[webkit-changes] [WebKit/WebKit] 58b0fd: RemoteDOMWindow::close needs same security checks ...
Alex Christensen
noreply at github.com
Thu Feb 1 07:54:58 PST 2024
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 58b0fdf84a3249ec5964ceb9fddf236f2c99b01c
https://github.com/WebKit/WebKit/commit/58b0fdf84a3249ec5964ceb9fddf236f2c99b01c
Author: Alex Christensen <achristensen at apple.com>
Date: 2024-02-01 (Thu, 01 Feb 2024)
Changed paths:
M LayoutTests/platform/mac-site-isolation/TestExpectations
M Source/WebCore/page/DOMWindow.cpp
M Source/WebCore/page/DOMWindow.h
M Source/WebCore/page/FrameDestructionObserver.cpp
M Source/WebCore/page/LocalDOMWindow.cpp
M Source/WebCore/page/LocalDOMWindow.h
M Source/WebCore/page/RemoteDOMWindow.cpp
M Source/WebCore/page/RemoteDOMWindow.h
M Source/WebCore/page/RemoteFrame.cpp
M Source/WebCore/page/RemoteFrameClient.h
M Source/WebKit/UIProcess/WebPageProxy.cpp
M Source/WebKit/UIProcess/WebPageProxy.h
M Source/WebKit/UIProcess/WebPageProxy.messages.in
M Source/WebKit/WebProcess/WebCoreSupport/WebRemoteFrameClient.cpp
M Source/WebKit/WebProcess/WebCoreSupport/WebRemoteFrameClient.h
Log Message:
-----------
RemoteDOMWindow::close needs same security checks as LocalDOMWindow::close
https://bugs.webkit.org/show_bug.cgi?id=268530
rdar://117381050
Reviewed by Charlie Wolfe.
I moved the checks to DOMWindow and shared them.
I added RemoteDOMWindow::frameDetached so that frame.remove() followed immediately by
frame.contentWindow.closed returns true with a RemoteDOMWindow like it does a LocalDOMWindow
because the frame gets detached.
WebPageProxy::closeRemoteFrame isn't really needed any more because we already have
checks that the close() call is only coming from a main frame, so it is closing the page.
Just call WebPage::closePage to close the page without having an unneeded code path.
* LayoutTests/platform/mac-site-isolation/TestExpectations:
* Source/WebCore/page/DOMWindow.cpp:
(WebCore::DOMWindow::close):
(WebCore::DOMWindow::console const):
(WebCore::DOMWindow::checkedConsole const):
* Source/WebCore/page/DOMWindow.h:
* Source/WebCore/page/FrameDestructionObserver.cpp:
(WebCore::FrameDestructionObserver::~FrameDestructionObserver):
* Source/WebCore/page/LocalDOMWindow.cpp:
(WebCore::LocalDOMWindow::closePage):
(WebCore::LocalDOMWindow::console const): Deleted.
(WebCore::LocalDOMWindow::checkedConsole const): Deleted.
(WebCore::LocalDOMWindow::close): Deleted.
* Source/WebCore/page/LocalDOMWindow.h:
* Source/WebCore/page/RemoteDOMWindow.cpp:
(WebCore::RemoteDOMWindow::closePage):
(WebCore::RemoteDOMWindow::frameDetached):
(WebCore::RemoteDOMWindow::close): Deleted.
* Source/WebCore/page/RemoteDOMWindow.h:
* Source/WebCore/page/RemoteFrame.cpp:
(WebCore::RemoteFrame::frameDetached):
* Source/WebCore/page/RemoteFrameClient.h:
* Source/WebKit/UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::closeRemoteFrame): Deleted.
* Source/WebKit/UIProcess/WebPageProxy.h:
* Source/WebKit/UIProcess/WebPageProxy.messages.in:
* Source/WebKit/WebProcess/WebCoreSupport/WebRemoteFrameClient.cpp:
(WebKit::WebRemoteFrameClient::closePage):
(WebKit::WebRemoteFrameClient::close): Deleted.
* Source/WebKit/WebProcess/WebCoreSupport/WebRemoteFrameClient.h:
Canonical link: https://commits.webkit.org/273911@main
More information about the webkit-changes
mailing list