Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: e2355e43e2efc72e8071ccbe6d595d504690f190
https://github.com/WebKit/WebKit/commit/e2355e43e2efc72e8071ccbe6d595d504690f190
Author: Anthony Tarbinian <[email protected]>
Date: 2026-05-05 (Tue, 05 May 2026)
Changed paths:
M LayoutTests/platform/ios-site-isolation/TestExpectations
M LayoutTests/platform/mac-site-isolation/TestExpectations
M Source/WebCore/dom/MessageChannel.cpp
M Source/WebCore/dom/messageports/MessagePortChannelProvider.h
M Source/WebCore/dom/messageports/MessagePortChannelProviderImpl.cpp
M Source/WebCore/dom/messageports/MessagePortChannelProviderImpl.h
M Source/WebCore/dom/messageports/WorkerMessagePortChannelProvider.cpp
M Source/WebCore/dom/messageports/WorkerMessagePortChannelProvider.h
M Source/WebKit/WebProcess/WebCoreSupport/WebMessagePortChannelProvider.cpp
M Source/WebKit/WebProcess/WebCoreSupport/WebMessagePortChannelProvider.h
M Source/WebKit/WebProcess/WebCoreSupport/WebRemoteFrameClient.cpp
Log Message:
-----------
[Site Isolation] Fix same-process MessageChannel postMessage of
non-serializable types
https://bugs.webkit.org/show_bug.cgi?id=313692
rdar://175890575
Reviewed by Ryosuke Niwa.
The following tests are failing with site isolation enabled:
imported/w3c/web-platform-tests/html/infrastructure/safe-passing-of-structured-data/messagechannel.any.html
imported/w3c/web-platform-tests/html/infrastructure/safe-passing-of-structured-data/messagechannel.any.serviceworker.html
imported/w3c/web-platform-tests/html/infrastructure/safe-passing-of-structured-data/messagechannel.any.sharedworker.html
imported/w3c/web-platform-tests/html/infrastructure/safe-passing-of-structured-data/messagechannel.any.worker.html
imported/w3c/web-platform-tests/html/infrastructure/safe-passing-of-structured-data/shared-array-buffers/window-messagechannel-success.https.html
http/tests/webgpu/webgpu/api/validation/queue/copyToTexture/CopyExternalImageToTexture.html
imported/w3c/web-platform-tests/wasm/serialization/module/window-messagechannel-success.html
These test failures involve when postMessage is called to pass a
non-serializable
type (i.e. SharedArrayBuffer, WasmModule, ImageBitMap, etc)
to another context (i.e. another frame, window, worker).
See the example JS below:
const channel = new MessageChannel();
const sab = new SharedArrayBuffer(16);
channel.port1.postMessage(sab);
There is an optimization in WebKit to keep the MessagePorts
in a local HashMap (WebMessagePortChannelProvider::m_inProcessPortMessages)
to avoid performing unecessary IPC if the sender and receiver
are in the same process.
See https://commits.webkit.org/255948@main
This optimization caused issues with site isolation enabled
since it's possible for the target to be in a different process.
The optimization was undone in https://commits.webkit.org/295627@main
Without the optimization, all messages sent over a MessageChannel
are sent over IPC with site isolation enabled.
See the following code in WebMessagePortChannelProvider::postMessageToRemote
which falls back to IPC when the port is not found in m_inProcessPortMessages.
Remote here doesn't mean a different process, its just the receiver of
postMessage.
void
WebMessagePortChannelProvider::postMessageToRemote(MessageWithMessagePorts&&
message, const MessagePortIdentifier& remoteTarget)
{
auto iterator = m_inProcessPortMessages.find(remoteTarget);
if (iterator != m_inProcessPortMessages.end()) {
iterator->value.append(WTF::move(message));
WebProcess::singleton().messagesAvailableForPort(remoteTarget);
return;
}
for (auto& port : message.transferredPorts)
messagePortSentToRemote(port.first);
protect(networkProcessConnection())->send(Messages::NetworkConnectionToWebProcess::PostMessageToRemote
{ message, remoteTarget }, 0);
}
However, this causes issues for messages which are not serializable over
IPC, such as SharedArrayBuffer which are marked as [NotSerialized]
https://searchfox.org/wubkat/source/Source/WebKit/Shared/WebCoreArgumentCoders.serialization.in#8013
This means that sending a SharedArrayBuffer will fail even when
the sender and receiver are in the same process and there is no
need to cross IPC.
This patch adds back in the same process optimization
which bypasses IPC if the port is in the same process.
This is what fixes the tests mentioned at the start with
with site isolation enabled.
This patch also ensures the failing test from the patch that disabled the
optimization with site isolation is still passing
(https://commits.webkit.org/295627@main).
The test in question is API test SiteIsolation.PostMessageWithMessagePorts.
To do so, this patch adds logic to WebRemoteFrameClient::postMessageToRemote
where we clean up any lingering ports which are stored in the local
HashMap before we send the port to a different process.
WebRemoteFrameClient::postMessageToRemote runs when a message is being
sent to a different process. I decided to add this logic here
instead of WebMessagePortChannelProvider::messagePortDisentangled
since WebRemoteFrameClient::postMessageToRemote is when the port
actually leaves the process. Messages that go through messagePortDisentangled
might not actually cross the process boundary and end up in the same process.
If we notice that any ports are being sent cross-process we need to
clean them up from our same-process HashMap. This is needed because,
as mentioned earlier, the code in
WebMessagePortChannelProvider::postMessageToRemote
will check for a port in the local HashMap before trying IPC.
This is what was causing the failure from
https://commits.webkit.org/295627@main.
Instead of disabling the optimization outright like in that commit,
we instead clean up the port from our local HashMap when the port
belongs to another process.
To perform the cleanup we call
WebMessagePortChannelProvider::messagePortSentToRemote
which removes the ports from the local HashMap and flushes any buffered messages
to the receiving end.
This is the same pattern from the following functions (from commit
https://commits.webkit.org/197825@main):
- WebSWClientConnection::postMessageToServiceWorker
- WebSWContextManagerConnection::postMessageToServiceWorkerClient
- WebSharedWorkerObjectConnection::requestSharedWorker
This patch does NOT fix the following test as it has other issues:
-
imported/w3c/web-platform-tests/html/infrastructure/safe-passing-of-structured-data/shared-array-buffers/window-iframe-messagechannel.https.html
This patch fixes the following tests with site isolation enabled:
-
imported/w3c/web-platform-tests/html/infrastructure/safe-passing-of-structured-data/messagechannel.any.html
-
imported/w3c/web-platform-tests/html/infrastructure/safe-passing-of-structured-data/messagechannel.any.serviceworker.html
-
imported/w3c/web-platform-tests/html/infrastructure/safe-passing-of-structured-data/messagechannel.any.sharedworker.html
-
imported/w3c/web-platform-tests/html/infrastructure/safe-passing-of-structured-data/messagechannel.any.worker.html
-
imported/w3c/web-platform-tests/html/infrastructure/safe-passing-of-structured-data/shared-array-buffers/window-messagechannel-success.https.html
-
http/tests/webgpu/webgpu/api/validation/queue/copyToTexture/CopyExternalImageToTexture.html
-
imported/w3c/web-platform-tests/wasm/serialization/module/window-messagechannel-success.html
* LayoutTests/platform/ios-site-isolation/TestExpectations:
* LayoutTests/platform/mac-site-isolation/TestExpectations:
Update TestExpectations with tests passing
with --site-isolation
* Source/WebCore/dom/MessageChannel.cpp:
(WebCore::MessageChannel::MessageChannel):
Removing site isolation flag argument
* Source/WebCore/dom/messageports/MessagePortChannelProvider.h:
Removing site isolation flag argument
* Source/WebCore/dom/messageports/MessagePortChannelProviderImpl.cpp:
(WebCore::MessagePortChannelProviderImpl::createNewMessagePortChannel):
Removing site isolation flag argument
* Source/WebCore/dom/messageports/MessagePortChannelProviderImpl.h:
Removing site isolation flag argument
* Source/WebCore/dom/messageports/WorkerMessagePortChannelProvider.cpp:
(WebCore::WorkerMessagePortChannelProvider::createNewMessagePortChannel):
Removing site isolation flag argument
* Source/WebCore/dom/messageports/WorkerMessagePortChannelProvider.h:
Removing site isolation flag argument
* Source/WebKit/WebProcess/WebCoreSupport/WebMessagePortChannelProvider.cpp:
(WebKit::WebMessagePortChannelProvider::createNewMessagePortChannel):
Adding back local HashMap optimization which skips IPC for
same process message sending for site isolation. This was
removed for site isolation in https://commits.webkit.org/295627@main
* Source/WebKit/WebProcess/WebCoreSupport/WebMessagePortChannelProvider.h:
Removing site isolation flag argument
* Source/WebKit/WebProcess/WebCoreSupport/WebRemoteFrameClient.cpp:
(WebKit::WebRemoteFrameClient::postMessageToRemote):
Removing ports from local HashMap when a port is sent
cross-process. This fixes the bug which
https://commits.webkit.org/295627@main
was solving. Instead this time, we don't disable the
optimization outright, but keep the local port HashMap
up to date when ports are send to a different process.
Canonical link: https://commits.webkit.org/312641@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
