[Site Isolation] Owner element should be preserved when switching bet…

…ween LocalFrame and RemoteFrame https://bugs.webkit.org/show_bug.cgi?id=273809 rdar://127638179 Reviewed by Charlie Wolfe. Otherwise it suddenly becomes null from the point of view of the Frame and DOMWindow, which prevents things like the load event from flowing to the event listeners. I also rename createSubframeHostedInAnotherProcess to createProvisionalSubframe because the contents aren't necessarily hosted in another process. This test hit a case where sometimes a frame was created and destroyed before the frame we transitioned from was destroyed, so I updated the assertion to not assert in that case. * LayoutTests/http/tests/site-isolation/load-event-after-transition-expected.txt: Added. * LayoutTests/http/tests/site-isolation/load-event-after-transition.html: Added. * Source/WebCore/page/Frame.cpp: (WebCore::Frame::setOwnerElement): * Source/WebCore/page/Frame.h: * Source/WebCore/page/LocalFrame.cpp: (WebCore::LocalFrame::createProvisionalSubframe): (WebCore::LocalFrame::createSubframeHostedInAnotherProcess): Deleted. * Source/WebCore/page/LocalFrame.h: * Source/WebKit/WebProcess/WebPage/WebFrame.cpp: (WebKit::WebFrame::createProvisionalFrame): (WebKit::WebFrame::commitProvisionalFrame): * Tools/TestWebKitAPI/Tests/WebKitCocoa/SiteIsolation.mm: Canonical link: https://commits.webkit.org/278472@main
WebKit · May 7, 2024 · 6f62e90 · 6f62e90
1 parent 86f6d64
commit 6f62e90
Show file tree

Hide file tree

Showing 8 changed files with 39 additions and 6 deletions.
diff --git a/LayoutTests/http/tests/site-isolation/load-event-after-transition-expected.txt b/LayoutTests/http/tests/site-isolation/load-event-after-transition-expected.txt
@@ -0,0 +1,5 @@
+PASS successfullyParsed is true
+
+TEST COMPLETE
+PASS Load event fired after switching to a local frame.
+
diff --git a/LayoutTests/http/tests/site-isolation/load-event-after-transition.html b/LayoutTests/http/tests/site-isolation/load-event-after-transition.html
@@ -0,0 +1,18 @@
+<!-- webkit-test-runner [ SiteIsolationEnabled=true ] -->
+<script src="/js-test-resources/js-test.js"></script>
+<script>
+if (window.testRunner) {
+    testRunner.dumpAsText();
+    testRunner.waitUntilDone();
+}
+
+onload = () => {
+    let i = document.getElementById('testiframe');
+    i.src = 'http://127.0.0.1:8000/site-isolation/resources/green-background.html';
+    i.addEventListener('load', function() {
+        testPassed("Load event fired after switching to a local frame.");
+        testRunner.notifyDone();
+    })
+}
+</script>
+<iframe id='testiframe' src="http://localhost:8000/site-isolation/resources/green-background.html"></iframe>
diff --git a/Source/WebCore/page/Frame.cpp b/Source/WebCore/page/Frame.cpp
@@ -80,7 +80,8 @@ Frame::~Frame()
 
 #if ASSERT_ENABLED
     auto it = allFrames().find(m_frameID);
-    ASSERT(it != allFrames().end());
+    if (it == allFrames().end())
+        return;
     if (it->value.ptr() == this)
         allFrames().remove(it);
     else
@@ -197,4 +198,13 @@ CheckedRef<HistoryController> Frame::checkedHistory() const
     return m_history.get();
 }
 
+void Frame::setOwnerElement(HTMLFrameOwnerElement* element)
+{
+    m_ownerElement = element;
+    if (element) {
+        element->clearContentFrame();
+        element->setContentFrame(*this);
+    }
+}
+
 } // namespace WebCore
diff --git a/Source/WebCore/page/Frame.h b/Source/WebCore/page/Frame.h
@@ -83,6 +83,7 @@ class Frame : public ThreadSafeRefCounted<Frame, WTF::DestructionThread::Main>,
 
     WEBCORE_EXPORT void detachFromPage();
 
+    WEBCORE_EXPORT void setOwnerElement(HTMLFrameOwnerElement*);
     inline HTMLFrameOwnerElement* ownerElement() const; // Defined in HTMLFrameOwnerElement.h.
     inline RefPtr<HTMLFrameOwnerElement> protectedOwnerElement() const; // Defined in HTMLFrameOwnerElement.h.
 

diff --git a/Source/WebCore/page/LocalFrame.cpp b/Source/WebCore/page/LocalFrame.cpp
@@ -201,7 +201,7 @@ Ref<LocalFrame> LocalFrame::createSubframe(Page& page, ClientCreator&& clientCre
     return adoptRef(*new LocalFrame(page, WTFMove(clientCreator), identifier, &ownerElement, ownerElement.document().frame(), nullptr));
 }
 
-Ref<LocalFrame> LocalFrame::createSubframeHostedInAnotherProcess(Page& page, ClientCreator&& clientCreator, FrameIdentifier identifier, Frame& parent)
+Ref<LocalFrame> LocalFrame::createProvisionalSubframe(Page& page, ClientCreator&& clientCreator, FrameIdentifier identifier, Frame& parent)
 {
     return adoptRef(*new LocalFrame(page, WTFMove(clientCreator), identifier, nullptr, &parent, nullptr));
 }

diff --git a/Source/WebCore/page/LocalFrame.h b/Source/WebCore/page/LocalFrame.h
@@ -120,7 +120,7 @@ class LocalFrame final : public Frame {
     using ClientCreator = CompletionHandler<UniqueRef<LocalFrameLoaderClient>(LocalFrame&)>;
     WEBCORE_EXPORT static Ref<LocalFrame> createMainFrame(Page&, ClientCreator&&, FrameIdentifier, Frame* opener);
     WEBCORE_EXPORT static Ref<LocalFrame> createSubframe(Page&, ClientCreator&&, FrameIdentifier, HTMLFrameOwnerElement&);
-    WEBCORE_EXPORT static Ref<LocalFrame> createSubframeHostedInAnotherProcess(Page&, ClientCreator&&, FrameIdentifier, Frame& parent);
+    WEBCORE_EXPORT static Ref<LocalFrame> createProvisionalSubframe(Page&, ClientCreator&&, FrameIdentifier, Frame& parent);
 
     WEBCORE_EXPORT void init();
 #if PLATFORM(IOS_FAMILY)

diff --git a/Source/WebKit/WebProcess/WebPage/WebFrame.cpp b/Source/WebKit/WebProcess/WebPage/WebFrame.cpp
@@ -417,7 +417,7 @@ void WebFrame::createProvisionalFrame(ProvisionalFrameCreationParameters&& param
     auto clientCreator = [this, protectedThis = Ref { *this }] (auto& localFrame) mutable {
         return makeUniqueRef<WebLocalFrameLoaderClient>(localFrame, WTFMove(protectedThis), makeInvalidator());
     };
-    auto localFrame = parent ? LocalFrame::createSubframeHostedInAnotherProcess(*corePage, WTFMove(clientCreator), m_frameID, *parent) : LocalFrame::createMainFrame(*corePage, WTFMove(clientCreator), m_frameID, remoteFrame->opener());
+    auto localFrame = parent ? LocalFrame::createProvisionalSubframe(*corePage, WTFMove(clientCreator), m_frameID, *parent) : LocalFrame::createMainFrame(*corePage, WTFMove(clientCreator), m_frameID, remoteFrame->opener());
     m_provisionalFrame = localFrame.ptr();
     localFrame->init();
 
@@ -465,6 +465,7 @@ void WebFrame::commitProvisionalFrame()
     m_coreFrame = localFrame.get();
     remoteFrame->setView(nullptr);
     localFrame->tree().setSpecifiedName(remoteFrame->tree().specifiedName());
+    localFrame->setOwnerElement(ownerElement.get());
     if (remoteFrame->isMainFrame())
         corePage->setMainFrame(*localFrame);
     localFrame->takeWindowProxyFrom(*remoteFrame);

diff --git a/Tools/TestWebKitAPI/Tests/WebKitCocoa/SiteIsolation.mm b/Tools/TestWebKitAPI/Tests/WebKitCocoa/SiteIsolation.mm
@@ -2531,8 +2531,6 @@ HTTPServer server({
 // FIXME: Make a test that tries to access its parent that used to be remote during a provisional navigation of
 // the parent to that domain to verify that even the main frame uses provisional frames.
 
-// FIXME: <rdar://127638179> Call load event on iframe after switching from RemoteFrame to LocalFrame.
-
 TEST(SiteIsolation, OpenThenClose)
 {
     HTTPServer server({