Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: c8e9806e77faccba904006f7d3e302d8aed16a58
https://github.com/WebKit/WebKit/commit/c8e9806e77faccba904006f7d3e302d8aed16a58
Author: Basuke Suzuki <[email protected]>
Date: 2026-01-18 (Sun, 18 Jan 2026)
Changed paths:
A LayoutTests/fast/url/fragment-large-expected.txt
A LayoutTests/fast/url/fragment-large.html
M Source/WebCore/loader/ThreadableLoader.cpp
M Source/WebCore/page/SecurityOrigin.cpp
Log Message:
-----------
Add fragment length check to SecurityOrigin::canDisplay().
https://bugs.webkit.org/show_bug.cgi?id=305505
rdar://165801515
Reviewed by Alex Christensen and Brent Fulgham.
Add a length check for URL fragment identifiers to SecurityOrigin::canDisplay().
Currently the threshold is 2MB. Also update the existing length check to use
the entire URL length when checking against `maximumURLSize`, which is
semantically
more correct than using pathEnd().
The fragment length check is performed before the universalAccess check to apply
in all contexts including layout tests.
Additionally, update ThreadableLoader::logError to use
stringCenterEllipsizedToLength()
when displaying URLs in error messages to avoid console spam from extremely
long URLs.
Tests: fast/url/fragment-large.html
* LayoutTests/fast/url/fragment-large-expected.txt: Added.
* LayoutTests/fast/url/fragment-large.html: Added.
* Source/WebCore/loader/ThreadableLoader.cpp:
(WebCore::ThreadableLoader::logError):
* Source/WebCore/page/SecurityOrigin.cpp:
(WebCore::SecurityOrigin::canDisplay const):
Canonical link: https://commits.webkit.org/305780@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
