Form submission metadata should be limited to arrays, dictionaries, strings, data, and numbers #11399
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
achristensen07
added
the
WebKit Misc.
Collaborator
|
EWS run on previous version of this PR (hash c1ea895) Details
|
🛠 ios
webkit-ews-buildbot
added
the
merging-blocked
achristensen07
force-pushed
the
eng/Form-submission-metadata-should-be-limited-to-arrays-dictionaries-strings-and-numbers
branch
from
c1ea895 to
9042f2f
Compare
achristensen07
removed
the
merging-blocked
webkit-ews-buildbot
added
the
merging-blocked
achristensen07
force-pushed
the
eng/Form-submission-metadata-should-be-limited-to-arrays-dictionaries-strings-and-numbers
branch
from
9042f2f to
e3a8776
Compare
achristensen07
removed
the
merging-blocked
webkit-ews-buildbot
added
the
merging-blocked
achristensen07
force-pushed
the
eng/Form-submission-metadata-should-be-limited-to-arrays-dictionaries-strings-and-numbers
branch
2 times, most recently
from
8ecd9d1 to
43d2f6b
Compare
achristensen07
removed
the
merging-blocked
Collaborator
|
EWS run on previous version of this PR (hash 43d2f6b) Details |
Collaborator
|
EWS run on previous version of this PR (hash 8ecd9d1) Details |
Collaborator
|
EWS run on previous version of this PR (hash e3a8776) Details |
Collaborator
|
EWS run on previous version of this PR (hash 9042f2f) Details |
achristensen07
force-pushed
the
eng/Form-submission-metadata-should-be-limited-to-arrays-dictionaries-strings-and-numbers
branch
from
43d2f6b to
08ec9f3
Compare
Collaborator
|
EWS run on previous version of this PR (hash 08ec9f3) Details |
achristensen07
force-pushed
the
eng/Form-submission-metadata-should-be-limited-to-arrays-dictionaries-strings-and-numbers
branch
from
08ec9f3 to
edb3062
Compare
Collaborator
|
EWS run on previous version of this PR (hash edb3062) Details
|
achristensen07
changed the title
achristensen07
force-pushed
the
eng/Form-submission-metadata-should-be-limited-to-arrays-dictionaries-strings-and-numbers
branch
from
edb3062 to
1779a28
Compare
Collaborator
|
EWS run on current version of this PR (hash 1779a28) Details |
cdumez
approved these changes
Mar 13, 2023
Contributor
cdumez
left a comment
cdumez
left a comment
There was a problem hiding this comment.
LGTM if the bots are happy.
achristensen07
added
the
unsafe-merge-queue
…trings, data, and numbers https://bugs.webkit.org/show_bug.cgi?id=253753 rdar://106585542 Reviewed by Chris Dumez. Instead of encoding any object using NSSecureCoding then decoding it and returning it to the API client, restrict the NSObject types to NSString, NSData, NSNumber, NSArray, and NSDictionary, which we convert to API::Object for serialization, then convert back to those types on the other side. Also make FormClient.m_controller and FormClient.m_webView WeakObjCPtr smart pointers instead of raw pointers. Also deprecate _WKProcessPoolConfiguration.customClassesForParameterCoder because it doesn't do anything any more. * Source/WebKit/Shared/API/APIObject.h: * Source/WebKit/Shared/Cocoa/APIObject.mm: (API::Object::toNSObject): (API::Object::fromNSObject): * Source/WebKit/UIProcess/API/APIProcessPoolConfiguration.cpp: (API::ProcessPoolConfiguration::copy): * Source/WebKit/UIProcess/API/APIProcessPoolConfiguration.h: * Source/WebKit/UIProcess/API/C/WKContextConfigurationRef.cpp: (WKContextConfigurationCopyCustomClassesForParameterCoder): (WKContextConfigurationSetCustomClassesForParameterCoder): * Source/WebKit/UIProcess/API/C/WKContextConfigurationRef.h: * Source/WebKit/UIProcess/API/Cocoa/WKProcessGroup.mm: (-[WKProcessGroup initWithInjectedBundleURL:andCustomClassesForParameterCoder:]): (toStringVector): Deleted. * Source/WebKit/UIProcess/API/Cocoa/WKWebView.mm: (-[WKWebView _setInputDelegate:]): * Source/WebKit/UIProcess/API/Cocoa/_WKProcessPoolConfiguration.h: * Source/WebKit/UIProcess/API/Cocoa/_WKProcessPoolConfiguration.mm: (-[_WKProcessPoolConfiguration customClassesForParameterCoder]): (-[_WKProcessPoolConfiguration setCustomClassesForParameterCoder:]): * Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm: (WebKit::WebProcessPool::platformInitialize): (WebKit::WebProcessPool::initializeClassesForParameterCoding): Deleted. (WebKit::WebProcessPool::allowedClassesForParameterCoding const): Deleted. * Source/WebKit/UIProcess/WebProcessPool.h: * Source/WebKit/UIProcess/ios/PageClientImplIOS.mm: (WebKit::PageClientImpl::elementDidFocus): * Source/WebKit/WebProcess/InjectedBundle/API/mac/WKWebProcessPlugInBrowserContextController.mm: (-[WKWebProcessPlugInBrowserContextController _setFormDelegate:]): * Tools/TestWebKitAPI/Tests/WebKitCocoa/BundleFormDelegate.mm: (TEST): * Tools/TestWebKitAPI/Tests/WebKitCocoa/BundleFormDelegatePlugIn.mm: (-[BundleFormDelegatePlugInWithUserInfo webProcessPlugIn:didCreateBrowserContextController:]): (-[BundleFormDelegatePlugInWithUserInfo _webProcessPlugInBrowserContextController:willSubmitForm:toFrame:fromFrame:withValues:]): * Tools/TestWebKitAPI/Tests/WebKitCocoa/WKProcessPoolConfiguration.mm: (TEST): * Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKInputDelegate.mm: (-[InputDelegate _webView:willSubmitFormValues:userObject:submissionHandler:]): (TEST): * Tools/TestWebKitAPI/WKWebViewConfigurationExtras.h: * Tools/TestWebKitAPI/WKWebViewConfigurationExtras.mm: (+[WKWebViewConfiguration _test_configurationWithTestPlugInClassName:configureJSCForTesting:]): (+[WKWebViewConfiguration _test_configurationWithTestPlugInClassName:configureJSCForTesting:andCustomParameterClasses:]): Deleted. Canonical link: https://commits.webkit.org/261820@main
webkit-commit-queue
force-pushed
the
eng/Form-submission-metadata-should-be-limited-to-arrays-dictionaries-strings-and-numbers
branch
from
1779a28 to
20a50d5
Compare
Collaborator
|
Committed 261820@main (20a50d5): https://commits.webkit.org/261820@main Reviewed commits have been landed. Closing PR #11399 and removing active labels. |
webkit-commit-queue
removed
the
unsafe-merge-queue
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
20a50d5
1779a28