Skip to content
Permalink
Browse files
"text/html" data is not exposed when dragging and dropping across ori…
…gins

https://bugs.webkit.org/show_bug.cgi?id=178253
<rdar://problem/34971203>

Reviewed by Ryosuke Niwa.

Source/WebCore:

Minor tweak to DataTransfer::setDataFromItemList to allow "text/html" written from bindings to transfer across
origins without requiring a sanitized representation. Currently, sanitizedData is null, which limits "text/html"
to being treated as custom data, inaccessible across origins. We should instead treat markup supplied via
bindings the same way as we do "text/plain" supplied via bindings.

Modified Tests: editing/pasteboard/data-transfer-set-data-sanitize-url-when-copying-in-null-origin.html
                editing/pasteboard/data-transfer-set-data-sanitize-url-when-dragging-in-null-origin.html

* dom/DataTransfer.cpp:
(WebCore::DataTransfer::setDataFromItemList):

LayoutTests:

Renames some existing layout tests, and also augments two tests to verify that "text/html" is preserved when
copying and dragging across origins that don't match.

* TestExpectations:
* editing/pasteboard/data-transfer-set-data-ignore-copied-malformed-url-in-null-expected.txt: Renamed from LayoutTests/editing/pasteboard/data-transfer-set-data-ignore-copied-walformed-url-in-null-expected.txt.
* editing/pasteboard/data-transfer-set-data-ignore-copied-malformed-url-in-null-origin-expected.txt: Renamed from LayoutTests/editing/pasteboard/data-transfer-set-data-ignore-copied-walformed-url-in-null-origin-expected.txt.
* editing/pasteboard/data-transfer-set-data-ignore-copied-malformed-url-in-null-origin.html: Renamed from LayoutTests/editing/pasteboard/data-transfer-set-data-ignore-copied-walformed-url-in-null-origin.html.
* editing/pasteboard/data-transfer-set-data-sanitize-url-when-copying-in-null-origin-expected.txt: Renamed from LayoutTests/editing/pasteboard/data-transfer-set-data-sanitlize-url-when-copying-in-null-origin-expected.txt.
* editing/pasteboard/data-transfer-set-data-sanitize-url-when-copying-in-null-origin.html: Renamed from LayoutTests/editing/pasteboard/data-transfer-set-data-sanitlize-url-when-copying-in-null-origin.html.
* editing/pasteboard/data-transfer-set-data-sanitize-url-when-dragging-in-null-origin-expected.txt: Renamed from LayoutTests/editing/pasteboard/data-transfer-set-data-sanitlize-url-when-dragging-in-null-origin-expected.txt.
* editing/pasteboard/data-transfer-set-data-sanitize-url-when-dragging-in-null-origin.html: Renamed from LayoutTests/editing/pasteboard/data-transfer-set-data-sanitlize-url-when-dragging-in-null-origin.html.
* platform/mac-wk1/TestExpectations:


Canonical link: https://commits.webkit.org/194492@main
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@223278 268f45cc-cd09-0410-ab3c-d52691b4dbfc
  • Loading branch information
whsieh committed Oct 13, 2017
1 parent bab4973 commit bdc5c4d631ab9edfa1e9376d9cb0040dd0232242
Showing 12 changed files with 89 additions and 29 deletions.
@@ -1,3 +1,24 @@
2017-10-13 Wenson Hsieh <wenson_hsieh@apple.com>

"text/html" data is not exposed when dragging and dropping across origins
https://bugs.webkit.org/show_bug.cgi?id=178253
<rdar://problem/34971203>

Reviewed by Ryosuke Niwa.

Renames some existing layout tests, and also augments two tests to verify that "text/html" is preserved when
copying and dragging across origins that don't match.

* TestExpectations:
* editing/pasteboard/data-transfer-set-data-ignore-copied-malformed-url-in-null-expected.txt: Renamed from LayoutTests/editing/pasteboard/data-transfer-set-data-ignore-copied-walformed-url-in-null-expected.txt.
* editing/pasteboard/data-transfer-set-data-ignore-copied-malformed-url-in-null-origin-expected.txt: Renamed from LayoutTests/editing/pasteboard/data-transfer-set-data-ignore-copied-walformed-url-in-null-origin-expected.txt.
* editing/pasteboard/data-transfer-set-data-ignore-copied-malformed-url-in-null-origin.html: Renamed from LayoutTests/editing/pasteboard/data-transfer-set-data-ignore-copied-walformed-url-in-null-origin.html.
* editing/pasteboard/data-transfer-set-data-sanitize-url-when-copying-in-null-origin-expected.txt: Renamed from LayoutTests/editing/pasteboard/data-transfer-set-data-sanitlize-url-when-copying-in-null-origin-expected.txt.
* editing/pasteboard/data-transfer-set-data-sanitize-url-when-copying-in-null-origin.html: Renamed from LayoutTests/editing/pasteboard/data-transfer-set-data-sanitlize-url-when-copying-in-null-origin.html.
* editing/pasteboard/data-transfer-set-data-sanitize-url-when-dragging-in-null-origin-expected.txt: Renamed from LayoutTests/editing/pasteboard/data-transfer-set-data-sanitlize-url-when-dragging-in-null-origin-expected.txt.
* editing/pasteboard/data-transfer-set-data-sanitize-url-when-dragging-in-null-origin.html: Renamed from LayoutTests/editing/pasteboard/data-transfer-set-data-sanitlize-url-when-dragging-in-null-origin.html.
* platform/mac-wk1/TestExpectations:

2017-10-12 Brady Eidson <beidson@apple.com>

SW "Hello world".
@@ -77,7 +77,7 @@ editing/pasteboard/data-transfer-get-data-on-drop-plain-text.html [ Skip ]
editing/pasteboard/data-transfer-get-data-on-drop-rich-text.html [ Skip ]
editing/pasteboard/data-transfer-get-data-on-drop-url.html [ Skip ]
editing/pasteboard/data-transfer-is-unique-for-dragenter-and-dragleave.html [ Skip ]
editing/pasteboard/data-transfer-set-data-sanitlize-url-when-dragging-in-null-origin.html [ Skip ]
editing/pasteboard/data-transfer-set-data-sanitize-url-when-dragging-in-null-origin.html [ Skip ]
editing/pasteboard/drag-end-crash-accessing-item-list.html [ Skip ]
editing/pasteboard/data-transfer-item-list-add-file-on-drag.html [ Skip ]
editing/pasteboard/data-transfer-items-drop-file.html [ Skip ]
@@ -4,11 +4,12 @@ On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE


PASS urlReadInSameDocument is "http://webkit.org/b/🤔?x=8 + 6<"
PASS JSON.stringify(typesInSameDocument) is "[\"text/uri-list\"]"
PASS JSON.stringify(itemsInSameDocument) is "[{\"kind\":\"string\",\"type\":\"text/uri-list\"}]"
PASS htmlReadInSameDocument is "testing"
PASS JSON.stringify(typesInSameDocument) is "[\"text/uri-list\",\"text/html\"]"
PASS JSON.stringify(itemsInSameDocument) is "[{\"kind\":\"string\",\"type\":\"text/uri-list\"},{\"kind\":\"string\",\"type\":\"text/html\"}]"
PASS event.clipboardData.getData("url") is "http://webkit.org/b/%F0%9F%A4%94?x=8%20+%206%3C"
PASS JSON.stringify(event.clipboardData.types) is "[\"text/uri-list\"]"
PASS JSON.stringify(Array.from(event.clipboardData.items).map((item) => ({kind: item.kind, type: item.type}))) is "[{\"kind\":\"string\",\"type\":\"text/uri-list\"}]"
PASS JSON.stringify(event.clipboardData.types) is "[\"text/uri-list\",\"text/html\"]"
PASS JSON.stringify(Array.from(event.clipboardData.items).map((item) => ({kind: item.kind, type: item.type}))) is "[{\"kind\":\"string\",\"type\":\"text/uri-list\"},{\"kind\":\"string\",\"type\":\"text/html\"}]"
PASS successfullyParsed is true

TEST COMPLETE
@@ -22,13 +22,15 @@
const originalURL = document.getElementById('source').textContent;
function copy(event) {
event.clipboardData.setData('url', originalURL);
event.clipboardData.setData('text/html', 'testing');
event.preventDefault();
}
function paste(event) {
parent.postMessage({
originalURL,
url: event.clipboardData.getData('url'),
html: event.clipboardData.getData('text/html'),
types: event.clipboardData.types,
items: Array.from(event.clipboardData.items).map((item) => ({kind: item.kind, type: item.type})),
}, '*');
@@ -53,20 +55,22 @@
originalURL = event.data.originalURL;
urlReadInSameDocument = event.data.url;
shouldBeEqualToString('urlReadInSameDocument', originalURL);
htmlReadInSameDocument = event.data.html;
shouldBeEqualToString('htmlReadInSameDocument', "testing");
typesInSameDocument = event.data.types;
shouldBeEqualToString('JSON.stringify(typesInSameDocument)', '["text/uri-list"]');
shouldBeEqualToString('JSON.stringify(typesInSameDocument)', '["text/uri-list","text/html"]');
itemsInSameDocument = event.data.items;
shouldBeEqualToString('JSON.stringify(itemsInSameDocument)', '[{"kind":"string","type":"text/uri-list"}]');
shouldBeEqualToString('JSON.stringify(itemsInSameDocument)', '[{"kind":"string","type":"text/uri-list"},{"kind":"string","type":"text/html"}]');
document.getElementById('destination').focus();
if (window.testRunner)
document.execCommand('paste');
}

function doPaste(event) {
shouldBeEqualToString('event.clipboardData.getData("url")', (new URL(originalURL)).href);
shouldBeEqualToString('JSON.stringify(event.clipboardData.types)', '["text/uri-list"]');
shouldBeEqualToString('JSON.stringify(event.clipboardData.types)', '["text/uri-list","text/html"]');
shouldBeEqualToString('JSON.stringify(Array.from(event.clipboardData.items).map((item) => ({kind: item.kind, type: item.type})))',
'[{"kind":"string","type":"text/uri-list"}]');
'[{"kind":"string","type":"text/uri-list"},{"kind":"string","type":"text/html"}]');
document.getElementById('destination').remove();
finishJSTest();
}
@@ -5,33 +5,39 @@ On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE

dragstart in the null origin document:
PASS urlReadInSameDocument is "http://webkit.org/b/🤔?x=8 + 6"
PASS JSON.stringify(typesInSameDocument) is "[\"text/uri-list\"]"
PASS JSON.stringify(itemsInSameDocument) is "[{\"kind\":\"string\",\"type\":\"text/uri-list\"}]"
PASS htmlReadInSameDocument is "testing"
PASS JSON.stringify(typesInSameDocument) is "[\"text/uri-list\",\"text/html\"]"
PASS JSON.stringify(itemsInSameDocument) is "[{\"kind\":\"string\",\"type\":\"text/uri-list\"},{\"kind\":\"string\",\"type\":\"text/html\"}]"

dragover in the null origin document:
PASS urlReadInSameDocument is ""
PASS JSON.stringify(typesInSameDocument) is "[\"text/uri-list\"]"
PASS JSON.stringify(itemsInSameDocument) is "[{\"kind\":\"string\",\"type\":\"text/uri-list\"}]"
PASS htmlReadInSameDocument is ""
PASS JSON.stringify(typesInSameDocument) is "[\"text/uri-list\",\"text/html\"]"
PASS JSON.stringify(itemsInSameDocument) is "[{\"kind\":\"string\",\"type\":\"text/uri-list\"},{\"kind\":\"string\",\"type\":\"text/html\"}]"

drop in the null origin document:
PASS urlReadInSameDocument is "http://webkit.org/b/🤔?x=8 + 6"
PASS JSON.stringify(typesInSameDocument) is "[\"text/uri-list\"]"
PASS JSON.stringify(itemsInSameDocument) is "[{\"kind\":\"string\",\"type\":\"text/uri-list\"}]"
PASS htmlReadInSameDocument is "testing"
PASS JSON.stringify(typesInSameDocument) is "[\"text/uri-list\",\"text/html\"]"
PASS JSON.stringify(itemsInSameDocument) is "[{\"kind\":\"string\",\"type\":\"text/uri-list\"},{\"kind\":\"string\",\"type\":\"text/html\"}]"

dragstart in the null origin document:
PASS urlReadInSameDocument is "http://webkit.org/b/🤔?x=8 + 6"
PASS JSON.stringify(typesInSameDocument) is "[\"text/uri-list\"]"
PASS JSON.stringify(itemsInSameDocument) is "[{\"kind\":\"string\",\"type\":\"text/uri-list\"}]"
PASS htmlReadInSameDocument is "testing"
PASS JSON.stringify(typesInSameDocument) is "[\"text/uri-list\",\"text/html\"]"
PASS JSON.stringify(itemsInSameDocument) is "[{\"kind\":\"string\",\"type\":\"text/uri-list\"},{\"kind\":\"string\",\"type\":\"text/html\"}]"

dragover in the file URL document:
PASS urlReadInSameDocument is ""
PASS JSON.stringify(typesInSameDocument) is "[\"text/uri-list\"]"
PASS JSON.stringify(itemsInSameDocument) is "[{\"kind\":\"string\",\"type\":\"text/uri-list\"}]"
PASS htmlReadInSameDocument is ""
PASS JSON.stringify(typesInSameDocument) is "[\"text/uri-list\",\"text/html\"]"
PASS JSON.stringify(itemsInSameDocument) is "[{\"kind\":\"string\",\"type\":\"text/uri-list\"},{\"kind\":\"string\",\"type\":\"text/html\"}]"

drop in the file URL document:
PASS urlReadInSameDocument is "http://webkit.org/b/%F0%9F%A4%94?x=8%20+%206"
PASS JSON.stringify(typesInSameDocument) is "[\"text/uri-list\"]"
PASS JSON.stringify(itemsInSameDocument) is "[{\"kind\":\"string\",\"type\":\"text/uri-list\"}]"
PASS htmlReadInSameDocument is "testing"
PASS JSON.stringify(typesInSameDocument) is "[\"text/uri-list\",\"text/html\"]"
PASS JSON.stringify(itemsInSameDocument) is "[{\"kind\":\"string\",\"type\":\"text/uri-list\"},{\"kind\":\"string\",\"type\":\"text/html\"}]"
PASS successfullyParsed is true

TEST COMPLETE
@@ -35,6 +35,7 @@
kind,
documentLabel: 'the null origin document',
url: dataTransfer.getData('url'),
html: dataTransfer.getData('text/html'),
types: dataTransfer.types,
items: Array.from(dataTransfer.items).map((item) => ({kind: item.kind, type: item.type})),
}, '*');
@@ -44,6 +45,7 @@
source.addEventListener("dragstart", (event) => {
postDragOver = false;
event.dataTransfer.setData('url', originalURL);
event.dataTransfer.setData('text/html', 'testing');
postContent('dragstart', event.dataTransfer);
});
destination.addEventListener("dragover", (event) => {
@@ -83,26 +85,32 @@
case 'dragstart':
urlReadInSameDocument = event.data.url;
shouldBeEqualToString('urlReadInSameDocument', originalURL);
htmlReadInSameDocument = event.data.html;
shouldBeEqualToString('htmlReadInSameDocument', "testing");
typesInSameDocument = event.data.types;
shouldBeEqualToString('JSON.stringify(typesInSameDocument)', '["text/uri-list"]');
shouldBeEqualToString('JSON.stringify(typesInSameDocument)', '["text/uri-list","text/html"]');
itemsInSameDocument = event.data.items;
shouldBeEqualToString('JSON.stringify(itemsInSameDocument)', '[{"kind":"string","type":"text/uri-list"}]');
shouldBeEqualToString('JSON.stringify(itemsInSameDocument)', '[{"kind":"string","type":"text/uri-list"},{"kind":"string","type":"text/html"}]');
break;
case 'dragover':
urlReadInSameDocument = event.data.url;
shouldBeEqualToString('urlReadInSameDocument', '');
htmlReadInSameDocument = event.data.html;
shouldBeEqualToString('htmlReadInSameDocument', '');
typesInSameDocument = event.data.types;
shouldBeEqualToString('JSON.stringify(typesInSameDocument)', '["text/uri-list"]');
shouldBeEqualToString('JSON.stringify(typesInSameDocument)', '["text/uri-list","text/html"]');
itemsInSameDocument = event.data.items;
shouldBeEqualToString('JSON.stringify(itemsInSameDocument)', '[{"kind":"string","type":"text/uri-list"}]');
shouldBeEqualToString('JSON.stringify(itemsInSameDocument)', '[{"kind":"string","type":"text/uri-list"},{"kind":"string","type":"text/html"}]');
break;
case 'drop':
urlReadInSameDocument = event.data.url;
shouldBeEqualToString('urlReadInSameDocument', event.data.documentLabel.includes('null') ? originalURL : (new URL(originalURL)).href);
htmlReadInSameDocument = event.data.html;
shouldBeEqualToString('htmlReadInSameDocument', "testing");
typesInSameDocument = event.data.types;
shouldBeEqualToString('JSON.stringify(typesInSameDocument)', '["text/uri-list"]');
shouldBeEqualToString('JSON.stringify(typesInSameDocument)', '["text/uri-list","text/html"]');
itemsInSameDocument = event.data.items;
shouldBeEqualToString('JSON.stringify(itemsInSameDocument)', '[{"kind":"string","type":"text/uri-list"}]');
shouldBeEqualToString('JSON.stringify(itemsInSameDocument)', '[{"kind":"string","type":"text/uri-list"},{"kind":"string","type":"text/html"}]');
if (!event.data.documentLabel.includes('null')) {
document.getElementById('container').remove();
finishJSTest();
@@ -117,6 +125,7 @@
kind,
documentLabel: 'the file URL document',
url: dataTransfer.getData('url'),
html: dataTransfer.getData('text/html'),
types: dataTransfer.types,
items: Array.from(dataTransfer.items).map((item) => ({kind: item.kind, type: item.type})),
}, '*');
@@ -12,7 +12,7 @@ editing/pasteboard/data-transfer-get-data-on-drop-plain-text.html [ Pass ]
editing/pasteboard/data-transfer-get-data-on-drop-rich-text.html [ Pass ]
editing/pasteboard/data-transfer-get-data-on-drop-url.html [ Pass ]
editing/pasteboard/data-transfer-is-unique-for-dragenter-and-dragleave.html [ Pass ]
editing/pasteboard/data-transfer-set-data-sanitlize-url-when-dragging-in-null-origin.html [ Pass ]
editing/pasteboard/data-transfer-set-data-sanitize-url-when-dragging-in-null-origin.html [ Pass ]
editing/pasteboard/drag-end-crash-accessing-item-list.html [ Pass ]
editing/pasteboard/data-transfer-item-list-add-file-on-drag.html [ Pass ]
editing/pasteboard/data-transfer-items-drop-file.html [ Pass ]
@@ -1,3 +1,22 @@
2017-10-13 Wenson Hsieh <wenson_hsieh@apple.com>

"text/html" data is not exposed when dragging and dropping across origins
https://bugs.webkit.org/show_bug.cgi?id=178253
<rdar://problem/34971203>

Reviewed by Ryosuke Niwa.

Minor tweak to DataTransfer::setDataFromItemList to allow "text/html" written from bindings to transfer across
origins without requiring a sanitized representation. Currently, sanitizedData is null, which limits "text/html"
to being treated as custom data, inaccessible across origins. We should instead treat markup supplied via
bindings the same way as we do "text/plain" supplied via bindings.

Modified Tests: editing/pasteboard/data-transfer-set-data-sanitize-url-when-copying-in-null-origin.html
editing/pasteboard/data-transfer-set-data-sanitize-url-when-dragging-in-null-origin.html

* dom/DataTransfer.cpp:
(WebCore::DataTransfer::setDataFromItemList):

2017-10-12 Brady Eidson <beidson@apple.com>

SW "Hello world".
@@ -213,7 +213,7 @@ void DataTransfer::setDataFromItemList(const String& type, const String& data)
auto url = URLParser(data).result();
if (url.isValid())
sanitizedData = url.string();
} else if (type == "text/plain")
} else if (type == "text/plain" || type == "text/html")
sanitizedData = data; // Nothing to sanitize.

if (sanitizedData != data)

0 comments on commit bdc5c4d

Please sign in to comment.