Inifinite loop in extensions::ScriptContext::GetEffectiveDocumentURL |
||
Issue descriptionScriptContext::GetEffectiveDocumentURL loop infinitely when traversing the parent/opener chain. The exact scenario is easiest to explain with a regression test - I'll upload a CL in a minute or two.
,
Sep 14
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/7cff56200b07bfd5fbb28c47fdf824c326840d41 commit 7cff56200b07bfd5fbb28c47fdf824c326840d41 Author: Lukasz Anforowicz <lukasza@chromium.org> Date: Fri Sep 14 21:28:39 2018 Avoid an infinite loop in ScriptContext::GetEffectiveDocumentURL. |window.opener| in main frame can point at a subframe (if the subframe called before |window.open('', '<name of the main frame>')|. If both frames are at about:blank, this can lead to an infinite loop in ScriptContext::GetEffectiveDocumentURL. Bug: 883526 Change-Id: I49b93b0bd068b1d0f2ea0241d0ede32ec6d6c689 Reviewed-on: https://chromium-review.googlesource.com/1222877 Commit-Queue: Ćukasz Anforowicz <lukasza@chromium.org> Reviewed-by: Devlin <rdevlin.cronin@chromium.org> Cr-Commit-Position: refs/heads/master@{#591479} [modify] https://crrev.com/7cff56200b07bfd5fbb28c47fdf824c326840d41/chrome/browser/extensions/content_script_apitest.cc [modify] https://crrev.com/7cff56200b07bfd5fbb28c47fdf824c326840d41/extensions/renderer/script_context.cc
,
Sep 17
|
||
►
Sign in to add a comment |
||
Comment 1 by lukasza@chromium.org
, Sep 12