Bug 191828

Summary: [PSON] Received an invalid message "WebPageProxy.DidPerformClientRedirect" from the web process
Product: WebKit Reporter: Chris Dumez <cdumez>
Component: WebKit2Assignee: Chris Dumez <cdumez>
Status: RESOLVED FIXED    
Severity: Normal CC: achristensen, ap, beidson, bfulgham, commit-queue, ggaren, koivisto, rniwa, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on: 191982    
Bug Blocks:    
Attachments:
Description Flags
Patch none

Description Chris Dumez 2018-11-18 20:18:28 PST
WebContent crashes and "Received an invalid message "WebPageProxy.DidPerformClientRedirect" from the web process" gets logged on cross-site client-side redirect from a file:// URL.
Comment 1 Chris Dumez 2018-11-18 20:27:31 PST
Created attachment 355251 [details]
Patch
Comment 2 Chris Dumez 2018-11-18 20:27:49 PST
<rdar://problem/46129456>
Comment 3 WebKit Commit Bot 2018-11-18 23:14:59 PST
Comment on attachment 355251 [details]
Patch

Clearing flags on attachment: 355251

Committed r238368: <https://trac.webkit.org/changeset/238368>
Comment 4 WebKit Commit Bot 2018-11-18 23:15:01 PST
All reviewed patches have been landed.  Closing bug.
Comment 5 Alexey Proskuryakov 2018-11-19 21:33:37 PST
Comment on attachment 355251 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=355251&action=review

> Source/WebKit/UIProcess/WebPageProxy.cpp:-4446
> -    MESSAGE_CHECK_URL(sourceURLString);

Removing a security check here doesn't look right at all.

Surely we now have a situation where we don't properly track past URLs. But that doesn't mean that it's OK for the web process to send redirect messages with dangerous URLs! These are passed down to clients, so it's unlikely to be harmless.