From 0a543f389d2eae5254ebd93283d6bcf7aec33883 Mon Sep 17 00:00:00 2001 From: Charles Kerr Date: Sun, 23 Feb 2025 04:42:51 -0600 Subject: [PATCH] fix: crash loading `about:blank` in subframes (35-x-y) (#45758) * fix: crash loading `about:blank` in subframes (#45694) fix: crash loading about:blank in subframes * chore: e patches all --------- Co-authored-by: Shelley Vohr --- ...ding_non-standard_schemes_in_iframes.patch | 8 ++--- ...key_appusermodel_toastactivatorclsid.patch | 8 ++--- ...xplicit_linker_call_to_libm_on_macos.patch | 4 +-- spec/api-subframe-spec.ts | 34 +++++++++++++++++++ 4 files changed, 44 insertions(+), 10 deletions(-) diff --git a/patches/chromium/fix_crash_loading_non-standard_schemes_in_iframes.patch b/patches/chromium/fix_crash_loading_non-standard_schemes_in_iframes.patch index f1f734cff878..5624081660f1 100644 --- a/patches/chromium/fix_crash_loading_non-standard_schemes_in_iframes.patch +++ b/patches/chromium/fix_crash_loading_non-standard_schemes_in_iframes.patch @@ -28,17 +28,17 @@ The patch should be removed in favor of either: Upstream bug https://bugs.chromium.org/p/chromium/issues/detail?id=1081397. diff --git a/content/browser/renderer_host/navigation_request.cc b/content/browser/renderer_host/navigation_request.cc -index 84b894ac879b5a0ada509da98294db75eebe7fd7..fbc0fdf6ee5edf3c284260ac8db2f90c40d32d6d 100644 +index 84b894ac879b5a0ada509da98294db75eebe7fd7..976b8ee4a6f9529727209a3e3a44524c62d0c798 100644 --- a/content/browser/renderer_host/navigation_request.cc +++ b/content/browser/renderer_host/navigation_request.cc @@ -10947,6 +10947,12 @@ NavigationRequest::GetOriginForURLLoaderFactoryUncheckedWithDebugInfo() { "blob"); } -+ if (!IsInMainFrame() && !common_params().url.IsStandard()) { ++ if (!common_params().url.IsStandard() && !common_params().url.IsAboutBlank()) { + return std::make_pair(url::Origin::Resolve(common_params().url, -+ url::Origin()), -+ "url_non_standard"); ++ url::Origin()), ++ "url_non_standard"); + } + // In cases not covered above, URLLoaderFactory should be associated with the diff --git a/patches/chromium/ignore_parse_errors_for_pkey_appusermodel_toastactivatorclsid.patch b/patches/chromium/ignore_parse_errors_for_pkey_appusermodel_toastactivatorclsid.patch index 6f97dd9b9ce8..ba406fe6181c 100644 --- a/patches/chromium/ignore_parse_errors_for_pkey_appusermodel_toastactivatorclsid.patch +++ b/patches/chromium/ignore_parse_errors_for_pkey_appusermodel_toastactivatorclsid.patch @@ -11,10 +11,10 @@ Bug: N/A Change-Id: I9fc472212b2d3afac2c8e18a2159bc2d50bbdf98 diff --git a/AUTHORS b/AUTHORS -index 55dc38c1448c1960b802c136018c8be22ed61c18..5cd195df3650331fbfd62b2f964368b5f3217f3c 100644 +index e96a3afdabc731afe355cda83eec4923ea780fec..0b1dc07aad197eab7b79344bc5aee702a2d580ab 100644 --- a/AUTHORS +++ b/AUTHORS -@@ -337,6 +337,7 @@ David Futcher +@@ -340,6 +340,7 @@ David Futcher David Jin David Lechner David Leen @@ -23,10 +23,10 @@ index 55dc38c1448c1960b802c136018c8be22ed61c18..5cd195df3650331fbfd62b2f964368b5 David McAllister David Michael Barr diff --git a/base/win/shortcut.cc b/base/win/shortcut.cc -index e790adb2f1d6529ac0dd77145f5da2796264c7ae..8a7edcfaf9af963468b4b42fe55a771fb31f13a2 100644 +index 967e130e823f41c402411dfadb53b805e8a8c92b..3a9df7f31861ca69168fd24513ee554d0984798d 100644 --- a/base/win/shortcut.cc +++ b/base/win/shortcut.cc -@@ -342,8 +342,9 @@ bool ResolveShortcutProperties(const FilePath& shortcut_path, +@@ -356,8 +356,9 @@ bool ResolveShortcutProperties(const FilePath& shortcut_path, *(pv_toast_activator_clsid.get().puuid)); break; default: diff --git a/patches/node/build_remove_explicit_linker_call_to_libm_on_macos.patch b/patches/node/build_remove_explicit_linker_call_to_libm_on_macos.patch index 7ef14abffde5..aad80028b3a5 100644 --- a/patches/node/build_remove_explicit_linker_call_to_libm_on_macos.patch +++ b/patches/node/build_remove_explicit_linker_call_to_libm_on_macos.patch @@ -40,10 +40,10 @@ index 5e07e106672a04508a77584c109c97a67926c858..91001fa43ea4807d061f296eaeccb751 } if (is_clang || !is_win) { diff --git a/deps/uv/unofficial.gni b/deps/uv/unofficial.gni -index 7a73f891e3fc3261b77af97af63fca2eade49849..bda1b5dc899558c2b4a22377dde9fb3bcce5488c 100644 +index 348d2f0703e47ca7c5326a4b4c1d6ae31157eeb5..0944d6ddd241b113970ab6aa5804f9534fde882a 100644 --- a/deps/uv/unofficial.gni +++ b/deps/uv/unofficial.gni -@@ -82,11 +82,11 @@ template("uv_gn_build") { +@@ -87,11 +87,11 @@ template("uv_gn_build") { ] } if (is_posix) { diff --git a/spec/api-subframe-spec.ts b/spec/api-subframe-spec.ts index 66b5dcc00e86..3004c2f12bf7 100644 --- a/spec/api-subframe-spec.ts +++ b/spec/api-subframe-spec.ts @@ -217,6 +217,40 @@ describe('renderer nodeIntegrationInSubFrames', () => { }); }); +describe('subframe with non-standard schemes', () => { + it('should not crash when changing subframe src to about:blank and back', async () => { + const w = new BrowserWindow({ show: false, width: 400, height: 400 }); + + const fwfPath = path.resolve(__dirname, 'fixtures/sub-frames/frame-with-frame.html'); + await w.loadFile(fwfPath); + + const originalSrc = await w.webContents.executeJavaScript(` + const iframe = document.querySelector('iframe'); + iframe.src; + `); + + const updatedSrc = await w.webContents.executeJavaScript(` + new Promise((resolve, reject) => { + const iframe = document.querySelector('iframe'); + iframe.src = 'about:blank'; + resolve(iframe.src); + }) + `); + + expect(updatedSrc).to.equal('about:blank'); + + const restoredSrc = await w.webContents.executeJavaScript(` + new Promise((resolve, reject) => { + const iframe = document.querySelector('iframe'); + iframe.src = '${originalSrc}'; + resolve(iframe.src); + }) + `); + + expect(restoredSrc).to.equal(originalSrc); + }); +}); + // app.getAppMetrics() does not return sandbox information on Linux. ifdescribe(process.platform !== 'linux')('cross-site frame sandboxing', () => { let server: http.Server;