Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(905)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/browser/web_contents/web_contents_impl.cc

Issue 2773403002: Fix popunders spawned from a subframe. (Closed)
Patch Set: alex Created 3 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « content/browser/frame_host/frame_tree_node.cc ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/browser/web_contents/web_contents_impl.cc
diff --git a/content/browser/web_contents/web_contents_impl.cc b/content/browser/web_contents/web_contents_impl.cc
index c89fa4bfd0496b61167e9b6772c0efa4ab7f1582..b8c66920459dac9f227d77462ce89460c264857f 100644
--- a/content/browser/web_contents/web_contents_impl.cc
+++ b/content/browser/web_contents/web_contents_impl.cc
@@ -600,7 +600,12 @@ WebContentsImpl* WebContentsImpl::CreateWithOpener(
FrameTreeNode* new_root = new_contents->GetFrameTree()->root();
if (opener) {
- new_root->SetOriginalOpener(opener);
+ // For the "original opener", track the opener's main frame instead, because
+ // if the opener is a subframe, the opener tracking could be easily bypassed
+ // by spawning from a subframe and deleting the subframe.
+ // https://crbug.com/705316
+ new_root->SetOriginalOpener(opener->frame_tree()->root());
+
if (!params.opener_suppressed) {
new_root->SetOpener(opener);
new_contents->created_with_opener_ = true;
« no previous file with comments | « content/browser/frame_host/frame_tree_node.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698