Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: a0abbe7941d7ddf5e0c323fe913c6dfcfd27dd65
https://github.com/WebKit/WebKit/commit/a0abbe7941d7ddf5e0c323fe913c6dfcfd27dd65
Author: Ahmad Saleem <[email protected]>
Date: 2026-05-02 (Sat, 02 May 2026)
Changed paths:
M
LayoutTests/imported/w3c/web-platform-tests/html/browsers/history/joint-session-history/joint-session-history-iframe-state-expected.txt
M Source/WebCore/loader/HistoryController.cpp
Log Message:
-----------
Parent window's `history.state` is set to `null` when `history.pushState` is
called by a child iframe
https://bugs.webkit.org/show_bug.cgi?id=196990
rdar://50019069
Reviewed by Brady Eidson.
This patch aligns WebKit with Gecko / Firefox and Blink / Chromium.
When an iframe calls history.pushState(), createItemTree() rebuilds
the entire frame tree's HistoryItems starting from the root frame.
createItem() replaces each frame's m_currentItem with a fresh item,
but initializeItem() never copies the stateObject. Only the target
frame's state is restored afterward by pushState(). Non-target frames
(including the parent) lose their state, causing window.history.state
to return null.
Preserve the stateObject from m_previousItem for non-target frames in
createItemTree(), matching the existing pattern for itemSequenceNumber
and documentSequenceNumber.
*
LayoutTests/imported/w3c/web-platform-tests/html/browsers/history/joint-session-history/joint-session-history-iframe-state-expected.txt:
Progression
* Source/WebCore/loader/HistoryController.cpp:
(WebCore::HistoryController::createItemTree):
Canonical link: https://commits.webkit.org/312475@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
