fix: restrict sendToFrame to same-process frames by default #26875
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
miniak
approved these changes
Dec 8, 2020
miniak
reviewed
Dec 8, 2020
5 tasks
nornagon
added
the
fast-track 🚅
|
CI failures are flakes. |
|
Release Notes Persisted
|
|
I was unable to backport this PR to "10-x-y" cleanly; |
nornagon
added a commit
that referenced
this pull request
Dec 10, 2020
nornagon
added a commit
that referenced
this pull request
Dec 10, 2020
MarshallOfSound
pushed a commit
that referenced
this pull request
Dec 11, 2020
MarshallOfSound
pushed a commit
that referenced
this pull request
Dec 11, 2020
MarshallOfSound
pushed a commit
that referenced
this pull request
Dec 11, 2020
MarshallOfSound
pushed a commit
that referenced
this pull request
Dec 11, 2020
* fix: restrict sendToFrame to same-process frames by default (#26875) * missed a conflict * fix build * fix build again
belenko
pushed a commit
that referenced
this pull request
Dec 14, 2020
* fix: restrict sendToFrame to same-process frames by default (#26875) * missed a conflict * fix build * fix build again
belenko
pushed a commit
that referenced
this pull request
Dec 14, 2020
3 tasks
2 tasks
This was referenced Dec 30, 2020
jkleinsc
pushed a commit
that referenced
this pull request
Feb 4, 2021
* chore: chromium backports M87-1 Contains applicable backports from M87-1 release CVE-2020-16037 CVE-2020-16041 CVE-2020-16042 * chore: cherry-pick 381c4b5679 from chromium. (#26832) * fix: message box missing an "OK" button in GTK (#26915) Co-authored-by: Mimi <1119186082@qq.com> * chore: cherry-pick d8d64b7cd244 from chromium (#26892) * chore: cherry-pick 290fe9c6e245 from v8 (#26896) * docs: add missing deprecated systemPreferences APIs to breaking-changes (#26934) Co-authored-by: Milan Burda <milan.burda@gmail.com> * chore: cherry-pick 3abc372c9c00 from chromium (#26894) * chore: cherry-pick 3abc372c9c00 from chromium * resolve conflict * fix: Avoid crashing in NativeViewHost::SetParentAccessible on Windows 10 (#26949) * fix: Avoid crashing in NativeViewHost::SetParentAccessible on Windows This fixes #26905. The patch was obtained from @deepak1556, who in turn got it from the Microsoft Teams folks. I believe the crash started happening due to the changes in https://chromium.googlesource.com/chromium/src.git/+/5c6c8e994bce2bfb867279ae5068e9f9134e70c3%5E!/#F15 This affects Electron 9 and later. Notes: Fix occasional crash on Windows * Update .patches * update patches Co-authored-by: Biru Mohanathas <birunthan@mohanathas.com> Co-authored-by: Jeremy Rose <jeremya@chromium.org> Co-authored-by: Electron Bot <electron@github.com> * fix: Upload all *.dll.pdb to symbol server (#26964) Fixes #26961. Notes: Add Electron DLLs like libGLESv2.dll to symbol server Co-authored-by: Biru Mohanathas <birunthan@mohanathas.com> * fix: restrict sendToFrame to same-process frames by default (#26875) (#26927) * fix: restrict sendToFrame to same-process frames by default (#26875) * missed a conflict * fix build * fix build again * fix usage of defer * Bump v10.2.0 * chore: cherry-pick 6763a713f957 from skia (#26956) * chore: chromium backports M87-1 PR feedback: add links to changes in the upstream Co-authored-by: Andrey Belenko <anbelen@microsoft.com> Co-authored-by: Pedro Pontes <pepontes@microsoft.com> Co-authored-by: trop[bot] <37223003+trop[bot]@users.noreply.github.com> Co-authored-by: Mimi <1119186082@qq.com> Co-authored-by: Jeremy Rose <jeremya@chromium.org> Co-authored-by: Milan Burda <milan.burda@gmail.com> Co-authored-by: Biru Mohanathas <birunthan@mohanathas.com> Co-authored-by: Electron Bot <electron@github.com> Co-authored-by: Michaela Laurencin <35157522+mlaurencin@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description of Change
Fixes an issue where
event.replywould sometimes not deliver a reply whenOOPIFs were present on a page.
This also changes
webContents.sendToFrameto only send to same-process framesby default. Out-of-process frames can be specified by passing a pair of numbers
[processId, frameId].Checklist
npm testpassesRelease Notes
Notes: Fixed an issue where
event.replycould sometimes not deliver a reply to an IPC message when cross-site iframes were present.