Disabling JavaScript in MHTML and limiting MHTML loading to top frames.

Source/core/loader/DocumentLoader.cpp

Index: Source/core/loader/DocumentLoader.cpp
diff --git a/Source/core/loader/DocumentLoader.cpp b/Source/core/loader/DocumentLoader.cpp
index 260a05303bb5078ae1ef963e6a89da0e2ba25e8d..f0e50233481e6455379246ba7f25ee39c0c9a8cd 100644
--- a/Source/core/loader/DocumentLoader.cpp
+++ b/Source/core/loader/DocumentLoader.cpp
@@ -279,6 +279,9 @@ void DocumentLoader::finishedLoading(double finishTime)
     }
     m_applicationCacheHost->finishedLoadingMainResource();
     clearMainResourceHandle();
+
+    if (m_archive && document())
+        document()->enforceSandboxFlags(SandboxAll);

[abarth-chromium, 2014/02/12 23:35:39]

This is probably too late.  You want to enforce these flags from the beginning
of the load.  Isn't this the end of the load?

This code should probably be inside the MHTML code, right before it starts
adding content to the document...

 }
 
 bool DocumentLoader::isRedirectAfterPost(const ResourceRequest& newRequest, const ResourceResponse& redirectResponse)
@@ -608,6 +611,10 @@ bool DocumentLoader::isLoadingInAPISense() const
 
 bool DocumentLoader::maybeCreateArchive()
 {
+    // Only the top-frame can load MHTML.
+    if (m_frame->tree().parent())
+        return false;
+
     // Give the archive machinery a crack at this document. If the MIME type is not an archive type, it will return 0.
     if (!isArchiveMIMEType(m_response.mimeType()))
         return false;