components/payments/content/payment_request.cc · 5b51043c7c8e7e6b86e68e6d93d95ad24e11cf0e · eriksson monteiro / tangled

[Payments] Prohibit opening payments UI in background tab. · 5b51043c

Rouslan Solomakhin authored Sep 26, 2017

Before this patch, calling PaymentRequest.show() would bring the
background window to the foreground, which allows a page to open a
pop-under.

This patch adds a check for the browser window being active (in
foreground) in PaymentRequest.show(). If the window is not active (in
background), then PaymentRequest.show() promise is rejected with
"AbortError: User cancelled request." No UI is shown in that case.

After this patch, calling PaymentRequest.show() does not bring the
background window to the foreground, thus preventing opening a pop-under.

Bug: 768230
Change-Id: I2b90f9086ceca5ed7b7bdf8045e44d7e99d566d0
Reviewed-on: https://chromium-review.googlesource.com/681843Reviewed-by: anthonyvd <anthonyvd@chromium.org>
Commit-Queue: Rouslan Solomakhin <rouslan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#504406}

5b51043c

payment_request.cc 13.2 KB

Replace payment_request.cc