<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[248428] branches/safari-608.1-branch</title>
</head>
<body>

<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt;  }
#msg dl a { font-weight: bold}
#msg dl a:link    { color:#fc3; }
#msg dl a:active  { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff  {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/248428">248428</a></dd>
<dt>Author</dt> <dd>alancoon@apple.com</dd>
<dt>Date</dt> <dd>2019-08-08 11:24:30 -0700 (Thu, 08 Aug 2019)</dd>
</dl>

<h3>Log Message</h3>
<pre>Cherry-pick <a href="http://trac.webkit.org/projects/webkit/changeset/248410">r248410</a>. rdar://problem/54084738

    Do not allow navigations of frames about to get replaced by the result of evaluating javascript: URLs
    <rdar://problem/53788893> and https://bugs.webkit.org/show_bug.cgi?id=198786

    Reviewed by Geoff Garen.

    Source/WebCore:

    Covered by API Test

    Add a "willReplaceWithResultOfExecutingJavascriptURL" flag which is respected inside FrameLoader::isNavigationAllowed

    * bindings/js/ScriptController.cpp:
    (WebCore::ScriptController::executeIfJavaScriptURL):
    * bindings/js/ScriptController.h:
    (WebCore::ScriptController::willReplaceWithResultOfExecutingJavascriptURL const):

    * loader/FrameLoader.cpp:
    (WebCore::FrameLoader::isNavigationAllowed const):

    Tools:

    * TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
    * TestWebKitAPI/Tests/mac/JavascriptURLNavigation.mm: Added.

    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248410 268f45cc-cd09-0410-ab3c-d52691b4dbfc</pre>

<h3>Modified Paths</h3>
<ul>
<li><a href="#branchessafari6081branchSourceWebCoreChangeLog">branches/safari-608.1-branch/Source/WebCore/ChangeLog</a></li>
<li><a href="#branchessafari6081branchSourceWebCorebindingsjsScriptControllercpp">branches/safari-608.1-branch/Source/WebCore/bindings/js/ScriptController.cpp</a></li>
<li><a href="#branchessafari6081branchSourceWebCorebindingsjsScriptControllerh">branches/safari-608.1-branch/Source/WebCore/bindings/js/ScriptController.h</a></li>
<li><a href="#branchessafari6081branchSourceWebCoreloaderFrameLoadercpp">branches/safari-608.1-branch/Source/WebCore/loader/FrameLoader.cpp</a></li>
<li><a href="#branchessafari6081branchToolsChangeLog">branches/safari-608.1-branch/Tools/ChangeLog</a></li>
<li><a href="#branchessafari6081branchToolsTestWebKitAPITestWebKitAPIxcodeprojprojectpbxproj">branches/safari-608.1-branch/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj</a></li>
</ul>

<h3>Added Paths</h3>
<ul>
<li><a href="#branchessafari6081branchToolsTestWebKitAPITestsmacJavascriptURLNavigationmm">branches/safari-608.1-branch/Tools/TestWebKitAPI/Tests/mac/JavascriptURLNavigation.mm</a></li>
</ul>

</div>
<div id="patch">
<h3>Diff</h3>
<a id="branchessafari6081branchSourceWebCoreChangeLog"></a>
<div class="modfile"><h4>Modified: branches/safari-608.1-branch/Source/WebCore/ChangeLog (248427 => 248428)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-608.1-branch/Source/WebCore/ChangeLog    2019-08-08 18:24:24 UTC (rev 248427)
+++ branches/safari-608.1-branch/Source/WebCore/ChangeLog       2019-08-08 18:24:30 UTC (rev 248428)
</span><span class="lines">@@ -1,3 +1,52 @@
</span><ins>+2019-08-08  Alan Coon  <alancoon@apple.com>
+
+        Cherry-pick r248410. rdar://problem/54084738
+
+    Do not allow navigations of frames about to get replaced by the result of evaluating javascript: URLs
+    <rdar://problem/53788893> and https://bugs.webkit.org/show_bug.cgi?id=198786
+    
+    Reviewed by Geoff Garen.
+    
+    Source/WebCore:
+    
+    Covered by API Test
+    
+    Add a "willReplaceWithResultOfExecutingJavascriptURL" flag which is respected inside FrameLoader::isNavigationAllowed
+    
+    * bindings/js/ScriptController.cpp:
+    (WebCore::ScriptController::executeIfJavaScriptURL):
+    * bindings/js/ScriptController.h:
+    (WebCore::ScriptController::willReplaceWithResultOfExecutingJavascriptURL const):
+    
+    * loader/FrameLoader.cpp:
+    (WebCore::FrameLoader::isNavigationAllowed const):
+    
+    Tools:
+    
+    * TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
+    * TestWebKitAPI/Tests/mac/JavascriptURLNavigation.mm: Added.
+    
+    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248410 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+    2019-08-08  Brady Eidson  <beidson@apple.com>
+
+            Do not allow navigations of frames about to get replaced by the result of evaluating javascript: URLs
+            <rdar://problem/53788893> and https://bugs.webkit.org/show_bug.cgi?id=198786
+
+            Reviewed by Geoff Garen.
+
+            Covered by API Test
+
+            Add a "willReplaceWithResultOfExecutingJavascriptURL" flag which is respected inside FrameLoader::isNavigationAllowed
+
+            * bindings/js/ScriptController.cpp:
+            (WebCore::ScriptController::executeIfJavaScriptURL):
+            * bindings/js/ScriptController.h:
+            (WebCore::ScriptController::willReplaceWithResultOfExecutingJavascriptURL const):
+
+            * loader/FrameLoader.cpp:
+            (WebCore::FrameLoader::isNavigationAllowed const):
+
</ins><span class="cx"> 2019-08-07  Kocsen Chung  <kocsen_chung@apple.com>
</span><span class="cx"> 
</span><span class="cx">         Revert r248173. rdar://problem/54036774
</span></span></pre></div>
<a id="branchessafari6081branchSourceWebCorebindingsjsScriptControllercpp"></a>
<div class="modfile"><h4>Modified: branches/safari-608.1-branch/Source/WebCore/bindings/js/ScriptController.cpp (248427 => 248428)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-608.1-branch/Source/WebCore/bindings/js/ScriptController.cpp     2019-08-08 18:24:24 UTC (rev 248427)
+++ branches/safari-608.1-branch/Source/WebCore/bindings/js/ScriptController.cpp        2019-08-08 18:24:30 UTC (rev 248428)
</span><span class="lines">@@ -648,8 +648,14 @@
</span><span class="cx">     if (shouldReplaceDocumentIfJavaScriptURL == ReplaceDocumentIfJavaScriptURL) {
</span><span class="cx">         // We're still in a frame, so there should be a DocumentLoader.
</span><span class="cx">         ASSERT(m_frame.document()->loader());
</span><del>-        
-        // DocumentWriter::replaceDocument can cause the DocumentLoader to get deref'ed and possible destroyed,
</del><ins>+
+        // Signal to FrameLoader to disable navigations within this frame while replacing it with the result of executing javascript
+        // FIXME: https://bugs.webkit.org/show_bug.cgi?id=200523
+        // The only reason we do a nestable save/restore of this flag here is because we sometimes nest javascript: url loads as
+        // some will load synchronously. We'd like to remove those synchronous loads and then change this.
+        SetForScope<bool> willBeReplaced(m_willReplaceWithResultOfExecutingJavascriptURL, true);
+
+        // DocumentWriter::replaceDocumentWithResultOfExecutingJavascriptURL can cause the DocumentLoader to get deref'ed and possible destroyed,
</ins><span class="cx">         // so protect it with a RefPtr.
</span><span class="cx">         if (RefPtr<DocumentLoader> loader = m_frame.document()->loader())
</span><span class="cx">             loader->writer().replaceDocumentWithResultOfExecutingJavascriptURL(scriptResult, ownerDocument.get());
</span></span></pre></div>
<a id="branchessafari6081branchSourceWebCorebindingsjsScriptControllerh"></a>
<div class="modfile"><h4>Modified: branches/safari-608.1-branch/Source/WebCore/bindings/js/ScriptController.h (248427 => 248428)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-608.1-branch/Source/WebCore/bindings/js/ScriptController.h       2019-08-08 18:24:24 UTC (rev 248427)
+++ branches/safari-608.1-branch/Source/WebCore/bindings/js/ScriptController.h  2019-08-08 18:24:30 UTC (rev 248428)
</span><span class="lines">@@ -163,6 +163,8 @@
</span><span class="cx"> 
</span><span class="cx">     void initScriptForWindowProxy(JSWindowProxy&);
</span><span class="cx"> 
</span><ins>+    bool willReplaceWithResultOfExecutingJavascriptURL() const { return m_willReplaceWithResultOfExecutingJavascriptURL; }
+
</ins><span class="cx"> private:
</span><span class="cx">     void setupModuleScriptHandlers(LoadableModuleScript&, JSC::JSInternalPromise&, DOMWrapperWorld&);
</span><span class="cx"> 
</span><span class="lines">@@ -175,6 +177,7 @@
</span><span class="cx">     const String* m_sourceURL;
</span><span class="cx"> 
</span><span class="cx">     bool m_paused;
</span><ins>+    bool m_willReplaceWithResultOfExecutingJavascriptURL { false };
</ins><span class="cx"> 
</span><span class="cx">     // The root object used for objects bound outside the context of a plugin, such
</span><span class="cx">     // as NPAPI plugins. The plugins using these objects prevent a page from being cached so they
</span></span></pre></div>
<a id="branchessafari6081branchSourceWebCoreloaderFrameLoadercpp"></a>
<div class="modfile"><h4>Modified: branches/safari-608.1-branch/Source/WebCore/loader/FrameLoader.cpp (248427 => 248428)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-608.1-branch/Source/WebCore/loader/FrameLoader.cpp       2019-08-08 18:24:24 UTC (rev 248427)
+++ branches/safari-608.1-branch/Source/WebCore/loader/FrameLoader.cpp  2019-08-08 18:24:30 UTC (rev 248428)
</span><span class="lines">@@ -1325,7 +1325,7 @@
</span><span class="cx"> 
</span><span class="cx"> bool FrameLoader::isNavigationAllowed() const
</span><span class="cx"> {
</span><del>-    return m_pageDismissalEventBeingDispatched == PageDismissalType::None && NavigationDisabler::isNavigationAllowed(m_frame);
</del><ins>+    return m_pageDismissalEventBeingDispatched == PageDismissalType::None && !m_frame.script().willReplaceWithResultOfExecutingJavascriptURL() && NavigationDisabler::isNavigationAllowed(m_frame);
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> bool FrameLoader::isStopLoadingAllowed() const
</span></span></pre></div>
<a id="branchessafari6081branchToolsChangeLog"></a>
<div class="modfile"><h4>Modified: branches/safari-608.1-branch/Tools/ChangeLog (248427 => 248428)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-608.1-branch/Tools/ChangeLog     2019-08-08 18:24:24 UTC (rev 248427)
+++ branches/safari-608.1-branch/Tools/ChangeLog        2019-08-08 18:24:30 UTC (rev 248428)
</span><span class="lines">@@ -1,5 +1,45 @@
</span><span class="cx"> 2019-08-08  Alan Coon  <alancoon@apple.com>
</span><span class="cx"> 
</span><ins>+        Cherry-pick r248410. rdar://problem/54084738
+
+    Do not allow navigations of frames about to get replaced by the result of evaluating javascript: URLs
+    <rdar://problem/53788893> and https://bugs.webkit.org/show_bug.cgi?id=198786
+    
+    Reviewed by Geoff Garen.
+    
+    Source/WebCore:
+    
+    Covered by API Test
+    
+    Add a "willReplaceWithResultOfExecutingJavascriptURL" flag which is respected inside FrameLoader::isNavigationAllowed
+    
+    * bindings/js/ScriptController.cpp:
+    (WebCore::ScriptController::executeIfJavaScriptURL):
+    * bindings/js/ScriptController.h:
+    (WebCore::ScriptController::willReplaceWithResultOfExecutingJavascriptURL const):
+    
+    * loader/FrameLoader.cpp:
+    (WebCore::FrameLoader::isNavigationAllowed const):
+    
+    Tools:
+    
+    * TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
+    * TestWebKitAPI/Tests/mac/JavascriptURLNavigation.mm: Added.
+    
+    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248410 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+    2019-08-08  Brady Eidson  <beidson@apple.com>
+
+            Do not allow navigations of frames about to get replaced by the result of evaluating javascript: URLs
+            <rdar://problem/53788893> and https://bugs.webkit.org/show_bug.cgi?id=198786
+
+            Reviewed by Geoff Garen.
+
+            * TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
+            * TestWebKitAPI/Tests/mac/JavascriptURLNavigation.mm: Added.
+
+2019-08-08  Alan Coon  <alancoon@apple.com>
+
</ins><span class="cx">         Cherry-pick r248039. rdar://problem/54087592
</span><span class="cx"> 
</span><span class="cx">     [iOS 13] Safari crashes when closing a tab with a focused element if the unified field has focus
</span></span></pre></div>
<a id="branchessafari6081branchToolsTestWebKitAPITestWebKitAPIxcodeprojprojectpbxproj"></a>
<div class="modfile"><h4>Modified: branches/safari-608.1-branch/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj (248427 => 248428)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-608.1-branch/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj 2019-08-08 18:24:24 UTC (rev 248427)
+++ branches/safari-608.1-branch/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj    2019-08-08 18:24:30 UTC (rev 248428)
</span><span class="lines">@@ -237,6 +237,7 @@
</span><span class="cx">          51714EB51CF8C78C004723C4 /* WebProcessKillIDBCleanup-2.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 51714EB31CF8C761004723C4 /* WebProcessKillIDBCleanup-2.html */; };
</span><span class="cx">          51714EB81CF8CA17004723C4 /* WebProcessKillIDBCleanup.mm in Sources */ = {isa = PBXBuildFile; fileRef = 51714EB61CF8C7A4004723C4 /* WebProcessKillIDBCleanup.mm */; };
</span><span class="cx">          517E7E04151119C100D0B008 /* MemoryCachePruneWithinResourceLoadDelegate.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 517E7E031511187500D0B008 /* MemoryCachePruneWithinResourceLoadDelegate.html */; };
</span><ins>+               51820A4D22F4EE7F00DF0A01 /* JavascriptURLNavigation.mm in Sources */ = {isa = PBXBuildFile; fileRef = 51820A4C22F4EE7700DF0A01 /* JavascriptURLNavigation.mm */; };
</ins><span class="cx">           5182C22E1F2BCE540059BA7C /* WKURLSchemeHandler-leaks.mm in Sources */ = {isa = PBXBuildFile; fileRef = 5182C22D1F2BCB410059BA7C /* WKURLSchemeHandler-leaks.mm */; };
</span><span class="cx">          518C1153205B0504001FF4AE /* ProcessSwapOnNavigation.mm in Sources */ = {isa = PBXBuildFile; fileRef = 518C1152205B04F9001FF4AE /* ProcessSwapOnNavigation.mm */; };
</span><span class="cx">          518EE51820A78CE200E024F3 /* DoubleDefersLoading.mm in Sources */ = {isa = PBXBuildFile; fileRef = 518EE51620A78CDF00E024F3 /* DoubleDefersLoading.mm */; };
</span><span class="lines">@@ -1695,6 +1696,7 @@
</span><span class="cx">          51714EB91D087416004723C4 /* CrossThreadTask.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = CrossThreadTask.cpp; sourceTree = "<group>"; };
</span><span class="cx">          517E7DFB15110EA600D0B008 /* MemoryCachePruneWithinResourceLoadDelegate.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = MemoryCachePruneWithinResourceLoadDelegate.mm; sourceTree = "<group>"; };
</span><span class="cx">          517E7E031511187500D0B008 /* MemoryCachePruneWithinResourceLoadDelegate.html */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.html; path = MemoryCachePruneWithinResourceLoadDelegate.html; sourceTree = "<group>"; };
</span><ins>+               51820A4C22F4EE7700DF0A01 /* JavascriptURLNavigation.mm */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.objcpp; path = JavascriptURLNavigation.mm; sourceTree = "<group>"; };
</ins><span class="cx">           5182C22D1F2BCB410059BA7C /* WKURLSchemeHandler-leaks.mm */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.objcpp; path = "WKURLSchemeHandler-leaks.mm"; sourceTree = "<group>"; };
</span><span class="cx">          518C1152205B04F9001FF4AE /* ProcessSwapOnNavigation.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = ProcessSwapOnNavigation.mm; sourceTree = "<group>"; };
</span><span class="cx">          518EE51620A78CDF00E024F3 /* DoubleDefersLoading.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = DoubleDefersLoading.mm; sourceTree = "<group>"; };
</span><span class="lines">@@ -3745,6 +3747,7 @@
</span><span class="cx">                          C507E8A614C6545B005D6B3B /* InspectorBar.mm */,
</span><span class="cx">                          57F10D921C7E7B3800ECDF30 /* IsNavigationActionTrusted.mm */,
</span><span class="cx">                          4BB4160116815B2600824238 /* JSWrapperForNodeInWebFrame.mm */,
</span><ins>+                               51820A4C22F4EE7700DF0A01 /* JavascriptURLNavigation.mm */,
</ins><span class="cx">                           F4BFA68C1E4AD08000154298 /* LegacyDragAndDropTests.mm */,
</span><span class="cx">                          7A7B0E7E1EAFE454006AB8AE /* LimitTitleSize.mm */,
</span><span class="cx">                          57901FAE1CAF137100ED64F9 /* LoadInvalidURLRequest.mm */,
</span><span class="lines">@@ -4634,6 +4637,7 @@
</span><span class="cx">                          2EB242B821D4140B0055C1C0 /* UseSelectionAsFindString.mm in Sources */,
</span><span class="cx">                          7C83E03A1D0A602700FEBCF3 /* UtilitiesCocoa.mm in Sources */,
</span><span class="cx">                          7C83E0C61D0A654E00FEBCF3 /* VideoControlsManager.mm in Sources */,
</span><ins>+                               51820A4D22F4EE7F00DF0A01 /* JavascriptURLNavigation.mm in Sources */,
</ins><span class="cx">                           CD3065E02165682E00E895DF /* VideoQualityDisplayCompositing.mm in Sources */,
</span><span class="cx">                          115EB3431EE0BA03003C2C0A /* ViewportSizeForViewportUnits.mm in Sources */,
</span><span class="cx">                          6356FB221EC4E0BA0044BF18 /* VisibleContentRect.mm in Sources */,
</span></span></pre></div>
<a id="branchessafari6081branchToolsTestWebKitAPITestsmacJavascriptURLNavigationmm"></a>
<div class="addfile"><h4>Added: branches/safari-608.1-branch/Tools/TestWebKitAPI/Tests/mac/JavascriptURLNavigation.mm (0 => 248428)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-608.1-branch/Tools/TestWebKitAPI/Tests/mac/JavascriptURLNavigation.mm                            (rev 0)
+++ branches/safari-608.1-branch/Tools/TestWebKitAPI/Tests/mac/JavascriptURLNavigation.mm       2019-08-08 18:24:30 UTC (rev 248428)
</span><span class="lines">@@ -0,0 +1,206 @@
</span><ins>+/*
+ * Copyright (C) 2019 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#import "config.h"
+
+#if PLATFORM(MAC)
+
+#import "PlatformUtilities.h"
+#import "Test.h"
+#import "TestNavigationDelegate.h"
+#import "TestURLSchemeHandler.h"
+#import "TestWKWebView.h"
+#import <WebKit/WKUIDelegatePrivate.h>
+#import <WebKit/WKURLSchemeHandler.h>
+#import <WebKit/WKURLSchemeTaskPrivate.h>
+#import <WebKit/WKWebViewConfigurationPrivate.h>
+#import <WebKit/WebKit.h>
+#import <wtf/BlockPtr.h>
+#import <wtf/HashMap.h>
+#import <wtf/RetainPtr.h>
+#import <wtf/RunLoop.h>
+#import <wtf/Threading.h>
+#import <wtf/Vector.h>
+#import <wtf/text/StringHash.h>
+#import <wtf/text/WTFString.h>
+
+static RetainPtr<WKWebView> createdWebView;
+static RetainPtr<TestNavigationDelegate> navDelegate;
+
+@interface JavascriptURLNavigationDelegate : NSObject <WKUIDelegatePrivate>
+@end
+@implementation JavascriptURLNavigationDelegate
+
+- (void)_webViewRunModal:(WKWebView *)webView
+{
+    EXPECT_EQ(webView, createdWebView.get());
+}
+
+- (nullable WKWebView *)webView:(WKWebView *)webView createWebViewWithConfiguration:(WKWebViewConfiguration *)configuration forNavigationAction:(WKNavigationAction *)navigationAction windowFeatures:(WKWindowFeatures *)windowFeatures
+{
+    createdWebView = [[[TestWKWebView alloc] initWithFrame:NSMakeRect(0, 0, 800, 600) configuration:configuration] autorelease];
+    [createdWebView setUIDelegate:self];
+
+    navDelegate = adoptNS([[TestNavigationDelegate alloc] init]);
+    [navDelegate setDecidePolicyForNavigationAction:[&] (WKNavigationAction *action, void (^decisionHandler)(WKNavigationActionPolicy)) {
+        decisionHandler(WKNavigationActionPolicyAllow);
+    }];
+    [createdWebView setNavigationDelegate:navDelegate.get()];
+
+    return createdWebView.get();
+}
+
+- (void)_webViewClose:(WKWebView *)webView
+{
+    EXPECT_EQ(webView, createdWebView.get());
+    [webView _close];
+}
+
+@end
+
+static const char* mainResource = R"JSURLRESOURCE(
+<body>
+The initial frame should have "Hello there" in it.<br>
+The second frame should not.<br>
+<script>
+
+function createURL(data, type = 'text/html') {
+  return URL.createObjectURL(new Blob([data], {type: type}));
+}
+
+function waitForLoad() {
+    showModalDialog(createURL(`
+        <script>
+        var dataURLDelay = 400;
+        var earlyReturn = false;
+        function tryIt() {
+            if (earlyReturn)
+                return;
+            try {
+                opener.frame.contentDocument.x;
+            } catch (e) {
+                earlyReturn = true;
+                setTimeout(window.close, dataURLDelay * 1.5);
+            }
+        };
+        setTimeout(tryIt, dataURLDelay);
+        setTimeout(tryIt, dataURLDelay * 1.5);
+        setTimeout(tryIt, dataURLDelay * 2);
+        setTimeout(tryIt, dataURLDelay * 2.5);
+        setTimeout(window.close, dataURLDelay * 3);
+        </scrip` + 't>'
+    ));
+}
+
+function runTest() {
+    window.onmessage = null;
+
+    frame = document.createElement('iframe');
+    frame.src = location;
+    document.body.appendChild(frame);
+
+    frame.contentDocument.open();
+    frame.contentWindow.addEventListener('readystatechange', () => {
+        a = frame.contentDocument.createElement('a');
+        a.href = targetURL;
+        a.click();
+        waitForLoad();
+    }, {capture: true, once: true});
+
+    var javascriptSource = `
+    <script>
+    alert(document.documentElement.outerHTML);
+    function checkIt() {
+        if (document.documentElement.outerHTML.includes('Hello worl' + 'd')) {
+            console.log('Failed');
+            if (window.webkit.messageHandlers && window.webkit.messageHandlers.testHandler)
+                window.webkit.messageHandlers.testHandler.postMessage('Failed');
+        } else {
+            console.log('Passed');
+            if (window.webkit.messageHandlers && window.webkit.messageHandlers.testHandler)
+                window.webkit.messageHandlers.testHandler.postMessage('Passed');
+        }
+    }
+    setTimeout(checkIt, 0);
+    </scrip` + 't>';
+    frame.src = 'javascript:"' + javascriptSource + '"';
+}
+window.onmessage = runTest;
+
+var targetSource = `
+<script>
+function writeIt() {
+    document.write('Hello world');
+    parent.postMessage('go', '` + window.location.origin + `');
+}
+setTimeout(writeIt, 400);
+</scrip` + 't>';
+
+targetURL = 'data:text/html,' + targetSource;
+loadedOnce = document.body.appendChild(document.createElement('iframe'));
+loadedOnce.src = targetURL;
+</script>
+</body>
+)JSURLRESOURCE";
+
+
+TEST(WKWebView, JavascriptURLNavigation)
+{
+    static bool done;
+
+    auto delegate = adoptNS([[JavascriptURLNavigationDelegate alloc] init]);
+    auto handler = adoptNS([[TestURLSchemeHandler alloc] init]);
+    auto configuration = adoptNS([[WKWebViewConfiguration alloc] init]);
+    [configuration setURLSchemeHandler:handler.get() forURLScheme:@"jsurl"];
+    auto webView = adoptNS([[TestWKWebView alloc] initWithFrame:CGRectMake(0, 0, 800, 600) configuration:configuration.get()]);
+    [webView setUIDelegate:delegate.get()];
+
+    [webView performAfterReceivingMessage:@"Passed" action:^() {
+        done = true;
+    }];
+    [webView performAfterReceivingMessage:@"Failed" action:^() {
+        done = true;
+        FAIL();
+    }];
+
+    [handler setStartURLSchemeTaskHandler:^(WKWebView *, id<WKURLSchemeTask> task) {
+
+        if (![task.request.URL.absoluteString isEqualToString:@"jsurl://host1/main.html"]) {
+            // We only expect the URL above.
+            FAIL();
+        }
+
+        auto response = adoptNS([[NSURLResponse alloc] initWithURL:task.request.URL MIMEType:@"text/html" expectedContentLength:0 textEncodingName:nil]);
+        [task didReceiveResponse:response.get()];
+        [task didReceiveData:[NSData dataWithBytes:mainResource length:strlen(mainResource)]];
+        [task didFinish];
+    }];
+
+    [webView loadRequest:[NSURLRequest requestWithURL:[NSURL URLWithString:@"jsurl://host1/main.html"]]];
+
+    TestWebKitAPI::Util::run(&done);
+}
+
+#endif // PLATFORM(MAC)
</ins></span></pre>
</div>
</div>

</body>
</html>