[Backport] CVE-2023-2462: Inappropriate implementation in Prompts (10/10)108-based

Cherry-pick of patch originally reviewed on https://chromium-review.googlesource.com/c/chromium/src/+/4337726: hid: Handle opaque top level origin in addedEventListener In navigator.hid.addEventListener, throw an exception if the request is coming from a context whose top level frame has an opaque origin. Bug: 1375133 Change-Id: I43d3c59eb4715d5c1b970d6f466a256c580582d6 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4337726 Commit-Queue: Jack Hsieh <chengweih@chromium.org> Reviewed-by: Reilly Grant <reillyg@chromium.org> Cr-Commit-Position: refs/heads/main@{#1117306} Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/476784 Reviewed-by: Michal Klocek <michal.klocek@qt.io>
author: Jack Hsieh <chengweih@chromium.org> 2023-03-15 01:03:48 +0000
committer: Michael Brüning <michael.bruning@qt.io> 2023-05-15 11:36:43 +0000
commit: 34482ee5da826627131767d907800f6f4a2f0a36 (patch)
tree: 170c6b6ccef36c4b29942be9fc3b7569e427b572
parent: 80a4577e2a50dbc181204a4352a2488a9d1ec657 (diff)
download: qtwebengine-chromium-108-based.tar.gz
1 files changed, 25 insertions, 18 deletions
diff --git a/chromium/third_party/blink/renderer/modules/hid/hid.cc b/chromium/third_party/blink/renderer/modules/hid/hid.cc
index 92543c029fd..47a00ea42c5 100644
--- a/chromium/third_party/blink/renderer/modules/hid/hid.cc
+++ b/chromium/third_party/blink/renderer/modules/hid/hid.cc
@@ -37,10 +37,12 @@ const char kFeaturePolicyBlocked[] =
 // returns false to indicate the call should be allowed.
 bool ShouldBlockHidServiceCall(LocalDOMWindow* window,
                                ExecutionContext* context,
-                               ExceptionState& exception_state) {
+                               ExceptionState* exception_state) {
   if (!context) {
-    exception_state.ThrowDOMException(DOMExceptionCode::kNotSupportedError,
-                                      kContextGone);
+    if (exception_state) {
+      exception_state->ThrowDOMException(DOMExceptionCode::kNotSupportedError,
+                                         kContextGone);
+    }
     return true;
   }
 
@@ -52,18 +54,25 @@ bool ShouldBlockHidServiceCall(LocalDOMWindow* window,
       window
           ? window->GetFrame()->Top()->GetSecurityContext()->GetSecurityOrigin()
           : context->GetSecurityOrigin();
-
   if (security_origin->IsOpaque()) {
-    exception_state.ThrowSecurityError(
-        "Access to the WebHID API is denied from contexts where the top-level "
-        "document has an opaque origin.");
-  } else if (!context->IsFeatureEnabled(
-                 mojom::blink::PermissionsPolicyFeature::kHid,
-                 ReportOptions::kReportOnFailure)) {
-    exception_state.ThrowSecurityError(kFeaturePolicyBlocked);
+    if (exception_state) {
+      exception_state->ThrowSecurityError(
+          "Access to the WebHID API is denied from contexts where the "
+          "top-level "
+          "document has an opaque origin.");
+    }
+    return true;
   }
 
-  return exception_state.HadException();
+  if (!context->IsFeatureEnabled(mojom::blink::PermissionsPolicyFeature::kHid,
+                                 ReportOptions::kReportOnFailure)) {
+    if (exception_state) {
+      exception_state->ThrowSecurityError(kFeaturePolicyBlocked);
+    }
+    return true;
+  }
+
+  return false;
 }
 
 void RejectWithTypeError(const String& message,
@@ -124,10 +133,8 @@ void HID::AddedEventListener(const AtomicString& event_type,
     return;
   }
 
-  auto* context = GetExecutionContext();
-  if (!context ||
-      !context->IsFeatureEnabled(mojom::blink::PermissionsPolicyFeature::kHid,
-                                 ReportOptions::kDoNotReport)) {
+  if (ShouldBlockHidServiceCall(GetSupplementable()->DomWindow(),
+                                GetExecutionContext(), nullptr)) {
     return;
   }
 
@@ -163,7 +170,7 @@ void HID::DeviceChanged(device::mojom::blink::HidDeviceInfoPtr device_info) {
 ScriptPromise HID::getDevices(ScriptState* script_state,
                               ExceptionState& exception_state) {
   if (ShouldBlockHidServiceCall(GetSupplementable()->DomWindow(),
-                                GetExecutionContext(), exception_state)) {
+                                GetExecutionContext(), &exception_state)) {
     return ScriptPromise();
   }
 
@@ -189,7 +196,7 @@ ScriptPromise HID::requestDevice(ScriptState* script_state,
   }
 
   if (ShouldBlockHidServiceCall(window, GetExecutionContext(),
-                                exception_state)) {
+                                &exception_state)) {
     return ScriptPromise();
   }
author	Jack Hsieh <chengweih@chromium.org>	2023-03-15 01:03:48 +0000
committer	Michael Brüning <michael.bruning@qt.io>	2023-05-15 11:36:43 +0000
commit	34482ee5da826627131767d907800f6f4a2f0a36 (patch)
tree	170c6b6ccef36c4b29942be9fc3b7569e427b572
parent	80a4577e2a50dbc181204a4352a2488a9d1ec657 (diff)
download	qtwebengine-chromium-108-based.tar.gz