Prevent drag-and-drop events from firing over cross-site, same-page frames.

content/browser/web_contents/web_contents_view_aura.h

Index: content/browser/web_contents/web_contents_view_aura.h
diff --git a/content/browser/web_contents/web_contents_view_aura.h b/content/browser/web_contents/web_contents_view_aura.h
index 68690959d5a6cf6b427f931f0ea78f704f68d0a4..517b1cfea974b99ca2aeb6891c3c572f262b5f6c 100644
--- a/content/browser/web_contents/web_contents_view_aura.h
+++ b/content/browser/web_contents/web_contents_view_aura.h
@@ -203,6 +203,14 @@ class CONTENT_EXPORT WebContentsViewAura
   // view. |current_rvh_for_drag_| should not be dereferenced.
   void* current_rvh_for_drag_;
 
+  // We track the source RenderProcessHost and RenderViewHost from which the
+  // current drag originated. These are used to ensure that drag events do not
+  // fire over a cross-site frame in the same page (with respect to the source
+  // frame). See crbug.com/666858. |drag_source_rph_| and |drag_source_rvh_|
+  // should not be dereferenced.
+  void* drag_source_rph_;
+  void* drag_source_rvh_;
+
   // The overscroll gesture currently in progress.
   OverscrollMode current_overscroll_gesture_;