| commit | ae8f11835044c59587af75354ddec801d9de6a58 | [log] [tgz] |
|---|---|---|
| author | Tsuyoshi Horo <horo@chromium.org> | Thu Feb 17 04:54:24 2022 |
| committer | Chromium LUCI CQ <chromium-scoped@luci-project-accounts.iam.gserviceaccount.com> | Thu Feb 17 04:54:24 2022 |
| tree | 9b1c2b47aff34b8d8d093fd212b17c9353fc5bcc | |
| parent | 996ee41e460cc55b9c7eabe47175eb8c0cc707f7 [diff] |
Fenced Frames: Check and set sandbox flags This CL do the following things: 1. Limit fenced frame creation in sandboxed frames. Sandboxed frames without allow-same-origin (kOrigin), allow-forms (kForms), allow-scripts (kScripts, kAutomaticFeatures), allow-popups (kPopups), allow-popups-to-escape-sandbox (kPropagatesToAuxiliaryBrowsingContexts), allow-top-navigation-by-user-activation (kTopNavigationByUserActivation) will not be able to create fenced frames. This checks is done at HTMLFencedFrameElement:: FencedFrameDelegate::Create() in the renderer process, and at RenderFrameHostImpl::CreateFencedFrame() and CreateChildFrame() in the browser process with ReceivedBadMessage() call. Tests in sandbox-mandatory-flags.https.html checks this behavior. 2. Block the features of the following flags in fenced frame trees: kPlugins, kPointerLock, kDocumentDomain, kOrientationLock, kModals, kPresentationController, kDownloads, kStorageAccessByUserActivation, kTopNavigation, kNavigation. This logic is implemented by setting the sandbox flag at the constructor of NavigationRequest. Tests in sandboxed-features.https.html check the sandboxed features in a fenced frame. The tests in pointer-lock.https.html and window-prompt.https.html are moved to sandboxed-features.https.html. 3. Change CanNavigateHelper() local_frame.cc to disallow the root fenced frame navigations by the descendant frames. 4. Add simulateGesture() in navigate-ancestor-helper.html to make the top navigation inside nested iframe in a fenced frame work. This affects both shadowDOM and MPArch based fenced frames. Design Doc: https://docs.google.com/document/d/1RO4NkQk_XaEE7vuysM9LJilZYsoOhydfh93sOvrPQxU/edit?usp=sharing Bug: 1277405, 1276004 Change-Id: I693e476e317afdbf090567df83c768dd6d0053e7 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3308619 Reviewed-by: Dominic Farolino <dom@chromium.org> Reviewed-by: Lei Zhang <thestig@chromium.org> Reviewed-by: Kentaro Hara <haraken@chromium.org> Reviewed-by: Arthur Sonzogni <arthursonzogni@chromium.org> Reviewed-by: Shivani Sharma <shivanisha@chromium.org> Reviewed-by: Kouhei Ueno <kouhei@chromium.org> Commit-Queue: Tsuyoshi Horo <horo@chromium.org> Cr-Commit-Position: refs/heads/main@{#972294}
ChromiumChromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.
The project's web site is https://www.chromium.org.
To check out the source code locally, don't use git clone! Instead, follow the instructions on how to get the code.
Documentation in the source is rooted in docs/README.md.
Learn how to Get Around the Chromium Source Code Directory Structure .
For historical reasons, there are some small top level directories. Now the guidance is that new top level directories are for product (e.g. Chrome, Android WebView, Ash). Even if these products have multiple executables, the code should be in subdirectories of the product.
If you found a bug, please file it at https://crbug.com/new.