Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: b04a14ade3ebc8985899dd8bfe0e3173f3f7fead
https://github.com/WebKit/WebKit/commit/b04a14ade3ebc8985899dd8bfe0e3173f3f7fead
Author: Sihui Liu <[email protected]>
Date: 2025-12-09 (Tue, 09 Dec 2025)
Changed paths:
M Source/WebKit/UIProcess/WebPageProxy.cpp
M Tools/TestWebKitAPI/Tests/WebKitCocoa/SiteIsolation.mm
Log Message:
-----------
[Site Isolation] Fix assertion failure when cross-site frame opens window
with blob URL
https://bugs.webkit.org/show_bug.cgi?id=303848
rdar://165842879
Reviewed by Alex Christensen.
The assertion in WebProcessProxy::didStartUsingProcessForSiteIsolation() fails
when a cross-site frame opens window with
blob URL (see new test). The cause is that current implementation automatically
sets related page on page configuration
of new page (created for window.open), when the new page is loading blob URL.
When related page is set, the new page
will use the related page's web process for loading, even though the two pages
are loading difference sites. This config
does not work under site isolation, and the assertion ensures this does not
happen. To fix this, only set related page
for blob URL when site isolation is disabled.
The patch also fixes a move-after-free issue in WebPageProxy::createNewPage
(request is moved to when creating
API::NavigationAction).
Thanks to Brandon and Jessica for providing the test case.
Test: SiteIsolation.CrossSiteIframeOpenWindowWithBlobURL
* Source/WebKit/UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::createNewPage):
* Tools/TestWebKitAPI/Tests/WebKitCocoa/SiteIsolation.mm:
(TestWebKitAPI::(SiteIsolation, CrossSiteIframeOpenWindowWithBlobURL)):
Canonical link: https://commits.webkit.org/304192@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
