From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Cheng Zhao Date: Thu, 20 Sep 2018 17:45:32 -0700 Subject: can_create_window.patch diff --git a/content/browser/frame_host/render_frame_host_impl.cc b/content/browser/frame_host/render_frame_host_impl.cc index a76dcf7c0197a146ac060cabcdf8f0d77b7d80f1..b9871c1fb327352dd9c83a751efea0052cc1e997 100644 --- a/content/browser/frame_host/render_frame_host_impl.cc +++ b/content/browser/frame_host/render_frame_host_impl.cc @@ -3664,6 +3664,38 @@ void RenderFrameHostImpl::CreateNewWindow( "frame_tree_node", frame_tree_node_->frame_tree_node_id(), "url", params->target_url.possibly_invalid_spec()); + scoped_refptr body; + if (params->body->has_object) { + body = new network::ResourceRequestBody; + std::vector elements; + for (const auto& iter : params->body->elements) { + network::DataElement element; + switch (iter->type) { + case network::DataElement::TYPE_BYTES: { + element.SetToBytes(iter->bytes.data(), iter->bytes.length()); + break; + } + case network::DataElement::TYPE_FILE: { + element.SetToFilePathRange(iter->path, iter->offset, iter->length, + iter->expected_modification_time); + break; + } + case network::DataElement::TYPE_BLOB: { + element.SetToBlobRange(iter->blob_uuid, iter->offset, iter->length); + break; + } + case network::DataElement::TYPE_DATA_PIPE: + default: + NOTREACHED(); + break; + } + elements.push_back(std::move(element)); + } + body->swap_elements(&elements); + body->set_identifier(params->body->identifier); + body->set_contains_sensitive_info(params->body->contains_sensitive_info); + } + bool no_javascript_access = false; // Filter out URLs to which navigation is disallowed from this context. @@ -3692,6 +3724,7 @@ void RenderFrameHostImpl::CreateNewWindow( last_committed_origin_, params->window_container_type, params->target_url, params->referrer.To(), params->frame_name, params->disposition, *params->features, + params->additional_features, body, effective_transient_activation_state, params->opener_suppressed, &no_javascript_access); diff --git a/content/browser/security_exploit_browsertest.cc b/content/browser/security_exploit_browsertest.cc index 0da371ff7af08265ff5a06c5fe8c3bea59b5f1ea..2f00c1e7fd7dd138c53c3eff3e0010f17db68ca3 100644 --- a/content/browser/security_exploit_browsertest.cc +++ b/content/browser/security_exploit_browsertest.cc @@ -387,6 +387,7 @@ IN_PROC_BROWSER_TEST_F(SecurityExploitBrowserTest, mojom::CreateNewWindowParamsPtr params = mojom::CreateNewWindowParams::New(); params->target_url = GURL("about:blank"); + params->body = mojom::ResourceRequestBody::New(); pending_rfh->CreateNewWindow( std::move(params), base::BindOnce([](mojom::CreateNewWindowStatus, mojom::CreateNewWindowReplyPtr) {})); diff --git a/content/common/frame.mojom b/content/common/frame.mojom index e566a15b798e2586fa4fae3c4db97ce5f4f2f09f..8a08c7a79eba24bce7f11cf8c499432549c4f25b 100644 --- a/content/common/frame.mojom +++ b/content/common/frame.mojom @@ -12,6 +12,8 @@ import "content/public/common/resource_type.mojom"; import "content/public/common/resource_load_info.mojom"; import "content/public/common/transferrable_url_loader.mojom"; import "content/public/common/window_container_type.mojom"; +import "mojo/public/mojom/base/file_path.mojom"; +import "mojo/public/mojom/base/time.mojom"; import "mojo/public/mojom/base/string16.mojom"; import "mojo/public/mojom/base/unguessable_token.mojom"; import "services/network/public/mojom/url_loader.mojom"; @@ -187,6 +189,24 @@ interface FrameFactory { CreateFrame(int32 frame_routing_id, Frame& frame); }; +struct DataElement { + int32 type; + int64 length; + string bytes; + mojo_base.mojom.FilePath path; + int64 offset; + mojo_base.mojom.Time expected_modification_time; + url.mojom.Url filesystem_url; + string blob_uuid; +}; + +struct ResourceRequestBody { + bool has_object; + int64 identifier; + bool contains_sensitive_info; + array elements; +}; + struct CreateNewWindowParams { // True if this open request came in the context of a user gesture. // @@ -226,6 +246,10 @@ struct CreateNewWindowParams { // The window features to use for the new window. blink.mojom.WindowFeatures features; + + // Extra fields added by Electron. + array additional_features; + ResourceRequestBody body; }; // Operation result when the renderer asks the browser to create a new window. diff --git a/content/public/browser/content_browser_client.cc b/content/public/browser/content_browser_client.cc index dc653fc3af345d20fbff9fc4c399bc1452c4850b..499c853a9a3d4c294ae0e6bfdb857ac67c31a144 100644 --- a/content/public/browser/content_browser_client.cc +++ b/content/public/browser/content_browser_client.cc @@ -494,6 +494,8 @@ bool ContentBrowserClient::CanCreateWindow( const std::string& frame_name, WindowOpenDisposition disposition, const blink::mojom::WindowFeatures& features, + const std::vector& additional_features, + const scoped_refptr& body, bool user_gesture, bool opener_suppressed, bool* no_javascript_access) { diff --git a/content/public/browser/content_browser_client.h b/content/public/browser/content_browser_client.h index 2e5e199c4bc6ff6b1559f8c6f1e03e344fcb110b..384b51c1faa7045f2319854db59be27af779569d 100644 --- a/content/public/browser/content_browser_client.h +++ b/content/public/browser/content_browser_client.h @@ -171,6 +171,7 @@ class RenderFrameHost; class RenderProcessHost; class RenderViewHost; class ResourceContext; +class ResourceRequestBody; class ServiceManagerConnection; class SiteInstance; class SpeechRecognitionManagerDelegate; @@ -788,6 +789,8 @@ class CONTENT_EXPORT ContentBrowserClient { const std::string& frame_name, WindowOpenDisposition disposition, const blink::mojom::WindowFeatures& features, + const std::vector& additional_features, + const scoped_refptr& body, bool user_gesture, bool opener_suppressed, bool* no_javascript_access); diff --git a/content/renderer/render_view_impl.cc b/content/renderer/render_view_impl.cc index ceb8568c9da3109dbc2f9a04cc8fc93e394d5294..bba68744d600f5f4482cf9cb3941f38a79478966 100644 --- a/content/renderer/render_view_impl.cc +++ b/content/renderer/render_view_impl.cc @@ -76,6 +76,7 @@ #include "content/renderer/ime_event_guard.h" #include "content/renderer/internal_document_state_data.h" #include "content/renderer/loader/request_extra_data.h" +#include "content/renderer/loader/web_url_request_util.h" #include "content/renderer/media/audio/audio_device_factory.h" #include "content/renderer/media/stream/media_stream_device_observer.h" #include "content/renderer/media/video_capture_impl_manager.h" @@ -1345,6 +1346,46 @@ WebView* RenderViewImpl::CreateView( } params->features = ConvertWebWindowFeaturesToMojoWindowFeatures(features); + params->body = mojom::ResourceRequestBody::New(); + auto body = GetRequestBodyForWebURLRequest(request); + if (body) { + params->body->has_object = true; + params->body->identifier = body->identifier(); + params->body->contains_sensitive_info = body->contains_sensitive_info(); + for (const auto& element : *body->elements()) { + content::mojom::DataElementPtr ptr = content::mojom::DataElement::New(); + ptr->type = element.type(); + switch (element.type()) { + case network::DataElement::TYPE_BYTES: { + ptr->bytes = std::string(element.bytes(), element.length()); + break; + } + case network::DataElement::TYPE_FILE: { + ptr->path = element.path(); + ptr->offset = element.offset(); + ptr->length = element.length(); + ptr->expected_modification_time = element.expected_modification_time(); + break; + } + case network::DataElement::TYPE_BLOB: { + ptr->blob_uuid = element.blob_uuid(); + ptr->offset = element.offset(); + ptr->length = element.length(); + break; + } + case network::DataElement::TYPE_CHUNKED_DATA_PIPE: + case network::DataElement::TYPE_RAW_FILE: + case network::DataElement::TYPE_DATA_PIPE: + case network::DataElement::TYPE_UNKNOWN: + NOTREACHED(); + break; + } + params->body->elements.push_back(std::move(ptr)); + } + } else { + params->body->has_object = false; + } + // We preserve this information before sending the message since |params| is // moved on send. bool is_background_tab = diff --git a/content/shell/browser/web_test/web_test_content_browser_client.cc b/content/shell/browser/web_test/web_test_content_browser_client.cc index 5352c9ccd0cf0cc13fd06397bef1a91dc987b46c..486ce0eb0400f5dd0bac5eda9f7def226e7efbba 100644 --- a/content/shell/browser/web_test/web_test_content_browser_client.cc +++ b/content/shell/browser/web_test/web_test_content_browser_client.cc @@ -298,6 +298,8 @@ bool WebTestContentBrowserClient::CanCreateWindow( const std::string& frame_name, WindowOpenDisposition disposition, const blink::mojom::WindowFeatures& features, + const std::vector& additional_features, + const scoped_refptr& body, bool user_gesture, bool opener_suppressed, bool* no_javascript_access) { diff --git a/content/shell/browser/web_test/web_test_content_browser_client.h b/content/shell/browser/web_test/web_test_content_browser_client.h index ad388b224dc8dec395a9ea82c67ad4031851a2cc..d5cfe02d61dd28c49f4a5e2714f03cd4ebe9e119 100644 --- a/content/shell/browser/web_test/web_test_content_browser_client.h +++ b/content/shell/browser/web_test/web_test_content_browser_client.h @@ -67,6 +67,8 @@ class WebTestContentBrowserClient : public ShellContentBrowserClient { const std::string& frame_name, WindowOpenDisposition disposition, const blink::mojom::WindowFeatures& features, + const std::vector& additional_features, + const scoped_refptr& body, bool user_gesture, bool opener_suppressed, bool* no_javascript_access) override;