diff options
author | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2018-01-03 13:55:01 +0100 |
---|---|---|
committer | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2018-01-04 12:43:41 +0000 |
commit | d0e7830edb0f53efdc64b9b1d04648150ed29e88 (patch) | |
tree | 01607e634fe2cdda7c94a4b97b17db33dc130aaa | |
parent | 741f3965b46a64e8e733c0ee4c3ec4913825bb5b (diff) | |
download | qtwebengine-chromium-d0e7830edb0f53efdc64b9b1d04648150ed29e88.tar.gz |
[Backport] Resource Timing: Do not report subsequent navigations within subframes
We only want to record resource timing for the load that was initiated
by parent document. We filter out subsequent navigations for <iframe>,
but we should do it for other types of subframes too.
TBR=japhet@chromium.org
Bug: 780312
Reviewed-on: https://chromium-review.googlesource.com/750487
Reviewed-on: https://chromium-review.googlesource.com/753205
(CVE-2017-780312)
Change-Id: I0da5e29204783f458b098d8425fcf5f88b777c38
Reviewed-by: Michael BrĂ¼ning <michael.bruning@qt.io>
4 files changed, 5 insertions, 11 deletions
diff --git a/chromium/third_party/WebKit/Source/core/html/HTMLFrameOwnerElement.cpp b/chromium/third_party/WebKit/Source/core/html/HTMLFrameOwnerElement.cpp index c5bcbe991d3..5b5fc6becb6 100644 --- a/chromium/third_party/WebKit/Source/core/html/HTMLFrameOwnerElement.cpp +++ b/chromium/third_party/WebKit/Source/core/html/HTMLFrameOwnerElement.cpp @@ -81,7 +81,8 @@ HTMLFrameOwnerElement::HTMLFrameOwnerElement(const QualifiedName& tag_name, : HTMLElement(tag_name, document), content_frame_(nullptr), embedded_content_view_(nullptr), - sandbox_flags_(kSandboxNone) {} + sandbox_flags_(kSandboxNone), + did_load_non_empty_document_(false) {} LayoutEmbeddedContent* HTMLFrameOwnerElement::GetLayoutEmbeddedContent() const { // HTMLObjectElement and HTMLEmbedElement may return arbitrary layoutObjects diff --git a/chromium/third_party/WebKit/Source/core/html/HTMLFrameOwnerElement.h b/chromium/third_party/WebKit/Source/core/html/HTMLFrameOwnerElement.h index 5ea9eb8a24d..f1faf7271f9 100644 --- a/chromium/third_party/WebKit/Source/core/html/HTMLFrameOwnerElement.h +++ b/chromium/third_party/WebKit/Source/core/html/HTMLFrameOwnerElement.h @@ -63,8 +63,8 @@ class CORE_EXPORT HTMLFrameOwnerElement : public HTMLElement, Document* getSVGDocument(ExceptionState&) const; - virtual bool LoadedNonEmptyDocument() const { return false; } - virtual void DidLoadNonEmptyDocument() {} + bool LoadedNonEmptyDocument() const { return did_load_non_empty_document_; } + void DidLoadNonEmptyDocument() { did_load_non_empty_document_ = true; } void SetEmbeddedContentView(EmbeddedContentView*); EmbeddedContentView* ReleaseEmbeddedContentView(); @@ -154,6 +154,7 @@ class CORE_EXPORT HTMLFrameOwnerElement : public HTMLElement, Member<Frame> content_frame_; Member<EmbeddedContentView> embedded_content_view_; SandboxFlags sandbox_flags_; + bool did_load_non_empty_document_; WebParsedFeaturePolicy container_policy_; }; diff --git a/chromium/third_party/WebKit/Source/core/html/HTMLIFrameElement.cpp b/chromium/third_party/WebKit/Source/core/html/HTMLIFrameElement.cpp index 6aa3ab90b5e..755017b43b5 100644 --- a/chromium/third_party/WebKit/Source/core/html/HTMLIFrameElement.cpp +++ b/chromium/third_party/WebKit/Source/core/html/HTMLIFrameElement.cpp @@ -39,7 +39,6 @@ using namespace HTMLNames; inline HTMLIFrameElement::HTMLIFrameElement(Document& document) : HTMLFrameElementBase(iframeTag, document), - did_load_non_empty_document_(false), collapsed_by_client_(false), sandbox_(HTMLIFrameElementSandbox::Create(this)), allow_(HTMLIFrameElementAllow::Create(this)), diff --git a/chromium/third_party/WebKit/Source/core/html/HTMLIFrameElement.h b/chromium/third_party/WebKit/Source/core/html/HTMLIFrameElement.h index f49a4bff3b5..5ecf795d07c 100644 --- a/chromium/third_party/WebKit/Source/core/html/HTMLIFrameElement.h +++ b/chromium/third_party/WebKit/Source/core/html/HTMLIFrameElement.h @@ -67,12 +67,6 @@ class CORE_EXPORT HTMLIFrameElement final bool LayoutObjectIsNeeded(const ComputedStyle&) override; LayoutObject* CreateLayoutObject(const ComputedStyle&) override; - bool LoadedNonEmptyDocument() const override { - return did_load_non_empty_document_; - } - void DidLoadNonEmptyDocument() override { - did_load_non_empty_document_ = true; - } bool IsInteractiveContent() const override; ReferrerPolicy ReferrerPolicyAttribute() override; @@ -87,7 +81,6 @@ class CORE_EXPORT HTMLIFrameElement final AtomicString name_; AtomicString csp_; - bool did_load_non_empty_document_; bool allow_fullscreen_; bool allow_payment_request_; bool collapsed_by_client_; |