Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 74d0c628ff2d82e9dfcc57cfc3e6e1f361e9b521
      
https://github.com/WebKit/WebKit/commit/74d0c628ff2d82e9dfcc57cfc3e6e1f361e9b521
  Author: Per Arne Vollan <[email protected]>
  Date:   2026-07-02 (Thu, 02 Jul 2026)

  Changed paths:
    M Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp

  Log Message:
  -----------
  Restrict ability for Network process to load files from temp directory
https://bugs.webkit.org/show_bug.cgi?id=314867
rdar://176186724

Reviewed by Sihui Liu.

Some 3rd party apps rely on the ability to load files from it's temp directory 
with the JS fetch API
or -[WKWebView loadHTMLString:baseURL:]. In order to not break these apps we 
allow these loads. We
can restrict this by blocking this for MobileSafari.

The case where the app is using -[WKWebView loadHTMLString:baseURL] to load 
local files in the temp
directory, can be addressed by creating a sandbox extension for the base URL in
WebPageProxy::loadDataWithNavigationShared. However, this is a larger change, 
we rely on this
exemption for now.

* Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp:
(WebKit::shouldAllowLocalFileLoad):

Originally-landed-as: 305413.918@safari-7624-branch (9970ddd13f0b). 
rdar://180437181
Canonical link: https://commits.webkit.org/316410@main



To unsubscribe from these emails, change your notification settings at 
https://github.com/WebKit/WebKit/settings/notifications

Reply via email to