Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: restrict sendToFrame to same-process frames by default (#26875) #26927

Merged
merged 5 commits into from Dec 11, 2020
Merged

fix: restrict sendToFrame to same-process frames by default (#26875) #26927

merged 5 commits into from Dec 11, 2020

Conversation

nornagon
Copy link
Member

Backport of #26875. See that change for details.

Notes: Fixed an issue where event.reply could sometimes not deliver a reply to an IPC message when cross-site iframes were present.

@trop trop bot mentioned this pull request Dec 10, 2020
Merged
5 tasks
@trop trop bot added 10-x-y backport This is a backport PR labels Dec 10, 2020
@nornagon nornagon added the semver/minor backwards-compatible functionality label Dec 10, 2020
@MarshallOfSound MarshallOfSound merged commit 0bbd268 into 10-x-y Dec 11, 2020
@release-clerk
Copy link

release-clerk bot commented Dec 11, 2020

Release Notes Persisted

Fixed an issue where event.reply could sometimes not deliver a reply to an IPC message when cross-site iframes were present.

@MarshallOfSound MarshallOfSound deleted the backport/10-x-y/fix-sendtoframe branch December 11, 2020 21:01
belenko pushed a commit that referenced this pull request Dec 14, 2020
@nornagon @belenko
fix: restrict sendToFrame to same-process frames by default (#26875) (#…
d32033b 
…26927)

* fix: restrict sendToFrame to same-process frames by default (#26875)

* missed a conflict

* fix build

* fix build again

* fix usage of defer
@t57ser t57ser mentioned this pull request Dec 17, 2020
Closed
3 tasks
jkleinsc pushed a commit that referenced this pull request Feb 4, 2021
@belenko @ppontes
@trop @stevenjoezhang @nornagon @miniak @poiru @electron-bot @mlaurencin
chore: Chromium backports M87-1 (#26932)
ee86f02 
* chore: chromium backports M87-1

Contains applicable backports from M87-1 release
CVE-2020-16037
CVE-2020-16041
CVE-2020-16042

* chore: cherry-pick 381c4b5679 from chromium. (#26832)

* fix: message box missing an "OK" button in GTK (#26915)

Co-authored-by: Mimi <1119186082@qq.com>

* chore: cherry-pick d8d64b7cd244 from chromium (#26892)

* chore: cherry-pick 290fe9c6e245 from v8 (#26896)

* docs: add missing deprecated systemPreferences APIs to breaking-changes (#26934)

Co-authored-by: Milan Burda <milan.burda@gmail.com>

* chore: cherry-pick 3abc372c9c00 from chromium (#26894)

* chore: cherry-pick 3abc372c9c00 from chromium

* resolve conflict

* fix: Avoid crashing in NativeViewHost::SetParentAccessible on Windows 10 (#26949)

* fix: Avoid crashing in NativeViewHost::SetParentAccessible on Windows

This fixes #26905. The patch was obtained from @deepak1556, who in turn
got it from the Microsoft Teams folks.

I believe the crash started happening due to the changes in
https://chromium.googlesource.com/chromium/src.git/+/5c6c8e994bce2bfb867279ae5068e9f9134e70c3%5E!/#F15

This affects Electron 9 and later.

Notes: Fix occasional crash on Windows

* Update .patches

* update patches

Co-authored-by: Biru Mohanathas <birunthan@mohanathas.com>
Co-authored-by: Jeremy Rose <jeremya@chromium.org>
Co-authored-by: Electron Bot <electron@github.com>

* fix: Upload all *.dll.pdb to symbol server (#26964)

Fixes #26961.

Notes: Add Electron DLLs like libGLESv2.dll to symbol server

Co-authored-by: Biru Mohanathas <birunthan@mohanathas.com>

* fix: restrict sendToFrame to same-process frames by default (#26875) (#26927)

* fix: restrict sendToFrame to same-process frames by default (#26875)

* missed a conflict

* fix build

* fix build again

* fix usage of defer

* Bump v10.2.0

* chore: cherry-pick 6763a713f957 from skia (#26956)

* chore: chromium backports M87-1

PR feedback: add links to changes in the upstream

Co-authored-by: Andrey Belenko <anbelen@microsoft.com>
Co-authored-by: Pedro Pontes <pepontes@microsoft.com>
Co-authored-by: trop[bot] <37223003+trop[bot]@users.noreply.github.com>
Co-authored-by: Mimi <1119186082@qq.com>
Co-authored-by: Jeremy Rose <jeremya@chromium.org>
Co-authored-by: Milan Burda <milan.burda@gmail.com>
Co-authored-by: Biru Mohanathas <birunthan@mohanathas.com>
Co-authored-by: Electron Bot <electron@github.com>
Co-authored-by: Michaela Laurencin <35157522+mlaurencin@users.noreply.github.com>
This was referenced Mar 7, 2021
Closed
Closed
Closed
Open
Open
Closed
Closed
Open
Closed
Merged
Closed
Merged
This was referenced Mar 14, 2021
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Merged
Closed
Closed
Closed
Merged
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Open
Closed
Closed
Closed
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@miniak miniak miniak approved these changes

@MarshallOfSound MarshallOfSound MarshallOfSound approved these changes

Assignees
No one assigned
Labels
10-x-y api-review/requested 🗳 backport This is a backport PR semver/minor backwards-compatible functionality
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@nornagon @miniak @MarshallOfSound