Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 80a2f83fa96b35052b2308ee781478d9dd9677bc
https://github.com/WebKit/WebKit/commit/80a2f83fa96b35052b2308ee781478d9dd9677bc
Author: Anthony Tarbinian <[email protected]>
Date: 2026-04-03 (Fri, 03 Apr 2026)
Changed paths:
M LayoutTests/platform/ios-site-isolation/TestExpectations
M LayoutTests/platform/mac-site-isolation/TestExpectations
Log Message:
-----------
[Site Isolation] Console log is intentionally missing the full URL of a
RemoteFrame for
http/tests/security/block-top-level-navigations-by-sandboxed-iframe-with-propagated-user-gesture.html
https://bugs.webkit.org/show_bug.cgi?id=311286
rdar://173883912
Reviewed by Sihui Liu.
In
http/tests/security/block-top-level-navigations-by-sandboxed-iframe-with-propagated-user-gesture.html,
with site isolation enabled the console message logging
"Unsafe JavaScript attempt to initiate navigation" will
not contain the full URL (including resource path) of RemoteFrames.
This is the diff:
```
@@ -1,4 +1,4 @@
-CONSOLE MESSAGE: Unsafe JavaScript attempt to initiate navigation for frame
with URL
'http://127.0.0.1:8000/security/block-top-level-navigations-by-sandboxed-iframe-with-propagated-user-gesture.html'
from frame with URL
'http://localhost:8000/security/resources/navigate-top-level-frame-to-failure-page-via-message-handler.html'.
The frame attempting navigation of the top-level window is sandboxed, but the
'allow-top-navigation' flag is not set.
+CONSOLE MESSAGE: Unsafe JavaScript attempt to initiate navigation for frame
with URL 'http://127.0.0.1:8000/' from frame with URL
'http://localhost:8000/security/resources/navigate-top-level-frame-to-failure-page-via-message-handler.html'.
The frame attempting navigation of the top-level window is sandboxed, but the
'allow-top-navigation' flag is not set.
CONSOLE MESSAGE: SecurityError: The operation is insecure.
Test blocking of top-level navigations by an iframe with
`sandbox=allow-top-navigation-by-user-activation` when the user gesture is
propagated from another context.
```
This difference is thanks to https://commits.webkit.org/310093@main
where we decided to prevent frames from fetching the full URL path of
remote frames in different processes.
http/tests/security/block-top-level-navigations-by-sandboxed-iframe-with-propagated-user-gesture.html
also has the same inconsistency in behavior with site isolation enabled vs
disabled.
This patch moves the failing line in TestExpectations with the other intentional
failures from https://commits.webkit.org/310093@main
* LayoutTests/platform/ios-site-isolation/TestExpectations:
* LayoutTests/platform/mac-site-isolation/TestExpectations:
Canonical link: https://commits.webkit.org/310523@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
