Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 040fd20a08c9f51305ed7f0caa0a2eea6a20d713 https://github.com/WebKit/WebKit/commit/040fd20a08c9f51305ed7f0caa0a2eea6a20d713 Author: Charlie Wolfe <charl...@apple.com> Date: 2023-09-19 (Tue, 19 Sep 2023)
Changed paths: A LayoutTests/http/tests/site-isolation/post-message-expected.txt A LayoutTests/http/tests/site-isolation/post-message.html A LayoutTests/http/tests/site-isolation/resources/post-message-to-parent.html M Source/WebCore/bindings/js/JSRemoteDOMWindowCustom.cpp Log Message: ----------- All RemoteDOMWindow functions are inaccessible in WebKitTestRunner https://bugs.webkit.org/show_bug.cgi?id=261783 rdar://115753929 Reviewed by Alex Christensen. When site isolation is enabled in layout tests, attempting to access any RemoteDOMWindow function will throw a security error. This is because WebKitTestRunner will expose `$vm` to each web content process, and the proper security checks are not in place in `JSRemoteDOMWindow::getOwnPropertySlot()` to allow these symbol properties. When site isolation is disabled, we avoid throwing this security error by checking if the active and target document are of the same origin. We don’t have a good way to do that right now with site isolation, so let’s always allow `$vm` for now. Added a test for postMessage to verify that RemoteDOMWindow functions now work. * LayoutTests/http/tests/site-isolation/post-message-expected.txt: Added. * LayoutTests/http/tests/site-isolation/post-message.html: Added. * LayoutTests/http/tests/site-isolation/resources/post-message-to-parent.html: Added. * Source/WebCore/bindings/js/JSRemoteDOMWindowCustom.cpp: (WebCore::JSRemoteDOMWindow::getOwnPropertySlot): Canonical link: https://commits.webkit.org/268182@main _______________________________________________ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes