[webkit-changes] [WebKit/WebKit] 26dd80: Calling evaluateJavaScript enables back-button hij...

Chris Dumez noreply at github.com
Thu May 16 12:36:38 PDT 2024 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 26dd802ebb28b5acb59ea16b46c85f83fa243cd3
      https://github.com/WebKit/WebKit/commit/26dd802ebb28b5acb59ea16b46c85f83fa243cd3
  Author: Chris Dumez <cdumez at apple.com>
  Date:   2024-05-16 (Thu, 16 May 2024)

  Changed paths:
    M Source/WebCore/dom/Document.cpp
    M Tools/TestWebKitAPI/Tests/WebKit/WKBackForwardListTests.mm

  Log Message:
  -----------
  Calling evaluateJavaScript enables back-button hijacking
https://bugs.webkit.org/show_bug.cgi?id=261611
rdar://115561250

Reviewed by Ben Nham.

In 253405 at main, I updated our back/forward list hijacking prevention logic by
treating history items added by JS (e.g. via 'history.pushState()`) as having
a user gesture if a user gesture had occurred in the last 10 seconds. This was
needed for backward compatibility with some legit sites.

The issue now is that if the client app has called evaluateJavaScript on the
WKWebView in the last 10 seconds, the JS will be able to hijack the back/forward
list again.

In 265168 at main, we did some hardening so that the transient activation gets
consumed after the evaluateJavaScript call has completed. However, it didn't
fix the back/forward list hijacking prevention logic because it relies on
user gesture and not transient activation.

To address the issue, I updated out back/forward list hijacking prevention logic
to rely on transient user activation rather than whether or not there was a
user gesture in the last 10 minutes.

* Source/WebCore/dom/Document.cpp:
(WebCore::Document::hasRecentUserInteractionForNavigationFromJS const):
* Tools/TestWebKitAPI/Tests/WebKit/WKBackForwardListTests.mm:
(TEST):

Originally-landed-as: 272448.685 at safari-7618-branch (028628cff473). rdar://128089980
Canonical link: https://commits.webkit.org/278881@main



To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications

More information about the webkit-changes mailing list