| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|
|
|
|
|
|
|
|
|
| |
Don't throw away bits when computing Blink heap magic.
Bug: 860721
Reviewed-on: https://chromium-review.googlesource.com/1132082
Change-Id: I69e6947e3706d17c282933385a09447996d5bd89
Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix a use-after-free in PermissionContextBase
Currently we assume that there will only be at most one of each
PermissionType in a call to PermissionServiceImpl::RequestPermissions.
However we never actually verify this and if it turns out to be true, it
triggers a use-after-free in PermissionContextBase. Verify that this is
the case otherwise call ReceivedBadMessage.
Bug: 839197
Reviewed-on: https://chromium-review.googlesource.com/1053333
Change-Id: Iad5e4b104bbed7caa927c131332bb51898816616
Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
[PATCH] Fix 2 nullptr dereferences in permissions code
This fixes 2 nullptr dereferences. The first arises because we don't
sanity check the permission type received in the PermissionService. We
don't expect to receive protected media requests on non-android
platforms so a check is added for that.
The second is because the default implementation of ResetPermission in
PermissionContextBase won't work for content settings types which don't
have a registered ContentSettingsType. We add a check for that case
before resetting the permission.
Bug: 839194, 839221
Change-Id: Ic789831511c532759efc95f53796ef5dd3fa1f41
Reviewed-on: https://chromium-review.googlesource.com/1045962
Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Merge "custom-element: Do not crash by Get(NewTarget, "prototype") failure." to M68 branch
https://html.spec.whatwg.org/multipage/dom.html#html-element-constructors
> 7. Let prototype be Get(NewTarget, "prototype"). Rethrow any exceptions.
As the specification says, we should rethrow. Removing a v8::TryCatch
instance in V8HTMLConstructor::HtmlConstructor() works as "rethrow".
Bug: 854887
Reviewed-on: https://chromium-review.googlesource.com/1124129
Reviewed-on: https://chromium-review.googlesource.com/1130576
Change-Id: Ie77032fb411b1598ffac2be46af208bae928b37c
Reviewed-by: Kai Koehne <kai.koehne@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix DCHECK in WebFormElementObserverImpl
The WebFormElementObserverImpl made an incorrect but also totally unnecessary
cast of a Node to an HTMLElement. This edge case was discovered by the fuzzer
where a form was inside an <svg> element, whose style attribute was changed,
but which could not be casted to HTMLElement.
TBR=battre@chromium.org
(cherry picked from commit 5ce8880baa741c8e31cfd47ede17490128590488)
Bug: 861571
Reviewed-on: https://chromium-review.googlesource.com/1128973
Reviewed-on: https://chromium-review.googlesource.com/1131939
Change-Id: I1be2a961833fff0e222f65051fe4fe1e6ce01981
Reviewed-by: Kai Koehne <kai.koehne@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Redirect should not circumvent same-origin restrictions
Check whether we have access to the audio data when the format is set.
At this point we have enough information to determine this. The old approach
based on when the src was changed was incorrect because at the point, we
only know the new src; none of the response headers have been read yet.
This new approach also removes the incorrect message reported in 619114.
Bug: 826552, 619114
Reviewed-on: https://chromium-review.googlesource.com/1069540
Reviewed-on: https://chromium-review.googlesource.com/1089070
Change-Id: Ia66183d16ccab656df64d1e3dd2fad8bc0ef623d
Reviewed-by: Kai Koehne <kai.koehne@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix timing allow check algorithm for service workers
This CL uses the OriginalURLViaServiceWorker() in the timing allow check
algorithm if the response WasFetchedViaServiceWorker(). This way, if a
service worker changes a same origin request to become cross origin,
then the timing allow check algorithm will still fail.
resource-timing-worker.js is changed so it avoids an empty Response,
which is an odd case in terms of same origin checks.
Bug: 837275
Reviewed-on: https://chromium-review.googlesource.com/1038229
Cr-Commit-Position: refs/heads/master@{#555476}
Change-Id: Ia3039b4d3bf3749b16b8eb34e219e0cd3f578e45
Reviewed-by: Kai Koehne <kai.koehne@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
| |
fix incorrect TexImage3D params w/ UNPACK_IMAGE_HEIGHT
Bug: 804123
Test: http://github.com/KhronosGroup/WebGL/pull/2646
Reviewed-on: https://chromium-review.googlesource.com/1053573
Change-Id: I6f55586e8b275ebd48bbfdfb95223b01dd4006be
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
|
|
|
|
|
|
|
|
|
| |
M68: Disallow access to opaque CSS responses.
Bug: 848786
Reviewed-on: https://chromium-review.googlesource.com/1088335
Change-Id: Ic2bf8cfc9f21322cc7383b1dc2893222a79c80f3
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
|
|
|
|
|
|
|
|
|
|
| |
Chromium may optionally be built against libxml installed on the
system. The system libxml commonly has XML catalog support enabled.
Disable it by calling xmlCatalogSetDefaults(XML_CATA_ALLOW_NONE).
Bug: https://bugs.gentoo.org/653078
Reviewed-on: https://chromium-review.googlesource.com/1103710
Change-Id: I0a05de6b5bc46ace431960960ed43500054f29f1
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
| |
The real maximum deeper in Chromium is (1<<29), but better not
push the limit too much.
Task-number: QTBUG-69904
Change-Id: Ie44d444471678cf8281ef7c6fc75fbad0eb8b8bc
Reviewed-by: Jüri Valdmann <juri.valdmann@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add Lao/Thai spoofable entries
U+0E1E (พ) => w
U+0E9E (ພ) => w
U+0E9F (ຟ) => w
U+0EA3 (ຣ) => s
U+0EAE (ຮ) => s
U+0E1A (บ) => u
U+0E9A (ບ) => u
Note that U+0E1F(ฟ) and U+0E23 (ร) were added a while ago.
BUG=833143
Reviewed-on: https://chromium-review.googlesource.com/1058710
Change-Id: Ie9bb595b3a8ae0614fbf38353d62a9b806e9e91c
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add confusability mapping entries for Myanmar and Georgian
U+10D5 (ვ), U+1012 (ဒ) => 3
TBR=meacer@chromium.org
(cherry picked from commit d616695bd68610e75b90d734d72d42534bf01b82)
Bug: 847242, 849398
Reviewed-on: https://chromium-review.googlesource.com/1108380
Change-Id: I480fa3515e77980c7594ea8ac6a92760f67a09f2
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
|
|
|
|
|
|
|
|
|
|
| |
Merge to M68: Preserve renderer-initiated bit when reloading in a new process.
BUG=847718
TEST=See bug for repro steps.
Reviewed-on: https://chromium-review.googlesource.com/1080235
Change-Id: I70ce43713560df9336ea0124fa9db684da3c7c4c
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
defeat cors attacks on audio/video tags
Neutralize error messages and fire no progress events
until media metadata has been loaded for media loaded
from cross-origin locations.
Bug: 828265, 826187
Reviewed-on: https://chromium-review.googlesource.com/1015794
Change-Id: Ie8064f04c606f11bfa88a72b1d5ef82a84bdd409
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
[Fetch API] Fix redirect leak on "no-cors" requests
The spec issue is now fixed, and this CL follows the spec change[1].
1: https://github.com/whatwg/fetch/commit/14858d3e9402285a7ff3b5e47a22896ff3adc95d
Bug: 791324
Reviewed-on: https://chromium-review.googlesource.com/1023613
Change-Id: I4ed948591697e1dc9cff91d82333a49d8ec0c1a2
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Reject SRI blindly when response is ineligible for validation
We should reject SRI blindly when the response is not eligible for
integrity validation. The logic is correctly implemented in
ResourceLoader but not in FetchManager.
Bug: 812667
Reviewed-on: https://chromium-review.googlesource.com/948229
Change-Id: I03ca32c15565cda36a87c38e171c56592a27f848
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
|
|
|
|
|
|
|
|
|
| |
Always mark content downloaded by devtools delegate as potentially dangerous
Bug: 805445
Reviewed-on: https://chromium-review.googlesource.com/894782
Change-Id: I1e1a081a7a786d69d1fedb9be01c1412615ab6b2
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a few more confusability mapping entries
U+0153(œ) => ce
U+00E6(æ), U+04D5 (ӕ) => ae
U+0499(ҙ) => 3
U+0525(ԥ) => n
Bug: 835554, 826019, 836885
Reviewed-on: https://chromium-review.googlesource.com/1055894
Change-Id: I0cc9868979db96dfe6272c20628e839d13946fe7
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
VP8: Fix use-after-free in postproc.
The pointer in vp8 postproc refers to show_frame_mi which is only
updated on show frame. However, when there is a no-show frame which also
changes the size (thus new frame buffers allocated), show_frame_mi is
not updated with new frame buffer memory.
Change the pointer in postproc to mi which is always updated.
Bug: 842265
Reviewed-on: https://chromium-review.googlesource.com/1099764
Change-Id: I33874f2112b39f74562cba528432b5f239e6a7bd
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
|
|
|
|
|
|
|
|
|
|
|
| |
Bug: chromium:840536
Change-Id: Ia4dcf322ad6290691fd01b58fb02cd868714c92e
Reviewed-on: https://webrtc-review.googlesource.com/77121
Commit-Queue: Philip Eliasson <philipel@webrtc.org>
Reviewed-by: Stefan Holmer <stefan@webrtc.org>
Reviewed-by: Rasmus Brandt <brandtr@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#23283}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
| |
Bug: chromium:841962
Change-Id: I5ef0341a5fffe6b6204f5b2edbaec2d389a56964
Reviewed-on: https://webrtc-review.googlesource.com/77420
Commit-Queue: Ying Wang <yinwa@webrtc.org>
Reviewed-by: Rasmus Brandt <brandtr@webrtc.org>
Reviewed-by: Danil Chapovalov <danilchap@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#23341}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A few entry points were missing the correct validation.
Tested with improved conformance tests in
https://github.com/KhronosGroup/WebGL/pull/2654 .
Bug: 848914
Cq-Include-Trybots: luci.chromium.try:android_optional_gpu_tests_rel;luci.chromium.try:linux_optional_gpu_tests_rel;luci.chromium.try:mac_optional_gpu_tests_rel;luci.chromium.try:win_optional_gpu_tests_rel
Change-Id: Ib98a61cc5bf378d1b3338b04acd7e1bc4c2fe008
Reviewed-on: https://chromium-review.googlesource.com/1086718
Reviewed-by: Kai Ninomiya <kainino@chromium.org>
Reviewed-by: Antoine Labour <piman@chromium.org>
Commit-Queue: Kenneth Russell <kbr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#565016}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Generate INVALID_VALUE if the ID has either never been generated by
this context, or if it's already been deleted.
Bug: 848914
Cq-Include-Trybots: luci.chromium.try:android_optional_gpu_tests_rel;luci.chromium.try:linux_optional_gpu_tests_rel;luci.chromium.try:mac_optional_gpu_tests_rel;luci.chromium.try:win_optional_gpu_tests_rel
Change-Id: I203bc71ae36e3339326c2912bbfe21853d08176c
Reviewed-on: https://chromium-review.googlesource.com/1086365
Commit-Queue: Kenneth Russell <kbr@chromium.org>
Reviewed-by: Antoine Labour <piman@chromium.org>
Cr-Commit-Position: refs/heads/master@{#564396}
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
| |
Bug: 850350
Change-Id: Iac04fc62e69f51b68c5fc7f55ac1be930133cc74
Reviewed-on: https://skia-review.googlesource.com/136597
Reviewed-by: Mike Reed <reed@google.com>
Commit-Queue: Mike Reed <reed@google.com>
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
No-Tree-Checks: true
No-Try: true
No-Presubmit: true
Bug: 850350
Change-Id: If1f8efdb02782d520195a6b66bd159628c89f811
Reviewed-On: https://skia-review.googlesource.com/137220
Reviewed-By: Kevin Lubick <kjlubick@google.com>
Auto-Submit: Mike Reed <reed@google.com>
Commit-Queue: Mike Reed <reed@google.com>
Reviewed-on: https://skia-review.googlesource.com/141826
Reviewed-by: Mike Reed <reed@google.com>
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On Windows MSVC2017 32bit release builds of WebEngine, printing to
a QPrinter instance only printed partial page content.
This ended up being a compiler / optimizer bug triggered in the
FX_atof function in
src/3rdparty/chromium/third_party/pdfium/core/fxcrt/fx_string.cpp
which resulted in returning float numbers without any digits past
the decimal point. Because of that, many size / offset calcuations
were wrong.
The fix is to remove a redundant 'strc[cc] == "."' check, which is
implcitly present in a previous if condition. This in turn stops
the compiler from generating incorrect code, and thus parsing
the digits past the decimal point.
Task-number: QTBUG-69639
Change-Id: I7908318b6e7ca58e81d951af784ed8dcd901e12c
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
| |
Amends db81dc68
Change-Id: Ib4bd2b43e35e2417ca0a8a12c874ae5477bef2c6
Reviewed-by: Alexandru Croitor <alexandru.croitor@qt.io>
|
|
|
|
|
|
|
|
|
|
|
| |
AV_INPUT_BUFFER_PADDING_SIZE has been increased to 64 in FFmpeg:
https://github.com/FFmpeg/FFmpeg/commit/6e80079a2840ee407c5d126030eb106
BUG=777484
Reviewed-on: https://chromium-review.googlesource.com/889686
Change-Id: Ia4c125fe22543592439057742bbb21a13adc750e
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On Windows when using ANGLE (thus implicitly using kDisableGpu switch)
you get a bunch of errors that aren't really relevant. Like:
ERROR:gpu_process_host.cc(473)]
!GpuDataManagerImpl::GpuProcessStartAllowed()
ERROR:gpu_process_transport_factory.cc(1017)]
Lost UI shared context.
Reduce the message level to warnings, and switch to DLOG.
Task-number: QTBUG-69491
Change-Id: I7f92f8e84147d75af00c23b5316ef60927eed44b
Reviewed-by: Joerg Bornemann <joerg.bornemann@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Chromium always gives permission to create an in-process GPU thread
when using --single-process mode, despite having passed --disable-gpu
switch (for example in ANGLE case).
Remove the condition that gave special treatment to --single-process
mode in disable-gpu mode.
Task-number: QTBUG-69491
Change-Id: I8c7edfe38b9c1716cd226b1e0aac8cc5b99d9c78
Reviewed-by: Joerg Bornemann <joerg.bornemann@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The check for cpu.family() == 15 will also trigger for newer
ThreadRipper CPU's, resulting in a DCHECK on debug builds and
potentially suboptimal behavior in release builds. To fix this,
the check would have to take the extFamily() and maybe model()
into account, but I couldn't find the correct values for the
AMD K2 CPU's anywhere.
Anyhow, it is unclear whether newer Windows versions are still
affected by the original problem. The commit that introduced the
original check - https://codereview.chromium.org/4092 - is more
than 9 years old. There are hints that the underlying issue got
fixed in Windows XP SP2 and/or Windows 7. Hence this patch just
removes the check.
See https://chromium-review.googlesource.com/c/chromium/src/+/1138241
for the proposed upstream change.
Task-number: QTBUG-67801
Change-Id: Ie101d14996c32a99ce842f4fb3d5121790a3c35e
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
| |
This fixes the build for shadow builds from read-only sources.
Task-number: QTBUG-69121
Change-Id: Ia133c886d233b335e2f9f8e870449b07f331becd
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Merged: Reland "[csa] Ensure the requested allocation size fits in a Smi"
This is a reland of 515cc07d28879265d08ab540b570ebfda75f7322
Original change's description:
> [csa] Ensure the requested allocation size fits in a Smi
>
> In CSA::AllocateRaw, ensure that the given allocation size fits into a
> Smi.
Bug: chromium:848672
Reviewed-on: https://chromium-review.googlesource.com/1086828
Change-Id: If6841a27ab2217b04bc51cc573e77d596f10b0e6
Reviewed-by: Kai Koehne <kai.koehne@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
| |
When doing a shadow build on Windows, python module name_style_converter
cannot be imported due to long relative path.
As a workaround, relocate the name_style_converter.py to make it
accessible with shorter relative paths.
Task-number: QTBUG-68464
Change-Id: If733a447f9cb3985a09e28410fa284240ee5e553
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Remove the DCHECK for wait order number, and remove the spammy invalid
client wait logging.
R=piman
BUG=797137,824430
Reviewed-on: https://chromium-review.googlesource.com/969968
Change-Id: Ib5e885742a62bc13d4d7e18ea4c7cd674124df7b
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Revert "List markers should always get a layout when the list item does."
This reverts commit 7a22edaa3ae7ef77e5d2499062bbccf24f1f5f1c.
Reason for revert: Multiple regressions like 834628, 835371.
Original change's description:
> List markers should always get a layout when the list item does.
>
> A follow-on to https://chromium-review.googlesource.com/602352.
>
> Turns out it is safer to always update the list marker position after
> laying out a list item.
>
> Bug: 780927
> Change-Id: I09ef8e38bcb65a33593d8b6198f29dbd9dce26c7
> Reviewed-on: https://chromium-review.googlesource.com/753362
> Reviewed-by: Emil A Eklund <eae@chromium.org>
> Commit-Queue: Emil A Eklund <eae@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#513886}
TBR=atotic@chromium.org, eae@chromium.org, robhogan@gmail.com
(cherry picked from commit 362aefe984ef8c2b8f7f2a03b5c747365950e3e4)
Change-Id: Ia90dcbf2606dd45003c8eebb2891445cdce08f3f
Reviewed-on: https://chromium-review.googlesource.com/1036856
Commit-Queue: Aleks Totic <atotic@chromium.org>
Commit-Queue: Abhishek Arya <inferno@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1037763
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
|
|
|
|
|
|
|
|
|
|
| |
[M67 Merge] Fixed CSP directive value parsing accepted character range
Bug: 845961
Reviewed-on: https://chromium-review.googlesource.com/1071510
Change-Id: I5439f10c123b96057b9995dd7e8ad6672ba141f4
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
| |
Do not assume we were attached to OOPIF
Bug: 836511
Reviewed-on: https://chromium-review.googlesource.com/1048843
Change-Id: I25e007a5ab59ad2bb1f3a55a73ffbf496b53b957
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Provide double-byte terminator in Windows font variant name.
When parsing UTF16-LE, the default trailing "\0" from a single-byte
character literal isn't suffucient.
TBR=dsinclair@chromium.org
Bug: 835184
Reviewed-on: https://pdfium-review.googlesource.com/31191
Change-Id: If0979d3626e3162de31a5e2b18139c6494945938
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Enforce user gesture requirement on browser side for WebUI.
WebContentsImpl now tracks the last time it received an input event that
could be considered user interaction. When the browser process receives
a WebUI message that requires a user gesture, it checks the WebContents
hosting the WebUI to make sure that the user recently interacted with
it.
This also cleans up a few incidental bits of code:
- RenderWidgetHost no longer prefilters events before notifying the
delegate. This exposed some broken event filtering, tracked at
https://crbug.com/827659.
- Since the delegate method no longer prefilters input events,
RenderWidgetHostDelegate::OnUserInteraction() is now named
RenderWidgetHostDelegate::DidReceiveInputEvent().
Bug: 823864
Reviewed-on: https://chromium-review.googlesource.com/1028484
Change-Id: I50cb1d91751b3b84ca62031943d6531c0b2fba9f
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
[Merge 67][Blink Security Policy] Add origin access blacklists
Add an origin access blacklist that takes priority over the origin
access whitelist. If both the blacklist and the whitelist match an
origin, access is not granted.
This will allow us to specify a wildcard whitelist while maintaining
a list of exceptions which will be off-limits.
Add unittests for the same.
Bug: 826946
Reviewed-on: https://chromium-review.googlesource.com/1011241
--------------------------------------------------------------------
[Extensions] Force extensions XHR'ing the webstore to use CORS
Extensions are not allowed to inject scripts on the webstore, and
shouldn't be allowed to XHR it in a same-origin fashion. Instead, force
extension XHRs to the webstore to use CORS.
Bug: 826946
Reviewed-on: https://chromium-review.googlesource.com/1012520
Change-Id: I4bbdd9c036b6a77c93024a37cc9c165d71efffdb
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Properly handle the unknown module index in CallStackProfileMetricsProvider
Fixes an issue where the profile merging code did not retain the unknown
module state for frames that had it set.
Bug: 826193
Reviewed-on: https://chromium-review.googlesource.com/982543
Change-Id: I91616f7c5e82b4375a484ce607e8d2177ec09b08
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
| |
iSAC decoder: Don't read past the end of the buffer of encoded bytes
Bug: chromium:825524
Change-Id: I5a31b84f3ca9c439cf7f1958cd0390c76d0472bf
Reviewed-on: https://webrtc-review.googlesource.com/66361
Reviewed-by: Kai Koehne <kai.koehne@qt.io>
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
HTML parser: Fix "HTML integration point" implementation in HTMLTreeBuilderSimulator.
HTMLTreeBuilderSimulator assumed only <foreignObject> as an HTML
integration point. This CL adds <annotation-xml>, <desc>, and SVG
<title>.
Bug: 805924
Reviewed-on: https://chromium-review.googlesource.com/964038
Change-Id: If99f8fdeb9b2b594925f04491d004709d8f774ad
Reviewed-by: Kai Koehne <kai.koehne@qt.io>
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Off-by-one in CPDF_StreamParser::ParseNextElement()
Limit the token to 255 bytes + NUL. Also, shuffle fields in
cpdf_streamparser to allow memory tools to better check this
inline array.
Bug: 828049
Reviewed-on: https://pdfium-review.googlesource.com/29530
Change-Id: I7e28a59a2cec1f34e4bb118a4aee426f299b7834
Reviewed-by: Kai Koehne <kai.koehne@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Merged: [regexp] Do not assume fast regexp results are non-empty
This is a backmerge of
https://chromium-review.googlesource.com/c/v8/v8/+/1061455.
It is possible for user code to modify fast regexp result objects
before they are used e.g. by RegExp.p.match, so we may not make any
assumptions about their contents. The only exception is when the
RegExp itself is fast.
Bug: chromium:843022
Reviewed-on: https://chromium-review.googlesource.com/1065810
Change-Id: I335fbfef601af9aa48ba641619224c11e410912b
Reviewed-by: Kai Koehne <kai.koehne@qt.io>
|
|
|
|
|
|
|
|
|
|
| |
Merged: Do not throw if the array is empty in Map constructor
Bug: chromium:837939
Reviewed-on: https://chromium-review.googlesource.com/1034043
Change-Id: Ib7fde214c3edf7824fb38fd9a0f5bd92fc93acde
Reviewed-by: Kai Koehne <kai.koehne@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
[PaintWorklet] Do not paint when paint target is associated with a link
When the target element of a paint worklet has an associated link, then
the 'paint' function will be invoked when the link's href is changed
from a visited URL to an unvisited URL (or vice versa).
This CL changes the behavior by detecting whether the target element
of a paint worklet has an associated link or not. If it does, then don't
paint.
Bug: 835589
Reviewed-on: https://chromium-review.googlesource.com/1035524
Change-Id: I13d0f23c64eb8c27f1e7d8aba5a05f1b88f63214
Reviewed-by: Kai Koehne <kai.koehne@qt.io>
|
|
|
|
|
|
|
|
|
|
|
| |
Force a flush of drawing to the widget when a dialog is shown.
BUG=823353
TEST=as in bug
Reviewed-on: https://chromium-review.googlesource.com/971661
Change-Id: I83fae12fdb6e43cb3ad06f8484d552790f4831c6
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|