Bug 230158

Summary: Do not allow redirecting to data: or about: URLs
Product: WebKit Reporter: Domenic Denicola <d>
Component: WebCore Misc.Assignee: Chris Dumez <cdumez>
Status: RESOLVED FIXED    
Severity: Normal CC: webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   

Description Domenic Denicola 2021-09-10 09:33:47 PDT 
See the spec change in https://github.com/whatwg/html/pull/7042 and the tests at

- https://github.com/web-platform-tests/wpt/pull/30398
- https://github.com/web-platform-tests/wpt/pull/30418

For data: URLs, Safari seems to allow redirects in iframes, and hang the load forever in top-level windows.

For about: URLs in iframes (didn't test top-level windows), Safari seems to allow redirects to about:blank and about:srcdoc, but give a network error page for about:nonstandard.

In all cases the newly specced behavior is to display a network error page.
Comment 1 Radar WebKit Bug Importer 2021-09-17 09:34:14 PDT 
<rdar://problem/83244357>
Comment 2 Chris Dumez 2022-09-15 16:32:18 PDT 
Pull request: https://github.com/WebKit/WebKit/pull/4407
Comment 3 EWS 2022-09-18 16:05:11 PDT 
Committed 254619@main (cf4ebbe5d88a): <https://commits.webkit.org/254619@main>

Reviewed commits have been landed. Closing PR #4407 and removing active labels.