commit | 631eee44d19571625528a44d0d4de7748df6a1b9 | [log] [tgz] |
---|---|---|
author | Ehsan Karamad <ekaramad@chromium.org> | Wed Sep 12 14:21:54 2018 |
committer | Commit Bot <commit-bot@chromium.org> | Wed Sep 12 14:21:54 2018 |
tree | 32eb4b4d3797f9e4cdc6995a0e5ac21d9fc157f6 | |
parent | 4d9714247f617bf9e1cf95f735148f5e598a9529 [diff] |
BadMessage for invalid plugin frame ID (Follow-up work to CL:1213369). Currently API in guest_view.mojom send two routing IDs to the browser: the embedder frame routing ID (the frame which adds an <embed>/<object>) and the plugin frame ID (the actual frame inside <embed>/<object>). This is to support both a frame-based MimeHandlerView (which only needs the plugin frame ID), and the BrowserPlugin-based version which uses the embedder frame ID. This CL adds a security check on the browser side to verify the reported routing IDs make sense, i.e., when they point to actual RFH we always observer the child and parent relationship. This of course is not the case in BP-based case where we expect the child routing ID to be invalid all the time. Bug: 659750 Change-Id: I92f1643303899054cdee36897e7a973a5a3b3d85 Reviewed-on: https://chromium-review.googlesource.com/1217704 Reviewed-by: Istiaque Ahmed <lazyboy@chromium.org> Reviewed-by: Ehsan Karamad <ekaramad@chromium.org> Reviewed-by: Alex Moshchuk <alexmos@chromium.org> Commit-Queue: Ehsan Karamad <ekaramad@chromium.org> Cr-Commit-Position: refs/heads/master@{#590668}
Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.
The project's web site is https://www.chromium.org.
Documentation in the source is rooted in docs/README.md.
Learn how to Get Around the Chromium Source Code Directory Structure .