Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 653e9738792e2f406b6b85534c99bc4a49b006bf
https://github.com/WebKit/WebKit/commit/653e9738792e2f406b6b85534c99bc4a49b006bf
Author: Ahmad Saleem <[email protected]>
Date: 2026-05-06 (Wed, 06 May 2026)
Changed paths:
M
LayoutTests/http/tests/navigation/pushstate-at-unique-origin-denied-expected.txt
M LayoutTests/http/tests/navigation/pushstate-at-unique-origin-denied.py
M
LayoutTests/http/tests/security/history-pushState-replaceState-from-sandboxed-iframe-expected.txt
M
LayoutTests/http/tests/security/resources/history-pushState-replaceState-from-sandboxed-iframe.html
M
LayoutTests/imported/w3c/web-platform-tests/html/browsers/history/the-history-interface/history_pushstate_url_rewriting-expected.txt
R
LayoutTests/platform/glib/imported/w3c/web-platform-tests/html/browsers/history/the-history-interface/history_pushstate_url_rewriting-expected.txt
M Source/WebCore/page/History.cpp
M Tools/TestWebKitAPI/Tests/WebKit/WKWebView/ProcessSwapOnNavigation.mm
Log Message:
-----------
history.pushState()/replaceState() URL rewriting checks should align with the
specification
https://bugs.webkit.org/show_bug.cgi?id=230111
rdar://83203469
Reviewed by Brady Eidson.
This patch aligns the "can have its URL rewritten" check [1] with the
specification:
- HTTP(S): path, query, and fragment changes are all allowed.
- file: only query and fragment changes are allowed.
- All other schemes (blob:, data:, about:, etc.): only fragment
changes are allowed.
Previously, the allowSandboxException logic compared URLs using
viewWithoutQueryOrFragmentIdentifier(), which strips both query and
fragment, incorrectly allowing query changes for blob: and data: URLs.
The origin-based canRequest() check also incorrectly blocked path
changes for sandboxed http(s) URLs, even though the spec only
considers the document URL, not its origin.
[1] https://html.spec.whatwg.org/#can-have-its-url-rewritten
*
LayoutTests/http/tests/navigation/pushstate-at-unique-origin-denied-expected.txt:
Updated Expectation
* LayoutTests/http/tests/navigation/pushstate-at-unique-origin-denied.py:
Updated (aligned with Chrome)
*
LayoutTests/imported/w3c/web-platform-tests/html/browsers/history/the-history-interface/history_pushstate_url_rewriting-expected.txt:
Progressions
*
LayoutTests/http/tests/security/history-pushState-replaceState-from-sandboxed-iframe-expected.txt:
Updated Expectation
*
LayoutTests/http/tests/security/resources/history-pushState-replaceState-from-sandboxed-iframe.html:
Align with new specification
*
LayoutTests/platform/glib/imported/w3c/web-platform-tests/html/browsers/history/the-history-interface/history_pushstate_url_rewriting-expected.txt:
Removed.
(does not reintroduce rdar://33839265 - tested on Minibrowser)
* Source/WebCore/page/History.cpp:
(WebCore::History::stateObjectAdded):
* Tools/TestWebKitAPI/Tests/WebKit/WKWebView/ProcessSwapOnNavigation.mm:
((ProcessSwap,
NavigateBackAfterNavigatingAwayFromCrossOriginOpenerPolicyUsingBackForwardCache2)):
Updated the test to use #foo (fragment change) instead of /foo (path change).
The test logic and all other expectations remain valid since it's testing
COOP/BFCache process swapping behavior, not the URL rewriting itself.
Canonical link: https://commits.webkit.org/312738@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
