[Webkit-unassigned] [Bug 182248] Supporting allow-top-navigation-by-user-activation to iframe sandbox

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Feb 6 01:55:01 PST 2018 

https://bugs.webkit.org/show_bug.cgi?id=182248

--- Comment #7 from Frédéric Wang (:fredw) <fred.wang at free.fr> ---
(In reply to Brent Fulgham from comment #6)
> > If it's still working in current STP, then I would expect it to be available
> > in an upcoming release.
> > 
> > So, as long as it's working in current STP, it hasn't been regressed and it
> > just hasn't been in the branch used for shipping Safari (yet).
> 
> For example, someone could try it in the Developer Seed published a week or
> so ago. That's the best metric for when you might expect to see it released.

So I just tested the following pages:

- WPT test (allow user navigation) http://w3c-test.org/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_allow_top_navigation_by_user_activation-manual.html (it's manual, you must click the 'navigate the top page' to check the result)
- WPT test (forbid automatic navigation) http://w3c-test.org/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_allow_top_navigation_by_user_activation_without_user_gesture.html
- WebKit demos (several manual tests) https://webkit.org/demos/frames/sandboxing/
- Reporter's demo: http://rev.cbsi.com/corey/test/iframe/redirect/sandbox_allow-top-nav-by-user.html

All of them work for me with Safari Tech Preview 48 on macOS (note that you may need to go to Safari's security preference in order to allow popups). With the latest Safari release (11.0.3) allow-top-navigation-by-user-activation does not have any effect so the fix has not been integrated yet.

Regarding Derek's test case, I understand that automatic redirect/popup should be blocked while top/parent/blank navigation by user click should work. This is what happens with Safari Tech Preview 48, except that the _blank popup is blocked (adding the allow-popups flag does allow such a popup). Chrome 64 behaves the same.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20180206/7d309f62/attachment.html>

More information about the webkit-unassigned mailing list