[webkit-changes] [WebKit/WebKit] ef0a64: Check whether the immersive model presentation is ...

Wed, 11 Feb 2026 04:28:50 -0800 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: ef0a64fe1654fcc7b8a724d8d9af92ffa59f7b2d
      
https://github.com/WebKit/WebKit/commit/ef0a64fe1654fcc7b8a724d8d9af92ffa59f7b2d
  Author: Jean Haberer <[email protected]>
  Date:   2026-02-11 (Wed, 11 Feb 2026)

  Changed paths:
    M Source/WebCore/dom/DocumentImmersive.cpp
    M Source/WebCore/dom/DocumentImmersive.h
    M Source/WebCore/page/ChromeClient.h
    M Source/WebKit/UIProcess/WebPageProxy.cpp
    M Source/WebKit/UIProcess/WebPageProxy.h
    M Source/WebKit/UIProcess/WebPageProxy.messages.in
    M Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.cpp
    M Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.h
    M Source/WebKit/WebProcess/WebPage/WebPage.cpp
    M Source/WebKit/WebProcess/WebPage/WebPage.h

  Log Message:
  -----------
  Check whether the immersive model presentation is allowed inside the UI 
Process
https://bugs.webkit.org/show_bug.cgi?id=307342
rdar://169533722

Reviewed by Etienne Segonzac.

Add a check in the UI Process to ensure that the immersive presentation
has been allowed through a prior call with the client.
This ensures that the expected authorization flow is respected through the
IPC calls between the Web Process and the UI Process.

* Source/WebCore/dom/DocumentImmersive.cpp:
(WebCore::DocumentImmersive::exitImmersive):
(WebCore::DocumentImmersive::cancelActiveRequest):
(WebCore::DocumentImmersive::beginImmersiveRequest):
(WebCore::DocumentImmersive::presentImmersiveElement):
(WebCore::DocumentImmersive::dismissClientImmersivePresentation):
* Source/WebCore/dom/DocumentImmersive.h:
* Source/WebCore/page/ChromeClient.h:
(WebCore::ChromeClient::allowImmersiveElement const):
(WebCore::ChromeClient::presentImmersiveElement const):
(WebCore::ChromeClient::dismissImmersiveElement const):
* Source/WebKit/UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::resetState):
(WebKit::WebPageProxy::allowImmersiveElement):
(WebKit::WebPageProxy::presentImmersiveElement):
(WebKit::WebPageProxy::allowImmersiveElementFromURL const): Deleted.
Instead of fully trusting the web process that it gives us the right URL,
we use the known main frame URL to proceed with the autorization flow for
better security.

* Source/WebKit/UIProcess/WebPageProxy.h:
* Source/WebKit/UIProcess/WebPageProxy.messages.in:
* Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.cpp:
(WebKit::WebChromeClient::allowImmersiveElement const):
(WebKit::WebChromeClient::presentImmersiveElement const):
(WebKit::WebChromeClient::dismissImmersiveElement const):
* Source/WebKit/WebProcess/WebCoreSupport/WebChromeClient.h:
* Source/WebKit/WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::allowImmersiveElement):
We don't need the URL parameter anymore.
(WebKit::WebPage::presentImmersiveElement):
(WebKit::WebPage::dismissImmersiveElement):
* Source/WebKit/WebProcess/WebPage/WebPage.h:

Canonical link: https://commits.webkit.org/307246@main



To unsubscribe from these emails, change your notification settings at 
https://github.com/WebKit/WebKit/settings/notifications

Reply via email to