| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/browser/web_contents/web_contents_impl.h" | 5 #include "content/browser/web_contents/web_contents_impl.h" |
| 6 | 6 |
| 7 #include <stddef.h> | 7 #include <stddef.h> |
| 8 | 8 |
| 9 #include <cmath> | 9 #include <cmath> |
| 10 #include <utility> | 10 #include <utility> |
| (...skipping 582 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 593 | 593 |
| 594 WebContentsImpl* WebContentsImpl::CreateWithOpener( | 594 WebContentsImpl* WebContentsImpl::CreateWithOpener( |
| 595 const WebContents::CreateParams& params, | 595 const WebContents::CreateParams& params, |
| 596 FrameTreeNode* opener) { | 596 FrameTreeNode* opener) { |
| 597 TRACE_EVENT0("browser", "WebContentsImpl::CreateWithOpener"); | 597 TRACE_EVENT0("browser", "WebContentsImpl::CreateWithOpener"); |
| 598 WebContentsImpl* new_contents = new WebContentsImpl(params.browser_context); | 598 WebContentsImpl* new_contents = new WebContentsImpl(params.browser_context); |
| 599 | 599 |
| 600 FrameTreeNode* new_root = new_contents->GetFrameTree()->root(); | 600 FrameTreeNode* new_root = new_contents->GetFrameTree()->root(); |
| 601 | 601 |
| 602 if (opener) { | 602 if (opener) { |
| 603 new_root->SetOriginalOpener(opener); | 603 // For the "original opener", track the opener's main frame instead, because |
| 604 // if the opener is a subframe, the opener tracking could be easily bypassed |
| 605 // by spawning from a subframe and deleting the subframe. |
| 606 // https://crbug.com/705316 |
| 607 new_root->SetOriginalOpener(opener->frame_tree()->root()); |
| 608 |
| 604 if (!params.opener_suppressed) { | 609 if (!params.opener_suppressed) { |
| 605 new_root->SetOpener(opener); | 610 new_root->SetOpener(opener); |
| 606 new_contents->created_with_opener_ = true; | 611 new_contents->created_with_opener_ = true; |
| 607 } | 612 } |
| 608 } | 613 } |
| 609 | 614 |
| 610 // If the opener is sandboxed, a new popup must inherit the opener's sandbox | 615 // If the opener is sandboxed, a new popup must inherit the opener's sandbox |
| 611 // flags, and these flags take effect immediately. An exception is if the | 616 // flags, and these flags take effect immediately. An exception is if the |
| 612 // opener's sandbox flags lack the PropagatesToAuxiliaryBrowsingContexts | 617 // opener's sandbox flags lack the PropagatesToAuxiliaryBrowsingContexts |
| 613 // bit (which is controlled by the "allow-popups-to-escape-sandbox" token). | 618 // bit (which is controlled by the "allow-popups-to-escape-sandbox" token). |
| (...skipping 4784 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 5398 RenderViewHost* render_view_host = RenderViewHost::From(render_widget_host); | 5403 RenderViewHost* render_view_host = RenderViewHost::From(render_widget_host); |
| 5399 if (!render_view_host) | 5404 if (!render_view_host) |
| 5400 continue; | 5405 continue; |
| 5401 render_view_host_set.insert(render_view_host); | 5406 render_view_host_set.insert(render_view_host); |
| 5402 } | 5407 } |
| 5403 for (RenderViewHost* render_view_host : render_view_host_set) | 5408 for (RenderViewHost* render_view_host : render_view_host_set) |
| 5404 render_view_host->OnWebkitPreferencesChanged(); | 5409 render_view_host->OnWebkitPreferencesChanged(); |
| 5405 } | 5410 } |
| 5406 | 5411 |
| 5407 } // namespace content | 5412 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2773403002:
Fix popunders spawned from a subframe. (Closed)
