Bug 191828 - [PSON] Received an invalid message "WebPageProxy.DidPerformClientRedirect" from the web process
Summary: [PSON] Received an invalid message "WebPageProxy.DidPerformClientRedirect" fr...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKit2 (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Chris Dumez
URL:
Keywords: InRadar
Depends on: 191982
Blocks:
  Show dependency treegraph
 
Reported: 2018-11-18 20:18 PST by Chris Dumez
Modified: 2018-11-26 14:58 PST (History)
9 users (show)

See Also:

Attachments
Patch (9.89 KB, patch)
2018-11-18 20:27 PST, Chris Dumez 		no flags Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Chris Dumez 2018-11-18 20:18:28 PST 
WebContent crashes and "Received an invalid message "WebPageProxy.DidPerformClientRedirect" from the web process" gets logged on cross-site client-side redirect from a file:// URL.
Comment 1 Chris Dumez 2018-11-18 20:27:31 PST 
Created attachment 355251 [details]
Patch
Comment 2 Chris Dumez 2018-11-18 20:27:49 PST 
<rdar://problem/46129456>
Comment 3 WebKit Commit Bot 2018-11-18 23:14:59 PST 
Comment on attachment 355251 [details]
Patch

Clearing flags on attachment: 355251

Committed r238368: <https://trac.webkit.org/changeset/238368>
Comment 4 WebKit Commit Bot 2018-11-18 23:15:01 PST 
All reviewed patches have been landed.  Closing bug.
Comment 5 Alexey Proskuryakov 2018-11-19 21:33:37 PST 
Comment on attachment 355251 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=355251&action=review

> Source/WebKit/UIProcess/WebPageProxy.cpp:-4446
> -    MESSAGE_CHECK_URL(sourceURLString);

Removing a security check here doesn't look right at all.

Surely we now have a situation where we don't properly track past URLs. But that doesn't mean that it's OK for the web process to send redirect messages with dangerous URLs! These are passed down to clients, so it's unlikely to be harmless.