Allow a same-origin <iframe> to programmatically navigate its top frame to an external URL
Created attachment 435564 [details] Patch
<rdar://problem/82217976>
Comment on attachment 435564 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=435564&action=review I think the general approach to allow an iframe to open an external URL, if and only if it is same origin and a top-level navigation, seems sounds, and a good way to resolve the regression. It's sound because you're right, there was never any security boundary there anyway. And, of course, we want to resolve the regression. > Source/WebCore/ChangeLog:20 > + This patch reverts r280826 and makes it legal for iframes to open external URLs makes it legal for same-origin iframes
Created attachment 441758 [details] Patch Same idea, way better implementation that enabled nice refactoring.
Created attachment 441796 [details] Patch Fix iOS build, ignore http/tests/navigation-policy on non-WK2, and fix isMainFrame() called on nullptr.
Comment on attachment 441796 [details] Patch r=me I recommend double-checking where the ShouldOpenExternalURLsPolicy originates in the navigation request, and verifying that it enforces a main frame requirement.
Checking via BugID, it seems this r+ patch didn't landed. Is this needed now? Thanks!