diff options
author | Michael Brüning <michael.bruning@qt.io> | 2018-10-26 16:06:06 +0200 |
---|---|---|
committer | Michael Brüning <michael.bruning@qt.io> | 2018-11-02 17:17:20 +0000 |
commit | 8a39f81276fe83e66bd0955cefadd620c591c3fb (patch) | |
tree | 74a8ce943b90e0db54472ebdd3f47aafa1a351e6 | |
parent | ccb8f3ea6e7cf277d6067a8804eec94f85beabd4 (diff) |
[Backport] Fix for CVE-2018-17476
If a dialog is shown, drop fullscreen.
BUG=875066, 817809, 792876, 812769, 813815
TEST=included
This cherry-picks the part that is applicable to Qt WebEngine
Reviewed-on: https://chromium-review.googlesource.com/1185208
Reviewed-by: Sidney San Martín <sdy@chromium.org>
Commit-Queue: Avi Drissman <avi@chromium.org>
Change-Id: I525506d427f8d8db7be6d27562757dbe9653884d
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
3 files changed, 23 insertions, 0 deletions
diff --git a/chromium/content/browser/web_contents/web_contents_impl.cc b/chromium/content/browser/web_contents/web_contents_impl.cc index 05a6efa2535..741c7af2563 100644 --- a/chromium/content/browser/web_contents/web_contents_impl.cc +++ b/chromium/content/browser/web_contents/web_contents_impl.cc @@ -4751,6 +4751,10 @@ void WebContentsImpl::RunBeforeUnloadConfirm( void WebContentsImpl::RunFileChooser(RenderFrameHost* render_frame_host, const FileChooserParams& params) { + // Any explicit focusing of another window while this WebContents is in + // fullscreen can be used to confuse the user, so drop fullscreen. + ForSecurityDropFullscreen(); + if (delegate_) delegate_->RunFileChooser(render_frame_host, params); } diff --git a/chromium/content/browser/web_contents/web_contents_impl.h b/chromium/content/browser/web_contents/web_contents_impl.h index a22ae338156..8a1bf2db1d5 100644 --- a/chromium/content/browser/web_contents/web_contents_impl.h +++ b/chromium/content/browser/web_contents/web_contents_impl.h @@ -967,6 +967,8 @@ class CONTENT_EXPORT WebContentsImpl : public WebContents, FRIEND_TEST_ALL_PREFIXES(WebContentsImplBrowserTest, DialogsFromJavaScriptEndFullscreenEvenInInnerWC); FRIEND_TEST_ALL_PREFIXES(WebContentsImplBrowserTest, + FileChooserEndsFullscreen); + FRIEND_TEST_ALL_PREFIXES(WebContentsImplBrowserTest, PopupsFromJavaScriptEndFullscreen); FRIEND_TEST_ALL_PREFIXES(WebContentsImplBrowserTest, FocusFromJavaScriptEndsFullscreen); diff --git a/chromium/content/browser/web_contents/web_contents_impl_browsertest.cc b/chromium/content/browser/web_contents/web_contents_impl_browsertest.cc index be1c7378a03..98f1185a0ff 100644 --- a/chromium/content/browser/web_contents/web_contents_impl_browsertest.cc +++ b/chromium/content/browser/web_contents/web_contents_impl_browsertest.cc @@ -1644,6 +1644,23 @@ IN_PROC_BROWSER_TEST_F(WebContentsImplBrowserTest, top_contents->SetJavaScriptDialogManagerForTesting(nullptr); } +IN_PROC_BROWSER_TEST_F(WebContentsImplBrowserTest, FileChooserEndsFullscreen) { + WebContentsImpl* wc = static_cast<WebContentsImpl*>(shell()->web_contents()); + TestWCDelegateForDialogsAndFullscreen test_delegate; + wc->SetDelegate(&test_delegate); + + GURL url("about:blank"); + EXPECT_TRUE(NavigateToURL(shell(), url)); + + wc->EnterFullscreenMode(url, blink::WebFullscreenOptions()); + EXPECT_TRUE(wc->IsFullscreenForCurrentTab()); + wc->RunFileChooser(wc->GetMainFrame(), FileChooserParams()); + EXPECT_FALSE(wc->IsFullscreenForCurrentTab()); + + wc->SetDelegate(nullptr); + wc->SetJavaScriptDialogManagerForTesting(nullptr); +} + IN_PROC_BROWSER_TEST_F(WebContentsImplBrowserTest, PopupsFromJavaScriptEndFullscreen) { WebContentsImpl* wc = static_cast<WebContentsImpl*>(shell()->web_contents()); |