[webkit-changes] [WebKit/WebKit] b3ce2e: [Site-Isolation] RemoteDOMWindow::setLocation shou...

Nipun Shukla Tue, 12 Aug 2025 19:11:37 -0700

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: b3ce2e746ba582e3fde8554c1c97bd01914d2b76
      
https://github.com/WebKit/WebKit/commit/b3ce2e746ba582e3fde8554c1c97bd01914d2b76
  Author: Nipun Shukla <nipun_shu...@apple.com>
  Date:   2025-08-12 (Tue, 12 Aug 2025)


  Changed paths:
    A 
LayoutTests/http/tests/site-isolation/remotedomwindow-setlocation-passes-security-checks-expected.txt
    A 
LayoutTests/http/tests/site-isolation/remotedomwindow-setlocation-passes-security-checks.html
    M Source/WebCore/page/DOMWindow.cpp
    M Source/WebCore/page/DOMWindow.h
    M Source/WebCore/page/LocalDOMWindow.cpp
    M Source/WebCore/page/LocalDOMWindow.h
    M Source/WebCore/page/RemoteDOMWindow.cpp
    M Source/WebCore/page/RemoteFrame.cpp
    M Source/WebCore/page/RemoteFrame.h

  Log Message:
  -----------
  [Site-Isolation] RemoteDOMWindow::setLocation should have identical security 
checks as LocalDOMWindow::setLocation
rdar://116500603
https://bugs.webkit.org/show_bug.cgi?id=296457

Reviewed by Alex Christensen.

Move a number of functions which check security of setLocation from 
LocalDOMWindow to DOMWindow parent class and invoke them in a new 
setLocationSecurityChecks function which is called in both 
LocalDOMWindow::setLocation() and RemoteDOMWindow::setLocation().

* 
LayoutTests/http/tests/site-isolation/remotedomwindow-setlocation-passes-security-checks-expected.txt:
 Added.
* 
LayoutTests/http/tests/site-isolation/remotedomwindow-setlocation-passes-security-checks.html:
 Added.
* Source/WebCore/page/DOMWindow.cpp:
(WebCore::DOMWindow::protectedDocumentIfLocal):
(WebCore::DOMWindow::isCurrentlyDisplayedInFrame const):
(WebCore::DOMWindow::printErrorMessage const):
(WebCore::DOMWindow::crossDomainAccessErrorMessage):
(WebCore::DOMWindow::isInsecureScriptAccess):
(WebCore::DOMWindow::passesSetLocationSecurityChecks):
* Source/WebCore/page/DOMWindow.h:
* Source/WebCore/page/LocalDOMWindow.cpp:
(WebCore::LocalDOMWindow::find const):
(WebCore::didAddStorageEventListener):
(WebCore::LocalDOMWindow::setLocation):
(WebCore::LocalDOMWindow::isCurrentlyDisplayedInFrame const): Deleted.
(WebCore::LocalDOMWindow::printErrorMessage const): Deleted.
(WebCore::LocalDOMWindow::crossDomainAccessErrorMessage): Deleted.
(WebCore::LocalDOMWindow::isInsecureScriptAccess): Deleted.
* Source/WebCore/page/LocalDOMWindow.h:
* Source/WebCore/page/RemoteDOMWindow.cpp:
(WebCore::RemoteDOMWindow::setLocation):
* Source/WebCore/page/RemoteFrame.cpp:
(WebCore::RemoteFrame::frameDocumentSecurityOriginOrOpaque const):
* Source/WebCore/page/RemoteFrame.h:

Canonical link: https://commits.webkit.org/298598@main



To unsubscribe from these emails, change your notification settings at 
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

[webkit-changes] [WebKit/WebKit] b3ce2e: [Site-Isolation] RemoteDOMWindow::setLocation shou...

Reply via email to