Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: ec67268e3a28ca49a6b63ae51114c5edd4f5ed96
https://github.com/WebKit/WebKit/commit/ec67268e3a28ca49a6b63ae51114c5edd4f5ed96
Author: Anne van Kesteren <[email protected]>
Date: 2026-04-16 (Thu, 16 Apr 2026)
Changed paths:
M LayoutTests/fast/loader/comment-only-javascript-url-expected.txt
M LayoutTests/fast/loader/comment-only-javascript-url.html
M
LayoutTests/http/tests/security/denied-base-url-javascript-url-expected.txt
M
LayoutTests/imported/w3c/web-platform-tests/url/a-element-xhtml_include=javascript-expected.txt
M
LayoutTests/imported/w3c/web-platform-tests/url/a-element_include=javascript-expected.txt
M
LayoutTests/imported/w3c/web-platform-tests/url/javascript-urls.window-expected.txt
A
LayoutTests/platform/glib/fast/loader/javascript-url-hierarchical-execution-expected.txt
M Source/WTF/wtf/URL.cpp
M Source/WTF/wtf/URL.h
M Source/WebCore/dom/Document.cpp
M Source/WebCore/dom/Element.cpp
M Source/WebCore/html/URLDecomposition.cpp
M Source/WebCore/inspector/InspectorFrontendHost.cpp
M Source/WebCore/page/DOMWindow.cpp
M Source/WebCore/page/DOMWindow.h
M Source/WebCore/page/LocalDOMWindow.cpp
M Source/WebCore/page/SecurityPolicy.cpp
M Source/WebCore/svg/SVGAnimationElement.cpp
M Tools/WebKitTestRunner/TestController.cpp
Log Message:
-----------
Correct parsing of javascript: URLs
https://bugs.webkit.org/show_bug.cgi?id=289831
Reviewed by Chris Dumez.
Switch URL::protocolIsJavaScript() from a string prefix check to a
scheme check. With 207670@main we more eagerly recognized non-parseable
URLs as javascript: URLs to align with other browsers, but other
browsers ignore non-parseable javascript: URLs these days and so should
we. The free function protocolIsJavaScript() is renamed to
isJavaScriptURL() and now parses its input first.
The reason this does not make us fully pass
url/javascript-urls.window.js like Chrome is because we don't execute
javascript: URLs from a task.
Since invalid javascript: URLs no longer match protocolIsJavaScript(),
callers that relied on the string prefix check needed updating:
- URLDecomposition::protocol() had a workaround for javascript: URLs
that parsed as hierarchical — no longer needed since those now
properly fail to parse.
- DOMWindow::isInsecureScriptAccess() now takes a const URL& and uses
the scheme check. Invalid javascript: URLs won't match, but they also
can't execute since the downstream execution path uses the same
check.
- SecurityPolicy::isBaseURLSchemeAllowed() now asserts url.isValid().
Document::processBaseElement() handles invalid URLs before calling it:
empty URLs (no base element) are allowed, non-empty invalid URLs are
blocked behind the existing shouldRestrictBaseURLSchemes setting.
- WebKitTestRunner's decidePolicyForNavigationAction crashed on invalid
URLs because the C API (WKURLRequestCopyURL) returns null for them
and the code didn't null-check. Added a null check. (We do want
invalid URLs to be able to reach this far unfortunately.
TestWebKitAPI.WebKit.NavigateToInvalidURL and
TestWebKitAPI.WKNavigationAction.BlobRequestBody both verify this but
were using a Cocoa API that did not crash. Reaching this point with
an invalid javascript: URL is what's novel, but should be okay.)
Canonical link: https://commits.webkit.org/311381@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
