diff options
author | Allan Sandfeld Jensen <allan.jensen@theqtcompany.com> | 2015-12-02 11:58:32 +0100 |
---|---|---|
committer | Allan Sandfeld Jensen <allan.jensen@theqtcompany.com> | 2016-02-02 12:12:55 +0000 |
commit | f5c64cc3b288439e19fbc485a762c3d58047c6b7 (patch) | |
tree | 01db69564ea5e20940bf058b3481c7b46a6d8857 /chromium/testing/scripts/common.py | |
parent | 9e8b6a16bb9dda3c18a6e770c5698acf38daf326 (diff) | |
download | qtwebengine-chromium-f5c64cc3b288439e19fbc485a762c3d58047c6b7.tar.gz |
<third_party/WebKit> Cherry-pick fix for CVE-2015-6768
Block javascript: document navigations during page dismissal events.
This basically reflects the logic from FrameLoader::startLoad. Before this patch, javascript: document navigations could be performed during page dismissal events. This could be problematic, especially that dismissal events prevent loaders from being stopped or detached.
This patch adds a bail-out condition to FrameLoader::replaceDocumentWhileExecutingJavaScriptURL.
BUG=556724
Review URL: https://codereview.chromium.org/1451123002
Change-Id: Ifcb3dfd1d962c3338a3703def3b84432b58cfa5b
Reviewed-by: Michael BrĂ¼ning <michael.bruning@theqtcompany.com>
Diffstat (limited to 'chromium/testing/scripts/common.py')
0 files changed, 0 insertions, 0 deletions