Continue to refine heuristics around when URL adjustment should be ap…

…plied https://bugs.webkit.org/show_bug.cgi?id=255405 rdar://107939119 Reviewed by Tim Horton. Use `topPrivatelyControlledDomain` to relax some scenarios in which we currently apply adjustment underneath `Document::urlForBindings`. We currently avoid adjustment in the case where the current script triggering the bindings call is first-party (i.e. same origin as the current document), but this leaves out some cases where it makes more sense to treat certain script is first party; refer to the new API test case and bug for more information. * Source/WebCore/dom/Document.cpp: (WebCore::Document::urlForBindings const): (WebCore::Document::mayBeExecutingThirdPartyScript const): Deleted. * Source/WebCore/dom/Document.h: Canonical link: https://commits.webkit.org/262965@main
WebKit · Apr 14, 2023 · 4b1b135 · 4b1b135
1 parent 7a9711d
commit 4b1b135
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 12 deletions.
diff --git a/Source/WebCore/dom/Document.cpp b/Source/WebCore/dom/Document.cpp
@@ -3586,7 +3586,29 @@ const URL& Document::urlForBindings() const
         if (preNavigationURL.isEmpty() || RegistrableDomain { URL { preNavigationURL } }.matches(securityOrigin().data()))
             return false;
 
-        return mayBeExecutingThirdPartyScript();
+        if (!m_hasLoadedThirdPartyScript)
+            return false;
+
+        if (auto sourceURL = currentSourceURL(); !sourceURL.isEmpty()) {
+            RegistrableDomain sourceURLDomain { sourceURL };
+            if (sourceURLDomain.matches(securityOrigin().data()))
+                return false;
+
+            auto domainString = topPrivatelyControlledDomain(securityOrigin().data().host());
+            auto sourceURLDomainString = topPrivatelyControlledDomain(sourceURLDomain.string());
+            auto substringToSeparator = [&](const String& domain) -> StringView {
+                auto indexOfFirstSeparator = domain.find('.');
+                if (indexOfFirstSeparator == notFound)
+                    return { };
+                return domain.left(indexOfFirstSeparator);
+            };
+
+            auto firstSubstring = substringToSeparator(domainString);
+            if (!firstSubstring.isEmpty() && firstSubstring == substringToSeparator(sourceURLDomainString))
+                return false;
+        }
+
+        return true;
     }();
 
     if (shouldAdjustURL)
@@ -6130,15 +6152,6 @@ void Document::popCurrentScript()
     m_currentScriptStack.removeLast();
 }
 
-bool Document::mayBeExecutingThirdPartyScript() const
-{
-    if (!m_hasLoadedThirdPartyScript)
-        return false;
-
-    auto sourceURL = currentSourceURL();
-    return sourceURL.isEmpty() || !RegistrableDomain { sourceURL }.matches(securityOrigin().data());
-}
-
 bool Document::shouldDeferAsynchronousScriptsUntilParsingFinishes() const
 {
     if (!settings().shouldDeferAsynchronousScriptsUntilAfterDocumentLoadOrFirstPaint())

diff --git a/Source/WebCore/dom/Document.h b/Source/WebCore/dom/Document.h
@@ -1125,8 +1125,6 @@ class Document
     void pushCurrentScript(Element*);
     void popCurrentScript();
 
-    bool mayBeExecutingThirdPartyScript() const;
-
     bool shouldDeferAsynchronousScriptsUntilParsingFinishes() const;
 
     bool supportsPaintTiming() const;