mirror of
https://github.com/RGBCube/serenity
synced 2025-10-24 14:02:06 +00:00

A Frame now knows about its nesting-level. The FrameLoader checks whether the recursion level of the current frame allows it to be displayed and if not doesn't even load the requested resource. The nesting-check is done on a per-URL-basis, so there can be many many nested Frames as long as they have different URLs. If there are however Frames with the same URL nested inside each other we only allow this to happen 3 times. This mitigates infinetely recursing <iframe>s in an HTML-document crashing the browser with an OOM.
58 lines
1.4 KiB
C++
58 lines
1.4 KiB
C++
/*
|
|
* Copyright (c) 2020-2021, Andreas Kling <kling@serenityos.org>
|
|
*
|
|
* SPDX-License-Identifier: BSD-2-Clause
|
|
*/
|
|
|
|
#include <LibWeb/DOM/Document.h>
|
|
#include <LibWeb/DOM/Event.h>
|
|
#include <LibWeb/HTML/FrameHostElement.h>
|
|
#include <LibWeb/Origin.h>
|
|
#include <LibWeb/Page/Frame.h>
|
|
|
|
namespace Web::HTML {
|
|
|
|
FrameHostElement::FrameHostElement(DOM::Document& document, QualifiedName qualified_name)
|
|
: HTMLElement(document, move(qualified_name))
|
|
{
|
|
}
|
|
|
|
FrameHostElement::~FrameHostElement()
|
|
{
|
|
}
|
|
|
|
void FrameHostElement::inserted()
|
|
{
|
|
HTMLElement::inserted();
|
|
if (!is_connected())
|
|
return;
|
|
if (auto* frame = document().frame()) {
|
|
m_content_frame = Frame::create_subframe(*this, frame->main_frame());
|
|
m_content_frame->set_frame_nesting_levels(frame->frame_nesting_levels());
|
|
m_content_frame->register_frame_nesting(document().url());
|
|
}
|
|
}
|
|
|
|
Origin FrameHostElement::content_origin() const
|
|
{
|
|
if (!m_content_frame || !m_content_frame->document())
|
|
return {};
|
|
return m_content_frame->document()->origin();
|
|
}
|
|
|
|
bool FrameHostElement::may_access_from_origin(const Origin& origin) const
|
|
{
|
|
return origin.is_same(content_origin());
|
|
}
|
|
|
|
const DOM::Document* FrameHostElement::content_document() const
|
|
{
|
|
return m_content_frame ? m_content_frame->document() : nullptr;
|
|
}
|
|
|
|
void FrameHostElement::content_frame_did_load(Badge<FrameLoader>)
|
|
{
|
|
dispatch_event(DOM::Event::create(EventNames::load));
|
|
}
|
|
|
|
}
|