[epiphany/mcatanzaro/#1443] Never register internal APIs in the default script world

From: Michael Catanzaro <mcatanzaro src gnome org>
To: commits-list gnome org
Cc:
Subject: [epiphany/mcatanzaro/#1443] Never register internal APIs in the default script world
Date: Thu, 11 Feb 2021 18:01:12 +0000 (UTC)


commit 12fd22361d7bf44d43af9244c627e5bf05c4fd00
Author: Michael Catanzaro <mcatanzaro gnome org>
Date:   Thu Feb 11 11:58:30 2021 -0600

    Never register internal APIs in the default script world
    
    Fixes #1443

 .../ephy-web-process-extension.c                   | 22 +++++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)
---
diff --git a/embed/web-process-extension/ephy-web-process-extension.c 
b/embed/web-process-extension/ephy-web-process-extension.c
index f7e92e476..f98260e17 100644
--- a/embed/web-process-extension/ephy-web-process-extension.c
+++ b/embed/web-process-extension/ephy-web-process-extension.c
@@ -667,7 +667,27 @@ window_object_cleared_cb (WebKitScriptWorld       *world,
   js_context = webkit_frame_get_js_context_for_script_world (frame, world);
   jsc_context_push_exception_handler (js_context, (JSCExceptionHandler)js_exception_handler, NULL, NULL);
 
-  set_up_webextensions (extension, page, js_context);
+  /* If we are using the default script world, then we are a WebExtension. We
+   * must not register any internal Epiphany APIs, since they must never be
+   * accessible in the default script world. We don't want them exposed to the
+   * web or to WebExtensions. If we were to improperly allow access to our
+   * internal APIs, then malicious web content could do nasty things like
+   * iterate through passwords stored in EphyPasswordsManager, for example.
+   *
+   * And if we are not using the default script world, then we are not a
+   * WebExtension. There is no point in registering WebExtension APIs, because
+   * WebExtensions only have access to what is in the default script world
+   * anyway.
+   *
+   * FIXME: let's try to make this less confusing:
+   *
+   * https://gitlab.gnome.org/GNOME/epiphany/-/issues/1448
+   * https://gitlab.gnome.org/GNOME/epiphany/-/issues/1449
+   */
+  if (extension->script_world == webkit_script_world_get_default ()) {
+    set_up_webextensions (extension, page, js_context);
+    return;
+  }
 
   bytes = g_resources_lookup_data ("/org/gnome/epiphany-web-process-extension/js/ephy.js", 
G_RESOURCE_LOOKUP_FLAGS_NONE, NULL);
   data = g_bytes_get_data (bytes, &data_size);

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]