diff --git a/Source/WebCore/editing/cocoa/WebContentReaderCocoa.mm b/Source/WebCore/editing/cocoa/WebContentReaderCocoa.mm index fabfbba32080..44b3ff3e1cc9 100644 --- a/Source/WebCore/editing/cocoa/WebContentReaderCocoa.mm +++ b/Source/WebCore/editing/cocoa/WebContentReaderCocoa.mm @@ -582,8 +582,8 @@ static String stripMicrosoftPrefix(const String& string) String markup; if (DeprecatedGlobalSettings::customPasteboardDataEnabled() && shouldSanitize()) { markup = sanitizeMarkup(stringOmittingMicrosoftPrefix, msoListQuirksForMarkup(), WTF::Function { [] (DocumentFragment& fragment) { - removeSubresourceURLAttributes(fragment, [] (const URL& url) { - return shouldReplaceSubresourceURLWithBlobDuringSanitization(url); + removeSubresourceURLAttributes(fragment, [](auto& url) { + return url.isLocalFile(); }); } }); } else @@ -601,8 +601,8 @@ static String stripMicrosoftPrefix(const String& string) String rawHTML = stripMicrosoftPrefix(string); if (shouldSanitize()) { markup = sanitizeMarkup(rawHTML, msoListQuirksForMarkup(), WTF::Function { [] (DocumentFragment& fragment) { - removeSubresourceURLAttributes(fragment, [] (const URL& url) { - return shouldReplaceSubresourceURLWithBlobDuringSanitization(url); + removeSubresourceURLAttributes(fragment, [](auto& url) { + return url.isLocalFile(); }); } }); } else diff --git a/Source/WebCore/editing/markup.cpp b/Source/WebCore/editing/markup.cpp index 7e229fca981b..d4274056a4c2 100644 --- a/Source/WebCore/editing/markup.cpp +++ b/Source/WebCore/editing/markup.cpp @@ -175,8 +175,8 @@ void removeSubresourceURLAttributes(Ref&& fragment, FunctionremoveAttribute(item.attributeName); + for (auto& [element, attribute] : attributesToRemove) + element->removeAttribute(attribute); } std::unique_ptr createPageForSanitizingWebContent() diff --git a/Tools/TestWebKitAPI/Tests/WebKitCocoa/PasteHTML.mm b/Tools/TestWebKitAPI/Tests/WebKitCocoa/PasteHTML.mm index 1fee952d1f85..971f0ed69f92 100644 --- a/Tools/TestWebKitAPI/Tests/WebKitCocoa/PasteHTML.mm +++ b/Tools/TestWebKitAPI/Tests/WebKitCocoa/PasteHTML.mm @@ -120,18 +120,24 @@ void writeHTMLToPasteboard(NSString *html) EXPECT_TRUE([webView stringByEvaluatingJavaScript:@"clipboardData.values[0].includes('dangerousCode')"].boolValue); } -TEST(PasteHTML, StripsFileURLs) +TEST(PasteHTML, StripsFileAndJavaScriptURLs) { auto webView = createWebViewWithCustomPasteboardDataSetting(true); [webView synchronouslyLoadTestPageNamed:@"paste-rtfd"]; - writeHTMLToPasteboard(@"world"); + writeHTMLToPasteboard(@"" + "world" + "Radar Link" + "JavaScript Link"); [webView paste:nil]; EXPECT_TRUE([webView stringByEvaluatingJavaScript:@"clipboardData.types.includes('text/html')"].boolValue); EXPECT_TRUE([webView stringByEvaluatingJavaScript:@"clipboardData.values[0].includes('hello')"].boolValue); EXPECT_TRUE([webView stringByEvaluatingJavaScript:@"clipboardData.values[0].includes('world')"].boolValue); EXPECT_FALSE([webView stringByEvaluatingJavaScript:@"clipboardData.values[0].includes('secret')"].boolValue); + EXPECT_TRUE([webView stringByEvaluatingJavaScript:@"clipboardData.values[0].includes('rdar://101878956')"].boolValue); + EXPECT_TRUE([webView stringByEvaluatingJavaScript:@"clipboardData.values[0].includes('Radar Link')"].boolValue); + EXPECT_FALSE([webView stringByEvaluatingJavaScript:@"clipboardData.values[0].includes('runCode()')"].boolValue); } TEST(PasteHTML, DoesNotStripFileURLsWhenCustomPasteboardDataIsDisabled)