Make pasteboard markup sanitization more robust
https://bugs.webkit.org/show_bug.cgi?id=206379
<rdar://problem/58660859>
Reviewed by Ryosuke Niwa.
Makes markup sanitization when copying and pasting more robust in some circumstances (see the bug for additional
details).
* editing/markup.cpp:
(WebCore::createPageForSanitizingWebContent):
Adopt the new setting when creating the temporary web page used to sanitize markup coming from the pasteboard.
* html/parser/HTMLParserOptions.cpp:
(WebCore::HTMLParserOptions::HTMLParserOptions):
* html/parser/HTMLParserOptions.h:
Rename `scriptEnabled` to `scriptingFlag`, since parsing script elements may now be allowed even when JavaScript
execution is disabled. The term "scripting flag" also closely matches the wording of the HTML parsing
specification.
* html/parser/HTMLTokenizer.cpp:
(WebCore::HTMLTokenizer::updateStateFor):
* html/parser/HTMLTreeBuilder.cpp:
(WebCore::HTMLTreeBuilder::processStartTagForInBody):
(WebCore::HTMLTreeBuilder::processStartTagForInHead):
* page/Settings.yaml:
Add a new setting to determine whether to consider the scripting flag on when parsing HTML. By default, we will
only turn the scripting flag on if script execution is enabled; however, this may be set such that we may
consider the scripting flag set, even though script execution is disabled.
* page/SettingsBase.h:
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@254800 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog
index ab4c8ef..d6dd108 100644
--- a/Source/WebCore/ChangeLog
+++ b/Source/WebCore/ChangeLog
@@ -1,3 +1,40 @@
+2020-01-17 Wenson Hsieh <wenson_hsieh@apple.com>
+
+ Make pasteboard markup sanitization more robust
+ https://bugs.webkit.org/show_bug.cgi?id=206379
+ <rdar://problem/58660859>
+
+ Reviewed by Ryosuke Niwa.
+
+ Makes markup sanitization when copying and pasting more robust in some circumstances (see the bug for additional
+ details).
+
+ * editing/markup.cpp:
+ (WebCore::createPageForSanitizingWebContent):
+
+ Adopt the new setting when creating the temporary web page used to sanitize markup coming from the pasteboard.
+
+ * html/parser/HTMLParserOptions.cpp:
+ (WebCore::HTMLParserOptions::HTMLParserOptions):
+ * html/parser/HTMLParserOptions.h:
+
+ Rename `scriptEnabled` to `scriptingFlag`, since parsing script elements may now be allowed even when JavaScript
+ execution is disabled. The term "scripting flag" also closely matches the wording of the HTML parsing
+ specification.
+
+ * html/parser/HTMLTokenizer.cpp:
+ (WebCore::HTMLTokenizer::updateStateFor):
+ * html/parser/HTMLTreeBuilder.cpp:
+ (WebCore::HTMLTreeBuilder::processStartTagForInBody):
+ (WebCore::HTMLTreeBuilder::processStartTagForInHead):
+ * page/Settings.yaml:
+
+ Add a new setting to determine whether to consider the scripting flag on when parsing HTML. By default, we will
+ only turn the scripting flag on if script execution is enabled; however, this may be set such that we may
+ consider the scripting flag set, even though script execution is disabled.
+
+ * page/SettingsBase.h:
+
2020-01-18 Antti Koivisto <antti@apple.com>
[LFC] LayoutState constructor shouldn't take LayoutTreeContent
diff --git a/Source/WebCore/editing/markup.cpp b/Source/WebCore/editing/markup.cpp
index 46458ae..1595035 100644
--- a/Source/WebCore/editing/markup.cpp
+++ b/Source/WebCore/editing/markup.cpp
@@ -181,6 +181,7 @@
auto page = makeUnique<Page>(WTFMove(pageConfiguration));
page->settings().setMediaEnabled(false);
page->settings().setScriptEnabled(false);
+ page->settings().setParserScriptingFlagPolicy(SettingsBase::ParserScriptingFlagPolicy::Enabled);
page->settings().setPluginsEnabled(false);
page->settings().setAcceleratedCompositingEnabled(false);
diff --git a/Source/WebCore/html/parser/HTMLParserOptions.cpp b/Source/WebCore/html/parser/HTMLParserOptions.cpp
index f82eb0a..58d95ca 100644
--- a/Source/WebCore/html/parser/HTMLParserOptions.cpp
+++ b/Source/WebCore/html/parser/HTMLParserOptions.cpp
@@ -36,7 +36,7 @@
namespace WebCore {
HTMLParserOptions::HTMLParserOptions()
- : scriptEnabled(false)
+ : scriptingFlag(false)
, usePreHTML5ParserQuirks(false)
, maximumDOMTreeDepth(Settings::defaultMaximumHTMLParserDOMTreeDepth)
{
@@ -45,7 +45,10 @@
HTMLParserOptions::HTMLParserOptions(Document& document)
{
RefPtr<Frame> frame = document.frame();
- scriptEnabled = frame && frame->script().canExecuteScripts(NotAboutToExecuteScript);
+ if (document.settings().parserScriptingFlagPolicy() == SettingsBase::ParserScriptingFlagPolicy::Enabled)
+ scriptingFlag = true;
+ else
+ scriptingFlag = frame && frame->script().canExecuteScripts(NotAboutToExecuteScript);
usePreHTML5ParserQuirks = document.settings().usePreHTML5ParserQuirks();
maximumDOMTreeDepth = document.settings().maximumHTMLParserDOMTreeDepth();
diff --git a/Source/WebCore/html/parser/HTMLParserOptions.h b/Source/WebCore/html/parser/HTMLParserOptions.h
index f205526..50bfa60 100644
--- a/Source/WebCore/html/parser/HTMLParserOptions.h
+++ b/Source/WebCore/html/parser/HTMLParserOptions.h
@@ -34,7 +34,8 @@
explicit HTMLParserOptions();
explicit HTMLParserOptions(Document&);
- bool scriptEnabled;
+ // See https://html.spec.whatwg.org/#scripting-flag for more information.
+ bool scriptingFlag;
bool usePreHTML5ParserQuirks;
unsigned maximumDOMTreeDepth;
};
diff --git a/Source/WebCore/html/parser/HTMLTokenizer.cpp b/Source/WebCore/html/parser/HTMLTokenizer.cpp
index aa75adc..d3eba51 100644
--- a/Source/WebCore/html/parser/HTMLTokenizer.cpp
+++ b/Source/WebCore/html/parser/HTMLTokenizer.cpp
@@ -1418,7 +1418,7 @@
|| tagName == xmpTag
|| (tagName == noembedTag)
|| tagName == noframesTag
- || (tagName == noscriptTag && m_options.scriptEnabled))
+ || (tagName == noscriptTag && m_options.scriptingFlag))
m_state = RAWTEXTState;
}
diff --git a/Source/WebCore/html/parser/HTMLTreeBuilder.cpp b/Source/WebCore/html/parser/HTMLTreeBuilder.cpp
index 7867c28..b1930e4 100644
--- a/Source/WebCore/html/parser/HTMLTreeBuilder.cpp
+++ b/Source/WebCore/html/parser/HTMLTreeBuilder.cpp
@@ -791,7 +791,7 @@
processGenericRawTextStartTag(WTFMove(token));
return;
}
- if (token.name() == noscriptTag && m_options.scriptEnabled) {
+ if (token.name() == noscriptTag && m_options.scriptingFlag) {
processGenericRawTextStartTag(WTFMove(token));
return;
}
@@ -2608,7 +2608,7 @@
return true;
}
if (token.name() == noscriptTag) {
- if (m_options.scriptEnabled) {
+ if (m_options.scriptingFlag) {
processGenericRawTextStartTag(WTFMove(token));
return true;
}
diff --git a/Source/WebCore/page/Settings.yaml b/Source/WebCore/page/Settings.yaml
index 887559c..50d2340 100644
--- a/Source/WebCore/page/Settings.yaml
+++ b/Source/WebCore/page/Settings.yaml
@@ -731,6 +731,9 @@
initial: false
getter: isScriptEnabled
inspectorOverride: true
+parserScriptingFlagPolicy:
+ type: ParserScriptingFlagPolicy
+ initial: ParserScriptingFlagPolicy::OnlyIfScriptIsEnabled
pluginsEnabled:
initial: false
getter: arePluginsEnabled
diff --git a/Source/WebCore/page/SettingsBase.h b/Source/WebCore/page/SettingsBase.h
index f1a65f6..251b7e6 100644
--- a/Source/WebCore/page/SettingsBase.h
+++ b/Source/WebCore/page/SettingsBase.h
@@ -104,6 +104,7 @@
void pageDestroyed() { m_page = nullptr; }
enum class FontLoadTimingOverride { None, Block, Swap, Failure };
+ enum class ParserScriptingFlagPolicy : uint8_t { OnlyIfScriptIsEnabled, Enabled };
// FIXME: Move these default values to SettingsDefaultValues.h