[Webkit-unassigned] [Bug 230158] New: Do not allow redirecting to data: or about: URLs

Fri Sep 10 09:33:47 PDT 2021

https://bugs.webkit.org/show_bug.cgi?id=230158

            Bug ID: 230158
           Summary: Do not allow redirecting to data: or about: URLs
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebCore Misc.
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: d at domenic.me

See the spec change in https://github.com/whatwg/html/pull/7042 and the tests at

- https://github.com/web-platform-tests/wpt/pull/30398
- https://github.com/web-platform-tests/wpt/pull/30418

For data: URLs, Safari seems to allow redirects in iframes, and hang the load forever in top-level windows.

For about: URLs in iframes (didn't test top-level windows), Safari seems to allow redirects to about:blank and about:srcdoc, but give a network error page for about:nonstandard.

In all cases the newly specced behavior is to display a network error page.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20210910/11dcc42f/attachment.htm>