Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 5f655160036b3abc92f65dc8d89db51c87738dca
https://github.com/WebKit/WebKit/commit/5f655160036b3abc92f65dc8d89db51c87738dca
Author: Brandon Stewart <[email protected]>
Date: 2026-06-11 (Thu, 11 Jun 2026)
Changed paths:
A
LayoutTests/http/tests/site-isolation/inspector/page/frame-id-collision-cross-origin-iframe-expected.txt
A
LayoutTests/http/tests/site-isolation/inspector/page/frame-id-collision-cross-origin-iframe.html
A
LayoutTests/http/tests/site-isolation/inspector/page/resources/resource-tree-frame-with-grandchild.html
M
LayoutTests/http/tests/site-isolation/inspector/runtime/executionContextCreated-frame-target-expected.txt
M
LayoutTests/http/tests/site-isolation/inspector/runtime/executionContextCreated-frame-target.html
M LayoutTests/platform/mac-wk2/TestExpectations
M Source/WebCore/inspector/InspectorIdentifierRegistry.cpp
M Source/WebCore/inspector/InspectorIdentifierRegistry.h
M Source/WebCore/inspector/agents/InspectorPageAgent.cpp
M Source/WebCore/page/RemoteFrame.cpp
M Source/WebCore/page/RemoteFrame.h
M Source/WebKit/Shared/FrameTreeCreationParameters.h
M Source/WebKit/Shared/FrameTreeCreationParameters.serialization.in
M Source/WebKit/UIProcess/Inspector/Agents/ProxyingNetworkAgent.cpp
M Source/WebKit/UIProcess/Inspector/Agents/ProxyingPageAgent.cpp
M Source/WebKit/UIProcess/WebFrameProxy.cpp
M Source/WebKit/UIProcess/WebPageProxy.cpp
M Source/WebKit/WebProcess/WebPage/WebFrame.cpp
M Source/WebKit/WebProcess/WebPage/WebFrame.h
M Source/WebKit/WebProcess/WebPage/WebPage.cpp
M Source/WebKit/WebProcess/WebPage/WebPage.h
M Source/WebKit/WebProcess/WebPage/WebPage.messages.in
Log Message:
-----------
[Site Isolation] Make Web Inspector frame protocol IDs collision-free and
hosting-process-qualified
https://bugs.webkit.org/show_bug.cgi?id=316663
rdar://179117353
Reviewed by BJ Burg.
Under Site Isolation a frame's protocol ID must be identical no matter which
process computes it, and must stay consistent across the Page and Network
domains. The 1-arg IdentifierRegistry::protocolFrameId(FrameIdentifier) derives
the qualifying process from the FrameIdentifier's upper bits -- the process that
*created* the frame -- which is wrong for frames hosted in a different process
than the one that minted their identifier (cross-origin children, and frames
preserved across a process swap). Migrate all five call sites to the 2-arg
protocolFrameId(FrameIdentifier, ProcessIdentifier) form, sourcing the frame's
*hosting* process at each site so the page tree, network events, and per-process
agents all agree.
The 2-arg helper also encoded only the lower 32 bits of the FrameIdentifier (the
per-creating-process counter) as its object part. That is collision-free when
qualified by the creating process, but not when qualified by the hosting
process:
two frames minted in different processes can share a counter value and, once
both
are hosted in the same process (e.g. main(A) -> child(B) -> grandchild(A)),
collapse to the same ID -- producing a parent/child cycle in the frontend frame
tree. Encode the full FrameIdentifier as the object part so IDs stay unique.
To give WebContent a hosting process for remote-frame stubs (which represent a
frame whose content lives in another process), record the hosting
ProcessIdentifier
on RemoteFrame and plumb it in wherever a stub is created or a local frame
transitions to remote: CreateRemoteSubframe, the bulk
FrameTreeCreationParameters
tree, and LoadDidCommitInAnotherProcess. The UIProcess is the authority for the
hosting process at each of these points (WebFrameProxy::process()).
* Source/WebCore/inspector/InspectorIdentifierRegistry.h:
Encode the full FrameIdentifier in protocolFrameId(); make the 1-arg form a thin
wrapper over the 2-arg form qualified by the creating process (fallback only).
* Source/WebCore/inspector/InspectorIdentifierRegistry.cpp:
(Inspector::hostingProcessForFrame): New helper -- current process for a
LocalFrame,
the recorded hosting process for a RemoteFrame.
(Inspector::BackendIdentifierRegistry::frameId):
(Inspector::BackendIdentifierRegistry::takeFrame):
Qualify by the frame's hosting process.
* Source/WebCore/inspector/agents/InspectorPageAgent.cpp:
(WebCore::InspectorPageAgent::buildObjectForFrameTree): Qualify the remote-frame
stub by RemoteFrame::hostingProcessIdentifier().
* Source/WebCore/page/RemoteFrame.h:
* Source/WebCore/page/RemoteFrame.cpp:
(WebCore::RemoteFrame::hostingProcessIdentifier): Store/return the hosting
process,
falling back to the creating process encoded in the FrameIdentifier when unset.
* Source/WebKit/Shared/FrameTreeCreationParameters.h:
* Source/WebKit/Shared/FrameTreeCreationParameters.serialization.in:
Carry the per-frame hosting ProcessIdentifier.
* Source/WebKit/UIProcess/WebFrameProxy.cpp:
(WebKit::WebFrameProxy::frameTreeCreationParameters): Populate it from
process().
(WebKit::WebFrameProxy::commitProvisionalFrame): Send the new host PID in
LoadDidCommitInAnotherProcess.
* Source/WebKit/UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::observeAndCreateRemoteSubframesInOtherProcesses): Send
the
host PID in CreateRemoteSubframe.
(WebKit::WebPageProxy::commitProvisionalPage): Send the new host PID in
LoadDidCommitInAnotherProcess for the main-frame swap.
* Source/WebKit/WebProcess/WebPage/WebFrame.{h,cpp}:
* Source/WebKit/WebProcess/WebPage/WebPage.{h,cpp}:
* Source/WebKit/WebProcess/WebPage/WebPage.messages.in:
Thread the hosting ProcessIdentifier through createRemoteSubframe,
loadDidCommitInAnotherProcess, and constructFrameTree, applying it to the
created
RemoteFrame.
* Source/WebKit/UIProcess/Inspector/Agents/ProxyingPageAgent.cpp:
(Inspector::protocolFrameIdForFrameID): Resolve the hosting process from the
authoritative WebFrameProxy tree for frameNavigated/frameDetached.
(Inspector::ProxyingPageAgent::buildFrameTree): Qualify by frame.process().
* Source/WebKit/UIProcess/Inspector/Agents/ProxyingNetworkAgent.cpp:
Qualify by resourceID.processIdentifier() (the frame's hosting process).
* LayoutTests/platform/mac-wk2/TestExpectations:
*
LayoutTests/http/tests/site-isolation/inspector/runtime/executionContextCreated-frame-target.html:
*
LayoutTests/http/tests/site-isolation/inspector/runtime/executionContextCreated-frame-target-expected.txt:
Un-skip executionContextCreated-frame-target.html. The frame-id fix makes the
frame targets consistent, and its uniqueness case is corrected to assert the
real
invariant: execution context ids are per-target namespaces under Site Isolation
(each frame's InjectedScriptManager counts from 1), so two targets in different
processes may share a numeric id -- assert each target owns a distinct context
object scoped to itself rather than asserting globally-unique ids.
*
LayoutTests/http/tests/site-isolation/inspector/page/frame-id-collision-cross-origin-iframe.html:
*
LayoutTests/http/tests/site-isolation/inspector/page/frame-id-collision-cross-origin-iframe-expected.txt:
*
LayoutTests/http/tests/site-isolation/inspector/page/resources/resource-tree-frame-with-grandchild.html:
New test building the main(A) -> child(B) -> grandchild(A) topology that asserts
every frame protocol id is unique. Without the full-FrameIdentifier encoding two
of these frames share a per-process counter once co-hosted in one process and
collapse onto the same id; the uniqueness check is the regression guard.
Canonical link: https://commits.webkit.org/315052@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
