[Backport] CVE-2020-6562: Insufficient policy enforcement in Blink

Manual backport of patch originally reviewed on https://chromium-review.googlesource.com/c/chromium/src/+/2253242: [FileAPI] Properly set charset when loading blob URL. Bug: 1086845 Change-Id: I1630dcff89198ea968ff49ff353d793ae19c10b3 Reviewed-by: Michal Klocek <michal.klocek@qt.io> Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
author: Marijn Kruisselbrink <mek@chromium.org> 2020-06-19 02:22:48 +0000
committer: Michael Brüning <michael.bruning@qt.io> 2020-10-05 12:02:24 +0000
commit: 82a0e2faa2ab61eb7fa0b0403c6990d25e6ab801 (patch)
tree: 639010964d9e2a7cb16eee49bb32b8cc3a07c7ea
parent: d7c2cf253996bd5b4a893b52fd719b11c9ec7ba9 (diff)
download: qtwebengine-chromium-82a0e2faa2ab61eb7fa0b0403c6990d25e6ab801.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/chromium/storage/browser/blob/blob_url_loader.cc b/chromium/storage/browser/blob/blob_url_loader.cc
index ca16d565ebd..30473e163fc 100644
--- a/chromium/storage/browser/blob/blob_url_loader.cc
+++ b/chromium/storage/browser/blob/blob_url_loader.cc
@@ -157,10 +157,10 @@ void BlobURLLoader::HeadersCompleted(net::HttpStatusCode status_code,
 
   std::string mime_type;
   response.headers->GetMimeType(&mime_type);
-  // Match logic in StreamURLRequestJob::HeadersCompleted.
   if (mime_type.empty())
     mime_type = "text/plain";
   response.mime_type = mime_type;
+  response.headers->GetCharset(&response.charset);
 
   // TODO(jam): some of this code can be shared with
   // services/network/url_loader.h
author	Marijn Kruisselbrink <mek@chromium.org>	2020-06-19 02:22:48 +0000
committer	Michael Brüning <michael.bruning@qt.io>	2020-10-05 12:02:24 +0000
commit	82a0e2faa2ab61eb7fa0b0403c6990d25e6ab801 (patch)
tree	639010964d9e2a7cb16eee49bb32b8cc3a07c7ea
parent	d7c2cf253996bd5b4a893b52fd719b11c9ec7ba9 (diff)
download	qtwebengine-chromium-82a0e2faa2ab61eb7fa0b0403c6990d25e6ab801.tar.gz