Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 1ab4004d124fe34b2902c3e9f74a1b8d37d5b607
https://github.com/WebKit/WebKit/commit/1ab4004d124fe34b2902c3e9f74a1b8d37d5b607
Author: Rupin Mittal <[email protected]>
Date: 2026-03-19 (Thu, 19 Mar 2026)
Changed paths:
M
LayoutTests/http/tests/site-isolation/accessibility/cross-process-search-nested-iframes-expected.txt
M LayoutTests/platform/ios-site-isolation/TestExpectations
M LayoutTests/platform/mac-site-isolation/TestExpectations
M Source/WebCore/bindings/js/JSDOMBindingSecurity.h
M Source/WebCore/bindings/scripts/CodeGeneratorJS.pm
M Source/WebCore/bindings/scripts/IDLAttributes.json
M Source/WebCore/html/HTMLEmbedElement.idl
M Source/WebCore/html/HTMLFrameElement.idl
M Source/WebCore/html/HTMLIFrameElement.idl
M Source/WebCore/html/HTMLObjectElement.idl
Log Message:
-----------
[Site Isolation] 6x Security and DOM tests are failing
https://bugs.webkit.org/show_bug.cgi?id=310263
rdar://172900405
Reviewed by Ryosuke Niwa and Sihui Liu.
Consider the test cross-origin-iframe-contentDocument.html. One of the things
it does is create a cross-site iframe and then try to access the contentDocument
of that iframe. This should be blocked.
With site isolation enabled, it is indeed blocked. But the test fails because
it's missing this console message:
"CONSOLE MESSAGE: Blocked a frame with origin "http://127.0.0.1:8000"; from
accessing a frame with origin "http://localhost:8000";. Protocols, domains, and
ports must match."
With site isolation off, the flow is:
1. HTMLFrameOwnerElement::contentDocument()
Returns the document if the frame is local, else nullptr
2. BindingSecurity::checkSecurityForNode()
(Since the IDL for contentDocument() is marked with [CheckSecurityForNode])
3. BindingSecurity::shouldAllowAccessToNode()
4. canAccessDocument()
5. canAccessTargetOrigin()
Log crossDomainAccessErrorMessage and return false
With site isolation on, contentDocument() returns nullptr because the frame is
remote. Then shouldAllowAccessToNode returns true (the target node is null).
So we allow access to the node, but the node is null.
So the test succeeds in that the document is not accessible. But fails simply
because the console message was not logged. But we still want to log this
message.
So we add use the IDL attribute [CheckSecurityForNodeWithFrameOwner] and use it
on
contentDocument(). So now calling contentDocument() will call
shouldAllowAccessToNodeWithFrameOwner(). Since the node is null, we will call
shouldAllowAccessToFrame() which will see that the frame is remote and
canAccessTargetOrigin() will log the console message.
We also rename CheckSecurityForNodeWithOwner to
CheckSecurityForNodeWithFrameOwner
for clarity. CheckSecurityForNodeWithOwner was introduced in
https://commits.webkit.org/309527@main
Also, in order to preserve pre-site-isolation behavior, we'll only check access
in the remote frame case and we update the comment to be more accurate.
This fixes a number of other tests as well.
*
LayoutTests/http/tests/site-isolation/accessibility/cross-process-search-nested-iframes-expected.txt:
* LayoutTests/platform/ios-site-isolation/TestExpectations:
* LayoutTests/platform/mac-site-isolation/TestExpectations:
* Source/WebCore/bindings/js/JSDOMBindingSecurity.h:
(WebCore::BindingSecurity::checkSecurityForNodeWithFrameOwner):
(WebCore::BindingSecurity::checkSecurityForNodeWithOwner): Deleted.
* Source/WebCore/bindings/scripts/CodeGeneratorJS.pm:
(NativeToJSValue):
* Source/WebCore/bindings/scripts/IDLAttributes.json:
* Source/WebCore/html/HTMLEmbedElement.idl:
* Source/WebCore/html/HTMLFrameElement.idl:
* Source/WebCore/html/HTMLIFrameElement.idl:
* Source/WebCore/html/HTMLObjectElement.idl:
Canonical link: https://commits.webkit.org/309592@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
