[Webkit-unassigned] [Bug 158494] New: Universal links open native applications while using [WKWebsiteDataStore nonPersistentDataStore]

[bugzilla-daemon at webkit.org]

https://bugs.webkit.org/show_bug.cgi?id=158494

            Bug ID: 158494
           Summary: Universal links open native applications while using
                    [WKWebsiteDataStore nonPersistentDataStore]
    Classification: Unclassified
           Product: WebKit
           Version: Safari 9
          Hardware: iOS
                OS: Unspecified
            Status: NEW
          Severity: Major
          Priority: P2
         Component: Page Loading
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: michaeldo at chromium.org
                CC: beidson at apple.com

When a user clicks a link while in a WKWebView in "private browsing" mode, Universal Links still open the native application. This has privacy implications as it unexpectedly removes the user from the private context, exposing the data they selected to the native application. 

Steps to reproduce:
1) Install and log in to the LinkedIn app
2) Open Safari and enter "Private" mode (or an app using a WKWebView with nonPersistentDataStore)
3) Search for somebody's LinkedIn and click on the link

Expected behavior:
Safari/WKWebView should open the URL directly within the Private context instead of launching the native app.

Actual behavior:
The link navigates to the LinkedIn application and display's the selected user's profile.

Radar: 26682400

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160607/987a8c42/attachment.html>