Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: fd1fbad88d034165fe243986a5a90a2967e1659d
https://github.com/WebKit/WebKit/commit/fd1fbad88d034165fe243986a5a90a2967e1659d
Author: Brady Eidson <[email protected]>
Date: 2026-06-03 (Wed, 03 Jun 2026)
Changed paths:
M Tools/TestWebKitAPI/Helpers/cocoa/HTTPServer.h
M Tools/TestWebKitAPI/Tests/WebKit/WKWebView/Badging.mm
Log Message:
-----------
rdar://172395438
Reviewed by Chris Dumez.
A compromised web process can send an arbitrary message to the UI process to
change
the app badge from any worker domain.
This adds checks to validate that the requested origin is allowed to come from
the web process in consideration.
Tests: Tools/TestWebKitAPI/Tests/WebKitCocoa/Badging.mm
* Tools/TestWebKitAPI/Helpers/cocoa/HTTPServer.h:
(TestWebKitAPI::HTTPResponse::HTTPResponse):
* Tools/TestWebKitAPI/Tests/WebKit/WKWebView/Badging.mm:
(-[BadgeDelegate updatedAppBadge:fromOrigin:]):
Originally-landed-as: 305413.558@rapid/safari-7624.2.5.110-branch
(7b096816fb37). rdar://176061819
Canonical link: https://commits.webkit.org/314500@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
