Skip to content

Fix web applications that use non-Latin characters in the name

Michael Catanzaro requested to merge mcatanzaro/web-app-id into master

Users can input whatever they want for the name of the web app, as long as it is valid UTF-8. Since a72d21d7 we have passed this along straight to GApplication without sanitizing it to ensure it can safely be used in a GApplication ID. If the user decides to use any character in the app name besides Latin alphanumeric characters, we are doomed. This has never worked properly, but previously all we saw were criticals from GApplication as it dropped our bogus app ID. But since WebKitGTK 2.32, WebKit actually refuses to start a sandboxed subprocess without a valid app ID, as it should.

The complication here is that we cannot simply decide to create better app IDs for existing web apps: the app ID must exactly match the desktop file, and we want it to match the profile directory name too. So let's assume that non-Latin web apps were previously broken, hope that users delete any such broken web apps rather than leak them on disk, and handwave away migration issues by altering the app ID only if it cannot safely be used in a GApplication. Existing non-broken web apps continue to use the same app IDs as before. Newly-created web apps with only Latin characters follow the old format for IDs, while newly-created web apps with non-approved characters will follow the new format. Old broken web apps remain broken forever, until the user decides to delete them.

The old app ID format is: org.gnome.Epiphany.WebApp-<normalized-name>-<checksum>

The new format is: org.gnome.Epiphany.WebApp-<checksum>

The ideal format would be: org.gnome.Epiphany.WebApp_<checksum>

because hyphens in app IDs are deprecated, but let's not take on that battle today.

Note that in this commit message, "app ID" refers to the GApplication ID, which is actually confusingly different from the EphyWebApplication "app ID."

This commit also replaces the concept of "program name" with the GApplication ID. It was very confusing to have "name" and "program name" be two completely different things. Now we can have "ID" and "GApplication ID" be two different things instead. Yay.

Fixes #1627 (closed)

See also: #1626 (closed)

Edited by Michael Catanzaro

Merge request reports