Skip to content

Commit 89838b9

Browse files
mcatanzaromcatanzaro
committed
Disable file access in data transfer operations, except for Cocoa ports
https://bugs.webkit.org/show_bug.cgi?id=303434 Reviewed by Adrian Perez de Castro. This isn't implemented properly for WebKitGTK and most likely also not for other ports. My initial attempts to fix things have failed, so let's just completely disable it for now. However, Apple has confirmed that Safari is OK, so let's leave file access enabled there. Canonical link: https://commits.webkit.org/303828@main
1 parent 03f2df9 commit 89838b9

2 files changed

Lines changed: 19 additions & 0 deletions

File tree

LayoutTests/platform/gtk/editing/pasteboard/paste-image-does-not-reveal-file-url-expected.txt

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,14 @@
1+
Tests that pasting images do not reveal its file URL. To manually test, copy the image below in the context menu and paste into the red box.
2+
3+
On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
4+
5+
6+
FAIL event.clipboardData.types.includes("Files") should be true. Was false.
7+
PASS event.clipboardData.getData("url") is ""
8+
PASS event.clipboardData.getData("text/plain") is ""
9+
PASS event.clipboardData.getData("text/uri-list") is ""
10+
PASS successfullyParsed is true
11+
12+
TEST COMPLETE
13+
14+

Source/WebCore/dom/DataTransfer.h

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -123,7 +123,12 @@ class DataTransfer : public RefCountedAndCanMakeWeakPtr<DataTransfer> {
123123

124124
bool allowsFileAccess() const
125125
{
126+
#if PLATFORM(COCOA)
126127
return !forDrag() || forFileDrag();
128+
#else
129+
// Check https://webkit.org/b/271957 before allowing file access for your port.
130+
return false;
131+
#endif
127132
}
128133

129134
#if ENABLE(DRAG_SUPPORT)

0 commit comments

Comments
 (0)