Bug 232382 - Javascript URLs do not run in the right context when using frame targeting
Summary: Javascript URLs do not run in the right context when using frame targeting
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Page Loading (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Chris Dumez
URL:
Keywords: InRadar
Depends on:
Blocks: 232334
  Show dependency treegraph
 
Reported: 2021-10-27 08:47 PDT by Chris Dumez
Modified: 2021-11-03 10:28 PDT (History)
13 users (show)

See Also:

Attachments
Patch (17.94 KB, patch)
2021-10-27 09:55 PDT, Chris Dumez 		no flags Details | Formatted Diff | Diff
Patch (25.93 KB, patch)
2021-10-27 13:01 PDT, Chris Dumez 		no flags Details | Formatted Diff | Diff
Patch (23.86 KB, patch)
2021-10-27 13:36 PDT, Chris Dumez 		no flags Details | Formatted Diff | Diff
Patch (27.56 KB, patch)
2021-10-27 15:42 PDT, Chris Dumez 		no flags Details | Formatted Diff | Diff
Patch (27.15 KB, patch)
2021-11-03 09:30 PDT, Chris Dumez 		no flags Details | Formatted Diff | Diff
Show Obsolete (4) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Chris Dumez 2021-10-27 08:47:30 PDT 
Javascript URLs do not run in the right context when using frame targeting (e.g. `<a target="foo" src="javascript:...">`).
Comment 1 Chris Dumez 2021-10-27 09:55:12 PDT 
Created attachment 442600 [details]
Patch
Comment 2 Chris Dumez 2021-10-27 13:01:10 PDT 
Created attachment 442624 [details]
Patch
Comment 3 Chris Dumez 2021-10-27 13:36:10 PDT 
Created attachment 442627 [details]
Patch
Comment 4 Chris Dumez 2021-10-27 15:42:35 PDT 
Created attachment 442640 [details]
Patch
Comment 5 Chris Dumez 2021-11-01 07:37:43 PDT 
ping review?
Comment 6 Radar WebKit Bug Importer 2021-11-03 08:48:18 PDT 
<rdar://problem/84976051>
Comment 7 Alex Christensen 2021-11-03 08:52:55 PDT 
Comment on attachment 442640 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=442640&action=review

> LayoutTests/imported/w3c/web-platform-tests/html/browsers/browsing-the-web/navigating-across-documents/010-expected.txt:2
> +FAIL Link with onclick form submit to javascript url with delayed document.write and href navigation  assert_equals: expected "href" but got "write"

Chrome and Firefox pass this test.  While this appears to be a step in the right direction, do you know what it would take to pass?
Comment 8 Chris Dumez 2021-11-03 08:55:29 PDT 
Comment on attachment 442640 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=442640&action=review

>> LayoutTests/imported/w3c/web-platform-tests/html/browsers/browsing-the-web/navigating-across-documents/010-expected.txt:2
>> +FAIL Link with onclick form submit to javascript url with delayed document.write and href navigation  assert_equals: expected "href" but got "write"
> 
> Chrome and Firefox pass this test.  While this appears to be a step in the right direction, do you know what it would take to pass?

I explained it in the changelog. I haven't done a full investigation yet but I suspect it is because we're running the Javascript URL synchronously in the form submission case.

However, I tried running the JavaScript URL asynchronously and this caused some other side effects and other test failures so I am not making that change in this patch.
Comment 9 EWS 2021-11-03 09:00:21 PDT 
Tools/Scripts/svn-apply failed to apply attachment 442640 [details] to trunk.
Please resolve the conflicts and upload a new patch.
Comment 10 Chris Dumez 2021-11-03 09:30:10 PDT 
Created attachment 443204 [details]
Patch
Comment 11 EWS 2021-11-03 10:28:46 PDT 
Committed r285214 (243839@main): <https://commits.webkit.org/243839@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 443204 [details].