diff options
| author | Allan Sandfeld Jensen <allan.jensen@theqtcompany.com> | 2015-09-28 18:37:14 +0200 |
|---|---|---|
| committer | Allan Sandfeld Jensen <allan.jensen@theqtcompany.com> | 2015-09-29 07:47:06 +0000 |
| commit | 0e8ff63a407fe323e215bb1a2c423c09a4747c8a (patch) | |
| tree | e27e357e125d2d705bd504e1e3c8a3da1ed20f1d /chromium/chrome/browser/resources/pdf | |
| parent | c3d0bb5bb15d008606b18b865841e19cd9bb5847 (diff) | |
| download | qtwebengine-chromium-upstream-45.tar.gz | |
BASELINE: Update chromium to 45.0.2454.101upstream-45
Also adds web_cache component
Change-Id: I51238ceea8ee99854cc4989ae70a4fc2fc6bedcb
Reviewed-by: Kai Koehne <kai.koehne@theqtcompany.com>
Diffstat (limited to 'chromium/chrome/browser/resources/pdf')
| -rw-r--r-- | chromium/chrome/browser/resources/pdf/pdf.js | 19 |
1 files changed, 16 insertions, 3 deletions
diff --git a/chromium/chrome/browser/resources/pdf/pdf.js b/chromium/chrome/browser/resources/pdf/pdf.js index 43e085e434b..c4975746d57 100644 --- a/chromium/chrome/browser/resources/pdf/pdf.js +++ b/chromium/chrome/browser/resources/pdf/pdf.js @@ -84,6 +84,7 @@ function PDFViewer(browserApi) { this.browserApi_ = browserApi; this.loadState_ = LoadState.LOADING; this.parentWindow_ = null; + this.parentOrigin_ = null; this.delayedScriptingMessages_ = []; @@ -674,6 +675,7 @@ PDFViewer.prototype = { handleScriptingMessage: function(message) { if (this.parentWindow_ != message.source) { this.parentWindow_ = message.source; + this.parentOrigin_ = message.origin; // Ensure that we notify the embedder if the document is loaded. if (this.loadState_ != LoadState.LOADING) this.sendDocumentLoadedMessage_(); @@ -760,11 +762,22 @@ PDFViewer.prototype = { * @param {Object} message the message to send. */ sendScriptingMessage_: function(message) { - if (this.parentWindow_) - this.parentWindow_.postMessage(message, '*'); + if (this.parentWindow_ && this.parentOrigin_) { + var targetOrigin; + // Only send data back to the embedder if it is from the same origin, + // unless we're sending it to ourselves (which could happen in the case + // of tests). We also allow documentLoaded messages through as this won't + // leak important information. + if (this.parentOrigin_ == window.location.origin) + targetOrigin = this.parentOrigin_; + else if (message.type == 'documentLoaded') + targetOrigin = '*'; + else + targetOrigin = this.browserApi_.getStreamInfo().originalUrl; + this.parentWindow_.postMessage(message, targetOrigin); + } }, - /** * @type {Viewport} the viewport of the PDF viewer. */ |