Bug 308679

Summary:	[Site Isolation] WebFrame::url() returns null in dispatchDidCommitLoad during process swap.
Product:	WebKit	Reporter:	Basuke Suzuki <basuke>
Component:	New Bugs	Assignee:	Basuke Suzuki <basuke>
Status:	RESOLVED FIXED
Severity:	Normal	CC:	webkit-bug-importer
Priority:	P2	Keywords:	InRadar
Version:	WebKit Nightly Build
Hardware:	Unspecified
OS:	Unspecified

Basuke Suzuki

Reported 2026-02-25 16:13:14 PST

In dispatchDidCommitLoad, commitProvisionalFrame() is called after the InjectedBundle and sandbox extension callbacks. Before that call, m_coreFrame still points to a RemoteFrame, so WebFrame::url() fails the LocalFrame downcast and returns a null URL. Move commitProvisionalFrame() to the top of dispatchDidCommitLoad so m_coreFrame is updated before any code that depends on it. This is safe for the non-Site-Isolation path because commitProvisionalFrame() is a no-op when there is no provisional frame.

Attachments
Add attachment proposed patch, testcase, etc.

Basuke Suzuki

Comment 1 2026-02-25 16:14:26 PST

rdar://169559232

Basuke Suzuki

Comment 2 2026-02-26 10:34:11 PST

Pull request: https://github.com/WebKit/WebKit/pull/59525

EWS

Comment 3 2026-02-27 21:07:15 PST

Committed 308382@main (726af0edf132): <https://commits.webkit.org/308382@main> Reviewed commits have been landed. Closing PR #59525 and removing active labels.

Note You need to log in before you can comment on or make changes to this bug.