Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 040fd20a08c9f51305ed7f0caa0a2eea6a20d713
https://github.com/WebKit/WebKit/commit/040fd20a08c9f51305ed7f0caa0a2eea6a20d713
Author: Charlie Wolfe <charl...@apple.com>
Date: 2023-09-19 (Tue, 19 Sep 2023)
Changed paths:
A LayoutTests/http/tests/site-isolation/post-message-expected.txt
A LayoutTests/http/tests/site-isolation/post-message.html
A
LayoutTests/http/tests/site-isolation/resources/post-message-to-parent.html
M Source/WebCore/bindings/js/JSRemoteDOMWindowCustom.cpp
Log Message:
-----------
All RemoteDOMWindow functions are inaccessible in WebKitTestRunner
https://bugs.webkit.org/show_bug.cgi?id=261783
rdar://115753929
Reviewed by Alex Christensen.
When site isolation is enabled in layout tests, attempting to access any
RemoteDOMWindow function will
throw a security error. This is because WebKitTestRunner will expose `$vm` to
each web content process,
and the proper security checks are not in place in
`JSRemoteDOMWindow::getOwnPropertySlot()` to allow
these symbol properties. When site isolation is disabled, we avoid throwing
this security error by
checking if the active and target document are of the same origin. We don’t
have a good way to do that
right now with site isolation, so let’s always allow `$vm` for now.
Added a test for postMessage to verify that RemoteDOMWindow functions now work.
* LayoutTests/http/tests/site-isolation/post-message-expected.txt: Added.
* LayoutTests/http/tests/site-isolation/post-message.html: Added.
* LayoutTests/http/tests/site-isolation/resources/post-message-to-parent.html:
Added.
* Source/WebCore/bindings/js/JSRemoteDOMWindowCustom.cpp:
(WebCore::JSRemoteDOMWindow::getOwnPropertySlot):
Canonical link: https://commits.webkit.org/268182@main
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
