github/electron
1
1
Fork 0
mirror of https://github.com/electron/electron.git synced 2026-01-09 15:38:08 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
0dad99561b4232418dcf7ae48877bab35d633927
electron/patches/chromium/fix_crash_loading_non-standard_schemes_in_iframes.patch
electron-roller[bot] 0dad99561b chore: bump chromium to 123.0.6296.0 (main) (#41204) 
* chore: bump chromium in DEPS to 123.0.6273.0

* chore: update patches

* chore: bump chromium in DEPS to 123.0.6274.0

* chore: update patches

* chore: bump chromium in DEPS to 123.0.6276.0

* chore: update patches

* WIP: 5239586: Change View::Layout() to take a PassKey.
https://chromium-review.googlesource.com/c/chromium/src/+/5239586

* WIP: 5239586: Change View::Layout() to take a PassKey.
https://chromium-review.googlesource.com/c/chromium/src/+/5239586

* chore: bump chromium in DEPS to 123.0.6278.0

* chore: bump chromium in DEPS to 123.0.6280.0

* chore: update patches

* chore: use net::CanonicalCookie::SecureAttribute()

renamed from IsSecure()

Xref: https://chromium-review.googlesource.com/c/chromium/src/+/5245913

* refactor: handle multiple requested device ids

Xref: https://chromium-review.googlesource.com/c/chromium/src/+/5132210

* refactor: trigger View layouts async with View::InvalidateLayout()

Upstream has introduced a PassKey to restrict who can call Layout()
directly. I've opted for calling `InvalidateLayout()` which is the
approach that upstream recommends.

If for some reason this approach doesn't work for us, we could use
`DeprecatedLayoutImmediately()` as a stopgap.

Xref: https://chromium-review.googlesource.com/c/chromium/src/+/5239586

Xref: https://chromium.googlesource.com/chromium/src/+/main/ui/views/view.h#809

Xref: https://chromium.googlesource.com/chromium/src/+/main/docs/ui/learn/bestpractices/layout.md?pli=1#don_t-invoke-layout_directly

* chore: bump chromium in DEPS to 123.0.6282.0

* chore: bump chromium in DEPS to 123.0.6284.0

* chore: update patches

* refactor: remove use of blink::MainThreadIsolate() pt 1/3

Xref: https://chromium-review.googlesource.com/c/chromium/src/+/5249640

* refactor: remove use of blink::MainThreadIsolate() pt 2/3

Xref: https://chromium-review.googlesource.com/c/chromium/src/+/5249640

* refactor: remove use of blink::MainThreadIsolate() pt 3/3

Xref: https://chromium-review.googlesource.com/c/chromium/src/+/5249640

* chore: update enum name to ui::AXMode::kPDFPrinting

Xref: https://chromium-review.googlesource.com/c/chromium/src/+/5270301

* chore: rebuild filenames.libcxx.gni

* chore: sync with upstream rename of PortProvider.TaskForHandle()

Xref: https://chromium-review.googlesource.com/c/chromium/src/+/5259103

* chore: bump chromium in DEPS to 123.0.6286.0

* chore: bump chromium in DEPS to 123.0.6288.0

* WebPreferences: Initialize in declaration.

Xref: https://chromium-review.googlesource.com/c/chromium/src/+/5277099

* chore: update webview_fullscreen.patch

Xref: https://chromium-review.googlesource.com/c/chromium/src/+/5053508

Simple update to fix patch shear

* chore: update feat_configure_launch_options_for_service_process.patch

Xref: https://chromium-review.googlesource.com/c/chromium/src/+/5254861

Simple update to fix patch shear

* chore: add IWC::Delegate::RecordResize() stub to fix FTBFS

https://chromium-review.googlesource.com/c/chromium/src/+/5268963

* chore: add FormControlType::kButtonPopover to the FormControlType converter

Xref: https://chromium-review.googlesource.com/c/chromium/src/+/5230929

* chore: e patches all

* chore: node script/gen-libc++-filenames.js

* chore: bump chromium in DEPS to 123.0.6290.0

* chore: bump chromium in DEPS to 123.0.6291.0

* chore: bump chromium in DEPS to 123.0.6292.0

* chore: bump chromium in DEPS to 123.0.6294.0

* chore: update fix_aspect_ratio_with_max_size.patch

Xref: fix_aspect_ratio_with_max_size.patch

note: simple absl::optional -> std::optional conversion

* chore: update feat_filter_out_non-shareable_windows_in_the_current_application_in.patch

Xref: https://chromium-review.googlesource.com/c/chromium/src/+/5272337

* chore: update add_maximized_parameter_to_linuxui_getwindowframeprovider.patch

No manual changes; just adjusting line patch offsets

Xref: https://chromium-review.googlesource.com/c/chromium/src/+/5258688

* chore: update feat_configure_launch_options_for_service_process.patch

Xref: https://chromium-review.googlesource.com/c/chromium/src/+/5281322

* chore: update fix_select_The_first_menu_item_when_opened_via_keyboard.patch

Xref: https://chromium-review.googlesource.com/c/chromium/src/+/5279376

note: simple absl::optional -> std::optional conversion

* chore: update feat_allow_code_cache_in_custom_schemes.patch

Xref: https://chromium-review.googlesource.com/c/chromium/src/+/5268792

* chore: script/export_all_patches.py

* chore: bump chromium in DEPS to 123.0.6296.0

* chore: update patches

* fixup! chore: update feat_allow_code_cache_in_custom_schemes.patch

* fix: restore MessagePort close event

* spec: fix CORB testing

Refs https://chromium-review.googlesource.com/c/chromium/src/+/5231506

* fix: use sync layout when content view changes

* fixup! chore: update feat_configure_launch_options_for_service_process.patch

* Add remote-cocoa support for context menus.

Refs https://chromium-review.googlesource.com/c/chromium/src/+/5259806

* Rename //net/base/mac directory to //net/base/apple (1/n)

Refs https://chromium-review.googlesource.com/c/chromium/src/+/5211389

* fixup! Add remote-cocoa support for context menus.

* [Clipboard] Don't add meta charset tag for async write() method on Mac.

Refs https://chromium-review.googlesource.com/c/chromium/src/+/5187335

---------

Co-authored-by: electron-roller[bot] <84116207+electron-roller[bot]@users.noreply.github.com>
Co-authored-by: PatchUp <73610968+patchup[bot]@users.noreply.github.com>
Co-authored-by: clavin <clavin@electronjs.org>
Co-authored-by: Charles Kerr <charles@charleskerr.com>
Co-authored-by: deepak1556 <hop2deep@gmail.com>
2024-02-14 12:33:32 -05:00

68 lines
3.6 KiB
Diff
Raw Blame History

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Shelley Vohr <shelley.vohr@gmail.com>
Date: Mon, 29 Aug 2022 11:44:57 +0200
Subject: fix: crash loading non-standard schemes in iframes
This fixes a crash that occurs when loading non-standard schemes from
iframes or webviews. This was happening because
ChildProcessSecurityPolicyImpl::CanAccessDataForOrigin contains explicit
exceptions to allow built-in non-standard schemes, but does not check
for non-standard schemes registered by the embedder.
This patch adjusts the origin calculation for non-standard schemes in
- browser process at `NavigationRequest::GetOriginForURLLoaderFactoryUncheckedWithDebugInfo`
- render process at `DocumentLoader::CalculateOrigin`
When top level frame navigates to non-standard scheme url, the origin is calculated
as `null` without any derivation. It is only in cases where there is a `initiator_origin`
then the origin is derived from it, which is usually the case for renderer initiated
navigations and iframes are no exceptions from this rule.
Upstream bug https://bugs.chromium.org/p/chromium/issues/detail?id=1081397.
Upstreamed at https://chromium-review.googlesource.com/c/chromium/src/+/3856266.
diff --git a/content/browser/renderer_host/navigation_request.cc b/content/browser/renderer_host/navigation_request.cc
index bc6faa047b9a2d36d6008144d7035b23043102e1..52b2d55a8a9544bf8828ab007ca51f1fe3bf4353 100644
--- a/content/browser/renderer_host/navigation_request.cc
+++ b/content/browser/renderer_host/navigation_request.cc
@@ -10219,6 +10219,12 @@ NavigationRequest::GetOriginForURLLoaderFactoryUncheckedWithDebugInfo() {
return std::make_pair(parent->GetLastCommittedOrigin(), "about_srcdoc");
}
+ if (!common_params().url.IsStandard()) {
+ return std::make_pair(url::Origin::Resolve(common_params().url,
+ url::Origin()),
+ "url_non_standard");
+ }
+
// In cases not covered above, URLLoaderFactory should be associated with the
// origin of |common_params.url| and/or |common_params.initiator_origin|.
url::Origin resolved_origin = url::Origin::Resolve(
diff --git a/third_party/blink/renderer/core/loader/document_loader.cc b/third_party/blink/renderer/core/loader/document_loader.cc
index 73b9c8813743fe887a1f59bb89b5da83cd0ceafd..6404be184242b35a32194a8efe9be8a857f14393 100644
--- a/third_party/blink/renderer/core/loader/document_loader.cc
+++ b/third_party/blink/renderer/core/loader/document_loader.cc
@@ -2123,6 +2123,10 @@ Frame* DocumentLoader::CalculateOwnerFrame() {
scoped_refptr<SecurityOrigin> DocumentLoader::CalculateOrigin(
Document* owner_document) {
scoped_refptr<SecurityOrigin> origin;
+ bool is_standard = false;
+ std::string protocol = url_.Protocol().Ascii();
+ is_standard = url::IsStandard(
+ protocol.data(), url::Component(0, static_cast<int>(protocol.size())));
StringBuilder debug_info_builder;
if (origin_to_commit_) {
// Origin to commit is specified by the browser process, it must be taken
@@ -2170,6 +2174,10 @@ scoped_refptr<SecurityOrigin> DocumentLoader::CalculateOrigin(
debug_info_builder.Append(", url=");
debug_info_builder.Append(owner_document->Url().BaseAsString());
debug_info_builder.Append(")");
+ } else if (!SecurityOrigin::ShouldUseInnerURL(url_) &&
+ !is_standard) {
+ debug_info_builder.Append("use_url_with_non_standard_scheme");
+ origin = SecurityOrigin::Create(url_);
} else {
debug_info_builder.Append("use_url_with_precursor");
// Otherwise, create an origin that propagates precursor information
Reference in New Issue View Git Blame Copy Permalink