189590 – Regression(PSON): setting window.opener to null allows process swapping in cases that are not web-compatible

RESOLVED FIXED 189590

Regression(PSON): setting window.opener to null allows process swapping in cases that are not web-compatible

https://bugs.webkit.org/show_bug.cgi?id=189590

Summary Regression(PSON): setting window.opener to null allows process swapping in ca...

Chris Dumez

Reported 2018-09-13 10:34:56 PDT

Setting window.opener to null allows process swapping in cases that are not web-compatible, because the opener may still have a handle to the WindowProxy after calling window.open().

Attachments
Patch (17.71 KB, patch) 2018-09-13 10:42 PDT, Chris Dumez	no flags	Details Formatted Diff Diff
Patch (17.82 KB, patch) 2018-09-13 13:49 PDT, Chris Dumez	no flags	Details Formatted Diff Diff
Patch (17.64 KB, patch) 2018-09-13 14:01 PDT, Chris Dumez	no flags	Details Formatted Diff Diff
Patch (17.85 KB, patch) 2018-09-13 14:06 PDT, Chris Dumez	no flags	Details Formatted Diff Diff
Show Obsolete (3) View All Add attachment proposed patch, testcase, etc.

Radar WebKit Bug Importer

Comment 1 2018-09-13 10:35:24 PDT

<rdar://problem/44422725>

Chris Dumez

Comment 2 2018-09-13 10:42:57 PDT

Created attachment 349680 [details] Patch

Geoffrey Garen

Comment 3 2018-09-13 11:08:54 PDT

Comment on attachment 349680 [details] Patch r=me

Chris Dumez

Comment 4 2018-09-13 13:49:25 PDT

Created attachment 349695 [details] Patch

Chris Dumez

Comment 5 2018-09-13 14:01:21 PDT

Created attachment 349698 [details] Patch

Chris Dumez

Comment 6 2018-09-13 14:06:07 PDT

Created attachment 349701 [details] Patch

Chris Dumez

Comment 7 2018-09-13 15:38:30 PDT

Comment on attachment 349701 [details] Patch Clearing flags on attachment: 349701 Committed r235994: <https://trac.webkit.org/changeset/235994>

Chris Dumez

Comment 8 2018-09-13 15:38:33 PDT

All reviewed patches have been landed. Closing bug.

Truitt Savell

Comment 9 2018-09-18 13:24:50 PDT

The new test added in: https://trac.webkit.org/changeset/235994/webkit is a flakey timeout: http/tests/navigation/window-open-cross-origin-then-navigated-back-same-origin.html issue is occurring on WK1 Mac History: https://webkit-test-results.webkit.org/dashboards/flakiness_dashboard.html#showAllRuns=true&tests=http%2Ftests%2Fnavigation%2Fwindow-open-cross-origin-then-navigated-back-same-origin.html Diff: https://build.webkit.org/results/Apple%20Sierra%20Debug%20WK1%20(Tests)/r236145%20(9582)/http/tests/navigation/window-open-cross-origin-then-navigated-back-same-origin-pretty-diff.html

Chris Dumez

Comment 10 2018-09-18 13:30:58 PDT

(In reply to Truitt Savell from comment #9) > The new test added in: https://trac.webkit.org/changeset/235994/webkit > > is a flakey timeout: > http/tests/navigation/window-open-cross-origin-then-navigated-back-same- > origin.html > > issue is occurring on WK1 Mac > > History: > https://webkit-test-results.webkit.org/dashboards/flakiness_dashboard. > html#showAllRuns=true&tests=http%2Ftests%2Fnavigation%2Fwindow-open-cross- > origin-then-navigated-back-same-origin.html > > Diff: > https://build.webkit.org/results/Apple%20Sierra%20Debug%20WK1%20(Tests)/ > r236145%20(9582)/http/tests/navigation/window-open-cross-origin-then- > navigated-back-same-origin-pretty-diff.html Will investigate, thanks.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component WebKit2

Assignee

Chris Dumez

Reported

2018-09-13 10:34 PDT

Modified

2018-09-18 13:47 PDT History

CC List

9 users Show

URL

Keywords InRadar

Depends on

189710

Blocks

Dependencies

tree graph