Bug 311323

Summary:	[Site Isolation] Cross-origin sandboxed iframe with allow-top-navigation cannot navigate parent to blob URL
Product:	WebKit	Reporter:	roberto_rodriguez2
Component:	New Bugs	Assignee:	Nobody <webkit-unassigned>
Status:	RESOLVED FIXED
Severity:	Normal	CC:	webkit-bug-importer
Priority:	P2	Keywords:	InRadar
Version:	WebKit Nightly Build
Hardware:	Unspecified
OS:	Unspecified

roberto_rodriguez2

Reported 2026-04-01 22:55:29 PDT

A cross-origin sandboxed iframe with allow-top-navigation fails to navigate its parent frame to a blob URL when site isolation is enabled. The navigation is blocked and the blob URL's CSP is not enforced. Related layout test: imported/w3c/web-platform-tests/content-security-policy/inheritance/blob-url-inherits-from-initiator.sub.html

Attachments
Add attachment proposed patch, testcase, etc.

Radar WebKit Bug Importer

Comment 1 2026-04-01 22:55:36 PDT

<rdar://problem/173912331>

roberto_rodriguez2

Comment 2 2026-04-01 23:11:27 PDT

Pull request: https://github.com/WebKit/WebKit/pull/61887

EWS

Comment 3 2026-04-06 11:41:40 PDT

Committed 310657@main (b76414d79a7a): <https://commits.webkit.org/310657@main> Reviewed commits have been landed. Closing PR #61887 and removing active labels.

Note You need to log in before you can comment on or make changes to this bug.