[[ Bug 22816 ]] Fix permissions when loading a local html file #7407
Conversation
| @@ -1618,7 +1618,10 @@ - (void) loadRequest:(MCWKWebViewLoadRequest *)request inWebView:(WKWebView *)we | |||
| MCBrowserRunBlockOnMainFiber(^{ | |||
| if (request.htmlText == nil) | |||
| { | |||
| [webView loadRequest:[NSURLRequest requestWithURL:request.url]]; | |||
| if (request.url.host) | |||
There was a problem hiding this comment.
@livecodepanos any reason not to use if (![request.url isFileURL])
livecodepanos
force-pushed
the
bugfix-22816
branch
from
86b3a36
to
00aece3
Compare
|
Marking this as WIP as it isn't general enough - the 'allow access to' path needs to be the top-most folder to which file urls in the target url can refer. e.g. If a file |
This patch uses the `loadFileURL:allowingReadAccessToURL:` instance method of the WKWebView class to load a local html file. This fixes an issue with insufficient permissions on iOS 12 devices that prevented the html file from being loaded.
livecodepanos
force-pushed
the
bugfix-22816
branch
from
00aece3
to
9d5fc35
Compare
|
@runrevmark I have updated the PR, by granting read access to the full Documents folder, if the html resource is placed in the Documents folder. |
There was a problem hiding this comment.
So we've had a report that this issue also affects iOS13, and presumably iOS14 (it would be good if we can verify this though).
This approach (setting the root folder to Documents if the target HTML file is in documents) would probably be reasonable if it were needed due to a quirk in an older iOS version on specific devices (which we originally thought), however it definitely isn't reasonable if it affects newer iOS versions too.
Imagine an app which downloads HTML to display and the user to inspect in a browser widget. At the moment the file can be downloaded to Documents and it will not be allowed to load any other html pages nor have access to anything else. With this patch, such an HTML file will have some level of access to the whole documents folder.
Basically we need to add a browser property which allows the 'root folder' of the local files loaded into the widget to be set in script - then it is up to the developer to ensure that they don't introduce a security issue.
This patch uses the
loadFileURL:allowingReadAccessToURL:instance method of the WKWebView class to load a local html file.This fixes an issue with insufficient permissions on iOS 12 devices that prevented the html file from being loaded.
Tested on iOS 12,13 and 14 devices.