Loading iframe in 'chrome://newtab/' in incognito mode crashes Chrome
Reported by
not...@outlook.com,
May 2 2018
|
||||
Issue descriptionUserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36 Steps to reproduce the problem: 1. Open an incognito window and stay in the new tab page 2. Open devtools 3. Select any DOM node and select edit as HTML 4. Paste `<iframe src="any-url"></iframe> 5. Focus out of edit view to save changes What is the expected behavior? The URL specified on the iframe should be loaded or failed based on the CSP of the page being loaded. What went wrong? The browser crashes immediately. Crashed report ID: e1e8725c-6c01-4d05-9a5c-a40f0d42fb37 How much crashed? Whole browser Is it a problem with a plugin? No Did this work before? N/A Chrome version: 66.0.3359.139 Channel: stable OS Version: 10.0 Flash Version: The behavior is also seen even if there exists an empty iframe already on the page and a page is loaded programatically like `$0.src = "url"`.
,
May 2 2018
Crash ID: 678b7ad715e939e7
,
May 2 2018
Thank you for providing more feedback. Adding the requester to the cc list. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
May 2 2018
clamy@ This is a explicit crash of the browser process you added a few years ago: https://cs.chromium.org/chromium/src/content/browser/frame_host/navigator_impl.cc?sq=package:chromium&l=156 Is it still needed?
,
May 2 2018
Yes, this check is still needed and I just added enforcement of not allowing any web iframes to be inserted in chrome:// and WebUI pages. This was r554206 to ensure the security model for WebUI is preserved and isolation is guaranteed. |
||||
►
Sign in to add a comment |
||||
Comment 1 by dtapu...@chromium.org
, May 2 2018