mirrors/electron
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions 1

fix: ensure history navigations are sandboxed-iframe-aware (#35420)

Browse source
This commit is contained in:
Jeremy Spiegel 2022-09-08 17:08:56 -07:00 committed by GitHub
parent b0036ea43a
commit 730d9181b3
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 28 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

28
spec/chromium-spec.ts
View file

@ -1812,6 +1812,34 @@ describe('chromium features', () => {
expect((w.webContents as any).length()).to.equal(2);
});
});
describe('window.history.back', () => {
it('should not allow sandboxed iframe to modify main frame state', async () => {
const w = new BrowserWindow({ show: false });
w.loadURL('data:text/html,<iframe sandbox="allow-scripts"></iframe>');
await Promise.all([
emittedOnce(w.webContents, 'navigation-entry-committed'),
emittedOnce(w.webContents, 'did-frame-navigate'),
emittedOnce(w.webContents, 'did-navigate')
]);
w.webContents.executeJavaScript('window.history.pushState(1, "")');
await Promise.all([
emittedOnce(w.webContents, 'navigation-entry-committed'),
emittedOnce(w.webContents, 'did-navigate-in-page')
]);
(w.webContents as any).once('navigation-entry-committed', () => {
expect.fail('Unexpected navigation-entry-committed');
});
w.webContents.once('did-navigate-in-page', () => {
expect.fail('Unexpected did-navigate-in-page');
});
await w.webContents.mainFrame.frames[0].executeJavaScript('window.history.back()');
expect(await w.webContents.executeJavaScript('window.history.state')).to.equal(1);
expect((w.webContents as any).getActiveIndex()).to.equal(1);
});
});
});
describe('chrome://media-internals', () => {