[Webkit-unassigned] [Bug 241432] New: execCommand('undo') allows to restore closed tabs from HTML

Wed Jun 8 13:20:39 PDT 2022

https://bugs.webkit.org/show_bug.cgi?id=241432

            Bug ID: 241432
           Summary: execCommand('undo') allows to restore closed tabs from
                    HTML
           Product: WebKit
           Version: Safari 15
          Hardware: Mac (Apple Silicon)
               URL: https://jsfiddle.net/tg3njfmu/1/
                OS: macOS 10.15
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: HTML Editing
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: zlip.792 at gmail.com
                CC: ap at webkit.org, rniwa at webkit.org,
                    wenson_hsieh at apple.com, wilander at apple.com,
                    zalan at apple.com

Hi Team,

I hope you are doing great.

Based on below attached JS Fiddle, I am able to reopen closed tabs (CMD+SHIFT+T) behavior via HTML.

JSFiddle - https://jsfiddle.net/tg3njfmu/1/show/

HTML - <button onclick="document.execCommand('undo', false, null);">undo</button>

NOTE - Tab Reopening does not work in "Private Mode".

Expected Results - It should not reopen "closed tabs" like other browsers.

Actual Results - In non-private window, it reopens "closed tabs".

I noticed that Google Chrome team changed it deeming possible security risks in following commit - https://chromium.googlesource.com/chromium/src/+/512508f0d652a006407ce66aafcd339b296a5276

Appreciate if you can look into this. Thanks!

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20220608/b0c23753/attachment.htm>