github/electron
1
1
Fork 0
mirror of https://github.com/electron/electron.git synced 2026-04-10 03:01:51 -04:00
Code Issues Packages Projects Releases Wiki Activity

fix: validate dock_state_ against allowlist before JS execution (#50667)

Browse Source 
fix: validate dock_state_ against allowlist before JS execution

The dock_state_ member was concatenated directly into a JavaScript
string and executed via ExecuteJavaScript() in the DevTools context.

We should validate against the four known dock states and fall back
to "right" for any unrecognized value for safety

Co-authored-by: trop[bot] <37223003+trop[bot]@users.noreply.github.com>
Co-authored-by: Shelley Vohr <shelley.vohr@gmail.com>
This commit is contained in:
trop[bot]
2026-04-03 15:45:40 -05:00
committed by GitHub
parent 92892ca481
commit 2046ae8773
1 changed files with 16 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
shell/browser/ui/inspectable_web_contents.cc
View File

@@ -12,6 +12,7 @@
#include <utility>
#include "base/base64.h"
#include "base/containers/fixed_flat_set.h"
#include "base/containers/span.h"
#include "base/memory/raw_ptr.h"
#include "base/metrics/histogram.h"
@@ -158,6 +159,13 @@ void OnOpenItemComplete(const base::FilePath& path, const std::string& result) {
constexpr base::TimeDelta kInitialBackoffDelay = base::Milliseconds(250);
constexpr base::TimeDelta kMaxBackoffDelay = base::Seconds(10);
constexpr auto kValidDockStates = base::MakeFixedFlatSet<std::string_view>(
{"bottom", "left", "right", "undocked"});
bool IsValidDockState(const std::string& state) {
return kValidDockStates.contains(state);
}
} // namespace
class InspectableWebContents::NetworkResourceLoader
@@ -392,7 +400,7 @@ void InspectableWebContents::SetDockState(const std::string& state) {
can_dock_ = false;
} else {
can_dock_ = true;
dock_state_ = state;
dock_state_ = IsValidDockState(state) ? state : "right";
}
}
@@ -557,7 +565,13 @@ void InspectableWebContents::LoadCompleted() {
pref_service_->GetDict(kDevToolsPreferences);
const std::string* current_dock_state =
prefs.FindString("currentDockState");
base::RemoveChars(*current_dock_state, "\"", &dock_state_);
if (current_dock_state) {
std::string sanitized;
base::RemoveChars(*current_dock_state, "\"", &sanitized);
dock_state_ = IsValidDockState(sanitized) ? sanitized : "right";
} else {
dock_state_ = "right";
}
}
#if BUILDFLAG(IS_WIN) || BUILDFLAG(IS_LINUX)
auto* api_web_contents = api::WebContents::From(GetWebContents());