Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 00a2a6621815015a6a81b1d6bcf2e82666de1f45
https://github.com/WebKit/WebKit/commit/00a2a6621815015a6a81b1d6bcf2e82666de1f45
Author: Sihui Liu <[email protected]>
Date: 2026-06-04 (Thu, 04 Jun 2026)
Changed paths:
M Source/WebCore/history/BackForwardCache.cpp
M Source/WebCore/history/BackForwardCache.h
M Source/WebKit/Shared/FrameTreeNodeData.h
M Source/WebKit/Shared/FrameTreeNodeData.serialization.in
M Source/WebKit/UIProcess/API/APIFrameTreeNode.h
M Source/WebKit/UIProcess/API/Cocoa/WKWebView.mm
M Source/WebKit/UIProcess/API/Cocoa/WKWebViewPrivate.h
M Source/WebKit/UIProcess/API/Cocoa/_WKFrameTreeNode.h
M Source/WebKit/UIProcess/API/Cocoa/_WKFrameTreeNode.mm
M Source/WebKit/UIProcess/WebBackForwardCacheEntry.h
M Source/WebKit/UIProcess/WebFrameProxy.cpp
M Source/WebKit/UIProcess/WebPageProxy.cpp
M Source/WebKit/UIProcess/WebPageProxy.h
M Source/WebKit/WebProcess/WebPage/WebFrame.cpp
M Source/WebKit/WebProcess/WebPage/WebPage.cpp
M Source/WebKit/WebProcess/WebPage/WebPage.h
M Source/WebKit/WebProcess/WebPage/WebPage.messages.in
M Tools/TestWebKitAPI/Tests/WebKit/WKWebView/SiteIsolation.mm
Log Message:
-----------
[Site Isolation] Provisional page's top document sync data corrupts the
current page's processes
https://bugs.webkit.org/show_bug.cgi?id=316120
rdar://178548978
Reviewed by Basuke Suzuki.
Site Isolation replicates top document data across WebContent processes to
support subframe operations, but during
cross-site navigations, provisional updates can incorrectly overwrite active
page states, leaking URLs/origins into
unrelated processes. To prevent this, broadcasts from non-committed main frame
processes are now ignored, ensuring only
valid updates propagate. Testing paths were added to verify back/forward cache
integrity, confirming cached processes
retain correct top documents during both cross-site and same-site navigations.
API test: SiteIsolation.BFCacheSameSitePageChangesTopDocumentURL
SiteIsolation.BFCacheCrossSitePageKeepsTopDocumentURL
* Source/WebCore/history/BackForwardCache.cpp:
(WebCore::BackForwardCache::get):
* Source/WebCore/history/BackForwardCache.h:
* Source/WebKit/Shared/FrameTreeNodeData.h:
* Source/WebKit/Shared/FrameTreeNodeData.serialization.in:
* Source/WebKit/UIProcess/API/APIFrameTreeNode.h:
* Source/WebKit/UIProcess/API/Cocoa/WKWebView.mm:
(-[WKWebView _frameTreesInBackForwardCacheAtIndex:completionHandler:]):
* Source/WebKit/UIProcess/API/Cocoa/WKWebViewPrivate.h:
* Source/WebKit/UIProcess/API/Cocoa/_WKFrameTreeNode.h:
* Source/WebKit/UIProcess/API/Cocoa/_WKFrameTreeNode.mm:
(-[_WKFrameTreeNode _topDocumentURLForTesting]):
* Source/WebKit/UIProcess/WebBackForwardCacheEntry.h:
* Source/WebKit/UIProcess/WebFrameProxy.cpp:
(WebKit::WebFrameProxy::getFrameTree):
* Source/WebKit/UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::getFrameTreesForBackForwardItem):
(WebKit::WebPageProxy::broadcastDocumentSyncData):
(WebKit::WebPageProxy::broadcastAllDocumentSyncData):
* Source/WebKit/UIProcess/WebPageProxy.h:
* Source/WebKit/WebProcess/WebPage/WebFrame.cpp:
(WebKit::WebFrame::frameTreeData const):
* Source/WebKit/WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::getFrameTree):
(WebKit::WebPage::getFrameTreeForBackForwardCacheEntry):
* Source/WebKit/WebProcess/WebPage/WebPage.h:
* Source/WebKit/WebProcess/WebPage/WebPage.messages.in:
* Tools/TestWebKitAPI/Tests/WebKit/WKWebView/SiteIsolation.mm:
(TestWebKitAPI::frameTreesInBackForwardCacheAtIndex):
(TestWebKitAPI::checkProcessesTopDocumentURL):
(TestWebKitAPI::TEST(SiteIsolation, BFCacheSameSitePageChangesTopDocumentURL)):
(TestWebKitAPI::TEST(SiteIsolation, BFCacheCrossSitePageKeepsTopDocumentURL)):
Canonical link: https://commits.webkit.org/314552@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
