RESOLVED FIXED Bug 193076
Prevent cross-site top-level navigations from third-party iframes
https://bugs.webkit.org/show_bug.cgi?id=193076
Summary Prevent cross-site top-level navigations from third-party iframes
Chris Dumez
Reported 2019-01-02 09:52:12 PST
Prevent top-level redirects from third-party iframes unless triggered by user activation.
Attachments
Patch (missing testing) (16.03 KB, patch)
2019-01-04 12:31 PST, Chris Dumez
no flags
WIP Patch (16.16 KB, patch)
2019-01-07 12:51 PST, Chris Dumez
no flags
Patch (33.45 KB, patch)
2019-01-07 13:43 PST, Chris Dumez
no flags
Patch (36.18 KB, patch)
2019-01-07 14:16 PST, Chris Dumez
no flags
Archive of layout-test-results from ews206 for win-future (12.82 MB, application/zip)
2019-01-07 17:12 PST, EWS Watchlist
no flags
Archive of layout-test-results from ews126 for ios-simulator-wk2 (28.05 MB, application/zip)
2019-01-07 23:02 PST, EWS Watchlist
no flags
Patch (37.86 KB, patch)
2019-01-08 09:04 PST, Chris Dumez
no flags
Chris Dumez
Comment 1 2019-01-02 09:52:26 PST
Chris Dumez
Comment 2 2019-01-04 12:31:06 PST
Created attachment 358349 [details] Patch (missing testing)
Chris Dumez
Comment 3 2019-01-07 12:38:29 PST
Will get the patch ready for review.
Chris Dumez
Comment 4 2019-01-07 12:51:41 PST
Created attachment 358516 [details] WIP Patch
Chris Dumez
Comment 5 2019-01-07 13:43:01 PST
Chris Dumez
Comment 6 2019-01-07 14:16:17 PST
EWS Watchlist
Comment 7 2019-01-07 17:12:04 PST
Comment on attachment 358531 [details] Patch Attachment 358531 [details] did not pass win-ews (win): Output: https://webkit-queues.webkit.org/results/10664378 New failing tests: http/tests/security/block-top-level-navigations-by-third-party-iframes.html
EWS Watchlist
Comment 8 2019-01-07 17:12:16 PST
Created attachment 358559 [details] Archive of layout-test-results from ews206 for win-future The attached test failures were seen while running run-webkit-tests on the win-ews. Bot: ews206 Port: win-future Platform: CYGWIN_NT-6.1-2.9.0-0.318-5-3-x86_64-64bit
EWS Watchlist
Comment 9 2019-01-07 23:02:01 PST
Comment on attachment 358531 [details] Patch Attachment 358531 [details] did not pass ios-sim-ews (ios-simulator-wk2): Output: https://webkit-queues.webkit.org/results/10666876 New failing tests: http/tests/cookies/same-site/fetch-after-top-level-navigation-initiated-from-iframe-in-cross-origin-page.html
EWS Watchlist
Comment 10 2019-01-07 23:02:04 PST
Created attachment 358579 [details] Archive of layout-test-results from ews126 for ios-simulator-wk2 The attached test failures were seen while running run-webkit-tests on the ios-sim-ews. Bot: ews126 Port: ios-simulator-wk2 Platform: Mac OS X 10.13.6
Chris Dumez
Comment 11 2019-01-08 09:04:28 PST
Alex Christensen
Comment 12 2019-01-08 13:09:50 PST
Comment on attachment 358599 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=358599&action=review > Source/WebCore/ChangeLog:13 > + This experiment's intent is to block suspicious main-frame navigations by third-party content. The feature Sweet. Experiment time!
WebKit Commit Bot
Comment 13 2019-01-08 13:29:01 PST
Comment on attachment 358599 [details] Patch Clearing flags on attachment: 358599 Committed r239742: <https://trac.webkit.org/changeset/239742>
WebKit Commit Bot
Comment 14 2019-01-08 13:29:02 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.