[Backport] Resource Timing: Do not report subsequent navigations within subframes

We only want to record resource timing for the load that was initiated by parent document. We filter out subsequent navigations for <iframe>, but we should do it for other types of subframes too. TBR=japhet@chromium.org Bug: 780312 Reviewed-on: https://chromium-review.googlesource.com/750487 Reviewed-on: https://chromium-review.googlesource.com/753205 (CVE-2017-780312) Change-Id: I0da5e29204783f458b098d8425fcf5f88b777c38 Reviewed-by: Michael Brüning <michael.bruning@qt.io>
author: Allan Sandfeld Jensen <allan.jensen@qt.io> 2018-01-03 13:55:01 +0100
committer: Allan Sandfeld Jensen <allan.jensen@qt.io> 2018-01-04 12:43:41 +0000
commit: d0e7830edb0f53efdc64b9b1d04648150ed29e88 (patch)
tree: 01607e634fe2cdda7c94a4b97b17db33dc130aaa
parent: 741f3965b46a64e8e733c0ee4c3ec4913825bb5b (diff)
download: qtwebengine-chromium-d0e7830edb0f53efdc64b9b1d04648150ed29e88.tar.gz
4 files changed, 5 insertions, 11 deletions
diff --git a/chromium/third_party/WebKit/Source/core/html/HTMLFrameOwnerElement.cpp b/chromium/third_party/WebKit/Source/core/html/HTMLFrameOwnerElement.cpp
index c5bcbe991d3..5b5fc6becb6 100644
--- a/chromium/third_party/WebKit/Source/core/html/HTMLFrameOwnerElement.cpp
+++ b/chromium/third_party/WebKit/Source/core/html/HTMLFrameOwnerElement.cpp
@@ -81,7 +81,8 @@ HTMLFrameOwnerElement::HTMLFrameOwnerElement(const QualifiedName& tag_name,
     : HTMLElement(tag_name, document),
       content_frame_(nullptr),
       embedded_content_view_(nullptr),
-      sandbox_flags_(kSandboxNone) {}
+      sandbox_flags_(kSandboxNone),
+      did_load_non_empty_document_(false) {}
 
 LayoutEmbeddedContent* HTMLFrameOwnerElement::GetLayoutEmbeddedContent() const {
   // HTMLObjectElement and HTMLEmbedElement may return arbitrary layoutObjects
diff --git a/chromium/third_party/WebKit/Source/core/html/HTMLFrameOwnerElement.h b/chromium/third_party/WebKit/Source/core/html/HTMLFrameOwnerElement.h
index 5ea9eb8a24d..f1faf7271f9 100644
--- a/chromium/third_party/WebKit/Source/core/html/HTMLFrameOwnerElement.h
+++ b/chromium/third_party/WebKit/Source/core/html/HTMLFrameOwnerElement.h
@@ -63,8 +63,8 @@ class CORE_EXPORT HTMLFrameOwnerElement : public HTMLElement,
 
   Document* getSVGDocument(ExceptionState&) const;
 
-  virtual bool LoadedNonEmptyDocument() const { return false; }
-  virtual void DidLoadNonEmptyDocument() {}
+  bool LoadedNonEmptyDocument() const { return did_load_non_empty_document_; }
+  void DidLoadNonEmptyDocument() { did_load_non_empty_document_ = true; }
 
   void SetEmbeddedContentView(EmbeddedContentView*);
   EmbeddedContentView* ReleaseEmbeddedContentView();
@@ -154,6 +154,7 @@ class CORE_EXPORT HTMLFrameOwnerElement : public HTMLElement,
   Member<Frame> content_frame_;
   Member<EmbeddedContentView> embedded_content_view_;
   SandboxFlags sandbox_flags_;
+  bool did_load_non_empty_document_;
 
   WebParsedFeaturePolicy container_policy_;
 };
diff --git a/chromium/third_party/WebKit/Source/core/html/HTMLIFrameElement.cpp b/chromium/third_party/WebKit/Source/core/html/HTMLIFrameElement.cpp
index 6aa3ab90b5e..755017b43b5 100644
--- a/chromium/third_party/WebKit/Source/core/html/HTMLIFrameElement.cpp
+++ b/chromium/third_party/WebKit/Source/core/html/HTMLIFrameElement.cpp
@@ -39,7 +39,6 @@ using namespace HTMLNames;
 
 inline HTMLIFrameElement::HTMLIFrameElement(Document& document)
     : HTMLFrameElementBase(iframeTag, document),
-      did_load_non_empty_document_(false),
       collapsed_by_client_(false),
       sandbox_(HTMLIFrameElementSandbox::Create(this)),
       allow_(HTMLIFrameElementAllow::Create(this)),
diff --git a/chromium/third_party/WebKit/Source/core/html/HTMLIFrameElement.h b/chromium/third_party/WebKit/Source/core/html/HTMLIFrameElement.h
index f49a4bff3b5..5ecf795d07c 100644
--- a/chromium/third_party/WebKit/Source/core/html/HTMLIFrameElement.h
+++ b/chromium/third_party/WebKit/Source/core/html/HTMLIFrameElement.h
@@ -67,12 +67,6 @@ class CORE_EXPORT HTMLIFrameElement final
   bool LayoutObjectIsNeeded(const ComputedStyle&) override;
   LayoutObject* CreateLayoutObject(const ComputedStyle&) override;
 
-  bool LoadedNonEmptyDocument() const override {
-    return did_load_non_empty_document_;
-  }
-  void DidLoadNonEmptyDocument() override {
-    did_load_non_empty_document_ = true;
-  }
   bool IsInteractiveContent() const override;
 
   ReferrerPolicy ReferrerPolicyAttribute() override;
@@ -87,7 +81,6 @@ class CORE_EXPORT HTMLIFrameElement final
 
   AtomicString name_;
   AtomicString csp_;
-  bool did_load_non_empty_document_;
   bool allow_fullscreen_;
   bool allow_payment_request_;
   bool collapsed_by_client_;
author	Allan Sandfeld Jensen <allan.jensen@qt.io>	2018-01-03 13:55:01 +0100
committer	Allan Sandfeld Jensen <allan.jensen@qt.io>	2018-01-04 12:43:41 +0000
commit	d0e7830edb0f53efdc64b9b1d04648150ed29e88 (patch)
tree	01607e634fe2cdda7c94a4b97b17db33dc130aaa
parent	741f3965b46a64e8e733c0ee4c3ec4913825bb5b (diff)
download	qtwebengine-chromium-d0e7830edb0f53efdc64b9b1d04648150ed29e88.tar.gz