240 lines
11 KiB
Diff
240 lines
11 KiB
Diff
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: Cheng Zhao <zcbenz@gmail.com>
|
|
Date: Thu, 20 Sep 2018 17:45:32 -0700
|
|
Subject: can_create_window.patch
|
|
|
|
|
|
diff --git a/content/browser/frame_host/render_frame_host_impl.cc b/content/browser/frame_host/render_frame_host_impl.cc
|
|
index 520dcffb53534e76d739cff74ea58d49bdfb682a..783dc705f748bc6c9d3b8630ce12ad39ff2fd7d2 100644
|
|
--- a/content/browser/frame_host/render_frame_host_impl.cc
|
|
+++ b/content/browser/frame_host/render_frame_host_impl.cc
|
|
@@ -3142,6 +3142,38 @@ void RenderFrameHostImpl::CreateNewWindow(
|
|
"frame_tree_node", frame_tree_node_->frame_tree_node_id(), "url",
|
|
params->target_url.possibly_invalid_spec());
|
|
|
|
+ scoped_refptr<network::ResourceRequestBody> body;
|
|
+ if (params->body->has_object) {
|
|
+ body = new network::ResourceRequestBody;
|
|
+ std::vector<network::DataElement> elements;
|
|
+ for (const auto& iter : params->body->elements) {
|
|
+ network::DataElement element;
|
|
+ switch (iter->type) {
|
|
+ case network::DataElement::TYPE_BYTES: {
|
|
+ element.SetToBytes(iter->bytes.data(), iter->bytes.length());
|
|
+ break;
|
|
+ }
|
|
+ case network::DataElement::TYPE_FILE: {
|
|
+ element.SetToFilePathRange(iter->path, iter->offset, iter->length,
|
|
+ iter->expected_modification_time);
|
|
+ break;
|
|
+ }
|
|
+ case network::DataElement::TYPE_BLOB: {
|
|
+ element.SetToBlobRange(iter->blob_uuid, iter->offset, iter->length);
|
|
+ break;
|
|
+ }
|
|
+ case network::DataElement::TYPE_DATA_PIPE:
|
|
+ default:
|
|
+ NOTREACHED();
|
|
+ break;
|
|
+ }
|
|
+ elements.push_back(std::move(element));
|
|
+ }
|
|
+ body->swap_elements(&elements);
|
|
+ body->set_identifier(params->body->identifier);
|
|
+ body->set_contains_sensitive_info(params->body->contains_sensitive_info);
|
|
+ }
|
|
+
|
|
bool no_javascript_access = false;
|
|
|
|
// Filter out URLs to which navigation is disallowed from this context.
|
|
@@ -3170,6 +3202,7 @@ void RenderFrameHostImpl::CreateNewWindow(
|
|
last_committed_origin_.GetURL(), params->window_container_type,
|
|
params->target_url, params->referrer, params->frame_name,
|
|
params->disposition, *params->features,
|
|
+ params->additional_features, body,
|
|
effective_transient_activation_state, params->opener_suppressed,
|
|
&no_javascript_access);
|
|
|
|
diff --git a/content/browser/security_exploit_browsertest.cc b/content/browser/security_exploit_browsertest.cc
|
|
index e3b04edb5a301115d894190a64e734eb2c8b3499..254f94016b97620cfbc102cbbc7677cfcfe38e22 100644
|
|
--- a/content/browser/security_exploit_browsertest.cc
|
|
+++ b/content/browser/security_exploit_browsertest.cc
|
|
@@ -313,6 +313,7 @@ IN_PROC_BROWSER_TEST_F(SecurityExploitBrowserTest,
|
|
|
|
mojom::CreateNewWindowParamsPtr params = mojom::CreateNewWindowParams::New();
|
|
params->target_url = GURL("about:blank");
|
|
+ params->body = mojom::ResourceRequestBody::New();
|
|
pending_rfh->CreateNewWindow(
|
|
std::move(params), base::BindOnce([](mojom::CreateNewWindowStatus,
|
|
mojom::CreateNewWindowReplyPtr) {}));
|
|
diff --git a/content/common/frame.mojom b/content/common/frame.mojom
|
|
index fb4732e6e666044233716fc3ae629dedad7b2618..804086522994b038c86a31e7acdcffc1e039c260 100644
|
|
--- a/content/common/frame.mojom
|
|
+++ b/content/common/frame.mojom
|
|
@@ -12,6 +12,8 @@ import "content/public/common/resource_type.mojom";
|
|
import "content/public/common/resource_load_info.mojom";
|
|
import "content/public/common/transferrable_url_loader.mojom";
|
|
import "content/public/common/window_container_type.mojom";
|
|
+import "mojo/public/mojom/base/file_path.mojom";
|
|
+import "mojo/public/mojom/base/time.mojom";
|
|
import "mojo/public/mojom/base/string16.mojom";
|
|
import "mojo/public/mojom/base/unguessable_token.mojom";
|
|
import "services/network/public/mojom/url_loader.mojom";
|
|
@@ -157,6 +159,24 @@ interface FrameFactory {
|
|
CreateFrame(int32 frame_routing_id, Frame& frame);
|
|
};
|
|
|
|
+struct DataElement {
|
|
+ int32 type;
|
|
+ int64 length;
|
|
+ string bytes;
|
|
+ mojo_base.mojom.FilePath path;
|
|
+ int64 offset;
|
|
+ mojo_base.mojom.Time expected_modification_time;
|
|
+ url.mojom.Url filesystem_url;
|
|
+ string blob_uuid;
|
|
+};
|
|
+
|
|
+struct ResourceRequestBody {
|
|
+ bool has_object;
|
|
+ int64 identifier;
|
|
+ bool contains_sensitive_info;
|
|
+ array<DataElement> elements;
|
|
+};
|
|
+
|
|
struct CreateNewWindowParams {
|
|
// True if this open request came in the context of a user gesture.
|
|
//
|
|
@@ -196,6 +216,10 @@ struct CreateNewWindowParams {
|
|
|
|
// The window features to use for the new window.
|
|
blink.mojom.WindowFeatures features;
|
|
+
|
|
+ // Extra fields added by Electron.
|
|
+ array<string> additional_features;
|
|
+ ResourceRequestBody body;
|
|
};
|
|
|
|
// Operation result when the renderer asks the browser to create a new window.
|
|
diff --git a/content/public/browser/content_browser_client.cc b/content/public/browser/content_browser_client.cc
|
|
index 2a896c7072caae655be1902b536d9172448abddb..bb54b89bef5c6f32e7b4a056336c85494e2a04de 100644
|
|
--- a/content/public/browser/content_browser_client.cc
|
|
+++ b/content/public/browser/content_browser_client.cc
|
|
@@ -435,6 +435,8 @@ bool ContentBrowserClient::CanCreateWindow(
|
|
const std::string& frame_name,
|
|
WindowOpenDisposition disposition,
|
|
const blink::mojom::WindowFeatures& features,
|
|
+ const std::vector<std::string>& additional_features,
|
|
+ const scoped_refptr<network::ResourceRequestBody>& body,
|
|
bool user_gesture,
|
|
bool opener_suppressed,
|
|
bool* no_javascript_access) {
|
|
diff --git a/content/public/browser/content_browser_client.h b/content/public/browser/content_browser_client.h
|
|
index fd5d62fee1172b07a692fcf6ce06a30096d25b03..3be31602689cb93b965729cc4e35cf6d23a8ec2f 100644
|
|
--- a/content/public/browser/content_browser_client.h
|
|
+++ b/content/public/browser/content_browser_client.h
|
|
@@ -162,6 +162,7 @@ class RenderFrameHost;
|
|
class RenderProcessHost;
|
|
class RenderViewHost;
|
|
class ResourceContext;
|
|
+class ResourceRequestBody;
|
|
class ServiceManagerConnection;
|
|
class SiteInstance;
|
|
class SpeechRecognitionManagerDelegate;
|
|
@@ -706,6 +707,8 @@ class CONTENT_EXPORT ContentBrowserClient {
|
|
const std::string& frame_name,
|
|
WindowOpenDisposition disposition,
|
|
const blink::mojom::WindowFeatures& features,
|
|
+ const std::vector<std::string>& additional_features,
|
|
+ const scoped_refptr<network::ResourceRequestBody>& body,
|
|
bool user_gesture,
|
|
bool opener_suppressed,
|
|
bool* no_javascript_access);
|
|
diff --git a/content/renderer/render_view_impl.cc b/content/renderer/render_view_impl.cc
|
|
index 03d9cda9f95daa369101b6f922e0978061e0225f..edad9fc3198ca12bd326c9f407a62866373e3b29 100644
|
|
--- a/content/renderer/render_view_impl.cc
|
|
+++ b/content/renderer/render_view_impl.cc
|
|
@@ -79,6 +79,7 @@
|
|
#include "content/renderer/ime_event_guard.h"
|
|
#include "content/renderer/internal_document_state_data.h"
|
|
#include "content/renderer/loader/request_extra_data.h"
|
|
+#include "content/renderer/loader/web_url_request_util.h"
|
|
#include "content/renderer/media/audio/audio_device_factory.h"
|
|
#include "content/renderer/media/stream/media_stream_device_observer.h"
|
|
#include "content/renderer/media/video_capture_impl_manager.h"
|
|
@@ -1270,6 +1271,46 @@ WebView* RenderViewImpl::CreateView(WebLocalFrame* creator,
|
|
}
|
|
params->features = ConvertWebWindowFeaturesToMojoWindowFeatures(features);
|
|
|
|
+ params->body = mojom::ResourceRequestBody::New();
|
|
+ auto body = GetRequestBodyForWebURLRequest(request);
|
|
+ if (body) {
|
|
+ params->body->has_object = true;
|
|
+ params->body->identifier = body->identifier();
|
|
+ params->body->contains_sensitive_info = body->contains_sensitive_info();
|
|
+ for (const auto& element : *body->elements()) {
|
|
+ content::mojom::DataElementPtr ptr = content::mojom::DataElement::New();
|
|
+ ptr->type = element.type();
|
|
+ switch (element.type()) {
|
|
+ case network::DataElement::TYPE_BYTES: {
|
|
+ ptr->bytes = std::string(element.bytes(), element.length());
|
|
+ break;
|
|
+ }
|
|
+ case network::DataElement::TYPE_FILE: {
|
|
+ ptr->path = element.path();
|
|
+ ptr->offset = element.offset();
|
|
+ ptr->length = element.length();
|
|
+ ptr->expected_modification_time = element.expected_modification_time();
|
|
+ break;
|
|
+ }
|
|
+ case network::DataElement::TYPE_BLOB: {
|
|
+ ptr->blob_uuid = element.blob_uuid();
|
|
+ ptr->offset = element.offset();
|
|
+ ptr->length = element.length();
|
|
+ break;
|
|
+ }
|
|
+ case network::DataElement::TYPE_CHUNKED_DATA_PIPE:
|
|
+ case network::DataElement::TYPE_RAW_FILE:
|
|
+ case network::DataElement::TYPE_DATA_PIPE:
|
|
+ case network::DataElement::TYPE_UNKNOWN:
|
|
+ NOTREACHED();
|
|
+ break;
|
|
+ }
|
|
+ params->body->elements.push_back(std::move(ptr));
|
|
+ }
|
|
+ } else {
|
|
+ params->body->has_object = false;
|
|
+ }
|
|
+
|
|
// We preserve this information before sending the message since |params| is
|
|
// moved on send.
|
|
bool is_background_tab =
|
|
diff --git a/content/shell/browser/layout_test/layout_test_content_browser_client.cc b/content/shell/browser/layout_test/layout_test_content_browser_client.cc
|
|
index fe0e3720ea5d60d65ecbbc3836bc87785997a513..4a31617b5a898b0f6d7e25cc05992d36862678a0 100644
|
|
--- a/content/shell/browser/layout_test/layout_test_content_browser_client.cc
|
|
+++ b/content/shell/browser/layout_test/layout_test_content_browser_client.cc
|
|
@@ -276,6 +276,8 @@ bool LayoutTestContentBrowserClient::CanCreateWindow(
|
|
const std::string& frame_name,
|
|
WindowOpenDisposition disposition,
|
|
const blink::mojom::WindowFeatures& features,
|
|
+ const std::vector<std::string>& additional_features,
|
|
+ const scoped_refptr<network::ResourceRequestBody>& body,
|
|
bool user_gesture,
|
|
bool opener_suppressed,
|
|
bool* no_javascript_access) {
|
|
diff --git a/content/shell/browser/layout_test/layout_test_content_browser_client.h b/content/shell/browser/layout_test/layout_test_content_browser_client.h
|
|
index fa458cf0c92d6f75ecd71e296ba1af88ace400dc..cdd95a1d88e582a31aca43cd2fc9001113dcde1c 100644
|
|
--- a/content/shell/browser/layout_test/layout_test_content_browser_client.h
|
|
+++ b/content/shell/browser/layout_test/layout_test_content_browser_client.h
|
|
@@ -66,6 +66,8 @@ class LayoutTestContentBrowserClient : public ShellContentBrowserClient {
|
|
const std::string& frame_name,
|
|
WindowOpenDisposition disposition,
|
|
const blink::mojom::WindowFeatures& features,
|
|
+ const std::vector<std::string>& additional_features,
|
|
+ const scoped_refptr<network::ResourceRequestBody>& body,
|
|
bool user_gesture,
|
|
bool opener_suppressed,
|
|
bool* no_javascript_access) override;
|
|
--
|
|
2.17.0
|
|
|