[webkit-changes] [WebKit/WebKit] 10b8cd: [Quirk] extend the ceac.state.gov quirk to cover m...

Tue, 07 Apr 2026 05:10:06 -0700 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 10b8cd7a0d3972ef8574b589681506f6944d322f
      
https://github.com/WebKit/WebKit/commit/10b8cd7a0d3972ef8574b589681506f6944d322f
  Author: Karl Dubost <[email protected]>
  Date:   2026-04-07 (Tue, 07 Apr 2026)

  Changed paths:
    M Source/WebCore/page/Quirks.cpp
    M Source/WebCore/page/QuirksData.h

  Log Message:
  -----------
  [Quirk] extend the ceac.state.gov quirk to cover more cases
https://bugs.webkit.org/show_bug.cgi?id=311383
rdar://170258502

Reviewed by Brent Fulgham.

The US visa application site ceac.state.gov uses CheckBrowserClose.js
which registers a beforeunload handler (ClearSession) that inspects
document.activeElement to decide if navigation is intentional. When it
decides navigation is not intentional, it sets an ExpiredSession cookie
and blocks navigation, killing the user's session.

The existing NeedsFormControlToBeMouseFocusableQuirk (bug 193478)
ensures form controls gain focus on mouse click so
document.activeElement is set correctly. However, two bugs in the
site's JavaScript still cause session loss even when focus works:

1. An operator precedence bug at line 232 of CheckBrowserClose.js:

    (A && B && HTMLBodyElement) || HTMLInputElement

    The || is not grouped with the && chain, so ANY focused <input>
    element (including properly focused submit buttons, radio buttons,
    and text fields) triggers validNavigation = false.

2. Radio buttons are not recognized by the valid-navigation checks
    at lines 67-80. The site checks for id.indexOf("Radio") but
    ASP.NET RadioButtonList generates IDs with "rbl" prefix, not
    "Radio". Radio buttons fall through all checks and hit the
    catch-all at line 232.

The fix adds a script injection quirk that runs before
CheckBrowserClose.js loads. The injected script wraps
window.addEventListener to intercept the beforeunload registration.
When beforeunload fires, if document.activeElement is a form input
(radio, checkbox, submit, or button), the original ClearSession is
skipped entirely, allowing navigation to proceed.

Both quirks work together at different points in the pipeline:
- Quirk 1 (focus, Mac only): at click time, ensures
document.activeElement is set to the clicked element
- Quirk 2 (script injection, all platforms): at beforeunload time,
bypasses the site's broken ClearSession logic when activeElement
is a form input

The handler is moved outside #if PLATFORM(MAC) so the script
injection quirk applies on all platforms. The mouse focus quirk
remains Mac-only inside the handler since it addresses mouse-specific
focus behavior.

* Source/WebCore/page/Quirks.cpp:
(CompletionHandler<void): Deleted.
* Source/WebCore/page/QuirksData.h:

Canonical link: https://commits.webkit.org/310699@main



To unsubscribe from these emails, change your notification settings at 
https://github.com/WebKit/WebKit/settings/notifications

Reply via email to