RESOLVED FIXED 191828
[PSON] Received an invalid message "WebPageProxy.DidPerformClientRedirect" from the web process 
https://bugs.webkit.org/show_bug.cgi?id=191828
Summary [PSON] Received an invalid message "WebPageProxy.DidPerformClientRedirect" fr...
Chris Dumez
Reported 2018-11-18 20:18:28 PST
WebContent crashes and "Received an invalid message "WebPageProxy.DidPerformClientRedirect" from the web process" gets logged on cross-site client-side redirect from a file:// URL.
Attachments
Patch (9.89 KB, patch)
2018-11-18 20:27 PST, Chris Dumez 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Chris Dumez
Comment 1 2018-11-18 20:27:31 PST
Created attachment 355251 [details] Patch
Chris Dumez
Comment 2 2018-11-18 20:27:49 PST
<rdar://problem/46129456>
WebKit Commit Bot
Comment 3 2018-11-18 23:14:59 PST
Comment on attachment 355251 [details] Patch Clearing flags on attachment: 355251 Committed r238368: <https://trac.webkit.org/changeset/238368>
WebKit Commit Bot
Comment 4 2018-11-18 23:15:01 PST
All reviewed patches have been landed. Closing bug.
Alexey Proskuryakov
Comment 5 2018-11-19 21:33:37 PST
Comment on attachment 355251 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=355251&action=review > Source/WebKit/UIProcess/WebPageProxy.cpp:-4446 > - MESSAGE_CHECK_URL(sourceURLString); Removing a security check here doesn't look right at all. Surely we now have a situation where we don't properly track past URLs. But that doesn't mean that it's OK for the web process to send redirect messages with dangerous URLs! These are passed down to clients, so it's unlikely to be harmless.
Note You need to log in before you can comment on or make changes to this bug.