Skip to content
Permalink
Browse files
[GLib] Make WebKitSettings XSS auditor functions no-op
https://bugs.webkit.org/show_bug.cgi?id=239651

Patch by Michael Catanzaro <mcatanzaro@gnome.org> on 2022-04-27
Reviewed by Adrian Perez de Castro.

Let's deprecate these functions.

Also, do not print warnings because they are called during init by the property setters.

* Source/WebKit/UIProcess/API/glib/WebKitSettings.cpp:
(webkit_settings_get_enable_xss_auditor):
(webkit_settings_set_enable_xss_auditor):
* Source/WebKit/UIProcess/API/gtk/WebKitSettings.h:
* Source/WebKit/UIProcess/API/wpe/WebKitSettings.h:

Canonical link: https://commits.webkit.org/250038@main
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@293507 268f45cc-cd09-0410-ab3c-d52691b4dbfc
  • Loading branch information
mcatanzaro authored and webkit-commit-queue committed Apr 27, 2022
1 parent b5c1d22 commit 3d19e338c53fa5147b46043eff02fcb2dcb2f3d7
Show file tree
Hide file tree
Showing 6 changed files with 43 additions and 15 deletions.
@@ -1,3 +1,21 @@
2022-04-26 Michael Catanzaro <mcatanzaro@redhat.com>

[GLib] Make WebKitSettings XSS auditor functions no-op
https://bugs.webkit.org/show_bug.cgi?id=239651
<rdar://problem/92304443>

Reviewed by Adrian Perez de Castro.

Let's deprecate these functions.

Also, do not print warnings because they are called during init by the property setters.

* UIProcess/API/glib/WebKitSettings.cpp:
(webkit_settings_get_enable_xss_auditor):
(webkit_settings_set_enable_xss_auditor):
* UIProcess/API/gtk/WebKitSettings.h:
* UIProcess/API/wpe/WebKitSettings.h:

2022-04-27 Youenn Fablet <youenn@apple.com>

service worker update should refresh imported scripts in addition to the main script
@@ -1813,16 +1813,16 @@ void webkit_settings_set_enable_html5_database(WebKitSettings* settings, gboolea
* webkit_settings_get_enable_xss_auditor:
* @settings: a #WebKitSettings
*
* Get the #WebKitSettings:enable-xss-auditor property.
* The XSS auditor has been removed. This function returns %FALSE.
*
* Returns: %TRUE If XSS auditing is enabled or %FALSE otherwise.
* Returns: %FALSE
*
* Deprecated: 2.38. This function does nothing.
*/
gboolean webkit_settings_get_enable_xss_auditor(WebKitSettings* settings)
{
g_return_val_if_fail(WEBKIT_IS_SETTINGS(settings), FALSE);

g_warning("webkit_settings_get_enable_xss_auditor is deprecated and always returns FALSE. XSS auditor is no longer supported.");

return FALSE;
}

@@ -1831,14 +1831,13 @@ gboolean webkit_settings_get_enable_xss_auditor(WebKitSettings* settings)
* @settings: a #WebKitSettings
* @enabled: Value to be set
*
* Set the #WebKitSettings:enable-xss-auditor property.
* The XSS auditor has been removed. This function does nothing.
*
* Deprecated: 2.38. This function does nothing.
*/
void webkit_settings_set_enable_xss_auditor(WebKitSettings* settings, gboolean enabled)
{
g_return_if_fail(WEBKIT_IS_SETTINGS(settings));

if (enabled)
g_warning("webkit_settings_set_enable_xss_auditor is deprecated and does nothing. XSS auditor is no longer supported.");
}

/**
@@ -135,10 +135,10 @@ webkit_settings_get_enable_html5_database (WebKitSettings *
WEBKIT_API void
webkit_settings_set_enable_html5_database (WebKitSettings *settings,
gboolean enabled);
WEBKIT_API gboolean
WEBKIT_DEPRECATED gboolean
webkit_settings_get_enable_xss_auditor (WebKitSettings *settings);

WEBKIT_API void
WEBKIT_DEPRECATED void
webkit_settings_set_enable_xss_auditor (WebKitSettings *settings,
gboolean enabled);

@@ -119,10 +119,10 @@ webkit_settings_get_enable_html5_database (WebKitSettings *
WEBKIT_API void
webkit_settings_set_enable_html5_database (WebKitSettings *settings,
gboolean enabled);
WEBKIT_API gboolean
WEBKIT_DEPRECATED gboolean
webkit_settings_get_enable_xss_auditor (WebKitSettings *settings);

WEBKIT_API void
WEBKIT_DEPRECATED void
webkit_settings_set_enable_xss_auditor (WebKitSettings *settings,
gboolean enabled);

@@ -1,3 +1,14 @@
2022-04-26 Michael Catanzaro <mcatanzaro@redhat.com>

[GLib] Make WebKitSettings XSS auditor functions no-op
https://bugs.webkit.org/show_bug.cgi?id=239651
<rdar://problem/92304443>

Reviewed by Adrian Perez de Castro.

* TestWebKitAPI/Tests/WebKitGLib/TestWebKitSettings.cpp:
(testWebKitSettings):

2022-04-27 Youenn Fablet <youenn@apple.com>

Add testRunner API to clear memory cache
@@ -72,9 +72,9 @@ static void testWebKitSettings(Test*, gconstpointer)
webkit_settings_set_enable_html5_database(settings, FALSE);
g_assert_false(webkit_settings_get_enable_html5_database(settings));

// XSS Auditor is enabled by default.
g_assert_true(webkit_settings_get_enable_xss_auditor(settings));
webkit_settings_set_enable_xss_auditor(settings, FALSE);
// XSS Auditor is deprecated and always disabled.
g_assert_false(webkit_settings_get_enable_xss_auditor(settings));
webkit_settings_set_enable_xss_auditor(settings, TRUE);
g_assert_false(webkit_settings_get_enable_xss_auditor(settings));

// Frame flattening is disabled by default.

0 comments on commit 3d19e33

Please sign in to comment.