Web Inspector: WebKit-internal JSContexts should not be inspectable, even if internal policies would override inspectable
#8773
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
patrickangle
force-pushed
the
eng/b250633-webkit-internal-contexts-should-not-be-inspectable
branch
from
d595bf5
to
37efe1f
Compare
|
EWS run on current version of this PR (hash 37efe1f)
|
β¦even if internal policies would override `inspectable` https://bugs.webkit.org/show_bug.cgi?id=250633 rdar://103312497 Reviewed by Saam Barati. Relanding with availability annotation fix. Originally review in github.com/WebKit/pull/8666. On configurations where `inspectable` can be overriden, there are still some WebKit-internal contexts that should not be inspectable. The first are JSDOMGlobalObjects, which are already inspectable via the WKWebView they exist for by using the context picker in Web Inspector, making these JSContexts redundant and noisy. The second case is APISerializedScriptValueCocoa which creates JSContexts to help serialize values to/from JS/Cocoa. This problem did not exist before the introduction of the `inspectable` API because the default state of `inspectable` was false, which would not be overriden because the decision by the platform as to whether an application was inspectable occurred in a system daemon, which would not override the per-context `inspectable` setting. When unifying the decision logic for what is inspectable into JSC/WebKit, this use case was initially overlooked as the only platform that implements an internal policy for inspection doesn't have any symptoms of this that a user could observe due to the specific policy. However, in use for those working on machines where this policy is applied, the noise of so many JSContexts is making it difficult to sort through usefully inspectable contexts in Safari's Develop menu. This patch also fixes a minor bug where `inspectable` would return `true` for JSContexts and WKWebViews, even if inspection was disabled, when an internal policy is overriding inspection. * Source/JavaScriptCore/API/JSRemoteInspector.cpp: (JSRemoteInspectorGetInspectionFollowsInternalPolicies): (JSRemoteInspectorSetInspectionFollowsInternalPolicies): * Source/JavaScriptCore/API/JSRemoteInspector.h: - Add methods to set and get the new "followsInternalPolicies" state to be applied to new contexts as well as those that change their `inspectable` setting. * Source/JavaScriptCore/inspector/JSGlobalObjectInspectorController.cpp: (Inspector::JSGlobalObjectInspectorController::developerExtrasEnabled const): * Source/JavaScriptCore/inspector/remote/cocoa/RemoteInspectorCocoa.mm: (Inspector::RemoteInspector::listingForInspectionTarget const): * Source/JavaScriptCore/inspector/remote/glib/RemoteInspectorGlib.cpp: (Inspector::RemoteInspector::listingForInspectionTarget const): * Source/JavaScriptCore/inspector/remote/socket/RemoteInspectorSocket.cpp: (Inspector::RemoteInspector::listingForInspectionTarget const): - Use new `allowsInspectionByPolicy` which takes into account internal policies. * Source/JavaScriptCore/inspector/remote/RemoteInspectionTarget.cpp: (Inspector::RemoteInspectionTarget::remoteControlAllowed const): (Inspector::RemoteInspectionTarget::allowsInspectionByPolicy const): (Inspector::RemoteInspectionTarget::inspectable const): (Inspector::RemoteInspectionTarget::setInspectable): (Inspector::RemoteInspectionTarget::pauseWaitingForAutomaticInspection): * Source/JavaScriptCore/inspector/remote/RemoteInspectionTarget.h: - Use the new `followsInternalPolicies` state to keep track of when a target should be exempt from internal policies for contexts that never make sense to be inspectable. - Introduce `allowsInspectionByPolicy` which takes into account internal policy when determining the inspectability of a target. Previously this was baked into `inspectable`, but that inadvertently leaks the internal policy implementation detail to clients of JSContext and WKWebView. * Source/WebCore/bindings/js/JSDOMGlobalObject.cpp: (WebCore::JSDOMGlobalObject::finishCreation): * Source/WebKit/UIProcess/API/Cocoa/APISerializedScriptValueCocoa.mm: (API::SharedJSContext::ensureContext): - Adopt new methods to mark the contexts created here as never inspectable since they do not expose any useful information. Canonical link: https://commits.webkit.org/259064@main
webkit-early-warning-system
force-pushed
the
eng/b250633-webkit-internal-contexts-should-not-be-inspectable
branch
from
37efe1f
to
d08492c
Compare
|
Committed 259064@main (d08492c): https://commits.webkit.org/259064@main Reviewed commits have been landed. Closing PR #8773 and removing active labels. |
webkit-commit-queue
removed
the
merge-queue
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
d08492c
37efe1f
π§ͺ api-gtk