Cherry-pick 5e8c33f. rdar://123409359

Check both browser and chrome objects in enumerateFramesAndNamespaceObjects https://bugs.webkit.org/show_bug.cgi?id=270657 rdar://123409359 Reviewed by Timothy Hatcher. Some extensions use a polyfill to overwrite the browser object with their own proxy. The Blue Canoe extension was doing this, and it led to WebExtensionContextProxy::enumerateFramesAndNamespaceObjects not being able to find the namespace object for the extension, since we were only checking the `browser` object. To fix this, check both `browser` and `chrome`, and use whichever one is valid. * Source/WebKit/WebProcess/Extensions/WebExtensionContextProxy.cpp: (WebKit::WebExtensionContextProxy::enumerateFramesAndNamespaceObjects): Canonical link: https://commits.webkit.org/275809@main Identifier: 273664.1362@safari-7619.1.5.6-branch
WebKit · Mar 11, 2024 · a7d8aa9 · a7d8aa9
1 parent 2994a63
commit a7d8aa9
Showing 1 changed file with 11 additions and 4 deletions.
diff --git a/Source/WebKit/WebProcess/Extensions/WebExtensionContextProxy.cpp b/Source/WebKit/WebProcess/Extensions/WebExtensionContextProxy.cpp
@@ -184,11 +184,18 @@ void WebExtensionContextProxy::enumerateFramesAndNamespaceObjects(const Function
 
         auto context = page->isServiceWorkerPage() ? frame->jsContextForServiceWorkerWorld(world) : frame->jsContextForWorld(world);
         auto globalObject = JSContextGetGlobalObject(context);
-        auto namespaceObject = JSObjectGetProperty(context, globalObject, toJSString("browser").get(), nullptr);
-        if (!namespaceObject || !JSValueIsObject(context, namespaceObject))
-            continue;
 
-        RefPtr namespaceObjectImpl = toWebExtensionAPINamespace(context, namespaceObject);
+        RefPtr<WebExtensionAPINamespace> namespaceObjectImpl;
+        auto browserNamespaceObject = JSObjectGetProperty(context, globalObject, toJSString("browser").get(), nullptr);
+        if (browserNamespaceObject && JSValueIsObject(context, browserNamespaceObject))
+            namespaceObjectImpl = toWebExtensionAPINamespace(context, browserNamespaceObject);
+
+        if (!namespaceObjectImpl) {
+            auto chromeNamespaceObject = JSObjectGetProperty(context, globalObject, toJSString("chrome").get(), nullptr);
+            if (chromeNamespaceObject && JSValueIsObject(context, chromeNamespaceObject))
+                namespaceObjectImpl = toWebExtensionAPINamespace(context, chromeNamespaceObject);
+        }
+
         if (!namespaceObjectImpl)
             continue;