1 files changed, 4 insertions, 0 deletions

diff --git a/src/3rdparty/webkit/WebCore/svg/SVGForeignObjectElement.cpp b/src/3rdparty/webkit/WebCore/svg/SVGForeignObjectElement.cpp
index d28e2a4363..e7b538923b 100644
--- a/src/3rdparty/webkit/WebCore/svg/SVGForeignObjectElement.cpp
+++ b/src/3rdparty/webkit/WebCore/svg/SVGForeignObjectElement.cpp
@@ -125,6 +125,10 @@ RenderObject* SVGForeignObjectElement::createRenderer(RenderArena* arena, Render
 
 bool SVGForeignObjectElement::childShouldCreateRenderer(Node* child) const
 {
+    // Disallow arbitary SVG content. Only allow proper <svg xmlns="svgNS"> subdocuments.
+    if (child->isSVGElement())
+        return child->hasTagName(SVGNames::svgTag);
+
     // Skip over SVG rules which disallow non-SVG kids
     return StyledElement::childShouldCreateRenderer(child);
 }