Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 13819101c22430f8c2705f29c3aa1de4330bb25b https://github.com/WebKit/WebKit/commit/13819101c22430f8c2705f29c3aa1de4330bb25b Author: Charlie Wolfe <charl...@apple.com> Date: 2023-01-25 (Wed, 25 Jan 2023)
Changed paths: A LayoutTests/http/tests/navigation/cross-origin-navigation-fires-onload-expected.txt A LayoutTests/http/tests/navigation/cross-origin-navigation-fires-onload.html A LayoutTests/http/tests/navigation/resources/postmessage-on-hashchange.html M Source/WebCore/loader/FrameLoader.cpp Log Message: ----------- Cherry-pick 252432.942@safari-7614-branch (d7af255eed5c). rdar://104649116 cross origin iframe load event can be used for a malicious way https://bugs.webkit.org/show_bug.cgi?id=241753 rdar://95467115 Reviewed by Chris Dumez and Ryan Haddad. This bug describes an issue where it is possible to guess a URL that is redirected to by a cross-origin iframe. To fix this, WebKit should fire a load event when the direct parent frame is cross-origin. This fix is very similar to what is described in https://crbug.com/1248444. * Source/WebCore/loader/FrameLoader.cpp: (WebCore::FrameLoader::loadInSameDocument): * LayoutTests/http/tests/navigation/cross-origin-navigation-fires-onload-expected.txt: Added. * LayoutTests/http/tests/navigation/cross-origin-navigation-fires-onload.html: Added. * LayoutTests/http/tests/navigation/resources/postmessage-on-hashchange.html: Added. Canonical link: https://commits.webkit.org/252432.942@safari-7614-branch Canonical link: https://commits.webkit.org/259384@main _______________________________________________ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes