Google Git
Sign in
chromium / chromium / src / 5ce3ecbcdfc196f0341d992da6a6f19d0845029d
commit5ce3ecbcdfc196f0341d992da6a6f19d0845029d[log] [tgz]
authorCharlie Reis <creis@chromium.org>Wed Jun 05 23:55:30 2024
committerChromium LUCI CQ <chromium-scoped@luci-project-accounts.iam.gserviceaccount.com>Wed Jun 05 23:55:30 2024
tree98bd95baa892cf54a0ba5f27c16a4ba3166e3d7b
parent10ff4750ffb1ad97febe842f5ade82a812cb5b67 [diff]
Prevent CanCommitURL renderer kills for document.open on error pages.

Failed navigations commit an error page with the failed URL from the
browser process's perspective, but the renderer process uses
kUnreachableWebDataURL instead. This chrome-error://chromewebdata URL
can end up being inherited if document.open() is later used. This does
not normally occur on error pages, but it is possible in Android WebView
apps, leading to CanCommitURL failures because the chrome-error: scheme
has not been granted to the process.

This CL avoids a renderer kill in this scenario by granting access to
the kUnreachableWebDataURL when a process is legitimately committing a
failed navigation.

This CL also avoids checking CanAccessMaybeOpaqueOrigin for the
kUnreachableWebDataURL, since that function cannot compute the expected
process lock when error page isolation is not in effect. The rest of the
checks (including the CPSP::State::CanCommitURL check) still apply.

Bug: 326250356
Change-Id: I2ac56c14ce4dda242d0dd37e8087cd934228d9d2
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5601582
Reviewed-by: Alex Moshchuk <alexmos@chromium.org>
Commit-Queue: Charlie Reis <creis@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1310986}
3 files changed
tree: 98bd95baa892cf54a0ba5f27c16a4ba3166e3d7b
  1. android_webview/
  2. apps/
  3. ash/
  4. base/
  5. build/
  6. build_overrides/
  7. buildtools/
  8. cc/
  9. chrome/
  10. chromecast/
  11. chromeos/
  12. codelabs/
  13. components/
  14. content/
  15. courgette/
  16. crypto/
  17. dbus/
  18. device/
  19. docs/
  20. extensions/
  21. fuchsia_web/
  22. gin/
  23. google_apis/
  24. google_update/
  25. gpu/
  26. headless/
  27. infra/
  28. ios/
  29. ipc/
  30. media/
  31. mojo/
  32. native_client_sdk/
  33. net/
  34. pdf/
  35. ppapi/
  36. printing/
  37. remoting/
  38. rlz/
  39. sandbox/
  40. services/
  41. skia/
  42. sql/
  43. storage/
  44. styleguide/
  45. testing/
  46. third_party/
  47. tools/
  48. ui/
  49. url/
  50. webkit/
  51. clank
  52. internal
  53. ios_internal
  54. native_client
  55. signing_keys
  56. v8
  57. .clang-format
  58. .clang-tidy
  59. .clangd
  60. .eslintrc.js
  61. .git-blame-ignore-revs
  62. .gitallowed
  63. .gitattributes
  64. .gitignore
  65. .gitmodules
  66. .gn
  67. .mailmap
  68. .rustfmt.toml
  69. .vpython3
  70. .yapfignore
  71. ATL_OWNERS
  72. AUTHORS
  73. BUILD.gn
  74. CODE_OF_CONDUCT.md
  75. codereview.settings
  76. CPPLINT.cfg
  77. DEPS
  78. DIR_METADATA
  79. LICENSE
  80. LICENSE.chromium_os
  81. OWNERS
  82. PRESUBMIT.py
  83. PRESUBMIT_test.py
  84. PRESUBMIT_test_mocks.py
  85. README.md
  86. WATCHLISTS
README.md

Logo Chromium

Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.

The project's web site is https://www.chromium.org.

To check out the source code locally, don't use git clone! Instead, follow the instructions on how to get the code.

Documentation in the source is rooted in docs/README.md.

Learn how to Get Around the Chromium Source Code Directory Structure.

For historical reasons, there are some small top level directories. Now the guidance is that new top level directories are for product (e.g. Chrome, Android WebView, Ash). Even if these products have multiple executables, the code should be in subdirectories of the product.

If you found a bug, please file it at https://crbug.com/new.