third_party/WebKit/Source/web/WebFrameSerializer.cpp - Issue 2531163004: Remove attributes that contain javascript from MHTML

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: third_party/WebKit/Source/web/WebFrameSerializer.cpp

Issue 2531163004: Remove attributes that contain javascript from MHTML (Closed)

Patch Set: Address final feedback Created 4 years ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« no previous file with comments | « third_party/WebKit/Source/core/frame/FrameSerializer.cpp ('k') | third_party/WebKit/Source/web/tests/WebFrameSerializerTest.cpp » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: third_party/WebKit/Source/web/WebFrameSerializer.cpp

diff --git a/third_party/WebKit/Source/web/WebFrameSerializer.cpp b/third_party/WebKit/Source/web/WebFrameSerializer.cpp

index 2761caac1e1b3e3b8e44f692da8e29c9db19e742..e5e719e323f6557ce0df120451e1fb8c415d6369 100644

--- a/third_party/WebKit/Source/web/WebFrameSerializer.cpp

+++ b/third_party/WebKit/Source/web/WebFrameSerializer.cpp

@@ -81,7 +81,7 @@ class MHTMLFrameSerializerDelegate final : public FrameSerializer::Delegate {

public:

explicit MHTMLFrameSerializerDelegate(

WebFrameSerializer::MHTMLPartsGenerationDelegate&);

- bool shouldIgnoreAttribute(const Attribute&) override;

+ bool shouldIgnoreAttribute(const Element&, const Attribute&) override;

bool rewriteLink(const Element&, String& rewrittenLink) override;

bool shouldSkipResourceWithURL(const KURL&) override;

bool shouldSkipResource(const Resource&) override;

@@ -95,12 +95,27 @@ MHTMLFrameSerializerDelegate::MHTMLFrameSerializerDelegate(

: m_webDelegate(webDelegate) {}

bool MHTMLFrameSerializerDelegate::shouldIgnoreAttribute(

+ const Element& element,

const Attribute& attribute) {

// TODO(fgorski): Presence of srcset attribute causes MHTML to not display

// images, as only the value of src is pulled into the archive. Discarding

// srcset prevents the problem. Long term we should make sure to MHTML plays

// nicely with srcset.

- return attribute.localName() == HTMLNames::srcsetAttr;

+ if (attribute.localName() == HTMLNames::srcsetAttr)

+ return true;

+ // If srcdoc attribute for frame elements will be rewritten as src attribute

+ // containing link instead of html contents, don't ignore the attribute.

+ // Bail out now to avoid the check in Element::isScriptingAttribute.

+ bool isSrcDocAttribute = isHTMLFrameElementBase(element) &&

+ attribute.name() == HTMLNames::srcdocAttr;

+ String newLinkForTheElement;

+ if (isSrcDocAttribute && rewriteLink(element, newLinkForTheElement))

+ return false;

+ // Do not include attributes that contain javascript. This is because the

+ // script will not be executed when a MHTML page is being loaded.

+ return element.isScriptingAttribute(attribute);

}

bool MHTMLFrameSerializerDelegate::rewriteLink(const Element& element,