mirror of
https://github.com/electron/electron.git
synced 2026-01-09 23:48:01 -05:00
6779769d22
* chore: bump chromium in DEPS to 139.0.7205.0 * 6543986: Mac: decouple deserializing and applying sandbox policy Refs https://chromium-review.googlesource.com/c/chromium/src/+/6543986 * 6580079: Reland 'Remove the third-party blocking feature' Refs https://chromium-review.googlesource.com/c/chromium/src/+/6580079 * 6505716: guest-contents: Add components/guest_contents Refs https://chromium-review.googlesource.com/c/chromium/src/+/6505716 * 6572556: Move LogMessageManager out of gpu_service_impl.cc. Refs https://chromium-review.googlesource.com/c/chromium/src/+/6572556 * 6566111: Change UtilityProcessHost to manage its instance internally Refs https://chromium-review.googlesource.com/c/chromium/src/+/6566111 * 6550237: Rename ReconnectEventObserver to ConnectionChangeObserverClient Refs https://chromium-review.googlesource.com/c/chromium/src/+/6550237 * 6565918: Validate path is valid UTF8 in SelectFileDialogLinuxPortal Refs https://chromium-review.googlesource.com/c/chromium/src/+/6565918 * 6579713: Remove base::NotFatalUntil::M130 usage 6566111: Change UtilityProcessHost to manage its instance internally Refs https://chromium-review.googlesource.com/c/chromium/src/+/6579713 https://chromium-review.googlesource.com/c/chromium/src/+/6566111 * chore: update chromium patches * chore: update remaining patches * fixup! 6566111: Change UtilityProcessHost to manage its instance internally Refs https://chromium-review.googlesource.com/c/chromium/src/+/6566111 * 6577970: Remove superfluous includes for base/strings/stringprintf.h in headers Refs https://chromium-review.googlesource.com/c/chromium/src/+/6577970 * 6568811: Add FunctionCall structured metrics event for DevTools Refs https://chromium-review.googlesource.com/c/chromium/src/+/6568811 * [PDF Ink Signatures] Support PdfAnnotationsEnabled policy https://chromium-review.googlesource.com/c/chromium/src/+/6558970 * build: disable libcxx modules for rbe * chore: bump chromium in DEPS to 139.0.7217.0 * chore: bump chromium in DEPS to 139.0.7218.0 * chore: update patches fix_use_delegated_generic_capturer_when_available.patch was updated to handle a small change: 6582142: Use content::Create*Capturer in DesktopCaptureDevice. | https://chromium-review.googlesource.com/c/chromium/src/+/6582142 * chore: bump chromium in DEPS to 139.0.7219.0 * chore: update patches * 6594615: Change Chromium's deployment target to macOS 12 https://chromium-review.googlesource.com/c/chromium/src/+/6594615 Updated the assertion message to match the docs structure now too. I removed the callout to the supported versions doc because it has moved and doesn't contain minimum platform version information. * 6606232: [views] Remove DesktopWindowTreeHostWin::window_enlargement_ https://chromium-review.googlesource.com/c/chromium/src/+/6606232 |NativeWindow::GetContentMinimumSize| and |NativeWindow::GetContentMaximumSize| may be good opportunities for a refactor now. * add squirrel.mac patch for removed function This was triggered by the macOS 12.0 deployment upgrade change. See: https://developer.apple.com/documentation/coreservices/1444079-uttypeconformsto?language=objc * 6582142: Use content::Create*Capturer in DesktopCaptureDevice. https://chromium-review.googlesource.com/c/chromium/src/+/6582142 * 6579732: Two minor API "quality of life" cleanups in OSCrypt Async https://chromium-review.googlesource.com/c/chromium/src/+/6579732 * chore: add include for base::SingleThreadTaskRunner Not sure what change caused this, I expect it would be a removed include somewhere else, but it's likely not important to track down. * chore: update libcxx filenames * chore: update CI build-tools commit target for macOS SDK 15.4 The following change uses an API that was added in the macOS 15.4 SDK. Support for that SDK version was added later than the current build-tools commit target. 6575804: Use a quick-and-dirty solution to avoid glitching with paste-and-go | https://chromium-review.googlesource.com/c/chromium/src/+/6575804 See: https://developer.apple.com/documentation/appkit/nspasteboard/accessbehavior-swift.enum?language=objc * fixup! 6606232: [views] Remove DesktopWindowTreeHostWin::window_enlargement_ https://chromium-review.googlesource.com/c/chromium/src/+/6606232 * chore: bump chromium in DEPS to 139.0.7220.0 * chore: update patches Minor changes due to: 6613978: pwa: let events fall through in the transparent area of TopContainerView | https://chromium-review.googlesource.com/c/chromium/src/+/6613978 6614778: Refactor auto pip tab observer for Android support | https://chromium-review.googlesource.com/c/chromium/src/+/6614778 * 6543986: Mac: decouple deserializing and applying sandbox policy https://chromium-review.googlesource.com/c/chromium/src/+/6543986 The DecodeVarInt and DecodeString functions look benign from a MAS perspective. I suspect they were patched out to avoid "unused function" errors. Their complements for encoding are unpatched, supporting this idea. The code that uses these functions was refactored out of the section that we patch out. Instead of patching out that new function, I decided to treat it the same as the serialization function that is unpatched. * chore: bump chromium in DEPS to 139.0.7222.0 * chore: bump chromium in DEPS to 139.0.7224.0 * chore: bump chromium in DEPS to 139.0.7226.0 * chore: bump chromium in DEPS to 139.0.7228.0 * chore: update patches * Don't use static variable for UseExternalPopupMenus https://chromium-review.googlesource.com/c/chromium/src/+/6534657 * Reland "Roll libc++ from a01c02c9d4ac to a9cc573e7c59 https://chromium-review.googlesource.com/c/chromium/src/+/6607589 * chore: bump chromium in DEPS to 139.0.7219.0 * chore: update patches * revert Don't use static variable for UseExternalPopupMenus * tls: remove deprecated tls.createSecurePair and SecurePair https://github.com/nodejs/node/pull/57361 * Revert "Reland "Roll libc++ from a01c02c9d4ac to a9cc573e7c59" This reverts commit33e1436a0c. * test: cleanup api-desktop-capturer-spec.ts * test: more cleanup of api-desktop-capturer-spec.ts * chore: debug dcheck error in webrtc on linux * fixup patch * add debugging to desktop capturer spec * test: fixup api-desktop-capturer-spec.ts for linux * chore: remove debugging patch * Revert "fixup! 6606232: [views] Remove DesktopWindowTreeHostWin::window_enlargement_ https://chromium-review.googlesource.com/c/chromium/src/+/6606232" This reverts commit32e75651c1. * Revert "6606232: [views] Remove DesktopWindowTreeHostWin::window_enlargement_" This reverts commit89c51aa1c7. * [views] Remove DesktopWindowTreeHostWin::window_enlargement_ https://chromium-review.googlesource.com/c/chromium/src/+/6606232 Reverting as we need this functionality for now. * fixup: remove patch that was accidentally added back --------- Co-authored-by: electron-roller[bot] <84116207+electron-roller[bot]@users.noreply.github.com> Co-authored-by: Samuel Maddock <smaddock@slack-corp.com> Co-authored-by: deepak1556 <hop2deep@gmail.com> Co-authored-by: clavin <clavin@electronjs.org> Co-authored-by: John Kleinschmidt <jkleinsc@electronjs.org>
71 lines
3.9 KiB
Diff
71 lines
3.9 KiB
Diff
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: Shelley Vohr <shelley.vohr@gmail.com>
|
|
Date: Mon, 29 Aug 2022 11:44:57 +0200
|
|
Subject: fix: crash loading non-standard schemes in iframes
|
|
|
|
This fixes a crash that occurs when loading non-standard schemes from
|
|
iframes or webviews. This was happening because
|
|
ChildProcessSecurityPolicyImpl::CanAccessDataForOrigin contains explicit
|
|
exceptions to allow built-in non-standard schemes, but does not check
|
|
for non-standard schemes registered by the embedder.
|
|
|
|
This patch adjusts the origin calculation for subframe non-standard schemes in
|
|
- browser process at `NavigationRequest::GetOriginForURLLoaderFactoryUncheckedWithDebugInfo`
|
|
- render process at `DocumentLoader::CalculateOrigin`
|
|
|
|
When top level frame navigates to non-standard scheme url, the origin is calculated
|
|
as `null` without any derivation. It is only in cases where there is a `initiator_origin`
|
|
then the origin is derived from it, which is usually the case for renderer initiated
|
|
navigations and iframes are no exceptions from this rule.
|
|
|
|
The patch should be removed in favor of either:
|
|
- Remove support for non-standard custom schemes
|
|
- Register non-standard custom schemes as websafe schemes and update
|
|
CPSPI::CanAccessDataForOrigin to allow them for any navigation.
|
|
- Update the callsite to use RFHI::CanCommitOriginAndUrl in upstream, previous
|
|
effort to do this can be found at https://chromium-review.googlesource.com/c/chromium/src/+/3856266.
|
|
|
|
Upstream bug https://bugs.chromium.org/p/chromium/issues/detail?id=1081397.
|
|
|
|
diff --git a/content/browser/renderer_host/navigation_request.cc b/content/browser/renderer_host/navigation_request.cc
|
|
index ac5a84d7d677e66544ff3e143f1f1bf9343161c0..10284363f5ba8b6bf038cc4ceb0ba8d6af82c75d 100644
|
|
--- a/content/browser/renderer_host/navigation_request.cc
|
|
+++ b/content/browser/renderer_host/navigation_request.cc
|
|
@@ -11212,6 +11212,11 @@ url::Origin NavigationRequest::GetOriginForURLLoaderFactoryUnchecked() {
|
|
target_rph_id);
|
|
}
|
|
|
|
+ if (!common_params().url.IsStandard() && !common_params().url.IsAboutBlank()) {
|
|
+ return url::Origin::Resolve(common_params().url,
|
|
+ url::Origin());
|
|
+ }
|
|
+
|
|
// In cases not covered above, URLLoaderFactory should be associated with the
|
|
// origin of |common_params.url| and/or |common_params.initiator_origin|.
|
|
url::Origin resolved_origin = url::Origin::Resolve(
|
|
diff --git a/third_party/blink/renderer/core/loader/document_loader.cc b/third_party/blink/renderer/core/loader/document_loader.cc
|
|
index b9951c86a50c8f595fb95485be1c8e65d5595dfe..733e871dbdc10eebdbc69a9cc111c73b165062b4 100644
|
|
--- a/third_party/blink/renderer/core/loader/document_loader.cc
|
|
+++ b/third_party/blink/renderer/core/loader/document_loader.cc
|
|
@@ -2332,6 +2332,10 @@ Frame* DocumentLoader::CalculateOwnerFrame() {
|
|
scoped_refptr<SecurityOrigin> DocumentLoader::CalculateOrigin(
|
|
Document* owner_document) {
|
|
scoped_refptr<SecurityOrigin> origin;
|
|
+ bool is_standard = false;
|
|
+ std::string protocol = url_.Protocol().Ascii();
|
|
+ is_standard = url::IsStandard(
|
|
+ protocol.data(), url::Component(0, static_cast<int>(protocol.size())));
|
|
// Whether the origin is newly created within this call, instead of copied
|
|
// from an existing document's origin or from `origin_to_commit_`. If this is
|
|
// true, we won't try to compare the nonce of this origin (if it's opaque) to
|
|
@@ -2368,6 +2372,9 @@ scoped_refptr<SecurityOrigin> DocumentLoader::CalculateOrigin(
|
|
// non-renderer only origin bits will be the same, which will be asserted at
|
|
// the end of this function.
|
|
origin = origin_to_commit_;
|
|
+ } else if (!SecurityOrigin::ShouldUseInnerURL(url_) &&
|
|
+ !is_standard) {
|
|
+ origin = SecurityOrigin::Create(url_);
|
|
} else {
|
|
// Otherwise, create an origin that propagates precursor information
|
|
// as needed. For non-opaque origins, this creates a standard tuple
|