305614 – [Site Isolation] Setting src attribute of frames/iframes to javascript: url doesn't throw SecurityError

RESOLVED DUPLICATE of bug 305615305614

[Site Isolation] Setting src attribute of frames/iframes to javascript: url doesn't throw SecurityError

https://bugs.webkit.org/show_bug.cgi?id=305614

Summary [Site Isolation] Setting src attribute of frames/iframes to javascript: url d...

Anthony Tarbinian

Reported 2026-01-15 17:17:59 PST

When setting the .src attribute of cross-origin frames/iframes to javascript: urls, WebKit should block the setter from modifying a cross-origin frame but currently doesn't with site isolation enabled. The following 12 tests fail since they don't throw SecurityErrors to block setting of src attribute on cross-origin iframes. LayoutTests/http/tests/security/javascriptURL/javascriptURL-execution-context-frame-src-getAttribute-value.html LayoutTests/http/tests/security/javascriptURL/javascriptURL-execution-context-frame-src-htmldom.html LayoutTests/http/tests/security/javascriptURL/javascriptURL-execution-context-frame-src-setAttribute.html LayoutTests/http/tests/security/javascriptURL/javascriptURL-execution-context-frame-src-setAttributeNS.html LayoutTests/http/tests/security/javascriptURL/javascriptURL-execution-context-frame-src-setAttributeNode.html LayoutTests/http/tests/security/javascriptURL/javascriptURL-execution-context-frame-src-setAttributeNodeNS.html LayoutTests/http/tests/security/javascriptURL/javascriptURL-execution-context-iframe-src-getAttribute-value.html LayoutTests/http/tests/security/javascriptURL/javascriptURL-execution-context-iframe-src-htmldom.html LayoutTests/http/tests/security/javascriptURL/javascriptURL-execution-context-iframe-src-setAttribute.html LayoutTests/http/tests/security/javascriptURL/javascriptURL-execution-context-iframe-src-setAttributeNS.html LayoutTests/http/tests/security/javascriptURL/javascriptURL-execution-context-iframe-src-setAttributeNode.html LayoutTests/http/tests/security/javascriptURL/javascriptURL-execution-context-iframe-src-setAttributeNodeNS.html

Attachments
Add attachment proposed patch, testcase, etc.

Radar WebKit Bug Importer

Comment 1 2026-01-15 17:18:05 PST

<rdar://problem/168267972>

Anthony Tarbinian

Comment 2 2026-01-30 07:51:37 PST

Duplicate of https://bugs.webkit.org/show_bug.cgi?id=305615

Anthony Tarbinian

Comment 3 2026-01-30 07:52:19 PST

*** This bug has been marked as a duplicate of bug 305615 ***

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution DUPLICATE

of bug 305615

Priority P1

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component WebKit Process Model

Assignee

Nobody

Reported

2026-01-15 17:17 PST

Modified

2026-01-30 07:52 PST History

CC List

2 users Show

URL

Keywords InRadar

Depends on

Blocks