Reduction coming.
Created attachment 14269 [details] reduction
I believe the problem is that the FrameLoader special-cases javascript: URLs to execute them, and the special-casing code ignores the target attribute.
Works in Firefox. This is not a regression.
Created attachment 14270 [details] better reduction
We should be careful to get the security checks right when we fix this bug.
My observations are as follows, 1)In the API FrameLoader::urlSelected() I found that the case when there is a target attribute along with javascript, target is ignored. Here if the link is javascript then the script is executed and the control returns without considering the target attribute.The target attribute is considered only if its not a javascript. I tried the following, 1) Execute the javascript directly if the target is empty. 2) If the target is not empty then load the form and then execute the script in the new form. Now the safari is failing to load the URL on the target while doing navigation policy check. WebFrame::dispatchDecidePolicyForNavigationAction() { if (SUCCEEDED(policyDelegate->decidePolicyForNavigationAction(d->webView, actionInformation.get(), urlRequest.get(), this, setUpPolicyListener(function).get()))) return; } This check is failing.
*** Bug 27326 has been marked as a duplicate of this bug. ***
*** Bug 97351 has been marked as a duplicate of this bug. ***
Bug https://bugs.webkit.org/show_bug.cgi?id=174891 seems to be a duplicate of this, OTOH that one has a modern WPT test...