NEW 230194
window.open() uses incorrect global object to determine if navigation is allowed 
https://bugs.webkit.org/show_bug.cgi?id=230194
Summary window.open() uses incorrect global object to determine if navigation is allowed
Alexey Shvayka
Reported 2021-09-11 14:54:12 PDT
window.open() uses incorrect global object to determine if navigation is allowed
Attachments
Patch (38.09 KB, patch)
2021-09-11 14:57 PDT, Alexey Shvayka 		no flags
DetailsFormatted DiffDiff
Patch (48.32 KB, patch)
2021-09-21 09:29 PDT, Alexey Shvayka 		ggaren: review+
DetailsFormatted DiffDiff
Cross-browser research (5.27 KB, text/markdown)
2021-10-13 15:18 PDT, Alexey Shvayka 		no flags
Details
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Alexey Shvayka
Comment 1 2021-09-11 14:57:39 PDT
Created attachment 437965 [details] Patch
Radar WebKit Bug Importer
Comment 2 2021-09-18 14:55:15 PDT
<rdar://problem/83274097>
Alexey Shvayka
Comment 3 2021-09-21 09:29:56 PDT
Created attachment 438829 [details] Patch Add <iframe sandbox> tests and ChangeLog.
Alexey Shvayka
Comment 4 2021-10-13 15:18:47 PDT
Created attachment 441144 [details] Cross-browser research The spec seems to be way off the implementations, yet WebKit is way off other engines by using _current_ instead of _relevant_.
Geoffrey Garen
Comment 5 2022-01-19 12:49:25 PST
Comment on attachment 438829 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=438829&action=review r=me > Source/WebCore/ChangeLog:21 > + and "allow-same-origin" flags are present. If that's the acse, an <iframe> can simply case > Source/WebCore/ChangeLog:24 > + Although per current spec [4], window.open() uses _entry_ global object pretty much Entry global object would be an obvious security / pop-up blocking bug. Seems worth filing a spec issue to correct this. > Source/WebCore/page/DOMWindow.cpp:2549 > -ExceptionOr<RefPtr<WindowProxy>> DOMWindow::open(DOMWindow& activeWindow, DOMWindow& firstWindow, const String& urlStringToOpen, const AtomString& frameName, const String& windowFeaturesString) > +ExceptionOr<RefPtr<WindowProxy>> DOMWindow::open(DOMWindow& firstWindow, const String& urlStringToOpen, const AtomString& frameName, const String& windowFeaturesString) What is 'firstWindow'? Is it the entry global object, the incumbent global object, the top of stack global object, or something else?
Ahmad Saleem
Comment 6 2022-10-25 13:52:34 PDT
Checking via BugID on Webkit GitHub, it seems that this bug has not landed. Do we need it? Thanks!
Note You need to log in before you can comment on or make changes to this bug.