Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 743831c332cced2a0272d8b27e0f160f1fb0c13a
https://github.com/WebKit/WebKit/commit/743831c332cced2a0272d8b27e0f160f1fb0c13a
Author: Sihui Liu <[email protected]>
Date: 2025-12-03 (Wed, 03 Dec 2025)
Changed paths:
M Source/WebKit/UIProcess/BrowsingContextGroup.cpp
M Source/WebKit/UIProcess/BrowsingContextGroup.h
M Source/WebKit/UIProcess/ProvisionalPageProxy.cpp
M Source/WebKit/UIProcess/ProvisionalPageProxy.h
M Source/WebKit/UIProcess/SuspendedPageProxy.h
M Source/WebKit/UIProcess/WebPageProxy.cpp
M Source/WebKit/UIProcess/WebPageProxy.h
M Tools/TestWebKitAPI/Tests/WebKitCocoa/SiteIsolation.mm
Log Message:
-----------
[Site Isolation] window.opener is cleared after opener window does cross-site
navigation
https://bugs.webkit.org/show_bug.cgi?id=303360
rdar://165671162
Reviewed by Alex Christensen.
With current implementation, window.opener becomes null in opened window after
the opener window performs cross-site
navigation. This is caused by new frame being created during provisional load
of the opener page; i.e. opener page will
use a different frame as main frame after navigation, while window.opener in
opened page still refers to old frame. And
when the old main frame is destroyed (as it is no longer in use), window.opener
will be cleared.
To fix this issue, this patch borrows from previous solution to "opener window
loses access to opened window after
opened window performs cross-site navigation" problem -- to reuse existing main
frame for cross-site navigation. It
involves a few changes to support the new case:
1. ProvisionalPageProxy::m_isProcessSwappingForNewWindow is the flag to
indicate navigation should reuse main frame. It
is renamed to m_shouldReuseMainFrame, and it will be true when page is opened
by another page *or* page's main frame is
opener of another page (as the opened page might still need access to the main
frame after navigation).
2. ProvisionalPageProxy::didCommitLoadForFrame currently only converts the
navigating page in old process to remote if
the page's opener site is different. It works before this patch, as main frame
is only reused for opened page. Now
that main frame could be reused for opener page, this patch updates the
condition to "convert navigating page in old
process to remote if other pages in that process need access to the navigating
page". If no page in the same browsing
context group resides in old process, we could just let navigating page in the
old process be closed after navigation.
3. WebPageProxy::commitProvisionalPage currently sends close page message to
old process if navigating page does not
have opener. It works before this patch as only opened page will be transited
to remote page. Now that opener page could
also be transited to remote page, this patch updates
WebPageProxy::shouldClosePreviousPage to return true only if the
page has not been converted to remote page.
API Test: SiteIsolation.NavigateOpenerWindowCrossSite
* Source/WebKit/UIProcess/BrowsingContextGroup.cpp:
(WebKit::BrowsingContextGroup::isFrameProcessInUse):
* Source/WebKit/UIProcess/BrowsingContextGroup.h:
* Source/WebKit/UIProcess/ProvisionalPageProxy.cpp:
(WebKit::ProvisionalPageProxy::ProvisionalPageProxy):
(WebKit::ProvisionalPageProxy::initializeWebPage):
(WebKit::ProvisionalPageProxy::didFailProvisionalLoadForFrame):
(WebKit::ProvisionalPageProxy::didCommitLoadForFrame):
* Source/WebKit/UIProcess/ProvisionalPageProxy.h:
* Source/WebKit/UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::shouldClosePreviousPage):
(WebKit::WebPageProxy::hasPageOpenedByMainFrame const):
* Source/WebKit/UIProcess/WebPageProxy.h:
* Tools/TestWebKitAPI/Tests/WebKitCocoa/SiteIsolation.mm:
(TestWebKitAPI::TEST(SiteIsolation, NavigateOpenerWindowCrossSite)):
Canonical link: https://commits.webkit.org/303836@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
