[Webkit-unassigned] [Bug 151658] New: Provide public API for _committedURL
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Nov 30 09:24:04 PST 2015
https://bugs.webkit.org/show_bug.cgi?id=151658
Bug ID: 151658
Summary: Provide public API for _committedURL
Classification: Unclassified
Product: WebKit
Version: WebKit Nightly Build
Hardware: iOS
OS: All
Status: NEW
Severity: Normal
Priority: P2
Component: WebKit2
Assignee: webkit-unassigned at lists.webkit.org
Reporter: stuartmorgan at chromium.org
Knowing the committed URL of the page is critical for a variety of security purposes (knowing what to show for a render-initiated navigation, knowing the origin for integrating with native features such as password autofill, etc.)
The "URL" property of WKWebView is unsuitable for those purposes, since it includes pending URLs as soon as a provisional navigation starts. Trying to track the committed URL via navigation delegates and KVO callbacks is quite complicated, and potentially error-prone, meaning the lack of this API increases the chances of security issues in software based on WKWebView.
There is a private property called _committedURL, which is presumably exactly this information. It should be a public API so that clients can more easily write secure software.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20151130/b41c1e89/attachment.html>
More information about the webkit-unassigned
mailing list