Bug 230158

Summary: Do not allow redirecting to data: or about: URLs
Product: WebKit Reporter: Domenic Denicola <d>
Component: WebCore Misc.Assignee: Chris Dumez <cdumez>
Status: RESOLVED FIXED    
Severity: Normal CC: webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   

Domenic Denicola
Reported 2021-09-10 09:33:47 PDT
See the spec change in https://github.com/whatwg/html/pull/7042 and the tests at - https://github.com/web-platform-tests/wpt/pull/30398 - https://github.com/web-platform-tests/wpt/pull/30418 For data: URLs, Safari seems to allow redirects in iframes, and hang the load forever in top-level windows. For about: URLs in iframes (didn't test top-level windows), Safari seems to allow redirects to about:blank and about:srcdoc, but give a network error page for about:nonstandard. In all cases the newly specced behavior is to display a network error page.
Attachments
Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2021-09-17 09:34:14 PDT
<rdar://problem/83244357>
Chris Dumez
Comment 2 2022-09-15 16:32:18 PDT
Pull request: https://github.com/WebKit/WebKit/pull/4407
EWS
Comment 3 2022-09-18 16:05:11 PDT
Committed 254619@main (cf4ebbe5d88a): <https://commits.webkit.org/254619@main> Reviewed commits have been landed. Closing PR #4407 and removing active labels.
Note You need to log in before you can comment on or make changes to this bug.