Title: [115400] trunk/Source/WebKit/chromium
- Revision
- 115400
- Author
- [email protected]
- Date
- 2012-04-26 19:44:05 -0700 (Thu, 26 Apr 2012)
Log Message
[Chromium] Security: Autofill info can be captured by innocuous social engineering
Prevent users from interacting with invisible popups rendered outside the main frame's contents view.
https://bugs.webkit.org/show_bug.cgi?id=84420
https://code.google.com/p/chromium/issues/detail?id=122925
Reviewed by Kent Tamura.
* src/ChromeClientImpl.cpp:
(WebKit::ChromeClientImpl::popupOpened): Hide popups rendered outside the main frame's contents view.
* src/WebViewImpl.cpp:
(WebKit::WebViewImpl::applyAutofillSuggestions): Fix up order of operations to support immediately hiding a popup if it would not be visible
Modified Paths
Diff
Modified: trunk/Source/WebKit/chromium/ChangeLog (115399 => 115400)
--- trunk/Source/WebKit/chromium/ChangeLog 2012-04-27 02:38:13 UTC (rev 115399)
+++ trunk/Source/WebKit/chromium/ChangeLog 2012-04-27 02:44:05 UTC (rev 115400)
@@ -1,3 +1,17 @@
+2012-04-26 Ilya Sherman <[email protected]>
+
+ [Chromium] Security: Autofill info can be captured by innocuous social engineering
+ Prevent users from interacting with invisible popups rendered outside the main frame's contents view.
+ https://bugs.webkit.org/show_bug.cgi?id=84420
+ https://code.google.com/p/chromium/issues/detail?id=122925
+
+ Reviewed by Kent Tamura.
+
+ * src/ChromeClientImpl.cpp:
+ (WebKit::ChromeClientImpl::popupOpened): Hide popups rendered outside the main frame's contents view.
+ * src/WebViewImpl.cpp:
+ (WebKit::WebViewImpl::applyAutofillSuggestions): Fix up order of operations to support immediately hiding a popup if it would not be visible
+
2012-04-26 Dana Jansens <[email protected]>
[chromium] Some background filters require inflating damage on the surface behind them
Modified: trunk/Source/WebKit/chromium/src/ChromeClientImpl.cpp (115399 => 115400)
--- trunk/Source/WebKit/chromium/src/ChromeClientImpl.cpp 2012-04-27 02:38:13 UTC (rev 115399)
+++ trunk/Source/WebKit/chromium/src/ChromeClientImpl.cpp 2012-04-27 02:44:05 UTC (rev 115400)
@@ -779,6 +779,20 @@
const IntRect& bounds,
bool handleExternally)
{
+ FrameView* view = m_webView->page()->mainFrame()->view();
+ IntRect visibleRect = view->visibleContentRect(true /* include scrollbars */);
+ // |bounds| is in screen coordinates, so make sure to convert it to content
+ // coordinates prior to comparing to |visibleRect|.
+ IntRect screenRect = bounds;
+ screenRect.setLocation(view->screenToContents(bounds.location()));
+ if (!visibleRect.contains(screenRect)) {
+ // If the popup will not be fully visible, we shouldn't show it at all.
+ // Among other things, this prevents users from being able to interact
+ // via the keyboard with an invisible popup.
+ m_webView->hidePopups();
+ return;
+ }
+
if (!m_webView->client())
return;
Modified: trunk/Source/WebKit/chromium/src/WebViewImpl.cpp (115399 => 115400)
--- trunk/Source/WebKit/chromium/src/WebViewImpl.cpp 2012-04-27 02:38:13 UTC (rev 115399)
+++ trunk/Source/WebKit/chromium/src/WebViewImpl.cpp 2012-04-27 02:44:05 UTC (rev 115400)
@@ -2783,8 +2783,8 @@
if (m_autofillPopupShowing) {
refreshAutofillPopup();
} else {
+ m_autofillPopupShowing = true;
m_autofillPopup->showInRect(focusedNode->getPixelSnappedRect(), focusedNode->ownerDocument()->view(), 0);
- m_autofillPopupShowing = true;
}
}
_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
