Disabling JavaScript in MHTML and limiting MHTML loading to top frames.

Source/core/loader/DocumentLoader.cpp

Index: Source/core/loader/DocumentLoader.cpp
diff --git a/Source/core/loader/DocumentLoader.cpp b/Source/core/loader/DocumentLoader.cpp
index 260a05303bb5078ae1ef963e6a89da0e2ba25e8d..e468e87a82a3843fea2aa9d787105d648cb38248 100644
--- a/Source/core/loader/DocumentLoader.cpp
+++ b/Source/core/loader/DocumentLoader.cpp
@@ -608,6 +608,10 @@ bool DocumentLoader::isLoadingInAPISense() const
 
 bool DocumentLoader::maybeCreateArchive()
 {
+    // Only the top-frame can load MHTML.
+    if (m_frame->tree().parent())
+        return false;
+
     // Give the archive machinery a crack at this document. If the MIME type is not an archive type, it will return 0.
     if (!isArchiveMIMEType(m_response.mimeType()))
         return false;
@@ -620,6 +624,10 @@ bool DocumentLoader::maybeCreateArchive()
         return false;
     }
 
+    // No JavaScript allowed in MHTML to prevent access to cookies for example.
+    if (m_frame->settings())
+        m_frame->settings()->setScriptEnabled(false);

[abarth-chromium, 2014/02/12 22:09:15]

Won't this setting persist until after the MHTML has left the frame?  Another
way of doing this is to call enforceSandboxFlags(...) on the document you
create.  Using the sandbox flags, you can disable JavaScript (and other features
if you wish), and they will propagate down to child documents.  They also won't
persist when the next Document is loaded into the frame.

[Jay Civelli, 2014/02/12 23:26:40]

Ah! Thanks for catching this, I did not realize the settings would persist.
I changed to use enforceSandboxFlags() with all sandbox flags, as I don't think
we need any of the features that we can sandbox (layout tests pass, trying a few
actual actual saved MHTML pages worked as well).

+
     addAllArchiveResources(m_archive.get());
     ArchiveResource* mainResource = m_archive->mainResource();