Prevent top-level redirects from third-party iframes unless triggered by user activation.
<rdar://problem/36074736>
Created attachment 358349 [details] Patch (missing testing)
Will get the patch ready for review.
Created attachment 358516 [details] WIP Patch
Created attachment 358523 [details] Patch
Created attachment 358531 [details] Patch
Comment on attachment 358531 [details] Patch Attachment 358531 [details] did not pass win-ews (win): Output: https://webkit-queues.webkit.org/results/10664378 New failing tests: http/tests/security/block-top-level-navigations-by-third-party-iframes.html
Created attachment 358559 [details] Archive of layout-test-results from ews206 for win-future The attached test failures were seen while running run-webkit-tests on the win-ews. Bot: ews206 Port: win-future Platform: CYGWIN_NT-6.1-2.9.0-0.318-5-3-x86_64-64bit
Comment on attachment 358531 [details] Patch Attachment 358531 [details] did not pass ios-sim-ews (ios-simulator-wk2): Output: https://webkit-queues.webkit.org/results/10666876 New failing tests: http/tests/cookies/same-site/fetch-after-top-level-navigation-initiated-from-iframe-in-cross-origin-page.html
Created attachment 358579 [details] Archive of layout-test-results from ews126 for ios-simulator-wk2 The attached test failures were seen while running run-webkit-tests on the ios-sim-ews. Bot: ews126 Port: ios-simulator-wk2 Platform: Mac OS X 10.13.6
Created attachment 358599 [details] Patch
Comment on attachment 358599 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=358599&action=review > Source/WebCore/ChangeLog:13 > + This experiment's intent is to block suspicious main-frame navigations by third-party content. The feature Sweet. Experiment time!
Comment on attachment 358599 [details] Patch Clearing flags on attachment: 358599 Committed r239742: <https://trac.webkit.org/changeset/239742>
All reviewed patches have been landed. Closing bug.