WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
Bug 193076
Prevent cross-site top-level navigations from third-party iframes
https://bugs.webkit.org/show_bug.cgi?id=193076
Summary
Prevent cross-site top-level navigations from third-party iframes
Chris Dumez
Reported
2019-01-02 09:52:12 PST
Prevent top-level redirects from third-party iframes unless triggered by user activation.
Attachments
Patch (missing testing)
(16.03 KB, patch)
2019-01-04 12:31 PST
,
Chris Dumez
no flags
Details
Formatted Diff
Diff
WIP Patch
(16.16 KB, patch)
2019-01-07 12:51 PST
,
Chris Dumez
no flags
Details
Formatted Diff
Diff
Patch
(33.45 KB, patch)
2019-01-07 13:43 PST
,
Chris Dumez
no flags
Details
Formatted Diff
Diff
Patch
(36.18 KB, patch)
2019-01-07 14:16 PST
,
Chris Dumez
no flags
Details
Formatted Diff
Diff
Archive of layout-test-results from ews206 for win-future
(12.82 MB, application/zip)
2019-01-07 17:12 PST
,
EWS Watchlist
no flags
Details
Archive of layout-test-results from ews126 for ios-simulator-wk2
(28.05 MB, application/zip)
2019-01-07 23:02 PST
,
EWS Watchlist
no flags
Details
Patch
(37.86 KB, patch)
2019-01-08 09:04 PST
,
Chris Dumez
no flags
Details
Formatted Diff
Diff
Show Obsolete
(6)
View All
Add attachment
proposed patch, testcase, etc.
Chris Dumez
Comment 1
2019-01-02 09:52:26 PST
<
rdar://problem/36074736
>
Chris Dumez
Comment 2
2019-01-04 12:31:06 PST
Created
attachment 358349
[details]
Patch (missing testing)
Chris Dumez
Comment 3
2019-01-07 12:38:29 PST
Will get the patch ready for review.
Chris Dumez
Comment 4
2019-01-07 12:51:41 PST
Created
attachment 358516
[details]
WIP Patch
Chris Dumez
Comment 5
2019-01-07 13:43:01 PST
Created
attachment 358523
[details]
Patch
Chris Dumez
Comment 6
2019-01-07 14:16:17 PST
Created
attachment 358531
[details]
Patch
EWS Watchlist
Comment 7
2019-01-07 17:12:04 PST
Comment on
attachment 358531
[details]
Patch
Attachment 358531
[details]
did not pass win-ews (win): Output:
https://webkit-queues.webkit.org/results/10664378
New failing tests: http/tests/security/block-top-level-navigations-by-third-party-iframes.html
EWS Watchlist
Comment 8
2019-01-07 17:12:16 PST
Created
attachment 358559
[details]
Archive of layout-test-results from ews206 for win-future The attached test failures were seen while running run-webkit-tests on the win-ews. Bot: ews206 Port: win-future Platform: CYGWIN_NT-6.1-2.9.0-0.318-5-3-x86_64-64bit
EWS Watchlist
Comment 9
2019-01-07 23:02:01 PST
Comment on
attachment 358531
[details]
Patch
Attachment 358531
[details]
did not pass ios-sim-ews (ios-simulator-wk2): Output:
https://webkit-queues.webkit.org/results/10666876
New failing tests: http/tests/cookies/same-site/fetch-after-top-level-navigation-initiated-from-iframe-in-cross-origin-page.html
EWS Watchlist
Comment 10
2019-01-07 23:02:04 PST
Created
attachment 358579
[details]
Archive of layout-test-results from ews126 for ios-simulator-wk2 The attached test failures were seen while running run-webkit-tests on the ios-sim-ews. Bot: ews126 Port: ios-simulator-wk2 Platform: Mac OS X 10.13.6
Chris Dumez
Comment 11
2019-01-08 09:04:28 PST
Created
attachment 358599
[details]
Patch
Alex Christensen
Comment 12
2019-01-08 13:09:50 PST
Comment on
attachment 358599
[details]
Patch View in context:
https://bugs.webkit.org/attachment.cgi?id=358599&action=review
> Source/WebCore/ChangeLog:13 > + This experiment's intent is to block suspicious main-frame navigations by third-party content. The feature
Sweet. Experiment time!
WebKit Commit Bot
Comment 13
2019-01-08 13:29:01 PST
Comment on
attachment 358599
[details]
Patch Clearing flags on attachment: 358599 Committed
r239742
: <
https://trac.webkit.org/changeset/239742
>
WebKit Commit Bot
Comment 14
2019-01-08 13:29:02 PST
All reviewed patches have been landed. Closing bug.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug