0002-Defang-anchor-element-ping-attribute.patch (3976B)
1 From a9d13da39c553f31bd5a1717b777572a57c03b42 Mon Sep 17 00:00:00 2001 2 From: "Haelwenn (lanodan) Monnier" <contact@hacktivis.me> 3 Date: Fri, 5 Apr 2019 09:03:39 +0200 4 Subject: [PATCH 2/9] Defang anchor element ping attribute 5 6 --- 7 Source/WebCore/html/HTMLAnchorElement.cpp | 11 -------- 8 Source/WebCore/loader/PingLoader.cpp | 34 ----------------------- 9 2 files changed, 45 deletions(-) 10 11 diff --git a/Source/WebCore/html/HTMLAnchorElement.cpp b/Source/WebCore/html/HTMLAnchorElement.cpp 12 index 37d98a33..815ed314 100644 13 --- a/Source/WebCore/html/HTMLAnchorElement.cpp 14 +++ b/Source/WebCore/html/HTMLAnchorElement.cpp 15 @@ -363,15 +363,6 @@ bool HTMLAnchorElement::isLiveLink() const 16 17 void HTMLAnchorElement::sendPings(const URL& destinationURL) 18 { 19 - if (!document().frame()) 20 - return; 21 - 22 - if (!hasAttributeWithoutSynchronization(pingAttr) || !document().settings().hyperlinkAuditingEnabled()) 23 - return; 24 - 25 - SpaceSplitString pingURLs(attributeWithoutSynchronization(pingAttr), false); 26 - for (unsigned i = 0; i < pingURLs.size(); i++) 27 - PingLoader::sendPing(*document().frame(), document().completeURL(pingURLs[i]), destinationURL); 28 } 29 30 #if USE(SYSTEM_PREVIEW) 31 @@ -493,8 +484,6 @@ void HTMLAnchorElement::handleClick(Event& event) 32 ASSERT(!adClickAttribution || adClickAttribution->url().isNull()); 33 34 frame->loader().urlSelected(completedURL, effectiveTarget, &event, LockHistory::No, LockBackForwardList::No, shouldSendReferrer, document().shouldOpenExternalURLsPolicyToPropagate(), newFrameOpenerPolicy, downloadAttribute, systemPreviewInfo, WTFMove(adClickAttribution)); 35 - 36 - sendPings(completedURL); 37 } 38 39 // Falls back to using <base> element's target if the anchor does not have one. 40 diff --git a/Source/WebCore/loader/PingLoader.cpp b/Source/WebCore/loader/PingLoader.cpp 41 index 2c0b2a3b..9225fdde 100644 42 --- a/Source/WebCore/loader/PingLoader.cpp 43 +++ b/Source/WebCore/loader/PingLoader.cpp 44 @@ -113,40 +113,6 @@ void PingLoader::loadImage(Frame& frame, const URL& url) 45 // http://www.whatwg.org/specs/web-apps/current-work/multipage/links.html#hyperlink-auditing 46 void PingLoader::sendPing(Frame& frame, const URL& pingURL, const URL& destinationURL) 47 { 48 - ASSERT(frame.document()); 49 - 50 - if (!pingURL.protocolIsInHTTPFamily()) 51 - return; 52 - 53 - ResourceRequest request(pingURL); 54 - if (processContentExtensionRulesForLoad(frame, request, ResourceType::Raw)) 55 - return; 56 - 57 - auto& document = *frame.document(); 58 - document.contentSecurityPolicy()->upgradeInsecureRequestIfNeeded(request, ContentSecurityPolicy::InsecureRequestType::Load); 59 - 60 - request.setHTTPMethod("POST"); 61 - request.setHTTPContentType("text/ping"); 62 - request.setHTTPBody(FormData::create("PING")); 63 - request.setHTTPHeaderField(HTTPHeaderName::CacheControl, "max-age=0"); 64 - 65 - HTTPHeaderMap originalRequestHeader = request.httpHeaderFields(); 66 - 67 - frame.loader().addExtraFieldsToSubresourceRequest(request); 68 - 69 - auto& sourceOrigin = document.securityOrigin(); 70 - FrameLoader::addHTTPOriginIfNeeded(request, sourceOrigin.toString()); 71 - request.setHTTPHeaderField(HTTPHeaderName::PingTo, destinationURL); 72 - if (!SecurityPolicy::shouldHideReferrer(pingURL, frame.loader().outgoingReferrer())) { 73 - request.setHTTPHeaderField(HTTPHeaderName::PingFrom, document.url()); 74 - if (!sourceOrigin.isSameSchemeHostPort(SecurityOrigin::create(pingURL).get())) { 75 - String referrer = SecurityPolicy::generateReferrerHeader(document.referrerPolicy(), pingURL, frame.loader().outgoingReferrer()); 76 - if (!referrer.isEmpty()) 77 - request.setHTTPReferrer(referrer); 78 - } 79 - } 80 - 81 - startPingLoad(frame, request, WTFMove(originalRequestHeader), ShouldFollowRedirects::Yes, ContentSecurityPolicyImposition::DoPolicyCheck); 82 } 83 84 void PingLoader::sendViolationReport(Frame& frame, const URL& reportURL, Ref<FormData>&& report, ViolationReportType reportType) 85 -- 86 2.21.0 87