diff options
author | Yutaka Hirano <yhirano@chromium.org> | 2019-10-16 02:46:11 +0000 |
---|---|---|
committer | Michal Klocek <michal.klocek@qt.io> | 2019-11-27 21:10:38 +0000 |
commit | 105f1e578c3e8f3dd1e3aed9e65794efdd46c647 (patch) | |
tree | ea86c66bcc5d703defb87105bf0fc7dcb7e23592 | |
parent | ee18fd483a7691eb701ce0c3808d131e56954f06 (diff) | |
download | qtwebengine-chromium-105f1e578c3e8f3dd1e3aed9e65794efdd46c647.tar.gz |
[Backport] Security bug 961614 6/8
Use context document's ResourceFetcher in FrameSerializer
This is a follow up change for
https://crrev.com/8ee3f7e6d3a79b15824b6e286eb71c0a96c4d879. See its CL
description for details.
Bug: 961614, 1006292
Change-Id: I6ba370b65697298b5680d1081f0de3332bfa1e55
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
-rw-r--r-- | chromium/third_party/blink/renderer/core/frame/frame_serializer.cc | 16 |
1 files changed, 15 insertions, 1 deletions
diff --git a/chromium/third_party/blink/renderer/core/frame/frame_serializer.cc b/chromium/third_party/blink/renderer/core/frame/frame_serializer.cc index 69df9b1c301..f49406d65b6 100644 --- a/chromium/third_party/blink/renderer/core/frame/frame_serializer.cc +++ b/chromium/third_party/blink/renderer/core/frame/frame_serializer.cc @@ -30,6 +30,8 @@ #include "third_party/blink/renderer/core/frame/frame_serializer.h" +#include "base/feature_list.h" +#include "third_party/blink/public/common/features.h" #include "third_party/blink/renderer/core/css/css_font_face_rule.h" #include "third_party/blink/renderer/core/css/css_font_face_src_value.h" #include "third_party/blink/renderer/core/css/css_image_value.h" @@ -631,7 +633,19 @@ void FrameSerializer::RetrieveResourcesForCSSValue(const CSSValue& css_value, if (font_face_src_value->IsLocal()) return; - AddFontToResources(font_face_src_value->Fetch(&document, nullptr)); + if (base::FeatureList::IsEnabled( + features::kHtmlImportsRequestInitiatorLock)) { + if (Document* context_document = document.ContextDocument()) { + // For @imports from HTML imported Documents, we use the + // context document for getting origin and ResourceFetcher to use the + // main Document's origin, while using the element document for + // CompleteURL() to use imported Documents' base URLs. + AddFontToResources( + font_face_src_value->Fetch(context_document, nullptr)); + } + } else { + AddFontToResources(font_face_src_value->Fetch(&document, nullptr)); + } } else if (const auto* css_value_list = DynamicTo<CSSValueList>(css_value)) { for (unsigned i = 0; i < css_value_list->length(); i++) RetrieveResourcesForCSSValue(css_value_list->Item(i), document); |