297874 2025-08-25 14:49:56 -0700 [Site Isolation] Crash when accessing cross origin iframe contentWindow from WebInspector 2025-09-09 15:47:20 -0700 1 1 1 Unclassified WebKit WebKit Process Model WebKit Local Build Mac (Apple Silicon) macOS 26 RESOLVED FIXED InRadar P2 Normal --- 1 a.tarbinian webkit-unassigned nham webkit-bug-importer oldest_to_newest 2138690 0 a.tarbinian 2025-08-25 14:49:56 -0700 rdar://159134034 InRadar 2138702 1 a.tarbinian 2025-08-25 15:19:12 -0700 Summary: Crash when accessing the contenWindow attribute of a cross origin iframe with site isolation turned on. Only reproducible when running JS from the WebInspector. Steps To Reproduce: 1. Open MiniBrowser 2. Ensure that site isolation is enabled (Settings -> Internal Features -> Site Isolation) 3. Navigate to about:blank 4. Open the Web Inspector Console 5. Run the following JS in the console: ``` let i = document.createElement('iframe'); document.body.appendChild(i); i.src = 'https://example.org'; console.log(i.contentWindow); ``` Results: Observe a crash when trying to access the contentWindow attribute. Crash occurs because a downcast from RemoteDOMWindow to LocalDOMWindow fails (specifically fails this assert https://searchfox.org/wubkat/source/Source/WTF/wtf/TypeCasts.h#96). The downcast is invoked from `WebCore::activeDOMWindow` which was originally called from `JSDOMBindingSecurity::remoteFrameAccessError` https://searchfox.org/wubkat/source/Source/WebCore/bindings/js/JSDOMBindingSecurity.cpp#49. Regression: Issue only occurs from running the JS inside the WebInspector. Adding a cross origin iframe and accessing its contentWindow works fine in layout tests, just note in the WebInspector UI. Reproducing on WebKit commit 9892235 from 8/20. 2138708 2 a.tarbinian 2025-08-25 15:44:30 -0700 Pull request: https://github.com/WebKit/WebKit/pull/49861 2141991 3 ews-feeder 2025-09-09 15:47:16 -0700 Committed 299777@main (8fb7be5683f4): <https://commits.webkit.org/299777@main> Reviewed commits have been landed. Closing PR #49861 and removing active labels.