Commit d033d14b authored by Alexander Mikhaylenko's avatar Alexander Mikhaylenko
Browse files

Merge commit 'ed6ed703' into pureos/amber-phone

parents 49d3934c ed6ed703
================
WebKitGTK 2.30.6
================
What's new in WebKitGTK 2.30.6?
- Update user agent quirks again for Google Docs and Google Drive
- Fix several crashes and rendering issues.
================
WebKitGTK 2.30.5
================
......
......@@ -105,6 +105,30 @@ private:
void readTop()
{
auto readWorld = [&] (Node* node) {
// All of the outermost arguments, except this, are read in sloppy mode.
if (!m_graph.m_codeBlock->ownerExecutable()->isInStrictContext()) {
for (unsigned i = m_graph.m_codeBlock->numParameters(); i--;)
m_read(virtualRegisterForArgumentIncludingThis(i));
}
// The stack header is read.
for (unsigned i = 0; i < CallFrameSlot::thisArgument; ++i)
m_read(VirtualRegister(i));
// Read all of the inline arguments and call frame headers that we didn't already capture.
for (InlineCallFrame* inlineCallFrame = node->origin.semantic.inlineCallFrame(); inlineCallFrame; inlineCallFrame = inlineCallFrame->getCallerInlineFrameSkippingTailCalls()) {
if (!inlineCallFrame->isInStrictContext()) {
for (unsigned i = inlineCallFrame->argumentsWithFixup.size(); i--;)
m_read(VirtualRegister(inlineCallFrame->stackOffset + virtualRegisterForArgumentIncludingThis(i).offset()));
}
if (inlineCallFrame->isClosureCall)
m_read(VirtualRegister(inlineCallFrame->stackOffset + CallFrameSlot::callee));
if (inlineCallFrame->isVarargs())
m_read(VirtualRegister(inlineCallFrame->stackOffset + CallFrameSlot::argumentCountIncludingThis));
}
};
auto readFrame = [&] (InlineCallFrame* inlineCallFrame, unsigned numberOfArgumentsToSkip) {
if (!inlineCallFrame) {
// Read the outermost arguments and argument count.
......@@ -122,8 +146,10 @@ private:
auto readSpread = [&] (Node* spread) {
ASSERT(spread->op() == Spread || spread->op() == PhantomSpread);
if (!spread->child1()->isPhantomAllocation())
if (!spread->child1()->isPhantomAllocation()) {
readWorld(spread);
return;
}
ASSERT(spread->child1()->op() == PhantomCreateRest || spread->child1()->op() == PhantomNewArrayBuffer);
if (spread->child1()->op() == PhantomNewArrayBuffer) {
......@@ -238,27 +264,7 @@ private:
}
default: {
// All of the outermost arguments, except this, are read in sloppy mode.
if (!m_graph.m_codeBlock->ownerExecutable()->isInStrictContext()) {
for (unsigned i = m_graph.m_codeBlock->numParameters(); i--;)
m_read(virtualRegisterForArgumentIncludingThis(i));
}
// The stack header is read.
for (unsigned i = 0; i < CallFrameSlot::thisArgument; ++i)
m_read(VirtualRegister(i));
// Read all of the inline arguments and call frame headers that we didn't already capture.
for (InlineCallFrame* inlineCallFrame = m_node->origin.semantic.inlineCallFrame(); inlineCallFrame; inlineCallFrame = inlineCallFrame->getCallerInlineFrameSkippingTailCalls()) {
if (!inlineCallFrame->isInStrictContext()) {
for (unsigned i = inlineCallFrame->argumentsWithFixup.size(); i--;)
m_read(VirtualRegister(inlineCallFrame->stackOffset + virtualRegisterForArgumentIncludingThis(i).offset()));
}
if (inlineCallFrame->isClosureCall)
m_read(VirtualRegister(inlineCallFrame->stackOffset + CallFrameSlot::callee));
if (inlineCallFrame->isVarargs())
m_read(VirtualRegister(inlineCallFrame->stackOffset + CallFrameSlot::argumentCountIncludingThis));
}
readWorld(m_node);
break;
} }
}
......
......@@ -141,6 +141,11 @@ inline JSPropertyNameEnumerator* propertyNameEnumerator(JSGlobalObject* globalOb
bool successfullyNormalizedChain = normalizePrototypeChain(globalObject, base, sawPolyProto) != InvalidPrototypeChain;
Structure* structureAfterGettingPropertyNames = base->structure(vm);
if (!structureAfterGettingPropertyNames->canAccessPropertiesQuicklyForEnumeration()) {
indexedLength = 0;
numberStructureProperties = 0;
}
enumerator = JSPropertyNameEnumerator::create(vm, structureAfterGettingPropertyNames, indexedLength, numberStructureProperties, WTFMove(propertyNames));
if (!indexedLength && successfullyNormalizedChain && structureAfterGettingPropertyNames == structure) {
enumerator->setCachedPrototypeChain(vm, structure->prototypeChain(globalObject, base));
......
......@@ -873,6 +873,7 @@ bool portAllowed(const URL& url)
42, // name
43, // nicname
53, // domain
69, // TFTP
77, // priv-rjs
79, // finger
87, // ttylink
......@@ -890,8 +891,10 @@ bool portAllowed(const URL& url)
119, // nntp
123, // NTP
135, // loc-srv / epmap
137, // NetBIOS
139, // netbios
143, // IMAP2
161, // SNMP
179, // BGP
389, // LDAP
427, // SLP (Also used by Apple Filing Protocol)
......@@ -906,6 +909,7 @@ bool portAllowed(const URL& url)
532, // netnews
540, // UUCP
548, // afpovertcp [Apple addition]
554, // rtsp
556, // remotefs
563, // NNTP+SSL
587, // ESMTP
......@@ -913,6 +917,9 @@ bool portAllowed(const URL& url)
636, // LDAP+SSL
993, // IMAP+SSL
995, // POP3+SSL
1719, // H323 (RAS)
1720, // H323 (Q931)
1723, // H323 (H245)
2049, // NFS
3659, // apple-sasl / PasswordServer [Apple addition]
4045, // lockd
......@@ -920,6 +927,7 @@ bool portAllowed(const URL& url)
5060, // SIP
5061, // SIPS
6000, // X11
6566, // SANE
6665, // Alternate IRC [Apple addition]
6666, // Alternate IRC [Apple addition]
6667, // Standard IRC [Apple addition]
......
......@@ -370,6 +370,7 @@ set(WebCore_NON_SVG_IDL_FILES
Modules/mediastream/RTCOfferAnswerOptions.idl
Modules/mediastream/RTCOfferOptions.idl
Modules/mediastream/RTCPeerConnection.idl
Modules/mediastream/RTCPeerConnectionIceErrorEvent.idl
Modules/mediastream/RTCPeerConnectionIceEvent.idl
Modules/mediastream/RTCPeerConnectionState.idl
Modules/mediastream/RTCPriorityType.idl
......
......@@ -200,6 +200,7 @@ $(PROJECT_DIR)/Modules/mediastream/RTCOfferAnswerOptions.idl
$(PROJECT_DIR)/Modules/mediastream/RTCOfferOptions.idl
$(PROJECT_DIR)/Modules/mediastream/RTCPeerConnection.idl
$(PROJECT_DIR)/Modules/mediastream/RTCPeerConnection.js
$(PROJECT_DIR)/Modules/mediastream/RTCPeerConnectionIceErrorEvent.idl
$(PROJECT_DIR)/Modules/mediastream/RTCPeerConnectionIceEvent.idl
$(PROJECT_DIR)/Modules/mediastream/RTCPeerConnectionInternals.js
$(PROJECT_DIR)/Modules/mediastream/RTCPeerConnectionState.idl
......
......@@ -1430,6 +1430,8 @@ $(BUILT_PRODUCTS_DIR)/DerivedSources/WebCore/JSRTCOfferOptions.cpp
$(BUILT_PRODUCTS_DIR)/DerivedSources/WebCore/JSRTCOfferOptions.h
$(BUILT_PRODUCTS_DIR)/DerivedSources/WebCore/JSRTCPeerConnection.cpp
$(BUILT_PRODUCTS_DIR)/DerivedSources/WebCore/JSRTCPeerConnection.h
$(BUILT_PRODUCTS_DIR)/DerivedSources/WebCore/JSRTCPeerConnectionIceErrorEvent.cpp
$(BUILT_PRODUCTS_DIR)/DerivedSources/WebCore/JSRTCPeerConnectionIceErrorEvent.h
$(BUILT_PRODUCTS_DIR)/DerivedSources/WebCore/JSRTCPeerConnectionIceEvent.cpp
$(BUILT_PRODUCTS_DIR)/DerivedSources/WebCore/JSRTCPeerConnectionIceEvent.h
$(BUILT_PRODUCTS_DIR)/DerivedSources/WebCore/JSRTCPeerConnectionState.cpp
......
......@@ -300,6 +300,7 @@ JS_BINDING_IDLS = \
$(WebCore)/Modules/mediastream/RTCOfferOptions.idl \
$(WebCore)/Modules/mediastream/RTCPeerConnection.idl \
$(WebCore)/Modules/mediastream/RTCPeerConnectionIceEvent.idl \
$(WebCore)/Modules/mediastream/RTCPeerConnectionIceErrorEvent.idl \
$(WebCore)/Modules/mediastream/RTCPeerConnectionState.idl \
$(WebCore)/Modules/mediastream/RTCPriorityType.idl \
$(WebCore)/Modules/mediastream/RTCRtpCapabilities.idl \
......
......@@ -51,6 +51,7 @@
#include "RTCController.h"
#include "RTCDataChannel.h"
#include "RTCIceCandidate.h"
#include "RTCPeerConnectionIceErrorEvent.h"
#include "RTCPeerConnectionIceEvent.h"
#include "RTCSessionDescription.h"
#include "Settings.h"
......@@ -279,7 +280,7 @@ void RTCPeerConnection::queuedAddIceCandidate(RTCIceCandidate* rtcCandidate, DOM
}
// Implementation of https://w3c.github.io/webrtc-pc/#set-pc-configuration
static inline ExceptionOr<Vector<MediaEndpointConfiguration::IceServerInfo>> iceServersFromConfiguration(RTCConfiguration& newConfiguration, const RTCConfiguration* existingConfiguration, bool isLocalDescriptionSet)
ExceptionOr<Vector<MediaEndpointConfiguration::IceServerInfo>> RTCPeerConnection::iceServersFromConfiguration(RTCConfiguration& newConfiguration, const RTCConfiguration* existingConfiguration, bool isLocalDescriptionSet)
{
if (existingConfiguration && newConfiguration.bundlePolicy != existingConfiguration->bundlePolicy)
return Exception { InvalidModificationError, "BundlePolicy does not match existing policy" };
......@@ -301,8 +302,13 @@ static inline ExceptionOr<Vector<MediaEndpointConfiguration::IceServerInfo>> ice
urls = WTFMove(vector);
});
urls.removeAllMatching([](auto& url) {
return URL { URL { }, url }.path().endsWithIgnoringASCIICase(".local");
urls.removeAllMatching([&](auto& urlString) {
URL url { URL { }, urlString };
if (url.path().endsWithIgnoringASCIICase(".local") || !portAllowed(url)) {
queueTaskToDispatchEvent(*this, TaskSource::MediaElement, RTCPeerConnectionIceErrorEvent::create(Event::CanBubble::No, Event::IsCancelable::No, { }, { }, WTFMove(urlString), 701, "URL is not allowed"_s));
return true;
}
return false;
});
auto serverURLs = WTF::map(urls, [](auto& url) -> URL {
......
......@@ -217,6 +217,8 @@ private:
ExceptionOr<Vector<MediaEndpointConfiguration::CertificatePEM>> certificatesFromConfiguration(const RTCConfiguration&);
ExceptionOr<Vector<MediaEndpointConfiguration::IceServerInfo>> iceServersFromConfiguration(RTCConfiguration& newConfiguration, const RTCConfiguration* existingConfiguration, bool isLocalDescriptionSet);
bool m_isStopped { false };
RTCSignalingState m_signalingState { RTCSignalingState::Stable };
RTCIceGatheringState m_iceGatheringState { RTCIceGatheringState::New };
......
......@@ -116,7 +116,7 @@ typedef (object or DOMString) AlgorithmIdentifier;
attribute EventHandler oniceconnectionstatechange;
attribute EventHandler onicegatheringstatechange;
attribute EventHandler onconnectionstatechange;
// FIXME 169644: missing onfingerprintfailure and onicecandidateerror
attribute EventHandler onicecandidateerror;
// Private API used to implement the overloaded operations above. Queued functions are called by runQueuedOperation().
// See RTCPeerConnectionInternals.js.
......
/*
* Copyright (C) 2020 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
* OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "config.h"
#include "RTCPeerConnectionIceErrorEvent.h"
#if ENABLE(WEB_RTC)
#include "EventNames.h"
#include <wtf/IsoMallocInlines.h>
namespace WebCore {
WTF_MAKE_ISO_ALLOCATED_IMPL(RTCPeerConnectionIceErrorEvent);
Ref<RTCPeerConnectionIceErrorEvent> RTCPeerConnectionIceErrorEvent::create(CanBubble canBubble, IsCancelable isCancelable, String&& address, Optional<uint16_t> port, String&& url, uint16_t errorCode, String&& errorText)
{
return adoptRef(*new RTCPeerConnectionIceErrorEvent(eventNames().icecandidateerrorEvent, canBubble, isCancelable, WTFMove(address), port, WTFMove(url), errorCode, WTFMove(errorText)));
}
Ref<RTCPeerConnectionIceErrorEvent> RTCPeerConnectionIceErrorEvent::create(const AtomString& type, Init&& init)
{
return adoptRef(*new RTCPeerConnectionIceErrorEvent(type, init.bubbles ? CanBubble::Yes : CanBubble::No,
init.cancelable ? IsCancelable::Yes : IsCancelable::No, WTFMove(init.address), init.port, WTFMove(init.url), WTFMove(init.errorCode), WTFMove(init.errorText)));
}
RTCPeerConnectionIceErrorEvent::RTCPeerConnectionIceErrorEvent(const AtomString& type, CanBubble canBubble, IsCancelable cancelable, String&& address, Optional<uint16_t> port, String&& url, uint16_t errorCode, String&& errorText)
: Event(type, canBubble, cancelable)
, m_address(WTFMove(address))
, m_port(port)
, m_url(WTFMove(url))
, m_errorCode(errorCode)
, m_errorText(WTFMove(errorText))
{
}
RTCPeerConnectionIceErrorEvent::~RTCPeerConnectionIceErrorEvent() = default;
EventInterface RTCPeerConnectionIceErrorEvent::eventInterface() const
{
return RTCPeerConnectionIceErrorEventInterfaceType;
}
} // namespace WebCore
#endif // ENABLE(WEB_RTC)
/*
* Copyright (C) 2020 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
* OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#pragma once
#if ENABLE(WEB_RTC)
#include "Event.h"
#include <wtf/Optional.h>
#include <wtf/text/AtomString.h>
namespace WebCore {
class RTCIceCandidate;
class RTCPeerConnectionIceErrorEvent final : public Event {
WTF_MAKE_ISO_ALLOCATED(RTCPeerConnectionIceErrorEvent);
public:
virtual ~RTCPeerConnectionIceErrorEvent();
struct Init : EventInit {
String address;
Optional<uint16_t> port;
String url;
uint16_t errorCode { 0 };
String errorText;
};
static Ref<RTCPeerConnectionIceErrorEvent> create(const AtomString& type, Init&&);
static Ref<RTCPeerConnectionIceErrorEvent> create(CanBubble, IsCancelable, String&& address, Optional<uint16_t> port, String&& url, uint16_t errorCode, String&& errorText);
const String& address() const { return m_address; }
Optional<uint16_t> port() const { return m_port; }
const String& url() const { return m_url; }
uint16_t errorCode() const { return m_errorCode; }
const String& errorText() const { return m_errorText; }
virtual EventInterface eventInterface() const;
private:
RTCPeerConnectionIceErrorEvent(const AtomString& type, CanBubble, IsCancelable, String&& address, Optional<uint16_t> port, String&& url, uint16_t errorCode, String&& errorText);
String m_address;
Optional<uint16_t> m_port;
String m_url;
uint16_t m_errorCode { 0 };
String m_errorText;
};
} // namespace WebCore
#endif // ENABLE(WEB_RTC)
/*
* Copyright (C) 2020 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
* OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
dictionary RTCPeerConnectionIceErrorEventInit : EventInit {
DOMString? address;
unsigned short? port;
DOMString url;
required unsigned short errorCode;
USVString errorText;
};
[
Conditional=WEB_RTC,
EnabledAtRuntime=PeerConnection,
Exposed=Window
] interface RTCPeerConnectionIceErrorEvent : Event {
constructor(DOMString type, RTCPeerConnectionIceErrorEventInit eventInitDict);
readonly attribute DOMString? address;
readonly attribute unsigned short? port;
readonly attribute DOMString url;
readonly attribute unsigned short errorCode;
readonly attribute USVString errorText;
};
......@@ -161,6 +161,7 @@ Modules/mediastream/RTCIceCandidate.cpp
Modules/mediastream/RTCIceTransport.cpp
Modules/mediastream/RTCPeerConnection.cpp
Modules/mediastream/RTCPeerConnectionIceEvent.cpp
Modules/mediastream/RTCPeerConnectionIceErrorEvent.cpp
Modules/mediastream/RTCRtpReceiver.cpp
Modules/mediastream/RTCRtpSender.cpp
Modules/mediastream/RTCRtpTransceiver.cpp
......@@ -3231,6 +3232,7 @@ JSRTCOfferAnswerOptions.cpp
JSRTCOfferOptions.cpp
JSRTCPeerConnection.cpp
JSRTCPeerConnectionIceEvent.cpp
JSRTCPeerConnectionIceErrorEvent.cpp
JSRTCPeerConnectionState.cpp
JSRTCPriorityType.cpp
JSRTCRtpCapabilities.cpp
......
......@@ -208,6 +208,7 @@ namespace WebCore {
macro(RTCIceTransport) \
macro(RTCPeerConnection) \
macro(RTCPeerConnectionIceEvent) \
macro(RTCPeerConnectionIceErrorEvent) \
macro(RTCRtpReceiver) \
macro(RTCRtpSender) \
macro(RTCRtpTransceiver) \
......
......@@ -125,8 +125,12 @@ void MediaQueryMatcher::evaluateAll()
continue;
bool notify;
list->evaluate(evaluator, notify);
if (notify)
if (notify) {
if (m_document && m_document->quirks().shouldSilenceMediaQueryListChangeEvents())
continue;
list->dispatchEvent(MediaQueryListEvent::create(eventNames().changeEvent, list->media(), list->matches()));
}
}
}
......
......@@ -3457,8 +3457,11 @@ bool Document::canNavigateInternal(Frame& targetFrame)
if (!isSandboxed(SandboxTopNavigation) && &targetFrame == &m_frame->tree().top())
return true;
// The user gesture only relaxes permissions for the purpose of navigating if its impacts the current document.
bool isProcessingUserGestureForDocument = UserGestureIndicator::processingUserGesture(m_frame->document());
// ii. A frame can navigate its top ancestor when its 'allow-top-navigation-by-user-activation' flag is set and navigation is triggered by user activation.
if (!isSandboxed(SandboxTopNavigationByUserActivation) && UserGestureIndicator::processingUserGesture() && &targetFrame == &m_frame->tree().top())
if (!isSandboxed(SandboxTopNavigationByUserActivation) && isProcessingUserGestureForDocument && &targetFrame == &m_frame->tree().top())
return true;
// iii. A sandboxed frame can always navigate its descendants.
......@@ -3475,14 +3478,13 @@ bool Document::canNavigateInternal(Frame& targetFrame)
// 2. Otherwise, if B is a top-level browsing context, and is one of the ancestor browsing contexts of A, then:
if (m_frame != &targetFrame && &targetFrame == &m_frame->tree().top()) {
bool triggeredByUserActivation = UserGestureIndicator::processingUserGesture();
// 1. If this algorithm is triggered by user activation and A's active document's active sandboxing flag set has its sandboxed top-level navigation with user activation browsing context flag set, then abort these steps negatively.
if (triggeredByUserActivation && isSandboxed(SandboxTopNavigationByUserActivation)) {
if (isProcessingUserGestureForDocument && isSandboxed(SandboxTopNavigationByUserActivation)) {
printNavigationErrorMessage(targetFrame, url(), "The frame attempting navigation of the top-level window is sandboxed, but the 'allow-top-navigation-by-user-activation' flag is not set and navigation is not triggered by user activation."_s);
return false;
}
// 2. Otherwise, If this algorithm is not triggered by user activation and A's active document's active sandboxing flag set has its sandboxed top-level navigation without user activation browsing context flag set, then abort these steps negatively.
if (!triggeredByUserActivation && isSandboxed(SandboxTopNavigation)) {
if (!isProcessingUserGestureForDocument && isSandboxed(SandboxTopNavigation)) {
printNavigationErrorMessage(targetFrame, url(), "The frame attempting navigation of the top-level window is sandboxed, but the 'allow-top-navigation' flag is not set."_s);
return false;
}
......@@ -3556,8 +3558,12 @@ bool Document::isNavigationBlockedByThirdPartyIFrameRedirectBlocking(Frame& targ
// Only prevent navigations by unsandboxed iframes. Such navigations by unsandboxed iframes would have already been blocked unless
// "allow-top-navigation" / "allow-top-navigation-by-user-activation" was explicitly specified.
if (sandboxFlags() != SandboxNone)
return false;
if (sandboxFlags() != SandboxNone) {
// Navigation is only allowed if the parent of the sandboxed iframe is first-party.
auto* parentDocument = m_frame->tree().parent() ? m_frame->tree().parent()->document() : nullptr;
if (parentDocument && canAccessAncestor(parentDocument->securityOrigin(), &targetFrame))
return false;
}
// Only prevent navigations by third-party iframes or untrusted first-party iframes.
bool isUntrustedIframe = m_hasLoadedThirdPartyScript && m_hasLoadedThirdPartyFrame;
......
......@@ -144,6 +144,7 @@ namespace WebCore {
macro(gotpointercapture) \
macro(hashchange) \
macro(icecandidate) \
macro(icecandidateerror) \
macro(iceconnectionstatechange) \
macro(icegatheringstatechange) \
macro(inactive) \
......
......@@ -57,10 +57,10 @@ MediaStreamTrackEvent conditional=MEDIA_STREAM
MerchantValidationEvent conditional=PAYMENT_REQUEST
PaymentMethodChangeEvent conditional=PAYMENT_REQUEST
PaymentRequestUpdateEvent conditional=PAYMENT_REQUEST
RTCPeerConnectionIceErrorEvent conditional=WEB_RTC
RTCPeerConnectionIceEvent conditional=WEB_RTC
RTCDataChannelEvent conditional=WEB_RTC
RTCDTMFToneChangeEvent conditional=WEB_RTC
RTCPeerConnectionIceEvent conditional=WEB_RTC
RTCTrackEvent conditional=WEB_RTC
SpeechSynthesisEvent conditional=SPEECH_SYNTHESIS
WebGLContextEvent conditional=WEBGL
......
......@@ -258,15 +258,6 @@ void EventTarget::fireEventListeners(Event& event, EventInvokePhase phase)
if (!data)
return;
// FIXME: Remove once <rdar://problem/62344280> is fixed.
if (is<Document>(scriptExecutionContext())) {
auto* page = downcast<Document>(*scriptExecutionContext()).page();
if (page && !page->shouldFireEvents()) {
RELEASE_LOG_IF(page->isAlwaysOnLoggingAllowed(), Events, "%p - EventTarget::fireEventListeners: Not firing %{public}s event because events are temporarily disabled for this page", this, event.type().string().utf8().data());
return;
}
}
SetForScope<bool> firingEventListenersScope(data->isFiringEventListeners, true);
if (auto* listenersVector = data->eventListenerMap.find(event.type())) {
......
......@@ -30,6 +30,7 @@
#include "Document.h"
#include "Frame.h"
#include "ResourceLoadObserver.h"
#include "SecurityOrigin.h"
#include <wtf/MainThread.h>
#include <wtf/NeverDestroyed.h>
#include <wtf/Optional.h>
......@@ -43,6 +44,34 @@ static RefPtr<UserGestureToken>& currentToken()
return token;
}
UserGestureToken::UserGestureToken(ProcessingUserGestureState state, UserGestureType gestureType, Document* document)
: m_state(state)
, m_gestureType(gestureType)
{
if (!document || !processingUserGesture())
return;
// User gesture is valid for the document that received the user gesture, all of its ancestors
// as well as all same-origin documents on the page.
m_documentsImpactedByUserGesture.add(*document);
auto* documentFrame = document->frame();
if (!documentFrame)
return;