[Site Isolation] Per-frame walk replaces navigatedFrameID heuristic in back/forward routing
0b955f5
Site Isolation assigns each cross-origin iframe to its own WebContent process, with the UIProcess orchestrating. Back/forward navigation requires the UIProcess to figure out which frames must move and send GoToBackForwardItem IPC to each owning process. The old code picked a single "primary" frame via navigatedFrameID — a field encoding which child frame's navigation produced an entry, not which frame the caller wants to traverse — which coincided with back intent but diverged on forward.
Source/WebKit/UIProcess/WebPageProxy.cpp
bool WebPageProxy::dispatchPerFrameTraversals(WebBackForwardListFrameItem& currentItem,
WebBackForwardListFrameItem& targetItem)
{
bool dispatched = false;
if (currentItem.itemSequenceNumber() != targetItem.itemSequenceNumber())
dispatched |= sendGoToBackForwardItemForFrame(targetItem);
if (currentItem.documentSequenceNumber() == targetItem.documentSequenceNumber()) {
for (auto& [frameID, childTarget] : targetItem.children()) {
if (auto* childCurrent = currentItem.childItemForFrameID(frameID))
dispatched |= dispatchPerFrameTraversals(*childCurrent, *childTarget);
}
}
return dispatched;
}
The UIProcess now walks the (current, target) WebBackForwardListFrameItem trees pair-wise and dispatches an independent GoToBackForwardItem to each frame's process whose itemSequenceNumber differs. Recursion is gated by documentSequenceNumber equality — cross-document subtrees stop the walk and defer to the existing pull-at-commit mechanism. The change is behind the useUIProcessForBackForwardItemLoading flag, with the legacy navigatedFrameID path retained otherwise.
Significance
This makes multi-process iframe traversal correct and symmetric for back and forward, directly affecting the correctness of cross-origin frame navigation at the security boundary.
Audit directions
Aaaaaaaaa Aaaaa Aaaa Aaaaaaaaaaaaaaaaaaaaaaaa Aaaaaaa a Aa Aa Aaaaaaaa Aaa Aaaaaaaaa Aaaaa Aaaaaa Aaa Aaaaa Aaaaaaaaaaaaa Aaaa Aaaaaaaaaaaaaa Aaaaaaaaaaaa Aaa Aaaa Aaa Aaaaaaaaaaaa Aaaaaaaaaaaa Aa Aaaaaa Aaaa Aaaaaa Aaa Aaaaaaaaa Aa Aaaaaaaaaaaaa Aaaaaaaaa Aaaaaaaa Aaaaaaaaaaaa Aaa Aaa Aaaaaaaaa Aaaa Aa Aaaaaa Aaaa Aa Aaaaa Aaaaaaaa Aaa Aaaaaaaaaaaa Aaaa a Aaaaa Aaaa Aaaaaaaaa Aaaaa Aaaa Aaa Aaa Aaaaaaaa Aaaa Aa Aaaaaaaaaaaaa Aaaaaaaaa Aa a Aaaaaaa Aaaaa Aaaaaaaaaaaaaaaaa Aaaaaaaa Aaaaa Aaaaaaaaaaaaa Aaaaa Aaaaa Aaaaaa Aaaaaaa Aa Aaa Aaaaaaa Aaaaaaa Aaaaaaaaaaaaa Aaa Aaaa Aaaa Aaaaa Aaa Aaaa Aaaaa Aaaa a Aaaaa Aaaaaaa a Aaaaaaa Aaaaa Aaaaaaa Aaaaa Aaa Aaaa Aaaa Aa Aaaaaaaa Aaaaa Aaa Aaaaaa Aaaaa Aaa Aaaaaaaaaaaa Aaaaaa Aaa Aaaaaaa Aaaaaaaa Aaaaaa Aaa Aaaaaaaaaaaa Aaaaa Aaa Aa Aaa Aaaaaaa Aaaaaa Aaa Aaaaaaaaa Aaaaaaaaaaaaaaa Aaaaa
🔒Multi-process dispatch at a site isolation boundary with new recursive traversal logic — several edge cases in boundary detection and dispatch ordering are worth investigating.
Subscribe to read more