Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 5fa8be5b7960430ae4f43204fabf76d35695a979
https://github.com/WebKit/WebKit/commit/5fa8be5b7960430ae4f43204fabf76d35695a979
Author: Basuke Suzuki <[email protected]>
Date: 2026-02-09 (Mon, 09 Feb 2026)
Changed paths:
M LayoutTests/http/tests/navigation/resources/back-iframe-popup.html
M
LayoutTests/http/tests/navigation/resources/cross-site-iframe-nav-page.html
M
LayoutTests/http/tests/navigation/resources/cross-site-iframe-nav-popup.html
M
LayoutTests/http/tests/navigation/resources/cross-site-iframe-nav-with-bfcache-page.html
M LayoutTests/http/tests/navigation/resources/navigation-utils.js
A
LayoutTests/http/tests/site-isolation/navigation/back-iframe-cross-site-no-bf-cache-expected.txt
A
LayoutTests/http/tests/site-isolation/navigation/back-iframe-cross-site-no-bf-cache.html
M Source/WebCore/history/HistoryItem.cpp
M Source/WebCore/history/HistoryItem.h
M Source/WebCore/loader/FrameLoader.cpp
M Source/WebCore/page/Frame.cpp
Log Message:
-----------
[Site Isolation] Back navigation fails when page contains iframe that
navigated cross-site.
https://bugs.webkit.org/show_bug.cgi?id=307121
rdar://169754535
Reviewed by Sihui Liu.
When performing back navigation on a page containing an iframe that navigated
cross-site,
the iframe content was incorrectly displayed.
The original code relied solely on matching frames by their uniqueName using
childItemWithTarget().
When an iframe navigates cross-site, target name is not preserved across
process boundaries,
causing the lookup to fail. This results in the history restoration logic
falling back to the
initial page's content instead of the navigated page.
The fix implements a two-tier lookup strategy for finding child frame history
items. If the
name-based lookup fails, it falls back to using the frame's index in the frame
tree to find
the corresponding history item.
Test:
http/tests/site-isolation/navigation/back-iframe-cross-site-no-bf-cache.html
* LayoutTests/http/tests/navigation/resources/back-iframe-popup.html:
* LayoutTests/http/tests/navigation/resources/cross-site-iframe-nav-page.html:
* LayoutTests/http/tests/navigation/resources/cross-site-iframe-nav-popup.html:
*
LayoutTests/http/tests/navigation/resources/cross-site-iframe-nav-with-bfcache-page.html:
* LayoutTests/http/tests/navigation/resources/navigation-utils.js:
(crossSiteUrl):
*
LayoutTests/http/tests/site-isolation/navigation/back-iframe-cross-site-no-bf-cache-expected.txt:
Added.
*
LayoutTests/http/tests/site-isolation/navigation/back-iframe-cross-site-no-bf-cache.html:
Added.
* Source/WebCore/history/HistoryItem.cpp:
(WebCore::HistoryItem::childItemForFrame):
* Source/WebCore/history/HistoryItem.h:
* Source/WebCore/loader/FrameLoader.cpp:
(WebCore::FrameLoader::loadURLIntoChildFrame):
* Source/WebCore/page/Frame.cpp:
(WebCore::Frame::indexInFrameTreeSiblings const):
Canonical link: https://commits.webkit.org/307081@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
