diff options
-rw-r--r-- | embed/web-process-extension/ephy-web-process-extension.c | 22 |
1 files changed, 21 insertions, 1 deletions
diff --git a/embed/web-process-extension/ephy-web-process-extension.c b/embed/web-process-extension/ephy-web-process-extension.c index f7e92e476..f98260e17 100644 --- a/embed/web-process-extension/ephy-web-process-extension.c +++ b/embed/web-process-extension/ephy-web-process-extension.c @@ -667,7 +667,27 @@ window_object_cleared_cb (WebKitScriptWorld *world, js_context = webkit_frame_get_js_context_for_script_world (frame, world); jsc_context_push_exception_handler (js_context, (JSCExceptionHandler)js_exception_handler, NULL, NULL); - set_up_webextensions (extension, page, js_context); + /* If we are using the default script world, then we are a WebExtension. We + * must not register any internal Epiphany APIs, since they must never be + * accessible in the default script world. We don't want them exposed to the + * web or to WebExtensions. If we were to improperly allow access to our + * internal APIs, then malicious web content could do nasty things like + * iterate through passwords stored in EphyPasswordsManager, for example. + * + * And if we are not using the default script world, then we are not a + * WebExtension. There is no point in registering WebExtension APIs, because + * WebExtensions only have access to what is in the default script world + * anyway. + * + * FIXME: let's try to make this less confusing: + * + * https://gitlab.gnome.org/GNOME/epiphany/-/issues/1448 + * https://gitlab.gnome.org/GNOME/epiphany/-/issues/1449 + */ + if (extension->script_world == webkit_script_world_get_default ()) { + set_up_webextensions (extension, page, js_context); + return; + } bytes = g_resources_lookup_data ("/org/gnome/epiphany-web-process-extension/js/ephy.js", G_RESOURCE_LOOKUP_FLAGS_NONE, NULL); data = g_bytes_get_data (bytes, &data_size); |