[webkit-changes] [WebKit/WebKit] a438f5: Restrict further top-frame navigations by a third-...

Chris Dumez noreply at github.com
Mon Aug 7 16:52:35 PDT 2023


  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: a438f531da737c8a975174c1585cd25336f26960
      https://github.com/WebKit/WebKit/commit/a438f531da737c8a975174c1585cd25336f26960
  Author: Chris Dumez <cdumez at apple.com>
  Date:   2023-08-07 (Mon, 07 Aug 2023)

  Changed paths:
    M LayoutTests/fast/files/null-origin-string-expected.txt
    M LayoutTests/fast/files/null-origin-string.html
    A LayoutTests/http/tests/security/block-top-level-navigation-to-different-scheme-by-third-party-iframes-expected.txt
    A LayoutTests/http/tests/security/block-top-level-navigation-to-different-scheme-by-third-party-iframes.html
    A LayoutTests/http/tests/security/block-top-level-navigation-via-redirect-by-third-party-iframes-expected.txt
    A LayoutTests/http/tests/security/block-top-level-navigation-via-redirect-by-third-party-iframes.html
    A LayoutTests/http/tests/security/resources/navigate-top-level-frame-to-failure-page-different-scheme.html
    A LayoutTests/http/tests/security/resources/navigate-top-level-frame-to-failure-page-via-redirect.html
    M Source/WebCore/dom/Document.cpp
    M Source/WebCore/dom/Document.h
    M Source/WebCore/loader/DocumentLoader.cpp
    M Source/WebCore/loader/NavigationRequester.cpp
    M Source/WebCore/loader/NavigationRequester.h
    M Source/WebKit/Shared/WebCoreArgumentCoders.serialization.in

  Log Message:
  -----------
  Restrict further top-frame navigations by a third-party iframe
https://bugs.webkit.org/show_bug.cgi?id=256549
rdar://108794051

Reviewed by Geoffrey Garen.

Restrict further top-frame navigations by a third-party iframe:
- Block navigations to a different scheme
- Block navigations that start off same-site but redirect to a different site

* Source/WebCore/dom/Document.cpp:
(WebCore::Document::isNavigationBlockedByThirdPartyIFrameRedirectBlocking):
* Source/WebCore/dom/Document.h:
* Source/WebCore/loader/DocumentLoader.cpp:
(WebCore::DocumentLoader::willSendRequest):
* Source/WebCore/loader/NavigationRequester.cpp:
(WebCore::NavigationRequester::from):
* Source/WebCore/loader/NavigationRequester.h:
(WebCore::NavigationRequester::encode const):
(WebCore::NavigationRequester::decode):

Originally-landed-as: 259548.752 at safari-7615-branch (a0fa94d1a572). rdar://113170544
Canonical link: https://commits.webkit.org/266666@main


  Commit: 9f262c71b0a6dc8eb008288142231a823372f697
      https://github.com/WebKit/WebKit/commit/9f262c71b0a6dc8eb008288142231a823372f697
  Author: Chris Dumez <cdumez at apple.com>
  Date:   2023-08-07 (Mon, 07 Aug 2023)

  Changed paths:
    M Source/WebCore/loader/DocumentLoader.cpp

  Log Message:
  -----------
  Follow-up to 259548.752 at safari-7615-branch to cancel navigations instead of blocking them
https://bugs.webkit.org/show_bug.cgi?id=257161
rdar://108794051

Reviewed by Alex Christensen.

259548.752 at safari-7615-branch added further restrictions to prevent top-frame navigations
by third-party iframes, in particular using redirects. I had decided to block the redirect
with a blockedError(). However, it turns out that Safari shows an error page when doing
so, which results in a bad user experience since the top frame is still being navigated
(to an error page).

To address the issue, I am now cancelling the redirect instead and returning a
cancelledError(). I have verified that Safari doesn't show an error page in this case and
that the top frame is not getting navigated.

* Source/WebCore/loader/DocumentLoader.cpp:
(WebCore::DocumentLoader::willSendRequest):

Originally-landed-as: 259548.773 at safari-7615-branch (3d72c3255b5f). rdar://113172008
Canonical link: https://commits.webkit.org/266667@main


Compare: https://github.com/WebKit/WebKit/compare/ac6294fe9e54...9f262c71b0a6


More information about the webkit-changes mailing list