| commit | ef394fce1aedb8db58821242eadd70720b125153 | [log] [tgz] |
|---|---|---|
| author | mark a. foltz <[email protected]> | Sat Oct 21 09:11:02 2017 |
| committer | Commit Bot <[email protected]> | Sat Oct 21 09:11:02 2017 |
| tree | ad522ec9ced1f5efda46c288cc92bfebb8a7343b | |
| parent | d1c571055afe1860c89deb888fcec0db902b0be5 [diff] [blame] |
[Presentation API] Enforce sandboxing flags for presentations. This enforces sandboxing flags for pages loaded as presentations via the Presentation API, following step 3 of the steps to create a receiving browsing context [1]. Although top navigation is blocked in the implementation of OffscreenTab [2], we also set the kTopNavigation flag to be inherited by iframes. This patch adds layout tests. Web Platform Tests are available as well, but require manually starting a presentation. This patch also updates WebSandboxFlags to reflect the current set of sandboxing flags. [1] https://w3c.github.io/presentation-api/#creating-a-receiving-browsing-context [2] https://chromium-review.googlesource.com/c/538975/ Bug: 697526 Cq-Include-Trybots: master.tryserver.chromium.linux:linux_site_isolation Change-Id: Idb0b8c51c03ef504767a7fc6c483c0909dc240fc Reviewed-on: https://chromium-review.googlesource.com/540498 Commit-Queue: mark a. foltz <[email protected]> Reviewed-by: Yuri Wiitala <[email protected]> Reviewed-by: Daniel Cheng <[email protected]> Reviewed-by: Alex Moshchuk <[email protected]> Reviewed-by: Derek Cheng <[email protected]> Reviewed-by: John Abd-El-Malek <[email protected]> Cr-Commit-Position: refs/heads/master@{#510675}
diff --git a/content/public/browser/web_contents.h b/content/public/browser/web_contents.h index dac61da..ff551bf 100644 --- a/content/public/browser/web_contents.h +++ b/content/public/browser/web_contents.h
@@ -28,6 +28,7 @@ #include "content/public/browser/web_contents_observer.h" #include "content/public/browser/web_ui.h" #include "content/public/common/stop_find_action.h" +#include "third_party/WebKit/public/web/WebSandboxFlags.h" #include "third_party/skia/include/core/SkColor.h" #include "ui/accessibility/ax_tree_update.h" #include "ui/base/window_open_disposition.h" @@ -170,6 +171,9 @@ // Note that the pre-created renderer process may not be used if the first // navigation requires a dedicated or privileged process, such as a WebUI. bool initialize_renderer; + + // Sandboxing flags set on the new WebContents. + blink::WebSandboxFlags starting_sandbox_flags; }; // Creates a new WebContents.