WebKit Bugzilla
New
Browse
Search+
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
309029
[Site Isolation] window.open when opener is an empty site crashes
https://bugs.webkit.org/show_bug.cgi?id=309029
Summary
[Site Isolation] window.open when opener is an empty site crashes
Anthony Tarbinian
Reported
2026-03-02 18:04:30 PST
When calling window.open() from an empty site (i.e. about:blank) we hit this crash which gets triggered from WebPageProxy::initializeWebPage Steps to reproduce: 1. Open Minibrowser and navigate to about:blank 2. Open web inspector console 3. Run window.open() Full crash: Source/WebKit/Platform/IPC/MessageReceiverMap.cpp(53) : void IPC::MessageReceiverMap::addMessageReceiver(ReceiverName, uint64_t, MessageReceiver &) 1 0x11c16d514 IPC::MessageReceiverMap::addMessageReceiver(IPC::ReceiverName, unsigned long long, IPC::MessageReceiver&) 2 0x11a98f69c WebKit::AuxiliaryProcessProxy::addMessageReceiver(IPC::ReceiverName, unsigned long long, IPC::MessageReceiver&) 3 0x119d329a8 void WebKit::AuxiliaryProcessProxy::addMessageReceiver<unsigned long long>(IPC::ReceiverName, WTF::ObjectIdentifierGenericBase<unsigned long long> const&, IPC::MessageReceiver&) 4 0x11aa2bdec WebKit::RemotePageDrawingAreaProxy::RemotePageDrawingAreaProxy(WebKit::DrawingAreaProxy&, WebKit::WebProcessProxy&) 5 0x11aa2bcb8 WebKit::RemotePageDrawingAreaProxy::RemotePageDrawingAreaProxy(WebKit::DrawingAreaProxy&, WebKit::WebProcessProxy&) 6 0x11aa2bb54 WebKit::RemotePageDrawingAreaProxy::create(WebKit::DrawingAreaProxy&, WebKit::WebProcessProxy&) 7 0x11aa2d4d4 WebKit::RemotePageProxy::injectPageIntoNewProcess() 8 0x11a994164 WebKit::BrowsingContextGroup::addFrameProcessAndInjectPageContextIf(WebKit::FrameProcess&, WTF::Function<bool (WebKit::WebPageProxy&)>)::$_0::operator()(WebKit::WebPageProxy&, WebCore::Site const&) const 9 0x11a993d90 WebKit::BrowsingContextGroup::addFrameProcessAndInjectPageContextIf(WebKit::FrameProcess&, WTF::Function<bool (WebKit::WebPageProxy&)>) 10 0x11a993a1c WebKit::BrowsingContextGroup::addFrameProcess(WebKit::FrameProcess&) 11 0x11a9e485c WebKit::FrameProcess::FrameProcess(WebKit::WebProcessProxy&, WebKit::BrowsingContextGroup&, std::__1::optional<WebCore::Site> const&, WebCore::Site const&, WebKit::WebPreferences const&, WebKit::LoadedWebArchive, WebKit::BrowsingContextGroupUpdate) 12 0x11a9e4abc WebKit::FrameProcess::FrameProcess(WebKit::WebProcessProxy&, WebKit::BrowsingContextGroup&, std::__1::optional<WebCore::Site> const&, WebCore::Site const&, WebKit::WebPreferences const&, WebKit::LoadedWebArchive, WebKit::BrowsingContextGroupUpdate) 13 0x11a99373c WebKit::FrameProcess::create(WebKit::WebProcessProxy&, WebKit::BrowsingContextGroup&, std::__1::optional<WebCore::Site> const&, WebCore::Site const&, WebKit::WebPreferences const&, WebKit::LoadedWebArchive, WebKit::BrowsingContextGroupUpdate) 14 0x11a993128 WebKit::BrowsingContextGroup::ensureProcessForSite(WebCore::Site const&, WebCore::Site const&, WebKit::WebProcessProxy&, WebKit::WebPreferences const&, WebKit::LoadedWebArchive, WebKit::BrowsingContextGroupUpdate) 15 0x11ab23458 WebKit::WebPageProxy::initializeWebPage(WebCore::Site const&, WTF::OptionSet<WebCore::SandboxFlag, (WTF::ConcurrencyTag)0>, WebCore::ReferrerPolicy) 16 0x11a60d598 WebKit::WebViewImpl::WebViewImpl(WKWebView*, WebKit::WebProcessPool&, WTF::Ref<API::PageConfiguration, WTF::RawPtrTraits<API::PageConfiguration>, WTF::DefaultRefDerefTraits<API::PageConfiguration>>&&) 17 0x11a60f9c0 WebKit::WebViewImpl::WebViewImpl(WKWebView*, WebKit::WebProcessPool&, WTF::Ref<API::PageConfiguration, WTF::RawPtrTraits<API::PageConfiguration>, WTF::DefaultRefDerefTraits<API::PageConfiguration>>&&) 18 0x1198259d8 std::__1::unique_ptr<WebKit::WebViewImpl, std::__1::default_delete<WebKit::WebViewImpl>> std::__1::make_unique[abi:sqn210106]<WebKit::WebViewImpl, WKWebView*&, WebKit::WebProcessPool&, WTF::Ref<API::PageConfiguration, WTF::RawPtrTraits<API::PageConfiguration>, WTF::DefaultRefDerefTraits<API::PageConfiguration>>, 0>(WKWebView*&, WebKit::WebProcessPool&, WTF::Ref<API::PageConfiguration, WTF::RawPtrTraits<API::PageConfiguration>, WTF::DefaultRefDerefTraits<API::PageConfiguration>>&&) 19 0x1197d74a4 decltype(auto) WTF::makeUnique<WebKit::WebViewImpl, WKWebView*&, WebKit::WebProcessPool&, WTF::Ref<API::PageConfiguration, WTF::RawPtrTraits<API::PageConfiguration>, WTF::DefaultRefDerefTraits<API::PageConfiguration>>>(WKWebView*&, WebKit::WebProcessPool&, WTF::Ref<API::PageConfiguration, WTF::RawPtrTraits<API::PageConfiguration>, WTF::DefaultRefDerefTraits<API::PageConfiguration>>&&) 20 0x11709cd5c -[WKWebView _initializeWithConfiguration:] 21 0x11709c6d8 -[WKWebView initWithFrame:configuration:] 22 0x1001bb32c -[WK2BrowserWindowController awakeFromNib] 23 0x18556a314 -[NSIBObjectData nibInstantiateWithOwner:options:topLevelObjects:] 24 0x18555f994 loadNib 25 0x18555efb8 +[NSBundle(NSNibLoading) _loadNibFile:nameTable:options:withZone:ownerBundle:] 26 0x1856e589c -[NSWindowController loadWindow] 27 0x1856e5654 -[NSWindowController window] 28 0x1001bfc0c -[WK2BrowserWindowController webView:createWebViewWithConfiguration:forNavigationAction:windowFeatures:] 29 0x119e16700 WebKit::UIDelegate::UIClient::createNewPage(WebKit::WebPageProxy&, WTF::Ref<API::PageConfiguration, WTF::RawPtrTraits<API::PageConfiguration>, WTF::DefaultRefDerefTraits<API::PageConfiguration>>&&, WTF::Ref<API::NavigationAction, WTF::RawPtrTraits<API::NavigationAction>, WTF::DefaultRefDerefTraits<API::NavigationAction>>&&, WTF::CompletionHandler<void (WTF::RefPtr<WebKit::WebPageProxy, WTF::RawPtrTraits<WebKit::WebPageProxy>, WTF::DefaultRefDerefTraits<WebKit::WebPageProxy>>&&)>&&) 30 0x11ac733c8 WebKit::WebPageProxy::createNewPage(IPC::Connection&, WebCore::WindowFeatures&&, WebKit::NavigationActionData&&, WTF::CompletionHandler<void (std::__1::optional<WTF::ObjectIdentifierGeneric<WebCore::PageIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>>, std::__1::optional<WebKit::WebPageCreationParameters>)>&&)::$_1::operator()(WTF::Ref<API::NavigationAction, WTF::RawPtrTraits<API::NavigationAction>, WTF::DefaultRefDerefTraits<API::NavigationAction>>&&, WTF::CompletionHandler<void (WTF::RefPtr<WebKit::WebPageProxy, WTF::RawPtrTraits<WebKit::WebPageProxy>, WTF::DefaultRefDerefTraits<WebKit::WebPageProxy>>&&)>&&) 31 0x11ac73218 WTF::Detail::CallableWrapper<WebKit::WebPageProxy::createNewPage(IPC::Connection&, WebCore::WindowFeatures&&, WebKit::NavigationActionData&&, WTF::CompletionHandler<void (std::__1::optional<WTF::ObjectIdentifierGeneric<WebCore::PageIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>>, std::__1::optional<WebKit::WebPageCreationParameters>)>&&)::$_1, void, WTF::Ref<API::NavigationAction, WTF::RawPtrTraits<API::NavigationAction>, WTF::DefaultRefDerefTraits<API::NavigationAction>>&&, WTF::CompletionHandler<void (WTF::RefPtr<WebKit::WebPageProxy, WTF::RawPtrTraits<WebKit::WebPageProxy>, WTF::DefaultRefDerefTraits<WebKit::WebPageProxy>>&&)>&&>::call(WTF::Ref<API::NavigationAction, WTF::RawPtrTraits<API::NavigationAction>, WTF::DefaultRefDerefTraits<API::NavigationAction>>&&, WTF::CompletionHandler<void (WTF::RefPtr<WebKit::WebPageProxy, WTF::RawPtrTraits<WebKit::WebPageProxy>, WTF::DefaultRefDerefTraits<WebKit::WebPageProxy>>&&)>&&)
Attachments
Add attachment
proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1
2026-03-02 18:04:36 PST
<
rdar://problem/171576184
>
Anthony Tarbinian
Comment 2
2026-03-02 18:05:49 PST
Reproduces on
308471@main
with site isolation on
Anthony Tarbinian
Comment 3
2026-03-02 18:31:47 PST
Pull request:
https://github.com/WebKit/WebKit/pull/59765
EWS
Comment 4
2026-03-23 09:06:43 PDT
Committed
309761@main
(5c3dd122be67): <
https://commits.webkit.org/309761@main
> Reviewed commits have been landed. Closing PR #59765 and removing active labels.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug