[webkit-changes] [WebKit/WebKit] a438f5: Restrict further top-frame navigations by a third-...
Chris Dumez
noreply at github.com
Mon Aug 7 16:52:35 PDT 2023
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: a438f531da737c8a975174c1585cd25336f26960
https://github.com/WebKit/WebKit/commit/a438f531da737c8a975174c1585cd25336f26960
Author: Chris Dumez <cdumez at apple.com>
Date: 2023-08-07 (Mon, 07 Aug 2023)
Changed paths:
M LayoutTests/fast/files/null-origin-string-expected.txt
M LayoutTests/fast/files/null-origin-string.html
A LayoutTests/http/tests/security/block-top-level-navigation-to-different-scheme-by-third-party-iframes-expected.txt
A LayoutTests/http/tests/security/block-top-level-navigation-to-different-scheme-by-third-party-iframes.html
A LayoutTests/http/tests/security/block-top-level-navigation-via-redirect-by-third-party-iframes-expected.txt
A LayoutTests/http/tests/security/block-top-level-navigation-via-redirect-by-third-party-iframes.html
A LayoutTests/http/tests/security/resources/navigate-top-level-frame-to-failure-page-different-scheme.html
A LayoutTests/http/tests/security/resources/navigate-top-level-frame-to-failure-page-via-redirect.html
M Source/WebCore/dom/Document.cpp
M Source/WebCore/dom/Document.h
M Source/WebCore/loader/DocumentLoader.cpp
M Source/WebCore/loader/NavigationRequester.cpp
M Source/WebCore/loader/NavigationRequester.h
M Source/WebKit/Shared/WebCoreArgumentCoders.serialization.in
Log Message:
-----------
Restrict further top-frame navigations by a third-party iframe
https://bugs.webkit.org/show_bug.cgi?id=256549
rdar://108794051
Reviewed by Geoffrey Garen.
Restrict further top-frame navigations by a third-party iframe:
- Block navigations to a different scheme
- Block navigations that start off same-site but redirect to a different site
* Source/WebCore/dom/Document.cpp:
(WebCore::Document::isNavigationBlockedByThirdPartyIFrameRedirectBlocking):
* Source/WebCore/dom/Document.h:
* Source/WebCore/loader/DocumentLoader.cpp:
(WebCore::DocumentLoader::willSendRequest):
* Source/WebCore/loader/NavigationRequester.cpp:
(WebCore::NavigationRequester::from):
* Source/WebCore/loader/NavigationRequester.h:
(WebCore::NavigationRequester::encode const):
(WebCore::NavigationRequester::decode):
Originally-landed-as: 259548.752 at safari-7615-branch (a0fa94d1a572). rdar://113170544
Canonical link: https://commits.webkit.org/266666@main
Commit: 9f262c71b0a6dc8eb008288142231a823372f697
https://github.com/WebKit/WebKit/commit/9f262c71b0a6dc8eb008288142231a823372f697
Author: Chris Dumez <cdumez at apple.com>
Date: 2023-08-07 (Mon, 07 Aug 2023)
Changed paths:
M Source/WebCore/loader/DocumentLoader.cpp
Log Message:
-----------
Follow-up to 259548.752 at safari-7615-branch to cancel navigations instead of blocking them
https://bugs.webkit.org/show_bug.cgi?id=257161
rdar://108794051
Reviewed by Alex Christensen.
259548.752 at safari-7615-branch added further restrictions to prevent top-frame navigations
by third-party iframes, in particular using redirects. I had decided to block the redirect
with a blockedError(). However, it turns out that Safari shows an error page when doing
so, which results in a bad user experience since the top frame is still being navigated
(to an error page).
To address the issue, I am now cancelling the redirect instead and returning a
cancelledError(). I have verified that Safari doesn't show an error page in this case and
that the top frame is not getting navigated.
* Source/WebCore/loader/DocumentLoader.cpp:
(WebCore::DocumentLoader::willSendRequest):
Originally-landed-as: 259548.773 at safari-7615-branch (3d72c3255b5f). rdar://113172008
Canonical link: https://commits.webkit.org/266667@main
Compare: https://github.com/WebKit/WebKit/compare/ac6294fe9e54...9f262c71b0a6
More information about the webkit-changes
mailing list