Bug 306679
| Summary: | Cross-site iframe navigation history is incorrectly pruned from BackForwardList without BackForwardCache. | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Basuke Suzuki <basuke> |
| Component: | New Bugs | Assignee: | Basuke Suzuki <basuke> |
| Status: | RESOLVED FIXED | ||
| Severity: | Normal | CC: | webkit-bug-importer |
| Priority: | P2 | Keywords: | InRadar |
| Version: | WebKit Nightly Build | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
Basuke Suzuki
When an iframe navigates cross-site (e.g., from localhost:8000 to 127.0.0.1:8000), the navigation history for that iframe is incorrectly deleted from the BackForwardList when the main frame subsequently navigates to a different page.
This regression was introduced in r288547 (bug 285469) when sharesAncestor() replaced hasAncestorFrame() for pruning remote frame navigations. The new logic fails because when navigating to a new main frame (which has no parent), sharesAncestor() always returns false for any remote frame navigation item, causing all such items to be incorrectly pruned.
# steps to reproduce
0. No BackForward Cache.
1. page A with same-site iframe .
2. iframe navigation to cross-site.
3. main frame navigation to B.
4. history.back()
It should be 2, but it goes to 1.
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Basuke Suzuki
rdar://169328011
Basuke Suzuki
Pull request: https://github.com/WebKit/WebKit/pull/57613
EWS
Committed 306664@main (cf1683ccb688): <https://commits.webkit.org/306664@main>
Reviewed commits have been landed. Closing PR #57613 and removing active labels.