diff options
author | Allan Sandfeld Jensen <allan.jensen@theqtcompany.com> | 2016-07-26 13:38:22 +0200 |
---|---|---|
committer | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2016-08-10 12:22:28 +0000 |
commit | f6e6743a20dd7e53b8f51787f661ae8a319b4b18 (patch) | |
tree | a6ac7267c332f8d90556d0aacee847927b05152f | |
parent | a2dde8d5ac635fbea89ab17ff40c81f53ea952a6 (diff) | |
download | qtwebengine-chromium-f6e6743a20dd7e53b8f51787f661ae8a319b4b18.tar.gz |
[Backport] Don't allow deferred frames to create new windows.
New pages never defer loads, which makes it difficult for ScopedPageLoadDeferrer
to protect against synchronous loads.
This patch adds a check in ChromeClientImpl::createWindow.
BUG=616907
Review-Url: https://codereview.chromium.org/2035973002
(CVE-2016-1710)
Change-Id: Ia787c8abfc1a7de20cf951d1e94db9633bcdee68
Reviewed-by: Michael BrĂ¼ning <michael.bruning@qt.io>
-rw-r--r-- | chromium/third_party/WebKit/Source/web/ChromeClientImpl.cpp | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/chromium/third_party/WebKit/Source/web/ChromeClientImpl.cpp b/chromium/third_party/WebKit/Source/web/ChromeClientImpl.cpp index 8217b6d80cb..8b88e849f94 100644 --- a/chromium/third_party/WebKit/Source/web/ChromeClientImpl.cpp +++ b/chromium/third_party/WebKit/Source/web/ChromeClientImpl.cpp @@ -293,6 +293,9 @@ Page* ChromeClientImpl::createWindow(LocalFrame* frame, const FrameLoadRequest& if (!m_webView->client()) return nullptr; + if (!frame->page() || frame->page()->defersLoading()) + return nullptr; + WebNavigationPolicy policy = effectiveNavigationPolicy(navigationPolicy, features); ASSERT(frame->document()); Fullscreen::fullyExitFullscreen(*frame->document()); |