Bug 230158 - Do not allow redirecting to data: or about: URLs
Summary: Do not allow redirecting to data: or about: URLs
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebCore Misc. (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Chris Dumez
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2021-09-10 09:33 PDT by Domenic Denicola
Modified: 2022-09-18 16:05 PDT (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Domenic Denicola 2021-09-10 09:33:47 PDT 
See the spec change in https://github.com/whatwg/html/pull/7042 and the tests at

- https://github.com/web-platform-tests/wpt/pull/30398
- https://github.com/web-platform-tests/wpt/pull/30418

For data: URLs, Safari seems to allow redirects in iframes, and hang the load forever in top-level windows.

For about: URLs in iframes (didn't test top-level windows), Safari seems to allow redirects to about:blank and about:srcdoc, but give a network error page for about:nonstandard.

In all cases the newly specced behavior is to display a network error page.
Comment 1 Radar WebKit Bug Importer 2021-09-17 09:34:14 PDT 
<rdar://problem/83244357>
Comment 2 Chris Dumez 2022-09-15 16:32:18 PDT 
Pull request: https://github.com/WebKit/WebKit/pull/4407
Comment 3 EWS 2022-09-18 16:05:11 PDT 
Committed 254619@main (cf4ebbe5d88a): <https://commits.webkit.org/254619@main>

Reviewed commits have been landed. Closing PR #4407 and removing active labels.