From 8476245d1a197d05f988ef87f17b7ccbbcbba878 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=BCri=20Valdmann?= Date: Fri, 27 Apr 2018 15:48:17 +0200 Subject: Replace invalid characters in WebChannel messages Turns out JavaScript's JSON.stringify is not guaranteed to produce valid UTF-16 strings. It is possible in JavaScript to produce string objects which contain invalid code units (unmatched surrogate pairs) and JSON.stringify will simply copy this data to it's output. However, such a string cannot be losslessly converted to UTF-8 and this leads to fun errors in WebChannelIPCTransport. This patch - Adds a test for the scenario above. - Changes WebChannelIPCTransport to replace these invalid code units with the Unicode replacement character U+FFFD. - Changes WebChannelIPCTransportHost to validate the data it gets from the renderer. Not validating the data defeats the whole point of Chromium's fancy multi-process architecture: the renderer is not to be trusted. - Changes WebChannelIPCTransport to throw JavaScript exceptions for various errors (missing argument, wrong type, invalid JSON). Seems like the polite thing to do. Task-number: QTBUG-61969 Change-Id: I83275a0eaed77109dc458b80e27217108dde9f7b Reviewed-by: Michal Klocek --- .../resources/webChannelWithBadString.html | 14 ++++++++++++++ .../widgets/qwebenginescript/tst_qwebenginescript.cpp | 17 +++++++++++++++++ .../widgets/qwebenginescript/tst_qwebenginescript.qrc | 1 + 3 files changed, 32 insertions(+) create mode 100644 tests/auto/widgets/qwebenginescript/resources/webChannelWithBadString.html (limited to 'tests/auto/widgets/qwebenginescript') diff --git a/tests/auto/widgets/qwebenginescript/resources/webChannelWithBadString.html b/tests/auto/widgets/qwebenginescript/resources/webChannelWithBadString.html new file mode 100644 index 000000000..af40f6a2b --- /dev/null +++ b/tests/auto/widgets/qwebenginescript/resources/webChannelWithBadString.html @@ -0,0 +1,14 @@ + + + + webChannelWithBadString + + + + + + diff --git a/tests/auto/widgets/qwebenginescript/tst_qwebenginescript.cpp b/tests/auto/widgets/qwebenginescript/tst_qwebenginescript.cpp index cb45e524e..a9efabf97 100644 --- a/tests/auto/widgets/qwebenginescript/tst_qwebenginescript.cpp +++ b/tests/auto/widgets/qwebenginescript/tst_qwebenginescript.cpp @@ -42,6 +42,7 @@ private Q_SLOTS: void webChannelResettingAndUnsetting(); void webChannelWithExistingQtObject(); void navigation(); + void webChannelWithBadString(); }; void tst_QWebEngineScript::domEditing() @@ -470,6 +471,22 @@ void tst_QWebEngineScript::navigation() QCOMPARE(testObject.text(), url3); } +// Try to set TestObject::text to an invalid UTF-16 string. +// +// See QTBUG-61969. +void tst_QWebEngineScript::webChannelWithBadString() +{ + QWebEnginePage page; + TestObject host; + QSignalSpy hostSpy(&host, &TestObject::textChanged); + QWebChannel channel; + channel.registerObject(QStringLiteral("host"), &host); + page.setWebChannel(&channel); + page.setUrl(QStringLiteral("qrc:/resources/webChannelWithBadString.html")); + QVERIFY(hostSpy.wait(20000)); + QCOMPARE(host.text(), QString(QChar(QChar::ReplacementCharacter))); +} + QTEST_MAIN(tst_QWebEngineScript) #include "tst_qwebenginescript.moc" diff --git a/tests/auto/widgets/qwebenginescript/tst_qwebenginescript.qrc b/tests/auto/widgets/qwebenginescript/tst_qwebenginescript.qrc index 9960a37ba..ada06119a 100644 --- a/tests/auto/widgets/qwebenginescript/tst_qwebenginescript.qrc +++ b/tests/auto/widgets/qwebenginescript/tst_qwebenginescript.qrc @@ -4,5 +4,6 @@ resources/test_iframe_outer.html resources/test_iframe_inner.html resources/test_window_open.html + resources/webChannelWithBadString.html -- cgit v1.2.3