[Webkit-unassigned] [Bug 151658] New: Provide public API for _committedURL

Mon Nov 30 09:24:04 PST 2015

https://bugs.webkit.org/show_bug.cgi?id=151658

            Bug ID: 151658
           Summary: Provide public API for _committedURL
    Classification: Unclassified
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: iOS
                OS: All
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebKit2
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: stuartmorgan at chromium.org

Knowing the committed URL of the page is critical for a variety of security purposes (knowing what to show for a render-initiated navigation, knowing the origin for integrating with native features such as password autofill, etc.)

The "URL" property of WKWebView is unsuitable for those purposes, since it includes pending URLs as soon as a provisional navigation starts. Trying to track the committed URL via navigation delegates and KVO callbacks is quite complicated, and potentially error-prone, meaning the lack of this API increases the chances of security issues in software based on WKWebView.

There is a private property called _committedURL, which is presumably exactly this information. It should be a public API so that clients can more easily write secure software.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20151130/b41c1e89/attachment.html>