diff options
author | ahmedmoussa <ahmedmoussa@google.com> | 2023-01-24 20:17:49 +0000 |
---|---|---|
committer | Michael BrĂ¼ning <michael.bruning@qt.io> | 2023-04-04 10:09:41 +0000 |
commit | 213de45f57c6300d535cc1a91e9e0b600cd955ce (patch) | |
tree | 2a5ace9c127e1eb70f76684bb0e06831da5c2528 | |
parent | 0717211ca9d7ee2dcc17a7964170d633aafcfb98 (diff) | |
download | qtwebengine-chromium-213de45f57c6300d535cc1a91e9e0b600cd955ce.tar.gz |
[Backport] CVE-2023-1236: Inappropriate implementation in Internals
Manual backport of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/4014983:
Fix PresentationRequest Origin not shown issue when Opaque
The origin info from the PresentationRequest is not shown when the
origin is opaque. This CL fixes that issue.
Bug: 1374518
Change-Id: Iec1902f4918ae92315051abfb97d8fecfcbc7e11
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4014983
Reviewed-by: Takumi Fujimoto <takumif@chromium.org>
Reviewed-by: Mark Foltz <mfoltz@chromium.org>
Commit-Queue: Ahmed Moussa <ahmedmoussa@google.com>
Reviewed-by: Tommy Steimel <steimel@chromium.org>
Reviewed-by: Chris Thompson <cthomp@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1096324}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/468199
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
7 files changed, 32 insertions, 7 deletions
diff --git a/chromium/components/global_media_controls/BUILD.gn b/chromium/components/global_media_controls/BUILD.gn index 8c8fccd9568..39c8c8ed88c 100644 --- a/chromium/components/global_media_controls/BUILD.gn +++ b/chromium/components/global_media_controls/BUILD.gn @@ -35,7 +35,6 @@ component("global_media_controls") { public_deps = [ "//components/media_message_center", - "//components/url_formatter", "//services/media_session/public/cpp", "//services/media_session/public/mojom", "//ui/views", diff --git a/chromium/components/global_media_controls/DEPS b/chromium/components/global_media_controls/DEPS index 9b4049d02ef..c185628b366 100644 --- a/chromium/components/global_media_controls/DEPS +++ b/chromium/components/global_media_controls/DEPS @@ -1,7 +1,6 @@ include_rules = [ "+components/media_message_center", "+components/strings", - "+components/url_formatter", "+components/vector_icons", "+media", "+mojo/public/cpp/bindings", diff --git a/chromium/components/global_media_controls/public/media_session_notification_item.cc b/chromium/components/global_media_controls/public/media_session_notification_item.cc index 682fc60ae09..55c3905b0ea 100644 --- a/chromium/components/global_media_controls/public/media_session_notification_item.cc +++ b/chromium/components/global_media_controls/public/media_session_notification_item.cc @@ -8,9 +8,8 @@ #include "base/metrics/histogram_macros.h" #include "base/time/time.h" #include "components/global_media_controls/public/constants.h" +#include "components/media_message_center/media_notification_util.h" #include "components/media_message_center/media_notification_view.h" -#include "components/url_formatter/elide_url.h" -#include "components/url_formatter/url_formatter.h" #include "services/media_session/public/cpp/util.h" #include "services/media_session/public/mojom/media_controller.mojom.h" #include "services/media_session/public/mojom/media_session.mojom.h" @@ -120,6 +119,10 @@ void MediaSessionNotificationItem::MediaSessionPositionChanged( void MediaSessionNotificationItem::UpdatePresentationRequestOrigin( const url::Origin& origin) { + if (!media_message_center::IsOriginGoodForDisplay(origin)) { + return; + } + optional_presentation_request_origin_ = origin; if (view_ && !frozen_) view_->UpdateWithMediaMetadata(GetSessionMetadata()); @@ -268,9 +271,8 @@ media_session::MediaMetadata MediaSessionNotificationItem::GetSessionMetadata() const { media_session::MediaMetadata data = session_metadata_; if (optional_presentation_request_origin_.has_value()) { - data.source_title = url_formatter::FormatOriginForSecurityDisplay( - optional_presentation_request_origin_.value(), - url_formatter::SchemeDisplay::OMIT_HTTP_AND_HTTPS); + data.source_title = media_message_center::GetOriginNameForDisplay( + optional_presentation_request_origin_.value()); } return data; } diff --git a/chromium/components/media_message_center/BUILD.gn b/chromium/components/media_message_center/BUILD.gn index b79e1098b79..98d09e2b2e9 100644 --- a/chromium/components/media_message_center/BUILD.gn +++ b/chromium/components/media_message_center/BUILD.gn @@ -36,6 +36,7 @@ component("media_message_center") { "//base", "//components/media_message_center/vector_icons", "//components/strings:components_strings_grit", + "//components/url_formatter", "//components/vector_icons", "//services/media_session/public/cpp", "//skia", diff --git a/chromium/components/media_message_center/DEPS b/chromium/components/media_message_center/DEPS index 2470b04eae9..07e7608297b 100644 --- a/chromium/components/media_message_center/DEPS +++ b/chromium/components/media_message_center/DEPS @@ -1,6 +1,7 @@ include_rules = [ "+cc/paint", "+components/strings/grit/components_strings.h", + "+components/url_formatter", "+components/vector_icons", "+mojo/public/cpp/bindings", "+services/media_session/public", diff --git a/chromium/components/media_message_center/media_notification_util.cc b/chromium/components/media_message_center/media_notification_util.cc index 852cb26fd9b..9fee0891b64 100644 --- a/chromium/components/media_message_center/media_notification_util.cc +++ b/chromium/components/media_message_center/media_notification_util.cc @@ -7,6 +7,7 @@ #include "base/containers/contains.h" #include "base/metrics/histogram_macros.h" #include "base/strings/utf_string_conversions.h" +#include "components/url_formatter/elide_url.h" #include "ui/views/controls/button/button.h" namespace media_message_center { @@ -56,6 +57,19 @@ std::u16string GetAccessibleNameFromMetadata( return accessible_name; } +bool IsOriginGoodForDisplay(const url::Origin& origin) { + return !origin.opaque() || + origin.GetTupleOrPrecursorTupleIfOpaque().IsValid(); +} + +std::u16string GetOriginNameForDisplay(const url::Origin& origin) { + const auto url = origin.opaque() + ? origin.GetTupleOrPrecursorTupleIfOpaque().GetURL() + : origin.GetURL(); + return url_formatter::FormatUrlForSecurityDisplay( + url, url_formatter::SchemeDisplay::OMIT_HTTP_AND_HTTPS); +} + base::flat_set<MediaSessionAction> GetTopVisibleActions( const base::flat_set<MediaSessionAction>& enabled_actions, const base::flat_set<MediaSessionAction>& ignored_actions, diff --git a/chromium/components/media_message_center/media_notification_util.h b/chromium/components/media_message_center/media_notification_util.h index 6aa9851a005..ea8624f89cf 100644 --- a/chromium/components/media_message_center/media_notification_util.h +++ b/chromium/components/media_message_center/media_notification_util.h @@ -8,6 +8,7 @@ #include "base/component_export.h" #include "base/containers/flat_set.h" #include "services/media_session/public/mojom/media_session.mojom.h" +#include "url/origin.h" namespace views { class Button; @@ -25,6 +26,14 @@ COMPONENT_EXPORT(MEDIA_MESSAGE_CENTER) std::u16string GetAccessibleNameFromMetadata( media_session::MediaMetadata session_metadata); +// Checks if the origin has a human-friendly url. +COMPONENT_EXPORT(MEDIA_MESSAGE_CENTER) +bool IsOriginGoodForDisplay(const url::Origin& origin); + +// Creates a string formatting a url::Origin in a human-friendly way. +COMPONENT_EXPORT(MEDIA_MESSAGE_CENTER) +std::u16string GetOriginNameForDisplay(const url::Origin& origin); + // Returns actions that can be displayed as buttons in the media controller UI // from the set (|enabled_actions| - |ignored_actions|). This will return at // most |max_actions| - if needed, the actions will the least priority will be |