Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: db1d09a2c44b62e4ee2d0e05f8b3a8a0e3dcc11d
https://github.com/WebKit/WebKit/commit/db1d09a2c44b62e4ee2d0e05f8b3a8a0e3dcc11d
Author: Anthony Tarbinian <[email protected]>
Date: 2026-04-08 (Wed, 08 Apr 2026)
Changed paths:
M
LayoutTests/http/tests/security/block-top-level-navigations-by-third-party-sandboxed-iframe.html
M LayoutTests/platform/ios-site-isolation/TestExpectations
M LayoutTests/platform/mac-site-isolation/TestExpectations
Log Message:
-----------
[Site Isolation] Missing "Unsafe JavaScript attempt to initiate navigation"
log in
http/tests/security/block-top-level-navigations-by-third-party-sandboxed-iframe.html
https://bugs.webkit.org/show_bug.cgi?id=311438
rdar://174036322
Reviewed by Sihui Liu.
With site isolation enabled,
http/tests/security/block-top-level-navigations-by-third-party-sandboxed-iframe.html
doesn't print the following log message:
```
CONSOLE MESSAGE: Unsafe JavaScript attempt to initiate navigation for frame
with URL
'http://127.0.0.1:8000/security/block-top-level-navigations-by-third-party-sandboxed-iframe.html'
from frame with URL
'data:text/html;base64,PGh0bWw+PGJvZHk+U3VjY2VzcyEgVGhlIG5hdmlnYXRpb24gd2FzIGJsb2NrZWQ8c2NyaXB0IHR5cGU9InRleHQvamF2YXNjcmlwdCI+IHdpbmRvdy50b3AubG9jYXRpb24gPSAiaHR0cDovL2xvY2FsaG9zdDo4MDAwL3NlY3VyaXR5L3Jlc291cmNlcy9zaG91bGQtbm90LWhhdmUtbG9hZGVkLmh0bWwiOzwvc2NyaXB0PjwvYm9keT48L2h0bWw+'.
The frame attempting navigation of the top-level window is cross-origin or
untrusted and the user has never interacted with the frame.
```
Extending the timeout of the test to 1000ms gives enough time for the log to be
printed
before the test timeout fires.
However, now that the log appears in the site isolation test output, we run into
a mismatch in the URL of the remote frame that is the target of the attempted
navigation.
Here is the diff:
```
-CONSOLE MESSAGE: Unsafe JavaScript attempt to initiate navigation for frame
with URL
'http://127.0.0.1:8000/security/block-top-level-navigations-by-third-party-sandboxed-iframe.html'
from frame with URL
'data:text/html;base64,PGh0bWw+PGJvZHk+U3VjY2VzcyEgVGhlIG5hdmlnYXRpb24gd2FzIGJsb2NrZWQ8c2NyaXB0IHR5cGU9InRleHQvamF2YXNjcmlwdCI+IHdpbmRvdy50b3AubG9jYXRpb24gPSAiaHR0cDovL2xvY2FsaG9zdDo4MDAwL3NlY3VyaXR5L3Jlc291cmNlcy9zaG91bGQtbm90LWhhdmUtbG9hZGVkLmh0bWwiOzwvc2NyaXB0PjwvYm9keT48L2h0bWw+'.
The frame attempting navigation of the top-level window is cross-origin or
untrusted and the user has never interacted with the frame.
+CONSOLE MESSAGE: Unsafe JavaScript attempt to initiate navigation for frame
with URL 'http://127.0.0.1:8000/' from frame with URL
'data:text/html;base64,PGh0bWw+PGJvZHk+U3VjY2VzcyEgVGhlIG5hdmlnYXRpb24gd2FzIGJsb2NrZWQ8c2NyaXB0IHR5cGU9InRleHQvamF2YXNjcmlwdCI+IHdpbmRvdy50b3AubG9jYXRpb24gPSAiaHR0cDovL2xvY2FsaG9zdDo4MDAwL3NlY3VyaXR5L3Jlc291cmNlcy9zaG91bGQtbm90LWhhdmUtbG9hZGVkLmh0bWwiOzwvc2NyaXB0PjwvYm9keT48L2h0bWw+'.
The frame attempting navigation of the top-level window is cross-origin or
untrusted and the user has never interacted with the frame.
```
This mismatch is intentional due to https://commits.webkit.org/310093@main .
Just like that patch, here we will mark this test as intentionally failing
with a comment in TestExpectations that denotes the difference in
behavior with site isolation enabled vs disabled.
*
LayoutTests/http/tests/security/block-top-level-navigations-by-third-party-sandboxed-iframe.html:
* LayoutTests/platform/ios-site-isolation/TestExpectations:
* LayoutTests/platform/mac-site-isolation/TestExpectations:
Canonical link: https://commits.webkit.org/310789@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
