msglist [nfc]: Factor out "keep WebView at a single page" logic

gnprice · gnprice · commit 4d9a54a411b2 · 2022-10-19T10:56:36.000-07:00
This code has really quite a different character from the rest of what
the MessageList component is doing, and even more so from what the
rest of the render method is doing.  In fact it isn't really even
about the message list at all: it's about using a WebView to show a
single page, with all navigation handled externally.

In its current location, it puts a wide separation between different
parts of the actual message-list logic, making it harder to read,
understand, or modify.

So, make both this code and the actual message-list code easier to
read, understand, and modify by separating them out from each other.

Also take the opportunity to write some jsdoc explaining what this is
supposed to do.
diff --git a/src/webview/MessageList.js b/src/webview/MessageList.js
@@ -33,11 +33,10 @@ import messageListElementHtml from './html/messageListElementHtml';
 import generateInboundEvents from './generateInboundEvents';
 import { handleWebViewOutboundEvent } from './handleOutboundEvents';
 import { base64Utf8Encode } from '../utils/encoding';
-import * as logging from '../utils/logging';
-import { tryParseUrl } from '../utils/url';
 import { caseNarrow, isConversationNarrow } from '../utils/narrow';
 import { type BackgroundData, getBackgroundData } from './backgroundData';
 import { ensureUnreachable } from '../generics';
+import { renderSinglePageWebView } from './SinglePageWebView';
 
 type OuterProps = $ReadOnly<{|
   narrow: Narrow,
@@ -196,66 +195,13 @@ class MessageListInner extends React.Component<Props> {
       backgroundData.serverEmojiData,
     );
 
-    // Paranoia^WSecurity: only load `baseUrl`, and only load it once. Any other
-    // requests should be handed off to the OS, not loaded inside the WebView.
-    const onShouldStartLoadWithRequest = (() => {
-      // Inner closure to actually test the URL.
-      const urlTester: (url: string) => boolean = (() => {
-        // On Android this function is documented to be skipped on first load:
-        // therefore, simply never return true.
-        if (Platform.OS === 'android') {
-          return (url: string) => false;
-        }
-
-        // Otherwise (for iOS), return a closure that evaluates to `true` _exactly
-        // once_, and even then only if the URL looks like what we're expecting.
-        let loaded_once = false;
-        return (url: string) => {
-          const parsedUrl = tryParseUrl(url);
-          if (!loaded_once && parsedUrl && parsedUrl.toString() === baseUrl.toString()) {
-            loaded_once = true;
-            return true;
-          }
-          return false;
-        };
-      })();
-
-      // Outer closure to perform logging.
-      return event => {
-        const ok = urlTester(event.url);
-        if (!ok) {
-          logging.warn('webview: rejected navigation event', {
-            navigation_event: { ...event },
-            expected_url: baseUrl.toString(),
-          });
-        }
-        return ok;
-      };
-    })();
-
-    // The `originWhitelist` and `onShouldStartLoadWithRequest` props are
-    // meant to mitigate possible XSS bugs, by interrupting an attempted
-    // exploit if it tries to navigate to a new URL by e.g. setting
-    // `window.location`.
-    //
-    // Note that neither of them is a hard security barrier; they're checked
-    // only against the URL of the document itself.  They cannot be used to
-    // validate the URL of other resources the WebView loads.
-    //
-    // Worse, the `originWhitelist` parameter is completely broken. See:
-    // https://github.com/react-native-community/react-native-webview/pull/697
-    return (
-      <WebView
-        source={{ baseUrl: (baseUrl.toString(): string), html }}
-        originWhitelist={['file://']}
-        onShouldStartLoadWithRequest={onShouldStartLoadWithRequest}
-        decelerationRate="normal"
-        style={{ backgroundColor: 'transparent' }}
-        ref={this.webviewRef}
-        onMessage={this.handleMessage}
-        onError={this.handleError}
-      />
-    );
+    return renderSinglePageWebView(html, baseUrl, {
+      decelerationRate: 'normal',
+      style: { backgroundColor: 'transparent' },
+      ref: this.webviewRef,
+      onMessage: this.handleMessage,
+      onError: this.handleError,
+    });
   }
 }
 
diff --git a/src/webview/SinglePageWebView.js b/src/webview/SinglePageWebView.js
@@ -0,0 +1,101 @@
+// @flow strict-local
+import * as React from 'react';
+import { Platform } from 'react-native';
+import { WebView } from 'react-native-webview';
+
+import * as logging from '../utils/logging';
+import { tryParseUrl } from '../utils/url';
+import type { ElementConfigFull } from '../reactUtils';
+
+/**
+ * Return a suitable onShouldStartLoadWithRequest for a single-page WebView.
+ *
+ * When passed as the onShouldStartLoadWithRequest prop to a WebView, the
+ * returned callback will ensure that the webview never navigates away from
+ * `baseUrl`.
+ *
+ * This is a hardening measure for our message-list WebView.  We already
+ * intercept clicks/touches and open links in a separate browser, but this
+ * ensures that if something slips through that it still doesn't break our
+ * security assumptions.
+ */
+// See upstream docs for this WebView prop:
+//   https://github.com/react-native-webview/react-native-webview/blob/v11.22.2/docs/Reference.md#onshouldstartloadwithrequest
+function makeOnShouldStartLoadWithRequest(
+  baseUrl: URL,
+): React.ElementConfig<typeof WebView>['onShouldStartLoadWithRequest'] {
+  // Inner closure to actually test the URL.
+  const urlTester: (url: string) => boolean = (() => {
+    // On Android this function is documented to be skipped on first load:
+    // therefore, simply never return true.
+    if (Platform.OS === 'android') {
+      return (url: string) => false;
+    }
+
+    // Otherwise (for iOS), return a closure that evaluates to `true` _exactly
+    // once_, and even then only if the URL looks like what we're expecting.
+    let loaded_once = false;
+    return (url: string) => {
+      const parsedUrl = tryParseUrl(url);
+      if (!loaded_once && parsedUrl && parsedUrl.toString() === baseUrl.toString()) {
+        loaded_once = true;
+        return true;
+      }
+      return false;
+    };
+  })();
+
+  // Outer closure to perform logging.
+  return event => {
+    const ok = urlTester(event.url);
+    if (!ok) {
+      logging.warn('webview: rejected navigation event', {
+        navigation_event: { ...event },
+        expected_url: baseUrl.toString(),
+      });
+    }
+    return ok;
+  };
+}
+
+/**
+ * Render a WebView that shows the given HTML at the given base URL, only.
+ *
+ * The WebView will show the page described by the HTML string `html`.  Any
+ * attempts to navigate to a new page will be rejected.
+ *
+ * Relative URL references to other resources (scripts, images, etc.) will
+ * be resolved relative to `baseUrl`.
+ *
+ * Assumes `baseUrl` has the scheme `file:`.  No actual file need exist at
+ * `baseUrl` itself, because the page is taken from the string `html`.
+ */
+// TODO: This should ideally be a proper React component of its own.  The
+//       thing that may require care when doing that is our use of
+//       `shouldComponentUpdate` in its caller, `MessageList`.
+export const renderSinglePageWebView = (
+  html: string,
+  baseUrl: URL,
+  moreProps: $Rest<
+    ElementConfigFull<typeof WebView>,
+    {| source: mixed, originWhitelist: mixed, onShouldStartLoadWithRequest: mixed |},
+  >,
+): React.Node => (
+  // The `originWhitelist` and `onShouldStartLoadWithRequest` props are
+  // meant to mitigate possible XSS bugs, by interrupting an attempted
+  // exploit if it tries to navigate to a new URL by e.g. setting
+  // `window.location`.
+  //
+  // Note that neither of them is a hard security barrier; they're checked
+  // only against the URL of the document itself.  They cannot be used to
+  // validate the URL of other resources the WebView loads.
+  //
+  // Worse, the `originWhitelist` parameter is completely broken. See:
+  // https://github.com/react-native-community/react-native-webview/pull/697
+  <WebView
+    source={{ baseUrl: (baseUrl.toString(): string), html: (html: string) }}
+    originWhitelist={['file://']}
+    onShouldStartLoadWithRequest={makeOnShouldStartLoadWithRequest(baseUrl)}
+    {...moreProps}
+  />
+);
