New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. Weβll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add iframe depth limit #7219
Add iframe depth limit #7219
Conversation
EWS run on previous version of this PR (hash 81fe57f) |
Can you add a regression test? |
81fe57f
to
158defa
Compare
EWS run on previous version of this PR (hash 158defa) |
0f0f187
to
bd2d9d3
Compare
EWS run on current version of this PR (hash bd2d9d3) |
https://bugs.webkit.org/show_bug.cgi?id=67940 rdar://101560112 Reviewed by Darin Adler and Alex Christensen. * LayoutTests/fast/frames/frame-depth-limit-expected.txt: Added. * LayoutTests/fast/frames/frame-depth-limit.html: Added. * LayoutTests/fast/frames/resources/self-referential-iframe.html: Added. * Source/WebCore/loader/SubframeLoader.cpp: (WebCore::FrameLoader::SubframeLoader::loadSubframe): * Source/WebCore/page/FrameTree.cpp: (WebCore::FrameTree::depth const): * Source/WebCore/page/FrameTree.h: * Source/WebCore/page/Page.h: Canonical link: https://commits.webkit.org/257550@main
bd2d9d3
to
65071a6
Compare
Committed 257550@main (65071a6): https://commits.webkit.org/257550@main Reviewed commits have been landed. Closing PR #7219 and removing active labels. |
Why is the test not hitting the self-reference limit of 2 imposed by |
That function seems to check for exact URL equality including query strings. The test changes the query string each time. Either way, that protection is pretty weak, nothing prevents a website from generating identical self-referencing iframes server-side while changing the URL. |
65071a6
bd2d9d3
π§ͺ api-gtkπ§ͺ mac-AS-debug-wk2