Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 9a4da7c7037d5f3ed082f6ce11373c4569b34dc3
https://github.com/WebKit/WebKit/commit/9a4da7c7037d5f3ed082f6ce11373c4569b34dc3
Author: Jessica Lee <[email protected]>
Date: 2025-09-12 (Fri, 12 Sep 2025)
Changed paths:
A
LayoutTests/http/tests/site-isolation/resources/window-opener-persists-after-iframe-navigation-cross-site-iframe.html
A
LayoutTests/http/tests/site-isolation/resources/window-opener-persists-after-iframe-navigation-iframe.html
A
LayoutTests/http/tests/site-isolation/resources/window-opener-persists-after-iframe-navigation-new-iframe.html
A
LayoutTests/http/tests/site-isolation/resources/window-opener-persists-after-iframe-navigation-pop-up.html
A
LayoutTests/http/tests/site-isolation/window-opener-persists-after-iframe-navigation-cross-site-expected.txt
A
LayoutTests/http/tests/site-isolation/window-opener-persists-after-iframe-navigation-cross-site.html
A
LayoutTests/http/tests/site-isolation/window-opener-persists-after-iframe-navigation-expected.txt
A
LayoutTests/http/tests/site-isolation/window-opener-persists-after-iframe-navigation.html
M Source/WebCore/page/Frame.cpp
Log Message:
-----------
window.opener should persist after navigating a site-isolated iframe after
window.open
https://bugs.webkit.org/show_bug.cgi?id=298633
rdar://117269418
Reviewed by Per Arne Vollan and Sihui Liu.
We had observed that when an iframe's pop-up navigates to a different site, the
opener relationship between the iframe's
pop-up and the iframe itself is severed. The pop-up's window.opener is null.
The root-cause is that window.opener is incorrectly set to null during
provisional navigation. When an iframe
navigates to a new site, frame assets are migrated from the original local
frame to a new remote frame.
This process updates the original local frame's opened/children frames so that
their openers now point to the new
remote frame. The original local frame is then destroyed - it is no longer
needed because it has been replaced by the
new remote frame. However, during destruction, the local frame's
opened/children frames will have their openers set
to null even though their openers had already been migrated prior).
To fix this, we clear out the original local frame's opened/children frames
when we migrate frame assets so
that the only owner is the new remote frame and not the stale local frame. Now
when the frame destructor executes,
the stale local frame will not accidentally sever opener relationships of its
stale opened/children frames.
Tests:
http/tests/site-isolation/window-opener-persists-after-iframe-navigation-cross-site.html
http/tests/site-isolation/window-opener-persists-after-iframe-navigation.html
*
LayoutTests/http/tests/site-isolation/resources/window-opener-persists-after-iframe-navigation-cross-site-iframe.html:
Added.
*
LayoutTests/http/tests/site-isolation/resources/window-opener-persists-after-iframe-navigation-iframe.html:
Added.
*
LayoutTests/http/tests/site-isolation/resources/window-opener-persists-after-iframe-navigation-new-iframe.html:
Added.
*
LayoutTests/http/tests/site-isolation/resources/window-opener-persists-after-iframe-navigation-pop-up.html:
Added.
*
LayoutTests/http/tests/site-isolation/window-opener-persists-after-iframe-navigation-cross-site-expected.txt:
Added.
*
LayoutTests/http/tests/site-isolation/window-opener-persists-after-iframe-navigation-cross-site.html:
Added.
*
LayoutTests/http/tests/site-isolation/window-opener-persists-after-iframe-navigation-expected.txt:
Added.
*
LayoutTests/http/tests/site-isolation/window-opener-persists-after-iframe-navigation.html:
Added.
* Source/WebCore/page/Frame.cpp:
(WebCore::Frame::takeWindowProxyAndOpenerFrom):
Canonical link: https://commits.webkit.org/299924@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
