[iOS] Use Chromium web embedder (`CWVWebView`) #24657

kylehickinson · 2024-07-15T17:46:23Z

Resolves brave/brave-browser#38667

Running list:

Needs Migration

session restoration data check/migration: SessionTab holds onto WKWebView.interactionState, need to drop it or ignore it while restoring CWVWebView and vice-versa.
Optional: Use HTTPS Upgrade tab helpers
- Expose clearing HttpsUpgradeAllowlist when clearing browser history
- Clear allowlist on pref change (will be handled in fix(privacy): Use HttpsUpgradeService / HttpsOnlyModeAllowlist on iOS #25454)

Broken Features

SSL certificate pinning (not supported by Chromium)
block javascript shield (not supported by Chromium)
link previews (not supported by Chromium)
sampled top page color KVO (private API)
redirected loads (getInternalRedirect, loading a new request before cancelling an active load) on pages that fail to load in the end hit DCHECK (e.g. http://api.segment.io will get upgraded to https but the link itself is blocked by PiHole/content blockers)
CWVWebViewConfiguration teardown needs to be added to WebMainParts

Bugs

multiple downloads at once (UI-only: progress doesn't show combined, downloads are parallel now. Chrome only allows one download a time, so we're doing the same for now)
URL debounce breaks certain load behaviours (Load this TomsGuide page and click on the Amazon refs, its supposed to open a new tab because its marked as target=_blank but debounce breaks this)
Crashes when attempting to start a download that is triggered on a new tab (e.g. https://1password.com/downloads/mac)
Popup/child tabs receive JS messages from the parent tab incorrectly
Back/forward navigation with on http websites hits a DCHECK (Chromium bug)

Cosmetic Issues

Product Changes

user agent contains CriOS
error pages now match desktop/android but lose Brave branding
iPad uses mobile user agent by default, controlled by pref

Accesses WebKit

These access -[CWVWebView(Extras) underlyingWebView] or -[CWVWebView(Extras) WKConfiguration] directly and should be migrated over if possible

content blockers access (WKWebViewConfiguration)
cookie store access (WKWebViewConfiguration). There is web::BrowserState::GetCookieManager() that may be a replacement
deprecated javascript control preference (WKWebViewConfiguration)
Sampled page top color (WKWebView - private API)
PDF data in Leo (WKWebView - private API)
zoom level (WKWebView - private API). There is FontSizeTabHelper as a replacement but it's worse
playlist web loader (WKWebView - loadHTMLString), only exposed for testing in Chromium
safe browsing private API for sec fix (WKWebView - private API)

Cleanup

New Feature Support

These will get follow-up issues and can be implemented after this merges

Security Checklist

TBD

chromium_src/ios/web_view/internal/webui/web_view_web_ui_provider.mm

kylehickinson · 2024-07-15T17:49:38Z

ios/web_view/BUILD.gn

+  common_flags = [ "-fapplication-extension" ]
+  cflags_objc = common_flags
+  cflags_objcc = common_flags
+  defines = [ "CWV_IMPLEMENTATION" ]


This needs to be redefined for cwv_exports.h to properly export the symbols since we're copying public headers as-is

kylehickinson · 2024-07-17T19:38:44Z

...rave-ios/Sources/Brave/Frontend/Browser/BrowserViewController/BVC+WKNavigationDelegate.swift

-    if webView.fullscreenState == .inFullscreen || webView.fullscreenState == .enteringFullscreen {
-      webView.closeAllMediaPresentations {
-        self.present(alertController, animated: true)
-      }
-      return
-    }


This is done by chromium already https://source.chromium.org/chromium/chromium/src/+/main:ios/web/web_state/ui/crw_wk_ui_handler.mm;l=124

ios/brave-ios/Sources/Brave/Frontend/Browser/Tab.swift

patches/ios-web_view-internal-cwv_web_view_configuration.mm.patch

chromium_src/ios/web_view/internal/app/application_context.mm

ios/web_view/BUILD.gn

bridiver · 2024-07-24T20:46:14Z

ios/web_view/web_view_sources.gni

+
+# This file exposes the //ios/web_view embedder as a regular source_set
+
+ios_web_view_public_headers = [


is this different from ios_web_view_public_headers in ios/web_view/BUILD.gn? If so it would be better to use +=/-= instead of duplicating

The parts under our own 1 extra public header aren't different but since the original list is defined in a GN file and not GNI I couldn't access them to add into our framework so for now it was duped. If its possible to get to let me know!

ios/app/brave_core_main.mm

brave-builds · 2024-10-25T19:03:00Z

A Storybook has been deployed to preview UI for the latest push

github-actions · 2024-10-25T19:03:02Z

ios/brave-ios/Sources/Brave/Frontend/Browser/Tab.swift

+          // Cleanup
+          self.braveSearchManager = nil
+        }
+      )


_{reported by reviewdog 🐶}
[semgrep] evaluateSafeJavaScript usages should be vet by the security-team.

References:
- https://github.com/brave/brave-browser/wiki/Security-reviews (point 13)

Source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/client/brave-execute-script-ios.yaml

Cc @stoletheminerals @bridiver

github-actions · 2024-10-25T19:03:02Z

...erContent/UserScripts/Scripts_Dynamic/ScriptHandlers/Sandboxed/ReaderModeScriptHandler.swift

+        contentWorld: Self.scriptSandbox,
+        escapeArgs: false
+      ) { (object, error) -> Void in
+        return


_{reported by reviewdog 🐶}
[semgrep] evaluateSafeJavaScript usages should be vet by the security-team.

References:
- https://github.com/brave/brave-browser/wiki/Security-reviews (point 13)

Source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/client/brave-execute-script-ios.yaml

Cc @stoletheminerals @bridiver

github-actions · 2024-10-25T19:03:02Z

ios/brave-ios/Sources/BraveShared/Extensions/CWVWebViewExtensions.swift

+      escapeArgs: false,
+      asFunction: true,
+      completion: nil
+    )


_{reported by reviewdog 🐶}
[semgrep] evaluateSafeJavaScript usages should be vet by the security-team.

References:
- https://github.com/brave/brave-browser/wiki/Security-reviews (point 13)

Source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/client/brave-execute-script-ios.yaml

Cc @stoletheminerals @bridiver

github-actions · 2024-10-25T19:03:02Z

ios/brave-ios/Sources/BraveShared/Extensions/CWVWebViewExtensions.swift

+        completionHandler: { value, error in
+          completion?(value, error)
+        }
+      )


_{reported by reviewdog 🐶}
[semgrep] evaluateJavaScript usages should be vet by the security-team.

References:
- https://github.com/brave/brave-browser/wiki/Security-reviews (point 13)

Source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/client/brave-execute-script-ios.yaml

Cc @stoletheminerals @bridiver

github-actions · 2024-10-25T19:03:02Z

ios/brave-ios/Sources/BraveShared/Extensions/CWVWebViewExtensions.swift

+        escapeArgs: escapeArgs,
+        asFunction: asFunction
+      ) { value, error in
+        continuation.resume(returning: (value, error))


_{reported by reviewdog 🐶}
[semgrep] evaluateSafeJavaScript usages should be vet by the security-team.

References:
- https://github.com/brave/brave-browser/wiki/Security-reviews (point 13)

Source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/client/brave-execute-script-ios.yaml

Cc @stoletheminerals @bridiver

github-actions · 2024-10-25T19:03:02Z

ios/brave-ios/Sources/BraveShared/Extensions/CWVWebViewExtensions.swift

+      contentWorld: contentWorld,
+      escapeArgs: escapeArgs,
+      asFunction: asFunction
+    )


_{reported by reviewdog 🐶}
[semgrep] evaluateSafeJavaScript usages should be vet by the security-team.

References:
- https://github.com/brave/brave-browser/wiki/Security-reviews (point 13)

Source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/client/brave-execute-script-ios.yaml

Cc @stoletheminerals @bridiver

github-actions · 2024-10-25T19:03:02Z

ios/brave-ios/Sources/Shared/Extensions/WKWebViewExtensions.swift

+      escapeArgs: false,
+      asFunction: true,
+      completion: nil
+    )


_{reported by reviewdog 🐶}
[semgrep] evaluateSafeJavaScript usages should be vet by the security-team.

References:
- https://github.com/brave/brave-browser/wiki/Security-reviews (point 13)

Source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/client/brave-execute-script-ios.yaml

Cc @stoletheminerals @bridiver

github-actions · 2024-10-25T19:03:09Z

The security team is monitoring all repositories for certain keywords. This PR includes the word(s) "password, safe browsing" and so security team members have been added as reviewers to take a look.

No need to request a full security review at this stage, the security team will take a look shortly and either clear the label or request more information/changes.

Notifications have already been sent, but if this is blocking your merge feel free to reach out directly to the security team on Slack so that we can expedite this check.

… and buttons not working.

kylehickinson self-assigned this Jul 15, 2024

kylehickinson commented Jul 15, 2024

View reviewed changes

chromium_src/ios/web_view/internal/webui/web_view_web_ui_provider.mm Outdated Show resolved Hide resolved

kylehickinson commented Jul 15, 2024

View reviewed changes

kylehickinson added CI/skip Do not run CI builds (except noplatform) CI/skip-all-linters Do not run linters and presubmit checks labels Jul 15, 2024

stoletheminerals added the needs-security-review label Jul 16, 2024

stoletheminerals self-requested a review July 16, 2024 11:26

kylehickinson force-pushed the ios-cwvwebview branch from 9cf323a to 0817eb4 Compare July 17, 2024 19:36

kylehickinson commented Jul 17, 2024

View reviewed changes

ios/brave-ios/Sources/Brave/Frontend/Browser/Tab.swift Outdated Show resolved Hide resolved

kylehickinson force-pushed the ios-cwvwebview branch 5 times, most recently from 6ccffe6 to 66895b3 Compare July 23, 2024 17:08