Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 74720ee2b7df6a33982136654d14bc3cd4236ab7
https://github.com/WebKit/WebKit/commit/74720ee2b7df6a33982136654d14bc3cd4236ab7
Author: Basuke Suzuki <[email protected]>
Date: 2026-06-12 (Fri, 12 Jun 2026)
Changed paths:
M Source/WebCore/loader/HistoryController.cpp
M Tools/TestWebKitAPI/Tests/WebKit/WKWebView/SiteIsolation.mm
Log Message:
-----------
[Site Isolation] Iframe pushState misroutes history.back() under
UseUIProcessForBackForwardItemLoading
https://bugs.webkit.org/show_bug.cgi?id=316881
rdar://179304807
Reviewed by Charlie Wolfe and Sihui Liu.
HistoryController::pushState built the topItem from frame->rootFrame(), so the
IPC payload's frameID identified the rootFrame even when an iframe initiated
the navigation. Under UseUIProcessForBackForwardItemLoading (auto-enabled with
SiteIsolation), UIProcess routes history.back() by
currentItem->navigatedFrameID()
and so navigated the main frame to its own URL — back() became a no-op and the
iframe stayed at the latest pushed entry.
Build the tree from the navigating frame, matching what regular iframe
navigations already do via WebLocalFrameLoaderClient::createHistoryItemTree.
The IPC payload's root frameID then identifies the iframe directly, and
WebBackForwardList::completeFrameStateForNavigation handles grafting the
iframe-rooted FrameState onto the main tree as it does for any other
sub-frame navigation.
Tools/TestWebKitAPI/Tests/WebKit/WKWebView/SiteIsolation.mm:
IframePushStateBackForwardRoutesToIframe.
* Source/WebCore/loader/HistoryController.cpp:
(WebCore::HistoryController::pushState):
* Tools/TestWebKitAPI/Tests/WebKit/WKWebView/SiteIsolation.mm:
Canonical link: https://commits.webkit.org/315125@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
