Setting a frame's src to a javascript URL should not run it synchronously. Firefox and Chrome appear to schedule a navigation to that javascript URL instead.
Created attachment 368689[details]
Archive of layout-test-results from ews106 for mac-highsierra-wk2
The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews.
Bot: ews106 Port: mac-highsierra-wk2 Platform: Mac OS X 10.13.6
Created attachment 368690[details]
Archive of layout-test-results from ews115 for mac-highsierra
The attached test failures were seen while running run-webkit-tests on the mac-debug-ews.
Bot: ews115 Port: mac-highsierra Platform: Mac OS X 10.13.6
Created attachment 368691[details]
Archive of layout-test-results from ews122 for ios-simulator-wk2
The attached test failures were seen while running run-webkit-tests on the ios-sim-ews.
Bot: ews122 Port: ios-simulator-wk2 Platform: Mac OS X 10.14.4
Created attachment 368693[details]
Archive of layout-test-results from ews101 for mac-highsierra
The attached test failures were seen while running run-webkit-tests on the mac-ews.
Bot: ews101 Port: mac-highsierra Platform: Mac OS X 10.13.6
Created attachment 368719[details]
Archive of layout-test-results from ews103 for mac-highsierra
The attached test failures were seen while running run-webkit-tests on the mac-ews.
Bot: ews103 Port: mac-highsierra Platform: Mac OS X 10.13.6
Created attachment 368723[details]
Archive of layout-test-results from ews104 for mac-highsierra-wk2
The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews.
Bot: ews104 Port: mac-highsierra-wk2 Platform: Mac OS X 10.13.6
Created attachment 368725[details]
Archive of layout-test-results from ews114 for mac-highsierra
The attached test failures were seen while running run-webkit-tests on the mac-debug-ews.
Bot: ews114 Port: mac-highsierra Platform: Mac OS X 10.13.6
Attachment 368729[details] did not pass style-queue:
ERROR: Source/WebCore/loader/SubframeLoader.cpp:106: One line control clauses should not use braces. [whitespace/braces] [4]
Total errors found: 1 in 22 files
If any of these errors are false positives, please file a bug against check-webkit-style.
Attachment 368732[details] did not pass style-queue:
ERROR: Source/WebCore/loader/SubframeLoader.cpp:106: One line control clauses should not use braces. [whitespace/braces] [4]
Total errors found: 1 in 25 files
If any of these errors are false positives, please file a bug against check-webkit-style.
Created attachment 368741[details]
Archive of layout-test-results from ews104 for mac-highsierra-wk2
The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews.
Bot: ews104 Port: mac-highsierra-wk2 Platform: Mac OS X 10.13.6
Created attachment 368742[details]
Archive of layout-test-results from ews101 for mac-highsierra
The attached test failures were seen while running run-webkit-tests on the mac-ews.
Bot: ews101 Port: mac-highsierra Platform: Mac OS X 10.13.6
Created attachment 368750[details]
Archive of layout-test-results from ews114 for mac-highsierra
The attached test failures were seen while running run-webkit-tests on the mac-debug-ews.
Bot: ews114 Port: mac-highsierra Platform: Mac OS X 10.13.6
Created attachment 368751[details]
Archive of layout-test-results from ews125 for ios-simulator-wk2
The attached test failures were seen while running run-webkit-tests on the ios-sim-ews.
Bot: ews125 Port: ios-simulator-wk2 Platform: Mac OS X 10.14.4
Attachment 368756[details] did not pass style-queue:
ERROR: Source/WebCore/ChangeLog:10: Please consider whether the use of security-sensitive phrasing could help someone exploit WebKit: security bug [changelog/unwantedsecurityterms] [3]
Total errors found: 1 in 37 files
If any of these errors are false positives, please file a bug against check-webkit-style.
Attachment 368757[details] did not pass style-queue:
ERROR: Source/WebCore/ChangeLog:10: Please consider whether the use of security-sensitive phrasing could help someone exploit WebKit: security bug [changelog/unwantedsecurityterms] [3]
Total errors found: 1 in 34 files
If any of these errors are false positives, please file a bug against check-webkit-style.
Attachment 368758[details] did not pass style-queue:
ERROR: Source/WebCore/ChangeLog:10: Please consider whether the use of security-sensitive phrasing could help someone exploit WebKit: security bug [changelog/unwantedsecurityterms] [3]
Total errors found: 1 in 34 files
If any of these errors are false positives, please file a bug against check-webkit-style.
Created attachment 368762[details]
Archive of layout-test-results from ews103 for mac-highsierra
The attached test failures were seen while running run-webkit-tests on the mac-ews.
Bot: ews103 Port: mac-highsierra Platform: Mac OS X 10.13.6
Created attachment 368763[details]
Archive of layout-test-results from ews115 for mac-highsierra
The attached test failures were seen while running run-webkit-tests on the mac-debug-ews.
Bot: ews115 Port: mac-highsierra Platform: Mac OS X 10.13.6
Created attachment 368764[details]
Archive of layout-test-results from ews105 for mac-highsierra-wk2
The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews.
Bot: ews105 Port: mac-highsierra-wk2 Platform: Mac OS X 10.13.6
Created attachment 368765[details]
Archive of layout-test-results from ews123 for ios-simulator-wk2
The attached test failures were seen while running run-webkit-tests on the ios-sim-ews.
Bot: ews123 Port: ios-simulator-wk2 Platform: Mac OS X 10.14.4
Created attachment 368781[details]
Archive of layout-test-results from ews210 for win-future
The attached test failures were seen while running run-webkit-tests on the win-ews.
Bot: ews210 Port: win-future Platform: CYGWIN_NT-10.0-17763-3.0.5-338.x86_64-x86_64-64bit
Attachment 368786[details] did not pass style-queue:
ERROR: Source/WebCore/ChangeLog:10: Please consider whether the use of security-sensitive phrasing could help someone exploit WebKit: security bug [changelog/unwantedsecurityterms] [3]
Total errors found: 1 in 36 files
If any of these errors are false positives, please file a bug against check-webkit-style.
Created attachment 368793[details]
Archive of layout-test-results from ews103 for mac-highsierra
The attached test failures were seen while running run-webkit-tests on the mac-ews.
Bot: ews103 Port: mac-highsierra Platform: Mac OS X 10.13.6
Created attachment 368796[details]
Archive of layout-test-results from ews107 for mac-highsierra-wk2
The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews.
Bot: ews107 Port: mac-highsierra-wk2 Platform: Mac OS X 10.13.6
Created attachment 368805[details]
Archive of layout-test-results from ews126 for ios-simulator-wk2
The attached test failures were seen while running run-webkit-tests on the ios-sim-ews.
Bot: ews126 Port: ios-simulator-wk2 Platform: Mac OS X 10.14.4
Attachment 368807[details] did not pass style-queue:
ERROR: Source/WebCore/ChangeLog:10: Please consider whether the use of security-sensitive phrasing could help someone exploit WebKit: security bug [changelog/unwantedsecurityterms] [3]
Total errors found: 1 in 33 files
If any of these errors are false positives, please file a bug against check-webkit-style.
Attachment 368813[details] did not pass style-queue:
ERROR: Source/WebCore/ChangeLog:10: Please consider whether the use of security-sensitive phrasing could help someone exploit WebKit: security bug [changelog/unwantedsecurityterms] [3]
Total errors found: 1 in 33 files
If any of these errors are false positives, please file a bug against check-webkit-style.
Comment on attachment 368813[details]
Patch
View in context: https://bugs.webkit.org/attachment.cgi?id=368813&action=review> Source/WebCore/ChangeLog:10
> + to execute it asynchronously, which was a source of security bugs and also did
asynchronously -> synchronously
> Source/WebCore/loader/NavigationScheduler.cpp:425
> + return completionHandler();
Heh, the "return void" debate. I will refrain from commenting further.
> Source/WebCore/loader/SubframeLoader.cpp:90
> + // If we will schedule a javascript URL load, we need to delay the firing of the load event at least until we've run the javascript URL.
I think it’s strange wording to say "run the javascript URL"; maybe "run the JavaScript in the URL"?
Attachment 368821[details] did not pass style-queue:
ERROR: Source/WebCore/ChangeLog:10: Please consider whether the use of security-sensitive phrasing could help someone exploit WebKit: security bug [changelog/unwantedsecurityterms] [3]
Total errors found: 1 in 33 files
If any of these errors are false positives, please file a bug against check-webkit-style.
> ERROR: Source/WebCore/ChangeLog:10: Please consider whether the use of
> security-sensitive phrasing could help someone exploit WebKit: security bug
> [changelog/unwantedsecurityterms] [3]
Slightly surprised you decided to leave the word "security" in the change log.
(In reply to Darin Adler from comment #66)
> > ERROR: Source/WebCore/ChangeLog:10: Please consider whether the use of
> > security-sensitive phrasing could help someone exploit WebKit: security bug
> > [changelog/unwantedsecurityterms] [3]
>
> Slightly surprised you decided to leave the word "security" in the change
> log.
Ok, I will remove it. In the context, it did not particularly bother me.
2019-05-01 10:24 PDT, Chris Dumez
2019-05-01 11:44 PDT, EWS Watchlist
2019-05-01 12:14 PDT, EWS Watchlist
2019-05-01 12:22 PDT, EWS Watchlist
2019-05-01 12:34 PDT, EWS Watchlist
2019-05-01 13:35 PDT, Chris Dumez
2019-05-01 14:10 PDT, Chris Dumez
2019-05-01 14:18 PDT, Chris Dumez
2019-05-01 14:20 PDT, Chris Dumez
2019-05-01 15:11 PDT, EWS Watchlist
2019-05-01 15:43 PDT, EWS Watchlist
2019-05-01 15:59 PDT, EWS Watchlist
2019-05-01 16:10 PDT, Chris Dumez
2019-05-01 16:27 PDT, Chris Dumez
2019-05-01 16:44 PDT, Chris Dumez
2019-05-01 17:00 PDT, Chris Dumez
2019-05-01 18:06 PDT, EWS Watchlist
2019-05-01 18:08 PDT, EWS Watchlist
2019-05-01 19:01 PDT, EWS Watchlist
2019-05-01 19:38 PDT, EWS Watchlist
2019-05-01 20:26 PDT, Chris Dumez
2019-05-01 20:38 PDT, Chris Dumez
2019-05-01 21:01 PDT, Chris Dumez
2019-05-01 21:06 PDT, Chris Dumez
2019-05-01 22:00 PDT, EWS Watchlist
2019-05-01 22:31 PDT, EWS Watchlist
2019-05-01 22:45 PDT, EWS Watchlist
2019-05-01 23:16 PDT, EWS Watchlist
2019-05-02 10:11 PDT, EWS Watchlist
2019-05-02 10:35 PDT, Chris Dumez
2019-05-02 11:20 PDT, EWS Watchlist
2019-05-02 11:30 PDT, EWS Watchlist
2019-05-02 12:33 PDT, EWS Watchlist
2019-05-02 12:34 PDT, Chris Dumez
2019-05-02 13:25 PDT, Chris Dumez
2019-05-02 14:29 PDT, Chris Dumez
2019-05-02 15:08 PDT, Chris Dumez