New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: ensure history navigations are sandboxed-iframe-aware #35420
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for working on this issue!
Electron had the override before for an older process architecture where Renderer process would always restart expect for history navigations. But we have since then aligned our process architecture to that of Chromium and this hack is not required.
Great, thank you for the reviews @deepak1556 and @codebytere! |
@jeremyspiegel Can you rebase this PR on latest |
ba36670
to
f7fa823
Compare
f7fa823
to
16705a7
Compare
16705a7
to
5395194
Compare
@zcbenz I've rebased on latest |
Release Notes Persisted
|
I have automatically backported this PR to "19-x-y", please check out #35621 |
I have automatically backported this PR to "20-x-y", please check out #35622 |
I have automatically backported this PR to "21-x-y", please check out #35623 |
Description of Change
This fixes #35391
When a sandboxed iframe calls
history.go()
, the renderer calls into the browser at RenderFrameHostImpl::GoToEntryAtOffset:The call to
delegate_->IsAllowedToGoToEntryAtOffset(offset)
goes to WebContentsImpl::IsAllowedToGoToEntryAtOffset:And Electron's implementation of
delegate_->OnGoToEntryOffset(offset)
in electron::api::WebContents::OnGoToEntryOffset handles the navigation itself, rather than allowingRenderFrameHostImpl::GoToEntryAtOffset
's default behavior of navigating in the frame instead of the parent context:This change removes the override of
OnGoToEntryOffset
inelectron::api::WebContents
(the default implementation ofWebContentsDelegate::OnGoToEntryOffset
is justreturn true
).The override was added by @deepak1556 in #3875 to fix #3734. I think that the calling Chrome code may have changed since then, since it was so long ago (2015) and because of the comment in
WebContentsImpl::IsAllowedToGoToEntryAtOffset
about needing to renameWebContentsDelegate::OnGoToEntryOffset
toWebContentsDelegate::IsAllowedToGoToEntryAtOffset or ShouldGoToEntryAtOffset
.Checklist
npm test
passesRelease Notes
Notes: Fixed issue with history.back() in sandboxed iframes affecting parent browsing context.