diff options
| author | bors-servo <lbergstrom+bors@mozilla.com> | 2020-02-24 15:20:50 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-02-24 15:20:50 -0500 |
| commit | dae49435c2f3e18502c889a1f0b67194a797cb1a (patch) | |
| tree | 6000d4bb93fe304b8e17f6f17c55c26d2293c417 /components/script | |
| parent | 9c6897c967be76ea403898fbae847b5b08113b4f (diff) | |
| parent | 89384ffec35529571be41882d77d4b0438c1f8b9 (diff) | |
| download | servo-dae49435c2f3e18502c889a1f0b67194a797cb1a.tar.gz servo-dae49435c2f3e18502c889a1f0b67194a797cb1a.zip | |
Auto merge of #25668 - pshaughn:iframerecursion, r=jdm
Stop iframes from including their ancestors
An iframe that included itself would just keep loading until running out of resources; the spec includes protection against that, and now Servo follows (some of) the spec about it.
---
<!-- Thank you for contributing to Servo! Please replace each `[ ]` by `[X]` when the step is complete, and replace `___` with appropriate data: -->
- [X] `./mach build -d` does not report any errors
- [X] `./mach test-tidy` does not report any errors
- [X] These changes fix the same-origin case presented in #3931 but not a case in which an intermediate cross-origin iframe is hiding a same-origin ancestor further up.
<!-- Either: -->
- [X] There is a manual test for these changes in #3931
<!-- Also, please make sure that "Allow edits from maintainers" checkbox is checked, so that we can help you if you get stuck somewhere along the way.-->
<!-- Pull requests that do not address these steps are welcome, but they will require additional verification as part of the review process. -->
Diffstat (limited to 'components/script')
| -rw-r--r-- | components/script/dom/htmliframeelement.rs | 25 |
1 files changed, 24 insertions, 1 deletions
diff --git a/components/script/dom/htmliframeelement.rs b/components/script/dom/htmliframeelement.rs index f5d408ad963..94835030c08 100644 --- a/components/script/dom/htmliframeelement.rs +++ b/components/script/dom/htmliframeelement.rs @@ -290,7 +290,30 @@ impl HTMLIFrameElement { let url = self.get_url(); - // TODO: check ancestor browsing contexts for same URL + // TODO(#25748): + // By spec, we return early if there's an ancestor browsing context + // "whose active document's url, ignoring fragments, is equal". + // However, asking about ancestor browsing contexts is more nuanced than + // it sounds and not implemented here. + // Within a single origin, we can do it by walking window proxies, + // and this check covers only that single-origin case, protecting + // against simple typo self-includes but nothing more elaborate. + let mut ancestor = window.GetParent(); + while let Some(a) = ancestor { + if let Some(ancestor_url) = a.document().map(|d| d.url()) { + if ancestor_url.scheme() == url.scheme() && + ancestor_url.username() == url.username() && + ancestor_url.password() == url.password() && + ancestor_url.host() == url.host() && + ancestor_url.port() == url.port() && + ancestor_url.path() == url.path() && + ancestor_url.query() == url.query() + { + return; + } + } + ancestor = a.parent().map(|p| DomRoot::from_ref(p)); + } let creator_pipeline_id = if url.as_str() == "about:blank" { Some(window.upcast::<GlobalScope>().pipeline_id()) |