Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 900265400e127db69a5ae3234151f005a3e769d3
https://github.com/WebKit/WebKit/commit/900265400e127db69a5ae3234151f005a3e769d3
Author: Ryan Reno <[email protected]>
Date: 2023-07-31 (Mon, 31 Jul 2023)
Changed paths:
A
LayoutTests/http/tests/security/block-top-level-navigations-by-third-party-iframe-sandboxed-by-own-csp-expected.txt
A
LayoutTests/http/tests/security/block-top-level-navigations-by-third-party-iframe-sandboxed-by-own-csp.html
A
LayoutTests/http/tests/security/resources/attempt-top-level-navigation-with-csp.py
M Source/WebCore/dom/Document.cpp
Log Message:
-----------
Third Party IFrame Navigation Block Bypass via Content Security Policy Sandbox
https://bugs.webkit.org/show_bug.cgi?id=257903
rdar://109059471
Reviewed by Brent Fulgham.
If a third-party iframe is unsandboxed we will prevent top navigation
without user interaction with the frame. However, this is bypassable if
the iframe gives itself a sandbox which allows top navigation via CSP.
This change checks to see if the iframe element was unsandboxed and
proceeds with the more strict third-party checks if so.
*
LayoutTests/http/tests/security/block-top-level-navigations-by-third-party-iframe-sandboxed-by-own-csp-expected.txt:
Added.
*
LayoutTests/http/tests/security/block-top-level-navigations-by-third-party-iframe-sandboxed-by-own-csp.html:
Added.
*
LayoutTests/http/tests/security/resources/attempt-top-level-navigation-with-csp.py:
Added.
* Source/WebCore/dom/Document.cpp:
(WebCore::Document::isNavigationBlockedByThirdPartyIFrameRedirectBlocking):
Originally-landed-as: 259548.823@safari-7615-branch (18a05c43972c).
rdar://109059471
Canonical link: https://commits.webkit.org/266433@main
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
