diff options
author | Jack Hsieh <chengweih@chromium.org> | 2023-03-13 23:37:52 +0000 |
---|---|---|
committer | Michael BrĂ¼ning <michael.bruning@qt.io> | 2023-05-15 11:36:36 +0000 |
commit | 80a4577e2a50dbc181204a4352a2488a9d1ec657 (patch) | |
tree | 0707db03959d8eaf677a8408b332c4f5752802fa /chromium | |
parent | 799b46219664a8b3f005cadeb02076590f6dbcc2 (diff) | |
download | qtwebengine-chromium-80a4577e2a50dbc181204a4352a2488a9d1ec657.tar.gz |
[Backport] CVE-2023-2462: Inappropriate implementation in Prompts (9/10)
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/4313307:
serial: Handle opaque top level origin in addedEventListener
In navigator.serial.addEventListener, throw an exception if the request
is coming from a context whose top level frame has an opaque origin.
Bug: 1375133
Change-Id: Ie8ad8333b901f795f55658894551c73f755029c4
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4313307
Commit-Queue: Jack Hsieh <chengweih@chromium.org>
Reviewed-by: Reilly Grant <reillyg@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1116683}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/476783
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
Diffstat (limited to 'chromium')
-rw-r--r-- | chromium/third_party/blink/renderer/modules/serial/serial.cc | 31 |
1 files changed, 18 insertions, 13 deletions
diff --git a/chromium/third_party/blink/renderer/modules/serial/serial.cc b/chromium/third_party/blink/renderer/modules/serial/serial.cc index a6209a07ad3..049611155ae 100644 --- a/chromium/third_party/blink/renderer/modules/serial/serial.cc +++ b/chromium/third_party/blink/renderer/modules/serial/serial.cc @@ -48,10 +48,13 @@ String TokenToString(const base::UnguessableToken& token) { // returns false to indicate the call should be allowed. bool ShouldBlockSerialServiceCall(LocalDOMWindow* window, ExecutionContext* context, - ExceptionState& exception_state) { + ExceptionState* exception_state) { if (!context) { - exception_state.ThrowDOMException(DOMExceptionCode::kNotSupportedError, - kContextGone); + if (exception_state) { + exception_state->ThrowDOMException(DOMExceptionCode::kNotSupportedError, + kContextGone); + } + return true; } @@ -68,16 +71,20 @@ bool ShouldBlockSerialServiceCall(LocalDOMWindow* window, } if (security_origin->IsOpaque()) { - exception_state.ThrowSecurityError( - "Access to the Web Serial API is denied from contexts where the " - "top-level document has an opaque origin."); + if (exception_state) { + exception_state->ThrowSecurityError( + "Access to the Web Serial API is denied from contexts where the " + "top-level document has an opaque origin."); + } return true; } if (!context->IsFeatureEnabled( mojom::blink::PermissionsPolicyFeature::kSerial, ReportOptions::kReportOnFailure)) { - exception_state.ThrowSecurityError(kFeaturePolicyBlocked); + if (exception_state) { + exception_state->ThrowSecurityError(kFeaturePolicyBlocked); + } return true; } @@ -129,7 +136,7 @@ void Serial::OnPortRemoved(mojom::blink::SerialPortInfoPtr port_info) { ScriptPromise Serial::getPorts(ScriptState* script_state, ExceptionState& exception_state) { if (ShouldBlockSerialServiceCall(GetSupplementable()->DomWindow(), - GetExecutionContext(), exception_state)) { + GetExecutionContext(), &exception_state)) { return ScriptPromise(); } @@ -147,7 +154,7 @@ ScriptPromise Serial::requestPort(ScriptState* script_state, const SerialPortRequestOptions* options, ExceptionState& exception_state) { if (ShouldBlockSerialServiceCall(GetSupplementable()->DomWindow(), - GetExecutionContext(), exception_state)) { + GetExecutionContext(), &exception_state)) { return ScriptPromise(); } @@ -235,10 +242,8 @@ void Serial::AddedEventListener(const AtomicString& event_type, return; } - ExecutionContext* context = GetExecutionContext(); - if (!context || !context->IsFeatureEnabled( - mojom::blink::PermissionsPolicyFeature::kSerial, - ReportOptions::kDoNotReport)) { + if (ShouldBlockSerialServiceCall(GetSupplementable()->DomWindow(), + GetExecutionContext(), nullptr)) { return; } |