[webkit-changes] [WebKit/WebKit] 138191: Cherry-pick 252432.942 at safari-7614-branch (d7af255...
Charlie Wolfe
noreply at github.com
Wed Jan 25 13:00:23 PST 2023
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 13819101c22430f8c2705f29c3aa1de4330bb25b
https://github.com/WebKit/WebKit/commit/13819101c22430f8c2705f29c3aa1de4330bb25b
Author: Charlie Wolfe <charliew at apple.com>
Date: 2023-01-25 (Wed, 25 Jan 2023)
Changed paths:
A LayoutTests/http/tests/navigation/cross-origin-navigation-fires-onload-expected.txt
A LayoutTests/http/tests/navigation/cross-origin-navigation-fires-onload.html
A LayoutTests/http/tests/navigation/resources/postmessage-on-hashchange.html
M Source/WebCore/loader/FrameLoader.cpp
Log Message:
-----------
Cherry-pick 252432.942 at safari-7614-branch (d7af255eed5c). rdar://104649116
cross origin iframe load event can be used for a malicious way
https://bugs.webkit.org/show_bug.cgi?id=241753
rdar://95467115
Reviewed by Chris Dumez and Ryan Haddad.
This bug describes an issue where it is possible to guess a URL that is
redirected to by a cross-origin iframe. To fix this, WebKit should fire a
load event when the direct parent frame is cross-origin.
This fix is very similar to what is described in https://crbug.com/1248444.
* Source/WebCore/loader/FrameLoader.cpp:
(WebCore::FrameLoader::loadInSameDocument):
* LayoutTests/http/tests/navigation/cross-origin-navigation-fires-onload-expected.txt: Added.
* LayoutTests/http/tests/navigation/cross-origin-navigation-fires-onload.html: Added.
* LayoutTests/http/tests/navigation/resources/postmessage-on-hashchange.html: Added.
Canonical link: https://commits.webkit.org/252432.942@safari-7614-branch
Canonical link: https://commits.webkit.org/259384@main
More information about the webkit-changes
mailing list