Bug 158494
| Summary: | Universal links open native applications while using [WKWebsiteDataStore nonPersistentDataStore] | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | michaeldo |
| Component: | Page Loading | Assignee: | Nobody <webkit-unassigned> |
| Status: | NEW | ||
| Severity: | Major | CC: | andersca, beidson, mitz, sam |
| Priority: | P2 | Keywords: | InRadar |
| Version: | Safari 9 | ||
| Hardware: | iPhone / iPad | ||
| OS: | Unspecified | ||
michaeldo
When a user clicks a link while in a WKWebView in "private browsing" mode, Universal Links still open the native application. This has privacy implications as it unexpectedly removes the user from the private context, exposing the data they selected to the native application.
Steps to reproduce:
1) Install and log in to the LinkedIn app
2) Open Safari and enter "Private" mode (or an app using a WKWebView with nonPersistentDataStore)
3) Search for somebody's LinkedIn and click on the link
Expected behavior:
Safari/WKWebView should open the URL directly within the Private context instead of launching the native app.
Actual behavior:
The link navigates to the LinkedIn application and display's the selected user's profile.
Radar: 26682400
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |