[webkit-changes] [WebKit/WebKit] cbb8b2: [Site Isolation] Creating an iframe while updating...
Charlie Wolfe
noreply at github.com
Tue Jan 21 22:40:27 PST 2025
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: cbb8b220c0f1f1ceaf9bac84eafc71dc87f2fc46
https://github.com/WebKit/WebKit/commit/cbb8b220c0f1f1ceaf9bac84eafc71dc87f2fc46
Author: Charlie Wolfe <charliew at apple.com>
Date: 2025-01-21 (Tue, 21 Jan 2025)
Changed paths:
A LayoutTests/http/tests/site-isolation/history/add-iframe-while-changing-document-title-expected.txt
A LayoutTests/http/tests/site-isolation/history/add-iframe-while-changing-document-title.html
A LayoutTests/http/tests/site-isolation/resources/post-message-from-child-to-parent.html
M Source/WebCore/history/HistoryItem.cpp
M Source/WebCore/history/HistoryItem.h
M Source/WebCore/loader/EmptyClients.cpp
M Source/WebKit/Shared/WebBackForwardListFrameItem.cpp
M Source/WebKit/Shared/WebBackForwardListFrameItem.h
M Source/WebKit/UIProcess/WebPageProxy.cpp
M Source/WebKit/UIProcess/WebPageProxy.h
M Source/WebKit/UIProcess/WebPageProxy.messages.in
M Source/WebKit/WebProcess/WebPage/WebHistoryItemClient.cpp
M Source/WebKit/WebProcess/WebPage/WebHistoryItemClient.h
M Source/WebKitLegacy/mac/WebCoreSupport/LegacyHistoryItemClient.h
M Source/WebKitLegacy/mac/WebCoreSupport/LegacyHistoryItemClient.mm
Log Message:
-----------
[Site Isolation] Creating an iframe while updating the history state of its parent causes a new back/forward item to be created
https://bugs.webkit.org/show_bug.cgi?id=286334
rdar://143359188
Reviewed by Alex Christensen.
When a root child frame expects its initial history state to be committed, we store a
WebBackForwardListFrameItem on its WebFrameProxy and add a child to it when the history item is
committed. If the WebBackForwardListFrameItem is destroyed before the item is committed, a new item is
added to the back-forward list instead of adding a frame to the existing item.
To fix this, we should stop destroying children in WebBackForwardListFrameItem::setFrameState.
BackForwardUpdateItem should update only its own state, and there should be a separate, explicit message
for clearing history item children.
* LayoutTests/http/tests/site-isolation/history/add-iframe-while-changing-document-title-expected.txt: Added.
* LayoutTests/http/tests/site-isolation/history/add-iframe-while-changing-document-title.html: Added.
* LayoutTests/http/tests/site-isolation/resources/post-message-from-child-to-parent.html: Added.
* Source/WebCore/history/HistoryItem.cpp:
(WebCore::HistoryItem::clearChildren):
* Source/WebCore/history/HistoryItem.h:
* Source/WebCore/loader/EmptyClients.cpp:
* Source/WebKit/Shared/WebBackForwardListFrameItem.cpp:
(WebKit::WebBackForwardListFrameItem::setFrameState):
* Source/WebKit/Shared/WebBackForwardListFrameItem.h:
(WebKit::WebBackForwardListFrameItem::clearChildren):
* Source/WebKit/UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::backForwardClearChildren):
* Source/WebKit/UIProcess/WebPageProxy.h:
* Source/WebKit/UIProcess/WebPageProxy.messages.in:
* Source/WebKit/WebProcess/WebPage/WebHistoryItemClient.cpp:
(WebKit::WebHistoryItemClient::clearChildren const):
* Source/WebKit/WebProcess/WebPage/WebHistoryItemClient.h:
* Source/WebKitLegacy/mac/WebCoreSupport/LegacyHistoryItemClient.h:
* Source/WebKitLegacy/mac/WebCoreSupport/LegacyHistoryItemClient.mm:
(LegacyHistoryItemClient::clearChildren const):
Canonical link: https://commits.webkit.org/289228@main
To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications
More information about the webkit-changes
mailing list