diff options
author | Jack Hsieh <chengweih@chromium.org> | 2023-03-08 04:51:07 +0000 |
---|---|---|
committer | Michael BrĂ¼ning <michael.bruning@qt.io> | 2023-05-15 11:35:28 +0000 |
commit | 1e552d63f76514a8b0bad478334d1b02d74a5e75 (patch) | |
tree | 391e55faf386fe17f398cccd66ae9b06b46204f8 | |
parent | 21de567539039a1926389eaf3bcda55e34855587 (diff) | |
download | qtwebengine-chromium-1e552d63f76514a8b0bad478334d1b02d74a5e75.tar.gz |
[Backport] CVE-2023-2462: Inappropriate implementation in Prompts (7/10)
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/4237816:
serial: Reject using Serial API in an opaque origin
Rejects renderer's request of using Serial API when the top-level
document has an opaque origin.
Bug: 1375133
Change-Id: I14488099dda296b0fcf62f25ffef3e6e76e566ae
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4237816
Reviewed-by: Reilly Grant <reillyg@chromium.org>
Reviewed-by: Alex Moshchuk <alexmos@chromium.org>
Commit-Queue: Jack Hsieh <chengweih@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1114388}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/476760
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
-rw-r--r-- | chromium/content/browser/renderer_host/render_frame_host_impl.cc | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/chromium/content/browser/renderer_host/render_frame_host_impl.cc b/chromium/content/browser/renderer_host/render_frame_host_impl.cc index 1a2509e0695..d5745cea447 100644 --- a/chromium/content/browser/renderer_host/render_frame_host_impl.cc +++ b/chromium/content/browser/renderer_host/render_frame_host_impl.cc @@ -10874,6 +10874,14 @@ void RenderFrameHostImpl::BindSerialService( return; } + // Rejects using Serial API when the top-level document has an opaque origin. + if (GetOutermostMainFrame()->GetLastCommittedOrigin().opaque()) { + mojo::ReportBadMessage( + "Web Serial is not allowed when the top-level document has an opaque " + "origin."); + return; + } + SerialService::GetOrCreateForCurrentDocument(this)->Bind(std::move(receiver)); } |