diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog index 893765bcb077..7f8a9e0f6d6a 100644 --- a/LayoutTests/ChangeLog +++ b/LayoutTests/ChangeLog @@ -1,3 +1,18 @@ +2021-03-14 Yusuke Suzuki + + Prevent dynamic import in service worker + https://bugs.webkit.org/show_bug.cgi?id=222308 + + Reviewed by Youenn Fablet. + + Covering worklet case. + + * http/wpt/webaudio/the-audio-api/the-audioworklet-interface/dynamic-import-is-prohibited.https-expected.txt: Added. + * http/wpt/webaudio/the-audio-api/the-audioworklet-interface/dynamic-import-is-prohibited.https.html: Added. + * http/wpt/webaudio/the-audio-api/the-audioworklet-interface/processors/dynamic-import-is-prohibited.js: Added. + (DynamicImportIsProhibitedProcessor.prototype.process): + (DynamicImportIsProhibitedProcessor): + 2021-03-13 Wenson Hsieh [iOS] Selecting the first word in an image overlay may select text in the previous line diff --git a/LayoutTests/http/wpt/webaudio/the-audio-api/the-audioworklet-interface/dynamic-import-is-prohibited.https-expected.txt b/LayoutTests/http/wpt/webaudio/the-audio-api/the-audioworklet-interface/dynamic-import-is-prohibited.https-expected.txt new file mode 100644 index 000000000000..0cc09814c346 --- /dev/null +++ b/LayoutTests/http/wpt/webaudio/the-audio-api/the-audioworklet-interface/dynamic-import-is-prohibited.https-expected.txt @@ -0,0 +1,3 @@ + +PASS dynamic-import is prohibited in AudioWorklets + diff --git a/LayoutTests/http/wpt/webaudio/the-audio-api/the-audioworklet-interface/dynamic-import-is-prohibited.https.html b/LayoutTests/http/wpt/webaudio/the-audio-api/the-audioworklet-interface/dynamic-import-is-prohibited.https.html new file mode 100644 index 000000000000..97ddb76ebd50 --- /dev/null +++ b/LayoutTests/http/wpt/webaudio/the-audio-api/the-audioworklet-interface/dynamic-import-is-prohibited.https.html @@ -0,0 +1,30 @@ + +Tests dynamic-import is prohibited in AudioWorklets + + + diff --git a/LayoutTests/http/wpt/webaudio/the-audio-api/the-audioworklet-interface/processors/dynamic-import-is-prohibited.js b/LayoutTests/http/wpt/webaudio/the-audio-api/the-audioworklet-interface/processors/dynamic-import-is-prohibited.js new file mode 100644 index 000000000000..5139cfd0d9e0 --- /dev/null +++ b/LayoutTests/http/wpt/webaudio/the-audio-api/the-audioworklet-interface/processors/dynamic-import-is-prohibited.js @@ -0,0 +1,16 @@ +class DynamicImportIsProhibitedProcessor extends AudioWorkletProcessor { + process(inputs, outputs) { + import("./dynamic-import-is-prohibited.js").then(() => { + this.port.postMessage({ + error: null + }); + }, (error) => { + this.port.postMessage({ + error: String(error) + }); + }); + return false; + } +} + +registerProcessor('dynamic-import-is-prohibited', DynamicImportIsProhibitedProcessor); diff --git a/LayoutTests/imported/w3c/ChangeLog b/LayoutTests/imported/w3c/ChangeLog index d365fa87a3bd..84c9c0871341 100644 --- a/LayoutTests/imported/w3c/ChangeLog +++ b/LayoutTests/imported/w3c/ChangeLog @@ -1,3 +1,14 @@ +2021-03-14 Yusuke Suzuki + + Prevent dynamic import in service worker + https://bugs.webkit.org/show_bug.cgi?id=222308 + + Reviewed by Youenn Fablet. + + Covering service-worker case. + + * web-platform-tests/service-workers/service-worker/import-module-scripts.https-expected.txt: + 2021-03-13 Commit Queue Unreviewed, reverting r274379. diff --git a/LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/import-module-scripts.https-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/import-module-scripts.https-expected.txt index dccedccd368e..24f97d84c020 100644 --- a/LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/import-module-scripts.https-expected.txt +++ b/LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/import-module-scripts.https-expected.txt @@ -1,9 +1,9 @@ PASS Static import. PASS Nested static import. -PASS Static import and then dynamic import. -PASS Dynamic import. -PASS Nested dynamic import. -PASS Dynamic import and then static import. -PASS eval(import()). +FAIL Static import and then dynamic import. assert_array_equals: value is "Failed to do dynamic import: TypeError: Dynamic-import is not available in Worklets or ServiceWorkers", expected array +FAIL Dynamic import. assert_array_equals: value is "Failed to do dynamic import: TypeError: Dynamic-import is not available in Worklets or ServiceWorkers", expected array +FAIL Nested dynamic import. assert_array_equals: value is "Failed to do dynamic import: TypeError: Dynamic-import is not available in Worklets or ServiceWorkers", expected array +FAIL Dynamic import and then static import. assert_array_equals: value is "Failed to do dynamic import: TypeError: Dynamic-import is not available in Worklets or ServiceWorkers", expected array +FAIL eval(import()). assert_array_equals: value is "Failed to do dynamic import: TypeError: Dynamic-import is not available in Worklets or ServiceWorkers", expected array diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog index 601a19d9ef9d..d612c050fbf3 100644 --- a/Source/WebCore/ChangeLog +++ b/Source/WebCore/ChangeLog @@ -1,3 +1,17 @@ +2021-03-14 Yusuke Suzuki + + Prevent dynamic import in service worker + https://bugs.webkit.org/show_bug.cgi?id=222308 + + Reviewed by Youenn Fablet. + + dynamic-import should be always rejected if script is executed in Worklets or ServiceWorkers. + This is recently changed in the spec https://github.com/whatwg/html/pull/6395. + + * bindings/js/ScriptModuleLoader.cpp: + (WebCore::isWorkletOrServiceWorker): + (WebCore::ScriptModuleLoader::importModule): + 2021-03-14 Rob Buis Cancel image loader events after first dispatch diff --git a/Source/WebCore/bindings/js/ScriptModuleLoader.cpp b/Source/WebCore/bindings/js/ScriptModuleLoader.cpp index 127525f081b0..ad47fe130b0c 100644 --- a/Source/WebCore/bindings/js/ScriptModuleLoader.cpp +++ b/Source/WebCore/bindings/js/ScriptModuleLoader.cpp @@ -45,6 +45,7 @@ #include "WorkerOrWorkletScriptController.h" #include "WorkerScriptFetcher.h" #include "WorkerScriptLoader.h" +#include "WorkletGlobalScope.h" #include #include #include @@ -54,6 +55,10 @@ #include #include +#if ENABLE(SERVICE_WORKER) +#include "ServiceWorkerGlobalScope.h" +#endif + namespace WebCore { ScriptModuleLoader::ScriptModuleLoader(ScriptExecutionContext& context, OwnerType ownerType) @@ -258,11 +263,27 @@ static JSC::JSInternalPromise* rejectPromise(JSDOMGlobalObject& globalObject, Ex return jsPromise; } +static bool isWorkletOrServiceWorker(ScriptExecutionContext& context) +{ + if (is(context)) + return true; +#if ENABLE(SERVICE_WORKER) + if (is(context)) + return true; +#endif + return false; +} + JSC::JSInternalPromise* ScriptModuleLoader::importModule(JSC::JSGlobalObject* jsGlobalObject, JSC::JSModuleLoader*, JSC::JSString* moduleName, JSC::JSValue parameters, const JSC::SourceOrigin& sourceOrigin) { JSC::VM& vm = jsGlobalObject->vm(); auto& globalObject = *JSC::jsCast(jsGlobalObject); + // https://html.spec.whatwg.org/multipage/webappapis.html#hostimportmoduledynamically(referencingscriptormodule,-specifier,-promisecapability) + // If settings object's global object implements WorkletGlobalScope or ServiceWorkerGlobalScope, then: + if (isWorkletOrServiceWorker(m_context)) + return rejectPromise(globalObject, TypeError, "Dynamic-import is not available in Worklets or ServiceWorkers"_s); + // If SourceOrigin and/or CachedScriptFetcher is null, we import the module with the default fetcher. // SourceOrigin can be null if the source code is not coupled with the script file. // The examples,