[Webkit-unassigned] [Bug 196989] New: Parent window's `history.state` is set to `null` when `history.pushState` is called by a child iframe
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Apr 16 15:01:11 PDT 2019
https://bugs.webkit.org/show_bug.cgi?id=196989
Bug ID: 196989
Summary: Parent window's `history.state` is set to `null` when
`history.pushState` is called by a child iframe
Product: WebKit
Version: Safari 12
Hardware: Macintosh
OS: macOS 10.14
Status: NEW
Severity: Normal
Priority: P2
Component: Frames
Assignee: webkit-unassigned at lists.webkit.org
Reporter: contact at atticuswhite.com
Created attachment 367577
--> https://bugs.webkit.org/attachment.cgi?id=367577&action=review
Reproducible output example
When an `iframe` calls `window.history.pushState`, the parent window's `window.history.state` becomes replaced with a `null` value.
Steps to reproduce:
1. Give the top page a `history.state` value (eg, call `window.history.pushState({something}, 'something')`)
2. In an iframe, perform `window.history.pushState(...)`
3. In the top page, observe that `history.state` has become set to `null`
Expected behavior:
The top page's `history.state` would remain untouched.
Here's a minimal reproducible example that can be ran in the JS console on `bugs.webkit.org` directly:
```
(() => {
const logHistoryStates = (frame) => {
console.log('[top] window.history.state', window.history.state);
console.log('[iframe] window.history.state', frame.contentWindow.history.state);
};
// Create a mock state
window.history.pushState({hello: 'world'}, 'mock bugs.webkit.org history state')
// Append an iframe with the same origin
var iframe = document.createElement('iframe');
iframe.src = 'https://bugs.webkit.org';
document.body.appendChild(iframe);
// Take a look at the current `history.state` values for both the page and iframe.
logHistoryStates(iframe);
// Let the iframe load, and then simulate a `history.pushState`
setTimeout(() => {
console.log('[iframe] history.pushState')
iframe.contentWindow.history.pushState({foo: 'bar'}, 'mock iframe history state change');
// Observe the parent window's `history.state` has been corrupted
logHistoryStates(iframe);
}, 1000);
})()
```
Attached is a screenshot of the output differences between Safari and Chrome.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20190416/b7b15a09/attachment-0001.html>
More information about the webkit-unassigned
mailing list