Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(819)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/browser/web_contents/web_contents_impl.cc

Issue 2778113003: Fix popunders spawned from a subframe. (Closed)
Patch Set: Created 3 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « content/browser/frame_host/frame_tree_node.cc ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/browser/web_contents/web_contents_impl.cc
diff --git a/content/browser/web_contents/web_contents_impl.cc b/content/browser/web_contents/web_contents_impl.cc
index 0d42f075a7b522356aa84b779758582a5532882a..ca275ca7a0ba3519c851da73c7d476a6cab94e4c 100644
--- a/content/browser/web_contents/web_contents_impl.cc
+++ b/content/browser/web_contents/web_contents_impl.cc
@@ -603,7 +603,12 @@ WebContentsImpl* WebContentsImpl::CreateWithOpener(
FrameTreeNode* new_root = new_contents->GetFrameTree()->root();
if (opener) {
- new_root->SetOriginalOpener(opener);
+ // For the "original opener", track the opener's main frame instead, because
+ // if the opener is a subframe, the opener tracking could be easily bypassed
+ // by spawning from a subframe and deleting the subframe.
+ // https://crbug.com/705316
+ new_root->SetOriginalOpener(opener->frame_tree()->root());
+
if (!params.opener_suppressed) {
new_root->SetOpener(opener);
new_contents->created_with_opener_ = true;
« no previous file with comments | « content/browser/frame_host/frame_tree_node.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698