311215 – [Site Isolation] window.frameElement cross-origin access does not log "Blocked a frame" console error

RESOLVED FIXED311215

[Site Isolation] window.frameElement cross-origin access does not log "Blocked a frame" console error

https://bugs.webkit.org/show_bug.cgi?id=311215

Summary [Site Isolation] window.frameElement cross-origin access does not log "Blocke...

roberto_rodriguez2

Reported 2026-03-31 12:38:04 PDT

With site isolation and a cross-origin parent frame, LocalDOMWindow::frameElement() returns null because Frame::ownerElement() is in the parent's process. BindingSecurity::shouldAllowAccessToNode() short-circuits on the null target parameter so canAccessTargetOrigin() is never called and the cross-origin console error is never logged.

Attachments
Add attachment proposed patch, testcase, etc.

Radar WebKit Bug Importer

Comment 1 2026-03-31 12:38:25 PDT

<rdar://problem/173803357>

roberto_rodriguez2

Comment 2 2026-03-31 12:47:23 PDT

Pull request: https://github.com/WebKit/WebKit/pull/61788

EWS

Comment 3 2026-04-02 16:12:21 PDT

Committed 310476@main (b2630b88dc24): <https://commits.webkit.org/310476@main> Reviewed commits have been landed. Closing PR #61788 and removing active labels.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component New Bugs

Assignee

Nobody

Reported

2026-03-31 12:38 PDT

Modified

2026-04-02 16:12 PDT History

CC List

1 user Show

URL

Keywords InRadar

Depends on

Blocks