Fix handling of new window request

Fixes heap-use-after-free for WebContentsAdapter, which is replaced in
the case, when new window set to be opened and adopted by the same page,
which triggered this request: for example, when 'this' is returned by
'createWindow' override. Achieve this by scheduling 'deleteLater' on an
old adapter. This was already implemented that way for internal
'adoptWebContents', but was overlooked for page's 'createWindow' API. So
just unify handling logic. Also, adapt 'customUserAgentInNewTab' test,
since adopting existing WebContents from different profile is not
supposed to work, and now enforced by the check in 'adoptWebContents'.
Unfortunately, test should also be blacklisted, since it's appeared that
custom user agent is still not reliably set for newly created window.

Task-number: QTBUG-76249
Fixes: QTBUG-94772
Change-Id: Ic9dff33eae99cc242a294d45a92be96306cef93d
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
(cherry picked from commit e04d8c65b350146fc4458ded5576c4a07601d041)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>

1 files changed, 1 insertions, 1 deletions

diff --git a/src/core/api/qwebenginepage_p.h b/src/core/api/qwebenginepage_p.h
index b406382b9..4862763aa 100644
--- a/src/core/api/qwebenginepage_p.h
+++ b/src/core/api/qwebenginepage_p.h
@@ -197,7 +197,7 @@ public:
     void _q_webActionTriggered(bool checked);
 
     void createNewWindow(WindowOpenDisposition disposition, bool userGesture, const QUrl &targetUrl);
-    void adoptWebContents(QtWebEngineCore::WebContentsAdapter *webContents);
+    bool adoptWebContents(QtWebEngineCore::WebContentsAdapter *webContents);
     QtWebEngineCore::WebContentsAdapter *webContents() { return adapter.data(); }
     void recreateFromSerializedHistory(QDataStream &input);