mirror of
https://github.com/electron/electron.git
synced 2026-01-09 23:48:01 -05:00
7d05b78479
* chore: bump chromium in DEPS to 133.0.6902.0
* chore: bump chromium in DEPS to 133.0.6903.0
* chore: update patches
* Update PdfViewer Save File Picker to use showSaveFilePicker.
Refs https://chromium-review.googlesource.com/c/chromium/src/+/6074308
* Code Health: Clean up stale MacWebContentsOcclusion
Refs https://chromium-review.googlesource.com/c/chromium/src/+/6078344
* Change RenderProcessHost::GetID to RenderProcessHost::GetDeprecatedID
Refs https://chromium-review.googlesource.com/c/chromium/src/+/6065543
* [WebRTC] Make WebRTC IP Handling policy a mojo enum
Refs https://chromium-review.googlesource.com/c/chromium/src/+/6063620
* chore: gen filenames.libcxx.gni
* Remove allow_unsafe_buffers pragma in //printing
Refs https://chromium-review.googlesource.com/c/chromium/src/+/6092280
* refactor: to use ChildProcessId where possible
Refs https://issues.chromium.org/issues/379869738
* [Win] Update TabletMode detection code
Refs https://chromium-review.googlesource.com/c/chromium/src/+/6003486
* chore: bump chromium in DEPS to 133.0.6905.0
* chore: update patches
* Reland "Move global shortcut listener to //ui/base"
Refs https://chromium-review.googlesource.com/c/chromium/src/+/6099035
* [shared storage] Implement the batch `with_lock` option for response header
Refs https://chromium-review.googlesource.com/c/chromium/src/+/6072742
* chore: bump chromium in DEPS to 133.0.6907.0
* chore: bump chromium in DEPS to 133.0.6909.0
* chore: bump chromium in DEPS to 133.0.6911.0
* chore: bump chromium in DEPS to 133.0.6912.0
* chore: update patches
* WebUI: Reveal hidden deps to ui/webui/resources.
Refs https://chromium-review.googlesource.com/c/chromium/src/+/6096291
* chore: bump chromium in DEPS to 133.0.6913.0
* chore: bump chromium in DEPS to 133.0.6915.0
* Code Health: Clean up stale base::Feature "AccessibilityTreeForViews"
Refs https://chromium-review.googlesource.com/c/chromium/src/+/6104174
Co-authored-by: David Sanders <dsanders11@ucsbalum.com>
* fix: remove fastapitypedarray usage
* chore: update patches
* chore: script/gen-libc++-filenames.js
* Code Health: Clean up stale base::Feature "WinRetrieveSuggestionsOnlyOnDemand"
Refs https://chromium-review.googlesource.com/c/chromium/src/+/6109477
* fix: empty suggestions with windows platform checker
Amends the fix from https://github.com/electron/electron/pull/29690
since the feature flag is no longer available. We follow the
same pattern as //chrome/browser/renderer_context_menu/spelling_menu_observer.cc
to generate the suggestion list on demand when context menu action
is invoked.
Co-authored-by: David Sanders <dsanders11@ucsbalum.com>
* fixup! fix: empty suggestions with windows platform checker
* fixup! fix: empty suggestions with windows platform checker
* revert: 6078344: Code Health: Clean up stale MacWebContentsOcclusion | https://chromium-review.googlesource.com/c/chromium/src/+/6078344
* Revert "revert: 6078344: Code Health: Clean up stale MacWebContentsOcclusion | https://chromium-review.googlesource.com/c/chromium/src/+/6078344"
This reverts commit 9cacda452e.
* chore: bump to 133.0.6920.0, update patches
* Revert "6078344: Code Health: Clean up stale MacWebContentsOcclusion"
Refs: https://chromium-review.googlesource.com/c/chromium/src/+/6078344
* fixup! Update PdfViewer Save File Picker to use showSaveFilePicker.
---------
Co-authored-by: electron-roller[bot] <84116207+electron-roller[bot]@users.noreply.github.com>
Co-authored-by: deepak1556 <hop2deep@gmail.com>
Co-authored-by: David Sanders <dsanders11@ucsbalum.com>
Co-authored-by: Keeley Hammond <khammond@slack-corp.com>
73 lines
3.9 KiB
Diff
73 lines
3.9 KiB
Diff
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: Shelley Vohr <shelley.vohr@gmail.com>
|
|
Date: Mon, 29 Aug 2022 11:44:57 +0200
|
|
Subject: fix: crash loading non-standard schemes in iframes
|
|
|
|
This fixes a crash that occurs when loading non-standard schemes from
|
|
iframes or webviews. This was happening because
|
|
ChildProcessSecurityPolicyImpl::CanAccessDataForOrigin contains explicit
|
|
exceptions to allow built-in non-standard schemes, but does not check
|
|
for non-standard schemes registered by the embedder.
|
|
|
|
This patch adjusts the origin calculation for subframe non-standard schemes in
|
|
- browser process at `NavigationRequest::GetOriginForURLLoaderFactoryUncheckedWithDebugInfo`
|
|
- render process at `DocumentLoader::CalculateOrigin`
|
|
|
|
When top level frame navigates to non-standard scheme url, the origin is calculated
|
|
as `null` without any derivation. It is only in cases where there is a `initiator_origin`
|
|
then the origin is derived from it, which is usually the case for renderer initiated
|
|
navigations and iframes are no exceptions from this rule.
|
|
|
|
The patch should be removed in favor of either:
|
|
- Remove support for non-standard custom schemes
|
|
- Register non-standard custom schemes as websafe schemes and update
|
|
CPSPI::CanAccessDataForOrigin to allow them for any navigation.
|
|
- Update the callsite to use RFHI::CanCommitOriginAndUrl in upstream, previous
|
|
effort to do this can be found at https://chromium-review.googlesource.com/c/chromium/src/+/3856266.
|
|
|
|
Upstream bug https://bugs.chromium.org/p/chromium/issues/detail?id=1081397.
|
|
|
|
diff --git a/content/browser/renderer_host/navigation_request.cc b/content/browser/renderer_host/navigation_request.cc
|
|
index cc3a15808ad7c0f0764944f145499f9bc462c787..49f43795209fe3cbf12a949312c3edbbfb5aa255 100644
|
|
--- a/content/browser/renderer_host/navigation_request.cc
|
|
+++ b/content/browser/renderer_host/navigation_request.cc
|
|
@@ -10817,6 +10817,12 @@ NavigationRequest::GetOriginForURLLoaderFactoryUncheckedWithDebugInfo() {
|
|
"blob");
|
|
}
|
|
|
|
+ if (!IsInMainFrame() && !common_params().url.IsStandard()) {
|
|
+ return std::make_pair(url::Origin::Resolve(common_params().url,
|
|
+ url::Origin()),
|
|
+ "url_non_standard");
|
|
+ }
|
|
+
|
|
// In cases not covered above, URLLoaderFactory should be associated with the
|
|
// origin of |common_params.url| and/or |common_params.initiator_origin|.
|
|
url::Origin resolved_origin = url::Origin::Resolve(
|
|
diff --git a/third_party/blink/renderer/core/loader/document_loader.cc b/third_party/blink/renderer/core/loader/document_loader.cc
|
|
index f4d01820da41368f872e1f04a4736946eb304a93..8fd4b90f490d6b063ab780caf301bed68f36737e 100644
|
|
--- a/third_party/blink/renderer/core/loader/document_loader.cc
|
|
+++ b/third_party/blink/renderer/core/loader/document_loader.cc
|
|
@@ -2317,6 +2317,10 @@ Frame* DocumentLoader::CalculateOwnerFrame() {
|
|
scoped_refptr<SecurityOrigin> DocumentLoader::CalculateOrigin(
|
|
Document* owner_document) {
|
|
scoped_refptr<SecurityOrigin> origin;
|
|
+ bool is_standard = false;
|
|
+ std::string protocol = url_.Protocol().Ascii();
|
|
+ is_standard = url::IsStandard(
|
|
+ protocol.data(), url::Component(0, static_cast<int>(protocol.size())));
|
|
StringBuilder debug_info_builder;
|
|
// Whether the origin is newly created within this call, instead of copied
|
|
// from an existing document's origin or from `origin_to_commit_`. If this is
|
|
@@ -2370,6 +2374,10 @@ scoped_refptr<SecurityOrigin> DocumentLoader::CalculateOrigin(
|
|
// the end of this function.
|
|
origin = origin_to_commit_;
|
|
debug_info_builder.Append("use_origin_to_commit");
|
|
+ } else if (!SecurityOrigin::ShouldUseInnerURL(url_) &&
|
|
+ !is_standard) {
|
|
+ debug_info_builder.Append("use_url_with_non_standard_scheme");
|
|
+ origin = SecurityOrigin::Create(url_);
|
|
} else {
|
|
debug_info_builder.Append("use_url_with_precursor");
|
|
// Otherwise, create an origin that propagates precursor information
|