diff options
author | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2018-09-06 14:06:53 +0200 |
---|---|---|
committer | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2018-09-14 15:24:27 +0000 |
commit | af4500d25e07e0931edcf0f497f9b0c7791a3318 (patch) | |
tree | 5152d3df5e6946e06b85c803491fb049f46b8bdb /chromium/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h | |
parent | 9ffeaf4caa98ede92afe9de3750a82acc70c42ac (diff) | |
download | qtwebengine-chromium-af4500d25e07e0931edcf0f497f9b0c7791a3318.tar.gz |
[Backport] CVE-2018-16077
Prevent sandboxed documents from reusing the default window
Bug: 377995
Change-Id: I5350c62072b46544331e40361b9d606d9e533ce3
Reviewed-on: https://chromium-review.googlesource.com/983558
Reviewed-by: Michael BrĂ¼ning <michael.bruning@qt.io>
Diffstat (limited to 'chromium/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h')
-rw-r--r-- | chromium/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/chromium/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h b/chromium/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h index c562bdfbc79..4da2f742a1e 100644 --- a/chromium/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h +++ b/chromium/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h @@ -446,6 +446,12 @@ class CORE_EXPORT ContentSecurityPolicy // Returns the 'wasm-eval' source is supported. bool SupportsWasmEval() const { return supports_wasm_eval_; } + // Retrieves the parsed sandbox flags. A lot of the time the execution + // context will be used for all sandbox checks but there are situations + // (before installing the document that this CSP will bind to) when + // there is no execution context to enforce the sandbox flags. + SandboxFlags GetSandboxMask() const { return sandbox_mask_; } + private: FRIEND_TEST_ALL_PREFIXES(ContentSecurityPolicyTest, NonceInline); FRIEND_TEST_ALL_PREFIXES(ContentSecurityPolicyTest, NonceSinglePolicy); |