ios/web/web_state/ui/web_view_js_utils.mm - Issue 2335483004: Limit depth of parsing of dictionaries returned by JS evaluation.

Side by Side Diff: ios/web/web_state/ui/web_view_js_utils.mm

Issue 2335483004: Limit depth of parsing of dictionaries returned by JS evaluation. (Closed)

Patch Set: Created 4 years, 3 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

« no previous file with comments | « ios/web/web_state/ui/web_view_js_utils.h ('k') | ios/web/web_state/ui/web_view_js_utils_unittest.mm » ('j') | ios/web/web_state/ui/web_view_js_utils_unittest.mm » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 // Copyright 2014 The Chromium Authors. All rights reserved.	1 // Copyright 2014 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #import "ios/web/web_state/ui/web_view_js_utils.h"	5 #import "ios/web/web_state/ui/web_view_js_utils.h"

6	6

7 #include <CoreFoundation/CoreFoundation.h>	7 #include <CoreFoundation/CoreFoundation.h>

8 #import <WebKit/WebKit.h>	8 #import <WebKit/WebKit.h>

9	9

10 #include "base/logging.h"	10 #include "base/logging.h"

	11 #include "base/mac/foundation_util.h"

11 #include "base/mac/scoped_nsobject.h"	12 #include "base/mac/scoped_nsobject.h"

12 #include "base/memory/ptr_util.h"	13 #include "base/memory/ptr_util.h"

13 #include "base/strings/sys_string_conversions.h"	14 #include "base/strings/sys_string_conversions.h"

14 #include "base/values.h"	15 #include "base/values.h"

15	16

16 namespace web {	17 namespace web {

17	18

18 NSString* const kJSEvaluationErrorDomain = @"JSEvaluationError";	19 NSString* const kJSEvaluationErrorDomain = @"JSEvaluationError";

	20 int const kMaximumParsingRecursionDepth = 6;

19	21

20 std::unique_ptr<base::Value> ValueResultFromWKResult(id wk_result) {	22 std::unique_ptr<base::Value> ValueResultFromWKResult(id wk_result,
	Eugene But (OOO till 7-30) 2016/09/12 16:12:00 Could you please move this function to anonymous n Could you please move this function to anonymous namespace and add comments. jif 2016/09/13 09:41:09 Done. Show quoted text On 2016/09/12 16:12:00, Eugene But wrote: > Could you please move this function to anonymous namespace and add comments. Done.
	23 int max_depth) {

21 if (!wk_result)	24 if (!wk_result)

22 return nullptr;	25 return nullptr;

23	26

24 std::unique_ptr<base::Value> result;	27 std::unique_ptr<base::Value> result;

	28

	29 if (max_depth < 0) {
	Eugene But (OOO till 7-30) 2016/09/12 16:12:00 NIT: Should this be \|max_depth <= 0\| ? Otherwise NIT: Should this be \|max_depth <= 0\| ? Otherwise recursion depth can be 7 jif 2016/09/13 09:41:09 I briefly looked at the definition of "depth", and Show quoted text On 2016/09/12 16:12:00, Eugene But wrote: > NIT: Should this be \|max_depth <= 0\| ? > > Otherwise recursion depth can be 7 I briefly looked at the definition of "depth", and it looks like the root node of a tree has a depth of 0. This means that if \|max_depth\| is 0, \|ValueResultFromWKResult\| should at least parse the root node. This would not be the case with "max_depth <= 0", and is why is chose "max_depth < 0". Does that make sense? Eugene But (OOO till 7-30) 2016/09/13 15:52:55 Sure. Show quoted text On 2016/09/13 09:41:09, jif wrote: > On 2016/09/12 16:12:00, Eugene But wrote: > > NIT: Should this be \|max_depth <= 0\| ? > > > > Otherwise recursion depth can be 7 > > I briefly looked at the definition of "depth", and it looks like the root node > of a tree has a depth of 0. > > This means that if \|max_depth\| is 0, \|ValueResultFromWKResult\| should at least > parse the root node. This would not be the case with "max_depth <= 0", and is > why is chose "max_depth < 0". > > Does that make sense? Sure.
	30 DLOG(WARNING) << "JS maximum recursion depth exceeded.";

	31 return result;

	32 }

	33

25 CFTypeID result_type = CFGetTypeID(wk_result);	34 CFTypeID result_type = CFGetTypeID(wk_result);

26 if (result_type == CFStringGetTypeID()) {	35 if (result_type == CFStringGetTypeID()) {

27 result.reset(new base::StringValue(base::SysNSStringToUTF16(wk_result)));	36 result.reset(new base::StringValue(base::SysNSStringToUTF16(wk_result)));

28 DCHECK(result->IsType(base::Value::TYPE_STRING));	37 DCHECK(result->IsType(base::Value::TYPE_STRING));

29 } else if (result_type == CFNumberGetTypeID()) {	38 } else if (result_type == CFNumberGetTypeID()) {

30 result.reset(new base::FundamentalValue([wk_result doubleValue]));	39 result.reset(new base::FundamentalValue([wk_result doubleValue]));

31 DCHECK(result->IsType(base::Value::TYPE_DOUBLE));	40 DCHECK(result->IsType(base::Value::TYPE_DOUBLE));

32 } else if (result_type == CFBooleanGetTypeID()) {	41 } else if (result_type == CFBooleanGetTypeID()) {

33 result.reset(	42 result.reset(

34 new base::FundamentalValue(static_cast<bool>([wk_result boolValue])));	43 new base::FundamentalValue(static_cast<bool>([wk_result boolValue])));

35 DCHECK(result->IsType(base::Value::TYPE_BOOLEAN));	44 DCHECK(result->IsType(base::Value::TYPE_BOOLEAN));

36 } else if (result_type == CFNullGetTypeID()) {	45 } else if (result_type == CFNullGetTypeID()) {

37 result = base::Value::CreateNullValue();	46 result = base::Value::CreateNullValue();

38 DCHECK(result->IsType(base::Value::TYPE_NULL));	47 DCHECK(result->IsType(base::Value::TYPE_NULL));

39 } else if (result_type == CFDictionaryGetTypeID()) {	48 } else if (result_type == CFDictionaryGetTypeID()) {

40 std::unique_ptr<base::DictionaryValue> dictionary =	49 std::unique_ptr<base::DictionaryValue> dictionary =

41 base::MakeUnique<base::DictionaryValue>();	50 base::MakeUnique<base::DictionaryValue>();

42 for (id key in wk_result) {	51 for (id key in wk_result) {

43 DCHECK([key respondsToSelector:@selector(UTF8String)]);	52 NSString* objCString = base::mac::ObjCCast<NSString>(key);
	Eugene But (OOO till 7-30) 2016/09/12 16:12:00 s/objCString/obj_c_string s/objCString/obj_c_string jif 2016/09/13 09:41:09 Done. Show quoted text On 2016/09/12 16:12:00, Eugene But wrote: > s/objCString/obj_c_string Done.
44 const std::string& path([key UTF8String]);	53 if (objCString) {
	Eugene But (OOO till 7-30) 2016/09/12 16:12:00 Do you need this check? base::SysNSStringToUTF8 ha Do you need this check? base::SysNSStringToUTF8 handles nil inputs just fine returning empty strings. jif 2016/09/13 09:41:09 Ah, thanks! Done. Show quoted text On 2016/09/12 16:12:00, Eugene But wrote: > Do you need this check? base::SysNSStringToUTF8 handles nil inputs just fine > returning empty strings. Ah, thanks! Done.
45 dictionary->Set(path,	54 const std::string path = base::SysNSStringToUTF8(objCString);

46 ValueResultFromWKResult([wk_result objectForKey:key]));	55 std::unique_ptr<base::Value> value = ValueResultFromWKResult(

	56 [wk_result objectForKey:objCString], max_depth - 1);

	57 if (value) {

	58 dictionary->Set(path, std::move(value));

	59 }

	60 }

47 }	61 }

48 result = std::move(dictionary);	62 result = std::move(dictionary);

49 } else {	63 } else {

50 NOTREACHED(); // Convert other types as needed.	64 NOTREACHED(); // Convert other types as needed.

51 }	65 }

52 return result;	66 return result;

53 }	67 }

54	68

	69 std::unique_ptr<base::Value> ValueResultFromWKResult(id wk_result) {

	70 return ValueResultFromWKResult(wk_result, kMaximumParsingRecursionDepth);

	71 }

	72

55 void ExecuteJavaScript(WKWebView* web_view,	73 void ExecuteJavaScript(WKWebView* web_view,

56 NSString* script,	74 NSString* script,

57 JavaScriptResultBlock completion_handler) {	75 JavaScriptResultBlock completion_handler) {

58 DCHECK([script length]);	76 DCHECK([script length]);

59 if (!web_view && completion_handler) {	77 if (!web_view && completion_handler) {

60 dispatch_async(dispatch_get_main_queue(), ^{	78 dispatch_async(dispatch_get_main_queue(), ^{

61 NSString* error_message =	79 NSString* error_message =

62 @"JS evaluation failed because there is no web view.";	80 @"JS evaluation failed because there is no web view.";

63 base::scoped_nsobject<NSError> error([[NSError alloc]	81 base::scoped_nsobject<NSError> error([[NSError alloc]

64 initWithDomain:kJSEvaluationErrorDomain	82 initWithDomain:kJSEvaluationErrorDomain

65 code:JS_EVALUATION_ERROR_CODE_NO_WEB_VIEW	83 code:JS_EVALUATION_ERROR_CODE_NO_WEB_VIEW

66 userInfo:@{NSLocalizedDescriptionKey : error_message}]);	84 userInfo:@{NSLocalizedDescriptionKey : error_message}]);

67 completion_handler(nil, error);	85 completion_handler(nil, error);

68 });	86 });

69 return;	87 return;

70 }	88 }

71	89

72 [web_view evaluateJavaScript:script completionHandler:completion_handler];	90 [web_view evaluateJavaScript:script completionHandler:completion_handler];

73 }	91 }

74	92

75 } // namespace web	93 } // namespace web

OLD	NEW