Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 1cff9b97d6800ad6c1bc9a5e14b9ea9ba41e5842
https://github.com/WebKit/WebKit/commit/1cff9b97d6800ad6c1bc9a5e14b9ea9ba41e5842
Author: Basuke Suzuki <[email protected]>
Date: 2026-06-05 (Fri, 05 Jun 2026)
Changed paths:
M Source/WebCore/loader/FrameLoader.cpp
M Source/WebCore/loader/FrameLoader.h
M Source/WebKit/WebProcess/WebCoreSupport/WebLocalFrameLoaderClient.cpp
M Source/WebKit/WebProcess/WebPage/WebPage.cpp
M Tools/WebKitTestRunner/TestController.cpp
Log Message:
-----------
[Site Isolation] Fix nested-frame form state restoration with
UseUIProcessForBackForwardItemLoading
https://bugs.webkit.org/show_bug.cgi?id=316345
rdar://178762633
Reviewed by Sihui Liu.
Under UseUIProcessForBackForwardItemLoading a child frame's back/forward load
is delegated to
the UIProcess asynchronously (FrameLoader::loadURLIntoChildFrame ->
LocalFrameLoaderClient::dispatchBackForwardItemLoading). To keep the parent
frame from firing
its load event before the child finishes, the child's FrameLoader is put into
an async-wait
state (setPendingAsyncBackForwardNavigation);
LocalFrame::preventsParentFromBeingComplete()
returns true while that state is set, so
checkCompleted()/allChildrenAreComplete() hold the
parent.
The bug: the UIProcess policy-decision completion handler cleared the
async-wait state
(shouldProceedWithAsyncBackForwardNavigation) before starting the provisional
load. A freshly
created child is still on its initial empty document, so isComplete() is true,
and starting the
provisional load does not flip isComplete() to false until the new document
begins. Clearing the
wait state first therefore opened a window where the child neither waits nor
loads, letting the
parent fire its load event before the child was restored — losing nested-frame
form state
(iframe.contentDocument observed as null).
Fix: clear the async-wait state at the points where the frame becomes genuinely
not-complete,
not in the policy callback. The success path already clears it in
FrameLoader::didBeginDocument()
atomically with isComplete() becoming false; clear it on the
provisional-load-failure terminal in
checkLoadCompleteForThisFrame() too (otherwise a failed load would leave the
frame holding its
parent forever). The policy callback now just starts the load while still
Pending, so the parent
keeps being held until one of those terminals runs. Replace the peek-and-clear
shouldProceedWithAsyncBackForwardNavigation() with explicit
asyncBackForwardNavigationWasCancelled()
and clearAsyncBackForwardNavigationState() primitives at the two call sites.
Also couple UseUIProcessForBackForwardItemLoading to SiteIsolationEnabled in
WebKitTestRunner
(the deferred half of bug 316344), mirroring WebProcessPool::createWebPage, so
test runs match
production. This is what exercises the path above: the existing
fast/loader/site-isolation/form-state-restore-with-frames.html now runs with
the flag on and
deterministically reproduced the failure before this fix.
* Source/WebCore/loader/FrameLoader.cpp:
(WebCore::FrameLoader::checkLoadCompleteForThisFrame): Clear the async-wait
state on the
provisional-load-failure terminal.
(WebCore::FrameLoader::shouldProceedWithAsyncBackForwardNavigation): Deleted.
* Source/WebCore/loader/FrameLoader.h:
(WebCore::FrameLoader::asyncBackForwardNavigationWasCancelled const): Added.
(WebCore::FrameLoader::clearAsyncBackForwardNavigationState): Added.
* Source/WebKit/WebProcess/WebCoreSupport/WebLocalFrameLoaderClient.cpp:
(WebKit::WebLocalFrameLoaderClient::dispatchDecidePolicyForBackForwardNavigationAction):
Start the
load while still Pending; clear only on cancellation.
* Source/WebKit/WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::goToBackForwardItem): Use the explicit cancelled/clear
primitives.
* Tools/WebKitTestRunner/TestController.cpp:
(WTR::TestController::featuresImpliedBySiteIsolation): Also enable
UseUIProcessForBackForwardItemLoading under Site Isolation.
Canonical link: https://commits.webkit.org/314648@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
