Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: ensure history navigations are sandboxed-iframe-aware #35623

Merged
merged 1 commit into from
Sep 13, 2022
Merged

fix: ensure history navigations are sandboxed-iframe-aware #35623

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
5 changes: 0 additions & 5 deletions shell/browser/api/electron_api_web_contents.cc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1380,11 +1380,6 @@ bool WebContents::HandleContextMenu(content::RenderFrameHost& render_frame_host,
return true;
}

bool WebContents::OnGoToEntryOffset(int offset) {
GoToOffset(offset);
return false;
}

void WebContents::FindReply(content::WebContents* web_contents,
int request_id,
int number_of_matches,
Expand Down
1 change: 0 additions & 1 deletion shell/browser/api/electron_api_web_contents.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -534,7 +534,6 @@ class WebContents : public ExclusiveAccessContext,
content::RenderWidgetHost* render_widget_host) override;
bool HandleContextMenu(content::RenderFrameHost& render_frame_host,
const content::ContextMenuParams& params) override;
bool OnGoToEntryOffset(int offset) override;
void FindReply(content::WebContents* web_contents,
int request_id,
int number_of_matches,
Expand Down
28 changes: 28 additions & 0 deletions spec-main/chromium-spec.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1571,6 +1571,34 @@ describe('chromium features', () => {
expect((w.webContents as any).length()).to.equal(2);
});
});

describe('window.history.back', () => {
it('should not allow sandboxed iframe to modify main frame state', async () => {
const w = new BrowserWindow({ show: false });
w.loadURL('data:text/html,<iframe sandbox="allow-scripts"></iframe>');
await Promise.all([
emittedOnce(w.webContents, 'navigation-entry-committed'),
emittedOnce(w.webContents, 'did-frame-navigate'),
emittedOnce(w.webContents, 'did-navigate')
]);

w.webContents.executeJavaScript('window.history.pushState(1, "")');
await Promise.all([
emittedOnce(w.webContents, 'navigation-entry-committed'),
emittedOnce(w.webContents, 'did-navigate-in-page')
]);

(w.webContents as any).once('navigation-entry-committed', () => {
expect.fail('Unexpected navigation-entry-committed');
});
w.webContents.once('did-navigate-in-page', () => {
expect.fail('Unexpected did-navigate-in-page');
});
await w.webContents.mainFrame.frames[0].executeJavaScript('window.history.back()');
expect(await w.webContents.executeJavaScript('window.history.state')).to.equal(1);
expect((w.webContents as any).getActiveIndex()).to.equal(1);
});
});
});

describe('chrome://media-internals', () => {
Expand Down