[Webkit-unassigned] [Bug 246372] New: imported/w3c/web-platform-tests/content-security-policy/inheritance/history-iframe.sub.html fails to navigate back in history to srcdoc iframe

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Oct 11 16:03:25 PDT 2022 

https://bugs.webkit.org/show_bug.cgi?id=246372

            Bug ID: 246372
           Summary: imported/w3c/web-platform-tests/content-security-polic
                    y/inheritance/history-iframe.sub.html fails to
                    navigate back in history to srcdoc iframe
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: History
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: rreno at apple.com

We're timing out on the srcdoc subtests of the named WPT. After playing with this a little bit I believe this is because when we navigate back in history with window.history.back() we aren't navigating back to the srcdoc but instead to the document before we set srcdoc attribute.

I reproduced this by reducing the WPT subtest to this:

message.html:
--------------
<!DOCTYPE html>
<script>
top.postMessage("ready", "*");
</script>

message-and-back.html:
--------------
<!DOCTYPE html>
<script>
top.postMessage({msg:"message-and-back"}, "*");
window.history.back();
</script>

srcdoc.html:
--------------
<!DOCTYPE html>
<script>
const message_from = (starts_with) => {
    return new Promise(resolve => {
      window.addEventListener('message', msg => {
          if (!starts_with || msg.data.msg.startsWith(starts_with))
            resolve(msg.data.msg);
      });
    });
  };

const htmlPayload = `
      <!DOCTYPE html>
      <script>
        function ready() {
            top.postMessage({msg:'sdoc'}, '*');
        }
      <\/script>
      <body onpageshow='ready()'>
          <h1>Hello world!<\/h1>
      <\/body>
      <\/html>
`;

async function run() {
    let i = document.createElement("iframe");
    document.body.appendChild(i);
    i.contentWindow.location = "message.html";
    await message_from("ready");
    i.srcdoc = html_payload;
    await message_from("sdoc");
    i.contentWindow.location = "message-and-back.html";
    await message_from("message-and-back");
    await message_from("sdoc"); // <-- this is where WPT hangs and times out
}
</script>
<body onload="run()"></body>

If I serve and navigate to srcdoc.html and check the inspector, the iframe has the expected srcdoc attribute but the document in the frame is actually the content of message.html

I think we're either mistakenly not putting the srcdoc entry in history or the spec tells us not to and the WPT needs to change. I'll need to take a closer look.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20221011/feff97c9/attachment.htm>

More information about the webkit-unassigned mailing list