Pchen0/electron

chore: cherry-pick 12ba78f3fa7a from chromium (#34049)

* chore: cherry-pick 12ba78f3fa7a from chromium

* chore: update patches

Co-authored-by: PatchUp <73610968+patchup[bot]@users.noreply.github.com>

Pedro Pontes 3 years ago

parent

c460c53c10

commit

5a91ea8cdb

2 changed files with 90 additions and 0 deletions

Split View Show Diff Stats

						
							+ 1
							
							- 0
						
patches/chromium/.patches
							 
								View File
							
				@@ -129,3 +129,4 @@ skia_renderer_use_rectf_intersect_in_applyscissor.patch
			
				 cherry-pick-1a31e2110440.patch
			
				 cherry-pick-5cb934a23ddf.patch
			
				 use_iserrordocument_to_prevent_bfcacheing_of_interstitials_and.patch
			
				+cherry-pick-12ba78f3fa7a.patch

						
							+ 89
							
							- 0
						
patches/chromium/cherry-pick-12ba78f3fa7a.patch
							 
								View File
							
				@@ -0,0 +1,89 @@
			
				+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
			
				+From: Xiaocheng Hu <[email protected]>
			
				+Date: Mon, 25 Apr 2022 20:57:43 +0000
			
				+Subject: Sanitize DragData markup before inserting it into document
			
				+
			
				+(cherry picked from commit 5164a0fe3391283663e1196cf4576ec233985e89)
			
				+
			
				+Fixed: 1315040
			
				+Change-Id: I8a0ddfb983d12c185f7e943d3d5277788199b011
			
				+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3579670
			
				+Quick-Run: Xiaocheng Hu <[email protected]>
			
				+Auto-Submit: Xiaocheng Hu <[email protected]>
			
				+Commit-Queue: Kent Tamura <[email protected]>
			
				+Cr-Original-Commit-Position: refs/heads/main@{#991324}
			
				+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3589799
			
				+Reviewed-by: Achuith Bhandarkar <[email protected]>
			
				+Owners-Override: Achuith Bhandarkar <[email protected]>
			
				+Commit-Queue: Roger Felipe Zanoni da Silva <[email protected]>
			
				+Cr-Commit-Position: refs/branch-heads/4664@{#1602}
			
				+Cr-Branched-From: 24dc4ee75e01a29d390d43c9c264372a169273a7-refs/heads/main@{#929512}
			
				+
			
				+diff --git a/third_party/blink/renderer/core/page/drag_data.cc b/third_party/blink/renderer/core/page/drag_data.cc
			
				+index 2ce56b1fefe016ac34a1a3011a595fab342abfa5..4fb86bc645386ee806544ee3647b0a333cd8afc4 100644
			
				+--- a/third_party/blink/renderer/core/page/drag_data.cc
			
				++++ b/third_party/blink/renderer/core/page/drag_data.cc
			
				+@@ -131,8 +131,8 @@ DocumentFragment* DragData::AsFragment(LocalFrame* frame) const {
			
				+     platform_drag_data_->HtmlAndBaseURL(html, base_url);
			
				+     DCHECK(frame->GetDocument());
			
				+     if (DocumentFragment* fragment =
			
				+-            CreateFragmentFromMarkup(*frame->GetDocument(), html, base_url,
			
				+-                                     kDisallowScriptingAndPluginContent))
			
				++            CreateSanitizedFragmentFromMarkupWithContext(
			
				++                *frame->GetDocument(), html, 0, html.length(), base_url))
			
				+       return fragment;
			
				+   }
			
				+ 
			
				+diff --git a/third_party/blink/web_tests/editing/pasteboard/drag-and-drop-svg-use-sanitize.html b/third_party/blink/web_tests/editing/pasteboard/drag-and-drop-svg-use-sanitize.html
			
				+new file mode 100644
			
				+index 0000000000000000000000000000000000000000..58551d28341d851dbd99322e2a5d3af68b3b0c72
			
				+--- /dev/null
			
				++++ b/third_party/blink/web_tests/editing/pasteboard/drag-and-drop-svg-use-sanitize.html
			
				+@@ -0,0 +1,47 @@
			
				++<!doctype html>
			
				++<script src="../../resources/testharness.js"></script>
			
				++<script src="../../resources/testharnessreport.js"></script>
			
				++
			
				++<div id="drag-from" draggable=true>Drag from</div>
			
				++<div id="drag-to" contenteditable>Drag to</div>
			
				++
			
				++<script>
			
				++function computePoint(element) {
			
				++  return {
			
				++     x: element.offsetLeft + element.offsetWidth / 2,
			
				++     y: element.offsetTop + element.offsetHeight / 2
			
				++  };
			
				++}
			
				++
			
				++let dragged = false;
			
				++let executed = false;
			
				++const payload = `
			
				++  <svg><use href="data:image/svg+xml,&lt;svg id='x' xmlns='http://www.w3.org/2000/svg'&gt;&lt;image href='fake' onerror='executed=true' /&gt;&lt;/svg&gt;#x" />
			
				++`;
			
				++
			
				++const dragFrom = document.getElementById('drag-from');
			
				++dragFrom.ondragstart = event => {
			
				++  dragged = true;
			
				++  event.dataTransfer.setData('text/html', payload);
			
				++}
			
				++
			
				++const dragTo = document.getElementById('drag-to');
			
				++
			
				++promise_test(async test => {
			
				++  assert_own_property(window, 'eventSender', 'This test requires eventSender to simulate drag and drop');
			
				++
			
				++  const fromPoint = computePoint(dragFrom);
			
				++  eventSender.mouseMoveTo(fromPoint.x, fromPoint.y);
			
				++  eventSender.mouseDown();
			
				++
			
				++  const toPoint = computePoint(dragTo);
			
				++  eventSender.mouseMoveTo(toPoint.x, toPoint.y);
			
				++  eventSender.mouseUp();
			
				++
			
				++  assert_true(dragged, 'Element should be dragged');
			
				++
			
				++  // The 'error' event is dispatched asynchronously.
			
				++  await new Promise(resolve => test.step_timeout(resolve, 100));
			
				++  assert_false(executed, 'Script should be blocked');
			
				++}, 'Script in SVG use href should be sanitized');
			
				++</script>

chore: cherry-pick 12ba78f3fa7a from chromium (#34049)

+ 1 - 0 patches/chromium/.patches View File

+ 89 - 0 patches/chromium/cherry-pick-12ba78f3fa7a.patch View File

+ 1 - 0
patches/chromium/.patches
View File

+ 89 - 0
patches/chromium/cherry-pick-12ba78f3fa7a.patch
View File