github/electron
1
1
Fork 0
mirror of https://github.com/electron/electron.git synced 2026-01-08 23:18:06 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
f6407b49495b4f9e46d366b46fec8d6a45d723e3
electron/patches/chromium/fix_crash_loading_non-standard_schemes_in_iframes.patch
electron-roller[bot] f6407b4949 chore: bump chromium to 140.0.7314.0 (main) (#47882) 
* chore: bump chromium in DEPS to 140.0.7314.0

* 6769821: Delegate checking whether preconnect is enabled.

Refs https://chromium-review.googlesource.com/c/chromium/src/+/6769821

* 6632993: PDF Searchify IPH: Use embedder WebContents for GuestView PDF

Refs https://chromium-review.googlesource.com/c/chromium/src/+/6632993

* 6769214: [ios blink] Set IOSurface shared memory region on all GMB handles

Refs https://chromium-review.googlesource.com/c/chromium/src/+/6769214

* chore: update patches

* 6769572: [soft navs]: Move AsyncSameDocumentNavigationStarted to TaskAttributionTracker

Refs https://chromium-review.googlesource.com/c/chromium/src/+/6769572

* chore: node gen-libc++-filenames.js

* 6765740: [SxS] Implement support for split view in extensions API

Refs https://chromium-review.googlesource.com/c/chromium/src/+/6765740

* 6769821: Delegate checking whether preconnect is enabled.

Refs https://chromium-review.googlesource.com/c/chromium/src/+/6769821

---------

Co-authored-by: electron-roller[bot] <84116207+electron-roller[bot]@users.noreply.github.com>
Co-authored-by: David Sanders <dsanders11@ucsbalum.com>
2025-07-28 15:31:54 -07:00

71 lines
3.9 KiB
Diff
Raw Blame History

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Shelley Vohr <shelley.vohr@gmail.com>
Date: Mon, 29 Aug 2022 11:44:57 +0200
Subject: fix: crash loading non-standard schemes in iframes
This fixes a crash that occurs when loading non-standard schemes from
iframes or webviews. This was happening because
ChildProcessSecurityPolicyImpl::CanAccessDataForOrigin contains explicit
exceptions to allow built-in non-standard schemes, but does not check
for non-standard schemes registered by the embedder.
This patch adjusts the origin calculation for subframe non-standard schemes in
- browser process at `NavigationRequest::GetOriginForURLLoaderFactoryUncheckedWithDebugInfo`
- render process at `DocumentLoader::CalculateOrigin`
When top level frame navigates to non-standard scheme url, the origin is calculated
as `null` without any derivation. It is only in cases where there is a `initiator_origin`
then the origin is derived from it, which is usually the case for renderer initiated
navigations and iframes are no exceptions from this rule.
The patch should be removed in favor of either:
- Remove support for non-standard custom schemes
- Register non-standard custom schemes as websafe schemes and update
CPSPI::CanAccessDataForOrigin to allow them for any navigation.
- Update the callsite to use RFHI::CanCommitOriginAndUrl in upstream, previous
effort to do this can be found at https://chromium-review.googlesource.com/c/chromium/src/+/3856266.
Upstream bug https://bugs.chromium.org/p/chromium/issues/detail?id=1081397.
diff --git a/content/browser/renderer_host/navigation_request.cc b/content/browser/renderer_host/navigation_request.cc
index 5018ddade9e6198ad770949696a80ab14482b7e2..5d63cd4e6b33364a1134d4e23eee26e7311b824d 100644
--- a/content/browser/renderer_host/navigation_request.cc
+++ b/content/browser/renderer_host/navigation_request.cc
@@ -11328,6 +11328,11 @@ url::Origin NavigationRequest::GetOriginForURLLoaderFactoryUnchecked() {
target_rph_id);
}
+ if (!common_params().url.IsStandard() && !common_params().url.IsAboutBlank()) {
+ return url::Origin::Resolve(common_params().url,
+ url::Origin());
+ }
+
// In cases not covered above, URLLoaderFactory should be associated with the
// origin of |common_params.url| and/or |common_params.initiator_origin|.
url::Origin resolved_origin = url::Origin::Resolve(
diff --git a/third_party/blink/renderer/core/loader/document_loader.cc b/third_party/blink/renderer/core/loader/document_loader.cc
index 3c0e7a6e8e63fd6ca06de278ff8544124e7bb8c8..ff80074db26650f95a1dc5bac7bb90824541426b 100644
--- a/third_party/blink/renderer/core/loader/document_loader.cc
+++ b/third_party/blink/renderer/core/loader/document_loader.cc
@@ -2322,6 +2322,10 @@ Frame* DocumentLoader::CalculateOwnerFrame() {
scoped_refptr<SecurityOrigin> DocumentLoader::CalculateOrigin(
Document* owner_document) {
scoped_refptr<SecurityOrigin> origin;
+ bool is_standard = false;
+ std::string protocol = url_.Protocol().Ascii();
+ is_standard = url::IsStandard(
+ protocol.data(), url::Component(0, static_cast<int>(protocol.size())));
// Whether the origin is newly created within this call, instead of copied
// from an existing document's origin or from `origin_to_commit_`. If this is
// true, we won't try to compare the nonce of this origin (if it's opaque) to
@@ -2358,6 +2362,9 @@ scoped_refptr<SecurityOrigin> DocumentLoader::CalculateOrigin(
// non-renderer only origin bits will be the same, which will be asserted at
// the end of this function.
origin = origin_to_commit_;
+ } else if (!SecurityOrigin::ShouldUseInnerURL(url_) &&
+ !is_standard) {
+ origin = SecurityOrigin::Create(url_);
} else {
// Otherwise, create an origin that propagates precursor information
// as needed. For non-opaque origins, this creates a standard tuple
Reference in New Issue View Git Blame Copy Permalink