Bug 311438

Summary:	[Site Isolation] Missing "Unsafe JavaScript attempt to initiate navigation" log in http/tests/security/block-top-level-navigations-by-third-party-sandboxed-iframe.html
Product:	WebKit	Reporter:	Anthony Tarbinian <a.tarbinian>
Component:	Tools / Tests	Assignee:	Nobody <webkit-unassigned>
Status:	RESOLVED FIXED
Severity:	Normal	CC:	webkit-bug-importer
Priority:	P2	Keywords:	InRadar
Version:	WebKit Nightly Build
Hardware:	Unspecified
OS:	Unspecified

Anthony Tarbinian

Reported 2026-04-03 13:43:44 PDT

With site isolation enabled, http/tests/security/block-top-level-navigations-by-third-party-sandboxed-iframe.html doesn't print the log message: ``` CONSOLE MESSAGE: Unsafe JavaScript attempt to initiate navigation for frame with URL 'http://127.0.0.1:8000/security/block-top-level-navigations-by-third-party-sandboxed-iframe.html' from frame with URL 'data:text/html;base64,PGh0bWw+PGJvZHk+U3VjY2VzcyEgVGhlIG5hdmlnYXRpb24gd2FzIGJsb2NrZWQ8c2NyaXB0IHR5cGU9InRleHQvamF2YXNjcmlwdCI+IHdpbmRvdy50b3AubG9jYXRpb24gPSAiaHR0cDovL2xvY2FsaG9zdDo4MDAwL3NlY3VyaXR5L3Jlc291cmNlcy9zaG91bGQtbm90LWhhdmUtbG9hZGVkLmh0bWwiOzwvc2NyaXB0PjwvYm9keT48L2h0bWw+'. The frame attempting navigation of the top-level window is cross-origin or untrusted and the user has never interacted with the frame. ```

Attachments
Add attachment proposed patch, testcase, etc.

Radar WebKit Bug Importer

Comment 1 2026-04-03 13:43:50 PDT

<rdar://problem/174036322>

Anthony Tarbinian

Comment 2 2026-04-03 14:28:37 PDT

Pull request: https://github.com/WebKit/WebKit/pull/61994

EWS

Comment 3 2026-04-08 11:07:56 PDT

Committed 310789@main (db1d09a2c44b): <https://commits.webkit.org/310789@main> Reviewed commits have been landed. Closing PR #61994 and removing active labels.

Note You need to log in before you can comment on or make changes to this bug.