Skip to content

Introduce a new WebKit Content Blocking condition to act on the current frame or ancestor frame URL #47251

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jun 27, 2025
Merged

Introduce a new WebKit Content Blocking condition to act on the current frame or ancestor frame URL #47251

merged 1 commit into from
Jun 27, 2025
+72 −6

Conversation

elijahsawyers
Copy link

@elijahsawyers elijahsawyers commented Jun 26, 2025
edited by webkit-early-warning-system
Loading

0d65d2e

Introduce a new WebKit Content Blocking condition to act on the current frame or ancestor frame URL
https://bugs.webkit.org/show_bug.cgi?id=295036
rdar://154404658

Reviewed by Brian Weinstein and Timothy Hatcher.

This patch introduces a new condition type for WebKit content blockers, if-
ancestor-frame-url. The condition makes it so that the rule applies if the
current frame's URL, or any of the ancestor frames URLs, are in the provided
array of URLs.

We need this functionality to be able to support dNR allowAllRequests rules for
sub frames.

Added a new test to validate the fix.

Note: the dNR fix is tracked with https://bugs.webkit.org/show_bug.cgi?id=295043

* Source/WebCore/contentextensions/ContentExtensionCompiler.cpp:
(WebCore::ContentExtensions::compileRuleList):
* Source/WebCore/contentextensions/ContentExtensionParser.cpp:
(WebCore::ContentExtensions::loadTrigger):
* Source/WebCore/contentextensions/ContentExtensionRule.h:
(WebCore::ContentExtensions::Trigger::checkValidity):
* Source/WebCore/contentextensions/ContentExtensionsBackend.cpp:
(WebCore::ContentExtensions::ContentExtensionsBackend::actionsFromContentRuleList const):
(WebCore::ContentExtensions::ContentExtensionsBackend::processContentRuleListsForLoad):
* Source/WebCore/loader/ResourceLoadInfo.h:
* Tools/TestWebKitAPI/Tests/WebCore/ContentExtensions.cpp:
(TestWebKitAPI::TEST_F(ContentExtensionTest, InvalidJSON)):
(TestWebKitAPI::TEST_F(ContentExtensionTest, IfFrameOrAncestorsURL)):

Canonical link: https://commits.webkit.org/296754@main

864d003

Misc iOS, visionOS, tvOS & watchOS macOS Linux Windows
✅ 🧪 style ✅ 🛠 ios ✅ 🛠 mac ✅ 🛠 wpe 🛠 win
✅ 🧪 bindings ✅ 🛠 ios-sim ✅ 🛠 mac-AS-debug 🧪 wpe-wk2 🧪 win-tests
✅ 🧪 webkitperl 🧪 ios-wk2 🧪 api-mac 🧪 api-wpe
🧪 ios-wk2-wpt 🧪 mac-wk1 ✅ 🛠 wpe-cairo
🧪 api-ios 🧪 mac-wk2 ✅ 🛠 gtk
✅ 🛠 vision 🧪 mac-AS-debug-wk2 🧪 gtk-wk2
✅ 🛠 vision-sim 🧪 mac-wk2-stress 🧪 api-gtk
🧪 vision-wk2 🧪 mac-intel-wk2 🛠 playstation
✅ 🛠 🧪 unsafe-merge ✅ 🛠 tv 🛠 mac-safer-cpp
🛠 tv-sim
🛠 watch
✅ 🛠 watch-sim

@elijahsawyers elijahsawyers self-assigned this Jun 26, 2025
@elijahsawyers elijahsawyers added the WebKit Extensions Bugs related to extension support. label Jun 26, 2025
@webkit-early-warning-system
Copy link
Collaborator

webkit-early-warning-system commented Jun 26, 2025
edited
Loading

EWS run on previous version of this PR (hash 6af1347)

Misc iOS, visionOS, tvOS & watchOS macOS Linux Windows
✅ 🧪 style ✅ 🛠 ios ✅ 🛠 mac ✅ 🛠 wpe ✅ 🛠 win
✅ 🧪 bindings ✅ 🛠 ios-sim ✅ 🛠 mac-AS-debug ✅ 🧪 wpe-wk2 ⏳ 🧪 win-tests
✅ 🧪 webkitperl ✅ 🧪 ios-wk2 ✅ 🧪 api-mac ✅ 🧪 api-wpe
✅ 🧪 ios-wk2-wpt ✅ 🧪 mac-wk1 ✅ 🛠 wpe-cairo
✅ 🧪 api-ios ✅ 🧪 mac-wk2 ✅ 🛠 gtk
✅ 🛠 vision ✅ 🧪 mac-AS-debug-wk2 ✅ 🧪 gtk-wk2
✅ 🛠 vision-sim ✅ 🧪 mac-wk2-stress ✅ 🧪 api-gtk
✅ 🧪 vision-wk2 ✅ 🧪 mac-intel-wk2 ✅ 🛠 playstation
✅ 🛠 tv ✅ 🛠 mac-safer-cpp
✅ 🛠 tv-sim
✅ 🛠 watch
✅ 🛠 watch-sim

@b-weinstein
Copy link
Contributor

Do we need to bump the content blocker version here?

b-weinstein
b-weinstein reviewed Jun 26, 2025
View reviewed changes
elijahsawyers
elijahsawyers commented Jun 26, 2025
View reviewed changes
xeenon
xeenon reviewed Jun 26, 2025
View reviewed changes
xeenon
xeenon reviewed Jun 26, 2025
View reviewed changes
@WebKit WebKit deleted a comment from elijahsawyers Jun 26, 2025
xeenon
xeenon reviewed Jun 26, 2025
View reviewed changes
@webkit-early-warning-system
Copy link
Collaborator

webkit-early-warning-system commented Jun 26, 2025
edited
Loading

EWS run on previous version of this PR (hash f474759)

Misc iOS, visionOS, tvOS & watchOS macOS Linux Windows
✅ 🧪 style ✅ 🛠 ios ✅ 🛠 mac ✅ 🛠 wpe ⏳ 🛠 win
✅ 🧪 bindings ✅ 🛠 ios-sim ✅ 🛠 mac-AS-debug ✅ 🧪 wpe-wk2 ⏳ 🧪 win-tests
✅ 🧪 webkitperl ✅ 🧪 ios-wk2 ✅ 🧪 api-mac ✅ 🧪 api-wpe
✅ 🧪 ios-wk2-wpt ✅ 🧪 mac-wk1 ✅ 🛠 wpe-cairo
✅ 🧪 api-ios ✅ 🧪 mac-wk2 ✅ 🛠 gtk
✅ 🛠 vision ✅ 🧪 mac-AS-debug-wk2 ✅ 🧪 gtk-wk2
✅ 🛠 vision-sim ✅ 🧪 mac-wk2-stress ✅ 🧪 api-gtk
✅ 🧪 vision-wk2 ✅ 🧪 mac-intel-wk2 ✅ 🛠 playstation
✅ 🛠 tv ✅ 🛠 mac-safer-cpp
✅ 🛠 tv-sim
✅ 🛠 watch
✅ 🛠 watch-sim

xeenon
xeenon reviewed Jun 26, 2025
View reviewed changes
@webkit-early-warning-system
Copy link
Collaborator

webkit-early-warning-system commented Jun 26, 2025
edited
Loading

EWS run on previous version of this PR (hash 253b7b7)

Misc iOS, visionOS, tvOS & watchOS macOS Linux Windows
✅ 🧪 style ❌ 🛠 ios ❌ 🛠 mac ❌ 🛠 wpe ✅ 🛠 win
✅ 🧪 bindings ❌ 🛠 ios-sim ❌ 🛠 mac-AS-debug ❌ 🧪 wpe-wk2 ⏳ 🧪 win-tests
✅ 🧪 webkitperl ❌ 🧪 ios-wk2 ❌ 🧪 api-mac ❌ 🧪 api-wpe
❌ 🧪 ios-wk2-wpt ❌ 🧪 mac-wk1 ❌ 🛠 wpe-cairo
❌ 🧪 api-ios ❌ 🧪 mac-wk2 ❌ 🛠 gtk
❌ 🛠 vision ❌ 🧪 mac-AS-debug-wk2 ❌ 🧪 gtk-wk2
❌ 🛠 vision-sim ❌ 🧪 mac-wk2-stress ❌ 🧪 api-gtk
⏳ 🧪 vision-wk2 ❌ 🧪 mac-intel-wk2 ✅ 🛠 playstation
❌ 🛠 tv ❌ 🛠 mac-safer-cpp
❌ 🛠 tv-sim
❌ 🛠 watch
❌ 🛠 watch-sim

@elijahsawyers elijahsawyers added the safe-merge-queue Applied to automatically send a pull-request to merge-queue after passing EWS checks label Jun 26, 2025
@webkit-ews-buildbot webkit-ews-buildbot added the merging-blocked Applied to prevent a change from being merged label Jun 26, 2025
@elijahsawyers elijahsawyers removed the merging-blocked Applied to prevent a change from being merged label Jun 27, 2025
@webkit-early-warning-system
Copy link
Collaborator

webkit-early-warning-system commented Jun 27, 2025
edited
Loading

EWS run on previous version of this PR (hash 9a2314d)

Misc iOS, visionOS, tvOS & watchOS macOS Linux Windows
✅ 🧪 style ✅ 🛠 ios ✅ 🛠 mac ✅ 🛠 wpe ✅ 🛠 win
✅ 🧪 bindings ✅ 🛠 ios-sim ✅ 🛠 mac-AS-debug ✅ 🧪 wpe-wk2 ⏳ 🧪 win-tests
✅ 🧪 webkitperl ✅ 🧪 ios-wk2 ✅ 🧪 api-mac ✅ 🧪 api-wpe
✅ 🧪 ios-wk2-wpt ❌ 🧪 mac-wk1 ✅ 🛠 wpe-cairo
✅ 🧪 api-ios ✅ 🧪 mac-wk2 ✅ 🛠 gtk
✅ 🛠 vision ✅ 🧪 mac-AS-debug-wk2 ✅ 🧪 gtk-wk2
✅ 🛠 vision-sim ✅ 🧪 mac-wk2-stress ✅ 🧪 api-gtk
✅ 🧪 vision-wk2 ✅ 🧪 mac-intel-wk2 ✅ 🛠 playstation
❌ 🛠 🧪 unsafe-merge ✅ 🛠 tv ✅ 🛠 mac-safer-cpp
✅ 🛠 tv-sim
✅ 🛠 watch
✅ 🛠 watch-sim

@webkit-ews-buildbot webkit-ews-buildbot added the merging-blocked Applied to prevent a change from being merged label Jun 27, 2025
@xeenon xeenon added unsafe-merge-queue Applied to send a pull request to merge-queue, but skip building and testing and removed merging-blocked Applied to prevent a change from being merged safe-merge-queue Applied to automatically send a pull-request to merge-queue after passing EWS checks labels Jun 27, 2025
@webkit-commit-queue
Copy link
Collaborator

No reviewer information in commit message, blocking PR #47251. Details: Build #17663

@webkit-commit-queue webkit-commit-queue added merging-blocked Applied to prevent a change from being merged and removed unsafe-merge-queue Applied to send a pull request to merge-queue, but skip building and testing labels Jun 27, 2025
@elijahsawyers elijahsawyers added unsafe-merge-queue Applied to send a pull request to merge-queue, but skip building and testing and removed merging-blocked Applied to prevent a change from being merged labels Jun 27, 2025
@webkit-commit-queue
Copy link
Collaborator

No reviewer information in commit message, blocking PR #47251. Details: Build #17664

@webkit-commit-queue webkit-commit-queue added merging-blocked Applied to prevent a change from being merged and removed unsafe-merge-queue Applied to send a pull request to merge-queue, but skip building and testing labels Jun 27, 2025
@elijahsawyers elijahsawyers removed the merging-blocked Applied to prevent a change from being merged label Jun 27, 2025
@webkit-early-warning-system
Copy link
Collaborator

webkit-early-warning-system commented Jun 27, 2025
edited
Loading

EWS run on current version of this PR (hash 864d003)

Misc iOS, visionOS, tvOS & watchOS macOS Linux Windows
✅ 🧪 style ✅ 🛠 ios ✅ 🛠 mac ✅ 🛠 wpe 🛠 win
✅ 🧪 bindings ✅ 🛠 ios-sim ✅ 🛠 mac-AS-debug 🧪 wpe-wk2 🧪 win-tests
✅ 🧪 webkitperl 🧪 ios-wk2 🧪 api-mac 🧪 api-wpe
🧪 ios-wk2-wpt 🧪 mac-wk1 ✅ 🛠 wpe-cairo
🧪 api-ios 🧪 mac-wk2 ✅ 🛠 gtk
✅ 🛠 vision 🧪 mac-AS-debug-wk2 🧪 gtk-wk2
✅ 🛠 vision-sim 🧪 mac-wk2-stress 🧪 api-gtk
🧪 vision-wk2 🧪 mac-intel-wk2 🛠 playstation
✅ 🛠 🧪 unsafe-merge ✅ 🛠 tv 🛠 mac-safer-cpp
🛠 tv-sim
🛠 watch
✅ 🛠 watch-sim

@elijahsawyers elijahsawyers added the unsafe-merge-queue Applied to send a pull request to merge-queue, but skip building and testing label Jun 27, 2025
@elijahsawyers
Introduce a new WebKit Content Blocking condition to act on the curre…
0d65d2e 
…nt frame or ancestor frame URL

https://bugs.webkit.org/show_bug.cgi?id=295036
rdar://154404658

Reviewed by Brian Weinstein and Timothy Hatcher.

This patch introduces a new condition type for WebKit content blockers, if-
ancestor-frame-url. The condition makes it so that the rule applies if the
current frame's URL, or any of the ancestor frames URLs, are in the provided
array of URLs.

We need this functionality to be able to support dNR allowAllRequests rules for
sub frames.

Added a new test to validate the fix.

Note: the dNR fix is tracked with https://bugs.webkit.org/show_bug.cgi?id=295043

* Source/WebCore/contentextensions/ContentExtensionCompiler.cpp:
(WebCore::ContentExtensions::compileRuleList):
* Source/WebCore/contentextensions/ContentExtensionParser.cpp:
(WebCore::ContentExtensions::loadTrigger):
* Source/WebCore/contentextensions/ContentExtensionRule.h:
(WebCore::ContentExtensions::Trigger::checkValidity):
* Source/WebCore/contentextensions/ContentExtensionsBackend.cpp:
(WebCore::ContentExtensions::ContentExtensionsBackend::actionsFromContentRuleList const):
(WebCore::ContentExtensions::ContentExtensionsBackend::processContentRuleListsForLoad):
* Source/WebCore/loader/ResourceLoadInfo.h:
* Tools/TestWebKitAPI/Tests/WebCore/ContentExtensions.cpp:
(TestWebKitAPI::TEST_F(ContentExtensionTest, InvalidJSON)):
(TestWebKitAPI::TEST_F(ContentExtensionTest, IfFrameOrAncestorsURL)):

Canonical link: https://commits.webkit.org/296754@main
@webkit-commit-queue
Copy link
Collaborator

Committed 296754@main (0d65d2e): https://commits.webkit.org/296754@main

Reviewed commits have been landed. Closing PR #47251 and removing active labels.

@webkit-commit-queue webkit-commit-queue merged commit 0d65d2e into WebKit:main Jun 27, 2025
@webkit-commit-queue webkit-commit-queue removed the unsafe-merge-queue Applied to send a pull request to merge-queue, but skip building and testing label Jun 27, 2025
elijahsawyers pushed a commit to elijahsawyers/WebKit that referenced this pull request Jun 28, 2025
dNR: fix sub_frame resourceType allowAllRequests rules
a14d249 
https://bugs.webkit.org/show_bug.cgi?id=295043
rdar://154124673

Reviewed by NOBODY (OOPS!).

This patch fixes allowAllRequests rules for sub_frame resource types.

First, I renamed the recently added if-ancestor-frame-url content blocker
condition to be if-ancestor-subframe-url and made it exclude the main frame.
While working on that patch (see WebKit#47251),
it was thought that it'd be better to include the main frame in the condition,
but it turns out that it's not. It's better to split main_frame and sub_frame
rules out into their own rules using if-top-url and if-ancestor-subframe-url,
respectively.

Therefore, dNR allowAllRequests rules convert into the following content blocker
rules:

// dNR
{
  "id": 1,
  "action": {
    "type": "allowAllRequests"
  },
  "condition": {
    "urlFilter": "apple.com",
    "resourceTypes": [ "main_frame", "sub_frame" ]
  }
}

// WebKit content blocking

{
  "action": {
    "type": "ignore-following-rules",
  },
  "trigger": {
    "url-filter": ".*",
    "if-top-url": [ "apple\\.com" ],
  }
},
{
  "action": {
    "type": "ignore-following-rules",
  },
  "trigger": {
    "url-filter": ".*",
    "if-ancestor-subframe-url": [ "apple\\.com" ],
  }
}

I wrote new tests to validate the rule conversions and functionality.

* Source/WebCore/contentextensions/ContentExtensionCompiler.cpp:
(WebCore::ContentExtensions::compileRuleList):
* Source/WebCore/contentextensions/ContentExtensionParser.cpp:
(WebCore::ContentExtensions::loadTrigger):
* Source/WebCore/contentextensions/ContentExtensionRule.h:
(WebCore::ContentExtensions::Trigger::checkValidity):
* Source/WebCore/contentextensions/ContentExtensionsBackend.cpp:
(WebCore::ContentExtensions::ContentExtensionsBackend::actionsFromContentRuleList const):
(WebCore::ContentExtensions::ContentExtensionsBackend::processContentRuleListsForLoad):
* Source/WebCore/loader/ResourceLoadInfo.h:
* Source/WebKit/UIProcess/Extensions/Cocoa/_WKWebExtensionDeclarativeNetRequestRule.mm:
(-[_WKWebExtensionDeclarativeNetRequestRule _convertRulesWithModifiedCondition:webKitActionType:chromeActionType:]):
(-[_WKWebExtensionDeclarativeNetRequestRule _webKitRuleWithWebKitActionType:chromeActionType:condition:]):
* Tools/TestWebKitAPI/Tests/WebCore/ContentExtensions.cpp:
(TestWebKitAPI::TEST_F(ContentExtensionTest, InvalidJSON)):
(TestWebKitAPI::TEST_F(ContentExtensionTest, IfAncestorSubframeURL)):
(TestWebKitAPI::TEST_F(ContentExtensionTest, IfFrameOrAncestorsURL)): Deleted.
* Tools/TestWebKitAPI/Tests/WebKitCocoa/WKWebExtensionAPIDeclarativeNetRequest.mm:
(TestWebKitAPI::TEST(WKWebExtensionAPIDeclarativeNetRequest, MainFrameAllowAllRequests)):
(TestWebKitAPI::TEST(WKWebExtensionAPIDeclarativeNetRequest, SubFrameAllowAllRequests)):
(TestWebKitAPI::TEST(WKWebExtensionAPIDeclarativeNetRequest, RuleConversionWithMainFrameAllowAllRequests)):
(TestWebKitAPI::TEST(WKWebExtensionAPIDeclarativeNetRequest, RuleConversionWithSubFrameAllowAllRequests)):
(TestWebKitAPI::TEST(WKWebExtensionAPIDeclarativeNetRequest, RuleConversionWithMainFrameAndSubFrameAllowAllRequests)):
@elijahsawyers elijahsawyers mentioned this pull request Jun 28, 2025
Merged
webkit-commit-queue pushed a commit to elijahsawyers/WebKit that referenced this pull request Jun 30, 2025
@elijahsawyers
dNR: fix sub_frame resourceType allowAllRequests rules
34e4b87 
https://bugs.webkit.org/show_bug.cgi?id=295043
rdar://154124673

Reviewed by Timothy Hatcher.

This patch fixes allowAllRequests rules for sub_frame resource types.

First, I renamed the recently added if-ancestor-frame-url content blocker
condition to be if-ancestor-subframe-url and made it exclude the main frame.
While working on that patch (see WebKit#47251),
it was thought that it'd be better to include the main frame in the condition,
but it turns out that it's not. It's better to split main_frame and sub_frame
rules out into their own rules using if-top-url and if-ancestor-subframe-url,
respectively.

Therefore, dNR allowAllRequests rules convert into the following content blocker
rules:

// dNR
{
  "id": 1,
  "action": {
    "type": "allowAllRequests"
  },
  "condition": {
    "urlFilter": "apple.com",
    "resourceTypes": [ "main_frame", "sub_frame" ]
  }
}

// WebKit content blocking

{
  "action": {
    "type": "ignore-following-rules",
  },
  "trigger": {
    "url-filter": ".*",
    "if-top-url": [ "apple\\.com" ],
  }
},
{
  "action": {
    "type": "ignore-following-rules",
  },
  "trigger": {
    "url-filter": ".*",
    "if-ancestor-subframe-url": [ "apple\\.com" ],
  }
}

I wrote new tests to validate the rule conversions and functionality.

* Source/WebCore/contentextensions/ContentExtensionCompiler.cpp:
(WebCore::ContentExtensions::compileRuleList):
* Source/WebCore/contentextensions/ContentExtensionParser.cpp:
(WebCore::ContentExtensions::loadTrigger):
* Source/WebCore/contentextensions/ContentExtensionRule.h:
(WebCore::ContentExtensions::Trigger::checkValidity):
* Source/WebCore/contentextensions/ContentExtensionsBackend.cpp:
(WebCore::ContentExtensions::ContentExtensionsBackend::actionsFromContentRuleList const):
(WebCore::ContentExtensions::ContentExtensionsBackend::processContentRuleListsForLoad):
* Source/WebCore/loader/ResourceLoadInfo.h:
* Source/WebKit/UIProcess/Extensions/Cocoa/_WKWebExtensionDeclarativeNetRequestRule.mm:
(-[_WKWebExtensionDeclarativeNetRequestRule _convertRulesWithModifiedCondition:webKitActionType:chromeActionType:]):
(-[_WKWebExtensionDeclarativeNetRequestRule _webKitRuleWithWebKitActionType:chromeActionType:condition:]):
* Tools/TestWebKitAPI/Tests/WebCore/ContentExtensions.cpp:
(TestWebKitAPI::TEST_F(ContentExtensionTest, InvalidJSON)):
(TestWebKitAPI::TEST_F(ContentExtensionTest, IfAncestorSubframeURL)):
(TestWebKitAPI::TEST_F(ContentExtensionTest, IfFrameOrAncestorsURL)): Deleted.
* Tools/TestWebKitAPI/Tests/WebKitCocoa/WKWebExtensionAPIDeclarativeNetRequest.mm:
(TestWebKitAPI::TEST(WKWebExtensionAPIDeclarativeNetRequest, MainFrameAllowAllRequests)):
(TestWebKitAPI::TEST(WKWebExtensionAPIDeclarativeNetRequest, SubFrameAllowAllRequests)):
(TestWebKitAPI::TEST(WKWebExtensionAPIDeclarativeNetRequest, RuleConversionWithMainFrameAllowAllRequests)):
(TestWebKitAPI::TEST(WKWebExtensionAPIDeclarativeNetRequest, RuleConversionWithSubFrameAllowAllRequests)):
(TestWebKitAPI::TEST(WKWebExtensionAPIDeclarativeNetRequest, RuleConversionWithMainFrameAndSubFrameAllowAllRequests)):

Canonical link: https://commits.webkit.org/296799@main
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@xeenon xeenon xeenon approved these changes

@b-weinstein b-weinstein b-weinstein approved these changes

@cdumez cdumez Awaiting requested review from cdumez cdumez is a code owner

Assignees

@elijahsawyers elijahsawyers

Labels
WebKit Extensions Bugs related to extension support.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@elijahsawyers @webkit-early-warning-system @b-weinstein @webkit-commit-queue @xeenon @webkit-ews-buildbot