chore: cherry-pick 3abc372c9c00 from chromium #26894
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
electron-cation
bot
added
new-pr 🌱
codebytere
approved these changes
Dec 9, 2020
miniak
approved these changes
Dec 10, 2020
|
Release Notes Persisted
|
belenko
pushed a commit
that referenced
this pull request
Dec 14, 2020
* chore: cherry-pick 3abc372c9c00 from chromium * resolve conflict
jkleinsc
pushed a commit
that referenced
this pull request
Feb 4, 2021
* chore: chromium backports M87-1 Contains applicable backports from M87-1 release CVE-2020-16037 CVE-2020-16041 CVE-2020-16042 * chore: cherry-pick 381c4b5679 from chromium. (#26832) * fix: message box missing an "OK" button in GTK (#26915) Co-authored-by: Mimi <1119186082@qq.com> * chore: cherry-pick d8d64b7cd244 from chromium (#26892) * chore: cherry-pick 290fe9c6e245 from v8 (#26896) * docs: add missing deprecated systemPreferences APIs to breaking-changes (#26934) Co-authored-by: Milan Burda <milan.burda@gmail.com> * chore: cherry-pick 3abc372c9c00 from chromium (#26894) * chore: cherry-pick 3abc372c9c00 from chromium * resolve conflict * fix: Avoid crashing in NativeViewHost::SetParentAccessible on Windows 10 (#26949) * fix: Avoid crashing in NativeViewHost::SetParentAccessible on Windows This fixes #26905. The patch was obtained from @deepak1556, who in turn got it from the Microsoft Teams folks. I believe the crash started happening due to the changes in https://chromium.googlesource.com/chromium/src.git/+/5c6c8e994bce2bfb867279ae5068e9f9134e70c3%5E!/#F15 This affects Electron 9 and later. Notes: Fix occasional crash on Windows * Update .patches * update patches Co-authored-by: Biru Mohanathas <birunthan@mohanathas.com> Co-authored-by: Jeremy Rose <jeremya@chromium.org> Co-authored-by: Electron Bot <electron@github.com> * fix: Upload all *.dll.pdb to symbol server (#26964) Fixes #26961. Notes: Add Electron DLLs like libGLESv2.dll to symbol server Co-authored-by: Biru Mohanathas <birunthan@mohanathas.com> * fix: restrict sendToFrame to same-process frames by default (#26875) (#26927) * fix: restrict sendToFrame to same-process frames by default (#26875) * missed a conflict * fix build * fix build again * fix usage of defer * Bump v10.2.0 * chore: cherry-pick 6763a713f957 from skia (#26956) * chore: chromium backports M87-1 PR feedback: add links to changes in the upstream Co-authored-by: Andrey Belenko <anbelen@microsoft.com> Co-authored-by: Pedro Pontes <pepontes@microsoft.com> Co-authored-by: trop[bot] <37223003+trop[bot]@users.noreply.github.com> Co-authored-by: Mimi <1119186082@qq.com> Co-authored-by: Jeremy Rose <jeremya@chromium.org> Co-authored-by: Milan Burda <milan.burda@gmail.com> Co-authored-by: Biru Mohanathas <birunthan@mohanathas.com> Co-authored-by: Electron Bot <electron@github.com> Co-authored-by: Michaela Laurencin <35157522+mlaurencin@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Apply markup sanitizer in CompositeEditCommand::MoveParagraphs()
CompositeEditCommand::MoveParagraphs() serailizes part of the DOM and
then re-parse it and insert it at some other place of the document. This
is essentially a copy-and-paste, and can be exploited in the same way
how copy-and-paste is exploited. So we should also sanitize markup in
the function.
(cherry picked from commit c529cbcc1bb0f72af944c30f03c2b3b435317bc7)
Bug: 1141350
Change-Id: I25c1dfc61c20b9134b23e057c5a3a0f56c190b5c
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2500633
Commit-Queue: Yoshifumi Inoue yosin@chromium.org
Reviewed-by: Yoshifumi Inoue yosin@chromium.org
Cr-Original-Commit-Position: refs/heads/master@{#821098}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2518088
Reviewed-by: Xiaocheng Hu xiaochengh@chromium.org
Commit-Queue: Xiaocheng Hu xiaochengh@chromium.org
Cr-Commit-Position: refs/branch-heads/4280@{#1099}
Cr-Branched-From: ea420fb963f9658c9969b6513c56b8f47efa1a2a-refs/heads/master@{#812852}
Notes: Security: backported fix for 1141350.