Skip to content

GitLab

T
tangled
Commit 226e3d9e authored by Vadym Doroshenko's avatar Vadym Doroshenko Committed by Commit Bot
Browse files
Options

Fix Chrome IOS Crash 

CL https://chromium-review.googlesource.com/c/chromium/src/+/823238/ introduces
processing messages from IFrames. Function CRWWebController:respondToMessage:
userIsInteracting:originURL:isMainFrame: incorrectly processes case when no handler
for message form IFrames. Which leads to using |handler|, when |handler| = nil.
This CL fixes that.

Bug: 801485
Cq-Include-Trybots: master.tryserver.chromium.mac:ios-simulator-cronet;master.tryserver.chromium.mac:ios-simulator-full-configs
Change-Id: I661754b83e2e09a4a907634d15f50e62a315c343
Reviewed-on: https://chromium-review.googlesource.com/916604
Commit-Queue: Eugene But <eugenebut@chromium.org>
Reviewed-by: default avatarVadym Doroshenko <dvadym@chromium.org>
Reviewed-by: default avatarEugene But <eugenebut@chromium.org>
Cr-Commit-Position: refs/heads/master@{#536741}
parent f9555895
Show whitespace changes
Inline Side-by-side
Showing with 24 additions and 8 deletions
ios/web/web_state/ui/crw_web_controller.mm
View file @ 226e3d9e
...@@ -2248,16 +2248,16 @@ registerLoadRequestForURL:(const GURL&)requestURL ...@@ -2248,16 +2248,16 @@ registerLoadRequestForURL:(const GURL&)requestURL
} }
SEL handler = [self selectorToHandleJavaScriptCommand:command]; SEL handler = [self selectorToHandleJavaScriptCommand:command];
if (!handler && isMainFrame) { if (!handler) {
if (!self.webStateImpl->OnScriptCommandReceived( if (isMainFrame && self.webStateImpl->OnScriptCommandReceived(
command, *message, originURL, userIsInteracting)) { command, *message, originURL, userIsInteracting)) {
return YES;
}
// Message was either unexpected or not correctly handled. // Message was either unexpected or not correctly handled.
// Page is reset as a precaution. // Page is reset as a precaution.
DLOG(WARNING) << "Unexpected message received: " << command; DLOG(WARNING) << "Unexpected message received: " << command;
return NO; return NO;
} }
return YES;
}
typedef BOOL (*HandlerType)(id, SEL, base::DictionaryValue*, NSDictionary*); typedef BOOL (*HandlerType)(id, SEL, base::DictionaryValue*, NSDictionary*);
HandlerType handlerImplementation = HandlerType handlerImplementation =
......
ios/web/web_state/ui/crw_web_controller_unittest.mm
View file @ 226e3d9e
...@@ -511,6 +511,22 @@ TEST_F(CRWWebControllerInvalidUrlTest, IFrameWithInvalidURL) { ...@@ -511,6 +511,22 @@ TEST_F(CRWWebControllerInvalidUrlTest, IFrameWithInvalidURL) {
EXPECT_EQ(url, web_state()->GetLastCommittedURL()); EXPECT_EQ(url, web_state()->GetLastCommittedURL());
} }
// Real WKWebView is required for CRWWebControllerMessageFromIFrame.
typedef WebTestWithWebState CRWWebControllerMessageFromIFrame;
// Tests that invalid message from iframe does not cause a crash.
TEST_F(CRWWebControllerMessageFromIFrame, InvalidMessage) {
static NSString* const kHTMLIFrameSendsInvalidMessage =
@"<body><iframe name='f'></iframe></body>";
LoadHtml(kHTMLIFrameSendsInvalidMessage);
// Sending unknown command from iframe should not cause a crash.
ExecuteJavaScript(
@"var bad_message = {'command' : 'unknown.command'};"
"frames['f'].__gCrWeb.message.invokeOnHost(bad_message);");
}
// Real WKWebView is required for CRWWebControllerJSExecutionTest. // Real WKWebView is required for CRWWebControllerJSExecutionTest.
typedef WebTestWithWebController CRWWebControllerJSExecutionTest; typedef WebTestWithWebController CRWWebControllerJSExecutionTest;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment