (document()) { >+ if (isSecureContext()) >+ document()->addConsoleMessage(MessageSource::JS, MessageLevel::Warning, "Blocked attempt add device orientation listener from child frame that wasn't the same security origin as the main page."_s); >+ else >+ document()->addConsoleMessage(MessageSource::JS, MessageLevel::Warning, "Blocked attempt add device motion or orientation listener because the browsing context is not secure."_s); >+ } > } > #endif // PLATFORM(IOS_FAMILY) > #endif // ENABLE(DEVICE_ORIENTATION) >diff --git a/Source/WebCore/page/SecurityOrigin.h b/Source/WebCore/page/SecurityOrigin.h >index b93d0faf235a7fe35476509f6e437d54405cc120..ba78b6cdef31e242d8d0332de6f302d2f00e804c 100644 >--- a/Source/WebCore/page/SecurityOrigin.h >+++ b/Source/WebCore/page/SecurityOrigin.h >@@ -199,6 +199,7 @@ public: > WEBCORE_EXPORT bool isSameOriginAs(const SecurityOrigin&) const; > > bool isPotentiallyTrustworthy() const { return m_isPotentiallyTrustworthy; } >+ void setIsPotentiallyTrustworthy(bool value) { m_isPotentiallyTrustworthy = value; } > > static bool isLocalHostOrLoopbackIPAddress(StringView); > >diff --git a/Source/WebCore/testing/Internals.cpp b/Source/WebCore/testing/Internals.cpp >index 12274a116d439ae02294b53c43bb1fad4b2747e7..b731246c71a3a7cc0cd1c7c5d3b89544da1e5daa 100644 >--- a/Source/WebCore/testing/Internals.cpp >+++ b/Source/WebCore/testing/Internals.cpp >@@ -4380,6 +4380,28 @@ bool Internals::pageHasPointerLock() const > } > #endif > >+void Internals::markContextAsInsecure() >+{ >+ auto* document = contextDocument(); >+ if (!document) >+ return; >+ >+ document->securityOrigin().setIsPotentiallyTrustworthy(false); >+} >+ >+void Internals::postTask(RefPtr<VoidCallback>&& callback) >+{ >+ auto* document = contextDocument(); >+ if (!document) { >+ callback->handleEvent(); >+ return; >+ } >+ >+ document->postTask([callback = WTFMove(callback)](ScriptExecutionContext&) { >+ callback->handleEvent(); >+ }); >+} >+ > Vector<String> Internals::accessKeyModifiers() const > { > Vector<String> accessKeyModifierStrings; >diff --git a/Source/WebCore/testing/Internals.h b/Source/WebCore/testing/Internals.h >index 8647088ed85be5c94e130fc44aa89624762c5eef..f78781516e54e71cc9e5d9d910080de1a140cc57 100644 >--- a/Source/WebCore/testing/Internals.h >+++ b/Source/WebCore/testing/Internals.h >@@ -714,6 +714,9 @@ public: > bool isSystemPreviewLink(Element&) const; > bool isSystemPreviewImage(Element&) const; > >+ void postTask(RefPtr<VoidCallback>&&); >+ void markContextAsInsecure(); >+ > bool usingAppleInternalSDK() const; > > struct NowPlayingState { >diff --git a/Source/WebCore/testing/Internals.idl b/Source/WebCore/testing/Internals.idl >index b76c2a9d7a95d33d0489070a3cd97fe5bc704dca..4a56bf8887bced95c2be5d9ea706fcd277b776e8 100644 >--- a/Source/WebCore/testing/Internals.idl >+++ b/Source/WebCore/testing/Internals.idl >@@ -699,6 +699,9 @@ enum CompositingPolicy { > > boolean usingAppleInternalSDK(); > >+ void postTask(VoidCallback callback); >+ void markContextAsInsecure(); >+ > [Conditional=VIDEO, MayThrowException] readonly attribute NowPlayingState nowPlayingState; > > [Conditional=VIDEO] HTMLMediaElement bestMediaElementForShowingPlaybackControlsManager(PlaybackControlsPurpose purpose); >diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog >index 202893917e53d9aaa0af273fc573667ad8a8ea56..d7af9b5a55cb644cf434df6fa7b0e21d5c9cd878 100644 >--- a/LayoutTests/ChangeLog >+++ b/LayoutTests/ChangeLog >@@ -1,3 +1,21 @@ >+2018-12-11 Chris Dumez <cdumez@apple.com> >+ >+ Restrict DeviceMotion / DeviceOrientation APIs to secure contexts >+ https://bugs.webkit.org/show_bug.cgi?id=192595 >+ <rdar://problem/46382603> >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ Add layout test coverage. Note however that we currently do not have mock data providers >+ for these APIs. >+ >+ * http/tests/events/device-orientation-motion-non-secure-context-expected.txt: Added. >+ * http/tests/events/device-orientation-motion-non-secure-context.html: Added. >+ * http/tests/events/device-orientation-motion-secure-context-expected.txt: Added. >+ * http/tests/events/device-orientation-motion-secure-context.html: Added. >+ * platform/ios/http/tests/events/device-orientation-motion-non-secure-context-expected.txt: Added. >+ * platform/ios/http/tests/events/device-orientation-motion-secure-context-expected.txt: Added. >+ > 2018-12-09 Commit Queue <commit-queue@webkit.org> > > Unreviewed, rolling out r239010. >diff --git a/LayoutTests/http/tests/events/device-orientation-motion-non-secure-context-expected.txt b/LayoutTests/http/tests/events/device-orientation-motion-non-secure-context-expected.txt >new file mode 100644 >index 0000000000000000000000000000000000000000..95a63a823b1d8ab495ca4187bd279270a5a1f5c2 >--- /dev/null >+++ b/LayoutTests/http/tests/events/device-orientation-motion-non-secure-context-expected.txt >@@ -0,0 +1,11 @@ >+CONSOLE MESSAGE: line 38: Device Orientation API is not supported >+CONSOLE MESSAGE: line 20: Device Motion API is not supported >+Tests that trying to set an event listener for deviceorientation and deviceorientation logs an error in non-secure contexts. >+ >+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". >+ >+ >+PASS successfullyParsed is true >+ >+TEST COMPLETE >+ >diff --git a/LayoutTests/http/tests/events/device-orientation-motion-non-secure-context.html b/LayoutTests/http/tests/events/device-orientation-motion-non-secure-context.html >new file mode 100644 >index 0000000000000000000000000000000000000000..b49f23d2d09ec634781c3841ee64b4fb6840febe >--- /dev/null >+++ b/LayoutTests/http/tests/events/device-orientation-motion-non-secure-context.html >@@ -0,0 +1,55 @@ >+<!DOCTYPE html> >+<html> >+<body> >+<script src="/js-test-resources/js-test.js"></script> >+<script> >+description("Tests that trying to set an event listener for deviceorientation and deviceorientation logs an error in non-secure contexts."); >+jsTestIsAsync = true; >+ >+// localhost is secure by default. >+internals.markContextAsInsecure(); >+ >+let lastConsoleMessage = null; >+internals.setConsoleMessageListener((message) => { >+ lastConsoleMessage = message; >+}); >+ >+function runDeviceMotionTest() >+{ >+ if (!window.DeviceMotionEvent) { >+ console.log("Device Motion API is not supported"); >+ finishJSTest(); >+ return; >+ } >+ >+ lastConsoleMessage = null; >+ debug(""); >+ debug("* Registering device motion listener"); >+ addEventListener("devicemotion", function() { }); >+ internals.postTask(() => { >+ shouldBeEqualToString("lastConsoleMessage", "Blocked attempt add device motion or orientation listener because the browsing context is not secure."); >+ finishJSTest(); >+ }); >+} >+ >+function runDeviceOrientationTest() >+{ >+ if (!window.DeviceOrientationEvent) { >+ console.log("Device Orientation API is not supported"); >+ runDeviceMotionTest(); >+ return; >+ } >+ >+ lastConsoleMessage = null; >+ debug("* Registering device orientation listener"); >+ addEventListener("deviceorientation", function() { }); >+ internals.postTask(() => { >+ shouldBeEqualToString("lastConsoleMessage", "Blocked attempt add device motion or orientation listener because the browsing context is not secure."); >+ runDeviceMotionTest(); >+ }); >+} >+ >+onload = runDeviceOrientationTest; >+</script> >+</body> >+</html> >diff --git a/LayoutTests/http/tests/events/device-orientation-motion-secure-context-expected.txt b/LayoutTests/http/tests/events/device-orientation-motion-secure-context-expected.txt >new file mode 100644 >index 0000000000000000000000000000000000000000..0fb7d7ebf2d842d7bb734aa843318d89680d4346 >--- /dev/null >+++ b/LayoutTests/http/tests/events/device-orientation-motion-secure-context-expected.txt >@@ -0,0 +1,11 @@ >+CONSOLE MESSAGE: line 37: Device Orientation API is not supported >+CONSOLE MESSAGE: line 19: Device Motion API is not supported >+Tests that trying to set an event listener for deviceorientation and deviceorientation does not log an error in secure contexts. >+ >+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". >+ >+ >+PASS successfullyParsed is true >+ >+TEST COMPLETE >+ >diff --git a/LayoutTests/http/tests/events/device-orientation-motion-secure-context.html b/LayoutTests/http/tests/events/device-orientation-motion-secure-context.html >new file mode 100644 >index 0000000000000000000000000000000000000000..4e54d11d9941e758e02750b86d43e32bc9433eee >--- /dev/null >+++ b/LayoutTests/http/tests/events/device-orientation-motion-secure-context.html >@@ -0,0 +1,54 @@ >+<!DOCTYPE html> >+<html> >+<body> >+<script src="/js-test-resources/js-test.js"></script> >+<script> >+description("Tests that trying to set an event listener for deviceorientation and deviceorientation does not log an error in secure contexts."); >+jsTestIsAsync = true; >+ >+// localhost is secure by default. >+ >+let lastConsoleMessage = null; >+internals.setConsoleMessageListener((message) => { >+ lastConsoleMessage = message; >+}); >+ >+function runDeviceMotionTest() >+{ >+ if (!window.DeviceMotionEvent) { >+ console.log("Device Motion API is not supported"); >+ finishJSTest(); >+ return; >+ } >+ >+ lastConsoleMessage = null; >+ debug(""); >+ debug("* Registering device motion listener"); >+ addEventListener("devicemotion", function() { }); >+ internals.postTask(() => { >+ shouldBeNull("lastConsoleMessage"); >+ finishJSTest(); >+ }); >+} >+ >+function runDeviceOrientationTest() >+{ >+ if (!window.DeviceOrientationEvent) { >+ console.log("Device Orientation API is not supported"); >+ runDeviceMotionTest(); >+ return; >+ } >+ >+ lastConsoleMessage = null; >+ debug("* Registering device orientation listener"); >+ addEventListener("deviceorientation", function() { }); >+ internals.postTask(() => { >+ shouldBeNull("lastConsoleMessage"); >+ runDeviceMotionTest(); >+ }); >+} >+ >+onload = runDeviceOrientationTest; >+</script> >+</body> >+</html> >diff --git a/LayoutTests/platform/ios/http/tests/events/device-orientation-motion-non-secure-context-expected.txt b/LayoutTests/platform/ios/http/tests/events/device-orientation-motion-non-secure-context-expected.txt >new file mode 100644 >index 0000000000000000000000000000000000000000..f6efb512ba76b569537f028f9f9e22b2b0d74f26 >--- /dev/null >+++ b/LayoutTests/platform/ios/http/tests/events/device-orientation-motion-non-secure-context-expected.txt >@@ -0,0 +1,16 @@ >+CONSOLE MESSAGE: line 43: Blocked attempt add device motion or orientation listener because the browsing context is not secure. >+CONSOLE MESSAGE: line 27: Blocked attempt add device motion or orientation listener because the browsing context is not secure. >+Tests that trying to set an event listener for deviceorientation and deviceorientation logs an error in non-secure contexts. >+ >+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". >+ >+ >+* Registering device orientation listener >+PASS lastConsoleMessage is "Blocked attempt add device motion or orientation listener because the browsing context is not secure." >+ >+* Registering device motion listener >+PASS lastConsoleMessage is "Blocked attempt add device motion or orientation listener because the browsing context is not secure." >+PASS successfullyParsed is true >+ >+TEST COMPLETE >+ >diff --git a/LayoutTests/platform/ios/http/tests/events/device-orientation-motion-secure-context-expected.txt b/LayoutTests/platform/ios/http/tests/events/device-orientation-motion-secure-context-expected.txt >new file mode 100644 >index 0000000000000000000000000000000000000000..31b85f5d7d45f37f9d6b165f6737dfe5922edf5c >--- /dev/null >+++ b/LayoutTests/platform/ios/http/tests/events/device-orientation-motion-secure-context-expected.txt >@@ -0,0 +1,14 @@ >+Tests that trying to set an event listener for deviceorientation and deviceorientation does not log an error in secure contexts. >+ >+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". >+ >+ >+* Registering device orientation listener >+PASS lastConsoleMessage is null >+ >+* Registering device motion listener >+PASS lastConsoleMessage is null >+PASS successfullyParsed is true >+ >+TEST COMPLETE >+
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=357063">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Flags:
dino
:
review+
ews-watchlist
:
commit-queue-
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 192595
: 357063 |
357069