Timestamp:
Aug 25, 2020, 3:46:16 PM (5 years ago)
Author:
timothy_horton@apple.com
Message:

Web Share API can share non-HTTP(S) URLs
https://bugs.webkit.org/show_bug.cgi?id=215823
<rdar://problem/62083130>

Reviewed by Wenson Hsieh.

Source/WebCore:

Test: fast/web-share/share-disallows-file-urls.html

  • page/Navigator.cpp:

(WebCore::shareableURLForShareData):
(WebCore::Navigator::canShare):
(WebCore::Navigator::share):
Factor out the code to complete and check the scheme of the URL.
Make canShare() return NO and share() fail for non-HTTP(S) or data: URLs.

Source/WebKit:

  • UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::showShareSheet):
Ensure that only HTTP family or data: URLs are shared.

LayoutTests:

  • fast/web-share/share-disallows-file-urls-expected.txt: Added.
  • fast/web-share/share-disallows-file-urls.html: Added.
  • fast/web-share/share-transient-activation-expired.html:
  • fast/web-share/share-transient-activation.html:
  • fast/web-share/share.html:

Add a test that ensures that sharing a non-HTTP-family URL fails,
and fix the existing tests to share HTTP-family URLs.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/WebCore/page/Navigator.cpp

    r263017 r266151  
    111111}
    112112
     113
     114
     115
     116
     117
     118
     119
     120
     121
     122
     123
     124
     125
     126
    113127bool Navigator::canShare(ScriptExecutionContext& context, const ShareData& data)
    114128{
     
    127141    }
    128142
    129     Optional<URL> url;
    130     if (!data.url.isNull()) {
    131         url = context.completeURL(data.url);
    132         if (!url->isValid())
    133             return false;
    134     }
     143    if (!data.url.isNull() && !shareableURLForShareData(context, data))
     144        return false;
     145
    135146    return true;
    136147}
     
    142153        return;
    143154    }
    144    
    145     Optional<URL> url;
    146     if (!data.url.isEmpty())
    147         url = context.completeURL(data.url);
    148    
     155
    149156    auto* window = this->window();
    150157    // Note that the specification does not indicate we should consume user activation. We are intentionally stricter here.
     
    153160        return;
    154161    }
    155    
     162
     163    Optional<URL> url = shareableURLForShareData(context, data);
    156164    ShareDataWithParsedURL shareData = {
    157165        data,
Note: See TracChangeset for help on using the changeset viewer.