Index: Source/core/editing/CompositeEditCommand.cpp |
diff --git a/Source/core/editing/CompositeEditCommand.cpp b/Source/core/editing/CompositeEditCommand.cpp |
index 4db2fe86342c16860200307aa8539f6c2eb0c379..08f76c548f8afb1db4f3cf5f69f601b1def1a79e 100644 |
--- a/Source/core/editing/CompositeEditCommand.cpp |
+++ b/Source/core/editing/CompositeEditCommand.cpp |
@@ -73,6 +73,24 @@ namespace WebCore { |
using namespace HTMLNames; |
+namespace { |
+class ReentrancyGuard { |
eseidel
2013/11/15 07:29:52
We don't have one of these already somewhere?
yosin_UTC9
2013/11/15 09:35:17
No. How about using Locker<T>? See http://crrev.co
|
+public: |
+ static bool isRecursiveCall() { return s_nestingCounter; } |
+ |
+ class Scope { |
+ public: |
+ Scope() { ++s_nestingCounter; } |
+ ~Scope() { --s_nestingCounter; } |
+ }; |
+ friend class Scope; |
+ |
+private: |
+ static int s_nestingCounter; |
+}; |
+int ReentrancyGuard::s_nestingCounter; |
+} |
+ |
PassRefPtr<EditCommandComposition> EditCommandComposition::create(Document* document, |
const VisibleSelection& startingSelection, const VisibleSelection& endingSelection, EditAction editAction) |
{ |
@@ -158,6 +176,14 @@ CompositeEditCommand::~CompositeEditCommand() |
void CompositeEditCommand::apply() |
{ |
+ // We don't allow recusrive |apply()| to protect against attack code. |
+ // Recursive call of |apply()| could be happened by moving iframe |
+ // with script triggered by insertion, e.g. <iframe src="javascript:..."> |
+ // <iframe onload="...">. This usage is valid as of the specification |
+ // although, it isn't common use case, rather it is used as attack code. |
+ if (ReentrancyGuard::isRecursiveCall()) |
+ return; |
+ |
if (!endingSelection().isContentRichlyEditable()) { |
switch (editingAction()) { |
case EditActionTyping: |
@@ -182,7 +208,8 @@ void CompositeEditCommand::apply() |
Frame* frame = document().frame(); |
ASSERT(frame); |
{ |
- EventQueueScope scope; |
+ EventQueueScope eventQueueScope; |
+ ReentrancyGuard::Scope reentrancyGuardScope; |
doApply(); |
} |