github/electron
1
1
Fork 0
mirror of https://github.com/electron/electron.git synced 2026-01-07 22:54:25 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
a90ccc753b4d38266323dd054db2b98a45917117
electron/patches/chromium/fix_crash_loading_non-standard_schemes_in_iframes.patch
electron-roller[bot] a90ccc753b chore: bump chromium to 145.0.7577.0 (main) (#49175) 
* chore: bump chromium in DEPS to 145.0.7572.0

* chore: update patches (trivial only)

* chore(patch-conflict): feat_filter_out_non-shareable_windows_in_the_current_application_in.patch

Polished the edits and formatted the result. No real changes.

Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7232079 "7232079: Use WindowsToExclude to exclude PiP window in macOS screencapture device"

* chore(patch-conflict): feat_add_support_for_missing_dialog_features_to_shell_dialogs.patch

Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7214586 "7214586: Refactor SelectFileDialogLinuxPortal to request XDG portal on demand"
Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7237910 "7237910: Remove g_gtk_ui global"

* 7228586: Migrate SystemMemoryInfo from ByteCount to ByteSize

Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7228586

* 7207583: GlobalRenderFrameHostId to ChildProcessId

Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7207583

* 7205548: Remove uses of BodyAsStringCallbackDeprecated (extensions/)

Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7205548

* chore: bump chromium in DEPS to 145.0.7574.0

* chore: update libc++ filenames

* chore: update patches (trivial only)

* chore(patch-conflict): feat_filter_out_non-shareable_windows_in_the_current_application_in.patch

Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7246150 "7246150: Fix crash in ScreenCaptureKitDeviceMac due to null PIPScreenCaptureCoordinator"

* fixup! chore(patch-conflict): feat_add_support_for_missing_dialog_features_to_shell_dialogs.patch

* fixup! chore(patch-conflict): feat_filter_out_non-shareable_windows_in_the_current_application_in.patch

* 7239572: [OOPIF PDF] Enable OOPIF PDF by default on Windows/macOS/Linux

Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7239572

* chore: bump chromium in DEPS to 145.0.7576.0

* fixup! chore(patch-conflict): feat_add_support_for_missing_dialog_features_to_shell_dialogs.patch

* chore: update patches (trivial only)

* chore: add note to keep patch that was upstreamed but reverted

fix_restore_original_resize_performance_on_macos.patch was organically upstreamed but that change got reverted just after the current roll's cutoff.

I've added a note in the patch contents so the patch sticks around and so we can keep it after the revert is included.

Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7255334 "7255334: Revert 'Fix jank when resizing browser window'"

* chore: bump chromium in DEPS to 145.0.7577.0

* chore: update patches (trivial only)

* chore(patch-conflict): keep patch after revert

Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7255334 "7255334: Revert 'Fix jank when resizing browser window'"

* 7237910: Remove g_gtk_ui global

I tried to find a way to avoid the patch, but other approaches seemed complex and involved.

Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7237910

* 7251900: Reland "Remove callback_helpers.h include from is_callback.h (try 5)"

Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7251900

* 7170174: [LNA] Retry requests for cached local resources

Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7170174

* fix: PDFs use OOPIF (behavior change)

* fixup! 7237910: Remove g_gtk_ui global

* fixup! 7251900: Reland "Remove callback_helpers.h include from is_callback.h (try 5)"

---------

Co-authored-by: electron-roller[bot] <84116207+electron-roller[bot]@users.noreply.github.com>
Co-authored-by: clavin <clavin@electronjs.org>
2025-12-16 12:32:38 -05:00

71 lines
3.9 KiB
Diff
Raw Blame History

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Shelley Vohr <shelley.vohr@gmail.com>
Date: Mon, 29 Aug 2022 11:44:57 +0200
Subject: fix: crash loading non-standard schemes in iframes
This fixes a crash that occurs when loading non-standard schemes from
iframes or webviews. This was happening because
ChildProcessSecurityPolicyImpl::CanAccessDataForOrigin contains explicit
exceptions to allow built-in non-standard schemes, but does not check
for non-standard schemes registered by the embedder.
This patch adjusts the origin calculation for subframe non-standard schemes in
- browser process at `NavigationRequest::GetOriginForURLLoaderFactoryUncheckedWithDebugInfo`
- render process at `DocumentLoader::CalculateOrigin`
When top level frame navigates to non-standard scheme url, the origin is calculated
as `null` without any derivation. It is only in cases where there is a `initiator_origin`
then the origin is derived from it, which is usually the case for renderer initiated
navigations and iframes are no exceptions from this rule.
The patch should be removed in favor of either:
- Remove support for non-standard custom schemes
- Register non-standard custom schemes as websafe schemes and update
CPSPI::CanAccessDataForOrigin to allow them for any navigation.
- Update the callsite to use RFHI::CanCommitOriginAndUrl in upstream, previous
effort to do this can be found at https://chromium-review.googlesource.com/c/chromium/src/+/3856266.
Upstream bug https://bugs.chromium.org/p/chromium/issues/detail?id=1081397.
diff --git a/content/browser/renderer_host/navigation_request.cc b/content/browser/renderer_host/navigation_request.cc
index 66c6ae2e93af9b86d0796a2e42a657250d1214f3..68824cb9e4eb7d958eaaa04e4016b6d92662ce5f 100644
--- a/content/browser/renderer_host/navigation_request.cc
+++ b/content/browser/renderer_host/navigation_request.cc
@@ -11499,6 +11499,11 @@ url::Origin NavigationRequest::GetOriginForURLLoaderFactoryUnchecked() {
target_rph_id);
}
+ if (!common_params().url.IsStandard() && !common_params().url.IsAboutBlank()) {
+ return url::Origin::Resolve(common_params().url,
+ url::Origin());
+ }
+
// In cases not covered above, URLLoaderFactory should be associated with the
// origin of |common_params.url| and/or |common_params.initiator_origin|.
url::Origin resolved_origin = url::Origin::Resolve(
diff --git a/third_party/blink/renderer/core/loader/document_loader.cc b/third_party/blink/renderer/core/loader/document_loader.cc
index e1ef9b4e88d7711affe123cf3cbba3e4dba01dd5..0884a49cccd25f1476b99a63870c05757ca8444e 100644
--- a/third_party/blink/renderer/core/loader/document_loader.cc
+++ b/third_party/blink/renderer/core/loader/document_loader.cc
@@ -2331,6 +2331,10 @@ Frame* DocumentLoader::CalculateOwnerFrame() {
scoped_refptr<SecurityOrigin> DocumentLoader::CalculateOrigin(
Document* owner_document) {
scoped_refptr<SecurityOrigin> origin;
+ bool is_standard = false;
+ std::string protocol = url_.Protocol().Ascii();
+ is_standard = url::IsStandard(
+ protocol.data(), url::Component(0, static_cast<int>(protocol.size())));
// Whether the origin is newly created within this call, instead of copied
// from an existing document's origin or from `origin_to_commit_`. If this is
// true, we won't try to compare the nonce of this origin (if it's opaque) to
@@ -2367,6 +2371,9 @@ scoped_refptr<SecurityOrigin> DocumentLoader::CalculateOrigin(
// non-renderer only origin bits will be the same, which will be asserted at
// the end of this function.
origin = origin_to_commit_;
+ } else if (!SecurityOrigin::ShouldUseInnerURL(url_) &&
+ !is_standard) {
+ origin = SecurityOrigin::Create(url_);
} else {
// Otherwise, create an origin that propagates precursor information
// as needed. For non-opaque origins, this creates a standard tuple
Reference in New Issue View Git Blame Copy Permalink