| Summary: | Allow a same-origin <iframe> to programmatically navigate its top frame to an external URL | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Product: | WebKit | Reporter: | Alexey Shvayka <ashvayka> | ||||||||
| Component: | New Bugs | Assignee: | Alexey Shvayka <ashvayka> | ||||||||
| Status: | NEW --- | ||||||||||
| Severity: | Normal | CC: | ahmad.saleem792, beidson, cdumez, esprehn+autocc, ews-watchlist, ggaren, hi, japhet, joepeck, kondapallykalyan, pangle, webkit-bug-importer | ||||||||
| Priority: | P2 | Keywords: | InRadar | ||||||||
| Version: | WebKit Nightly Build | ||||||||||
| Hardware: | Unspecified | ||||||||||
| OS: | Unspecified | ||||||||||
| Bug Depends on: | |||||||||||
| Bug Blocks: | 231702 | ||||||||||
| Attachments: |
|
||||||||||
|
Description
Alexey Shvayka
2021-08-15 08:17:09 PDT
Created attachment 435564 [details]
Patch
Comment on attachment 435564 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=435564&action=review I think the general approach to allow an iframe to open an external URL, if and only if it is same origin and a top-level navigation, seems sounds, and a good way to resolve the regression. It's sound because you're right, there was never any security boundary there anyway. And, of course, we want to resolve the regression. > Source/WebCore/ChangeLog:20 > + This patch reverts r280826 and makes it legal for iframes to open external URLs makes it legal for same-origin iframes Created attachment 441758 [details]
Patch
Same idea, way better implementation that enabled nice refactoring.
Created attachment 441796 [details]
Patch
Fix iOS build, ignore http/tests/navigation-policy on non-WK2, and fix isMainFrame() called on nullptr.
Comment on attachment 441796 [details]
Patch
r=me
I recommend double-checking where the ShouldOpenExternalURLsPolicy originates in the navigation request, and verifying that it enforces a main frame requirement.
Checking via BugID, it seems this r+ patch didn't landed. Is this needed now? Thanks! |