diff options
Diffstat (limited to 'chromium/third_party/WebKit/Source/core/frame/LocalFrame.cpp')
-rw-r--r-- | chromium/third_party/WebKit/Source/core/frame/LocalFrame.cpp | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/chromium/third_party/WebKit/Source/core/frame/LocalFrame.cpp b/chromium/third_party/WebKit/Source/core/frame/LocalFrame.cpp index 198244acb3e..5c0824f0e11 100644 --- a/chromium/third_party/WebKit/Source/core/frame/LocalFrame.cpp +++ b/chromium/third_party/WebKit/Source/core/frame/LocalFrame.cpp @@ -746,12 +746,24 @@ EphemeralRange LocalFrame::RangeForPoint(const IntPoint& frame_point) { return EphemeralRange(); } -bool LocalFrame::ShouldReuseDefaultView(const KURL& url) const { +bool LocalFrame::ShouldReuseDefaultView( + const KURL& url, + const ContentSecurityPolicy* csp) const { // Secure transitions can only happen when navigating from the initial empty // document. if (!Loader().StateMachine()->IsDisplayingInitialEmptyDocument()) return false; + // The Window object should only be re-used if it is same-origin. + // Since sandboxing turns the origin into an opaque origin it needs to also + // be considered when deciding whether to reuse it. + // Spec: + // https://html.spec.whatwg.org/multipage/browsing-the-web.html#initialise-the-document-object + if (csp && + SecurityContext::IsSandboxed(kSandboxOrigin, csp->GetSandboxMask())) { + return false; + } + return GetDocument()->IsSecureTransitionTo(url); } |