RESOLVED FIXED 222312
REGRESSION(Safari 14): iframe with blob url does not work with sandboxing 
https://bugs.webkit.org/show_bug.cgi?id=222312
Summary REGRESSION(Safari 14): iframe with blob url does not work with sandboxing
literalPie
Reported 2021-02-23 07:15:44 PST
In a site hosted with https, if an iframe is using a blob url generated from html content, and its sandbox is set to "allow-scripts", the iframe does not load the html. This works in other browsers and in Safari 13.1, but it does not work in Safari 14.0.3 (15610.4.3.1.6, 15610) or Safari Technology preview Release 120 (Safari 14.2, WebKit 15612.1.2.6). See a reproduction here: https://stackblitz.com/edit/webkit-iframe-blob-src-bug. It's possible that Safari is intentionally more strict about this, but I can't find any evidence that it's intentional. This can be worked around by setting sandbox="allow-scripts allow-same-origin".
Attachments
Patch (4.99 KB, patch)
2021-04-14 01:03 PDT, youenn fablet 		no flags
DetailsFormatted DiffDiff
Patch (5.51 KB, patch)
2021-04-14 02:32 PDT, youenn fablet 		no flags
DetailsFormatted DiffDiff
Patch (6.33 KB, patch)
2021-04-14 08:32 PDT, youenn fablet 		no flags
DetailsFormatted DiffDiff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2021-03-02 07:16:24 PST
<rdar://problem/74927624>
Chris Dumez
Comment 2 2021-04-13 09:50:57 PDT
Still reproduces on r275884 so Bug 170075 did not fix this.
youenn fablet
Comment 3 2021-04-13 13:52:03 PDT
Had a quick look, it seems we need to update FrameLoader::PolicyChecker::extendBlobURLLifetimeIfNecessary.
youenn fablet
Comment 4 2021-04-14 01:03:58 PDT
Created attachment 425958 [details] Patch
youenn fablet
Comment 5 2021-04-14 02:32:41 PDT
Created attachment 425964 [details] Patch
youenn fablet
Comment 6 2021-04-14 08:32:20 PDT
Created attachment 425985 [details] Patch
Chris Dumez
Comment 7 2021-04-14 09:06:31 PDT
Comment on attachment 425985 [details] Patch r=me, thanks for fixing.
EWS
Comment 8 2021-04-15 02:07:52 PDT
Committed r276012 (236564@main): <https://commits.webkit.org/236564@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 425985 [details].
Note You need to log in before you can comment on or make changes to this bug.