summaryrefslogtreecommitdiff
path: root/Userland/Libraries/LibWeb/Loader
diff options
context:
space:
mode:
authorTobias Christiansen <tobi@tobyase.de>2021-04-19 14:30:08 +0200
committerAndreas Kling <kling@serenityos.org>2021-05-07 22:34:34 +0200
commit1b6824d2962b534b34b2d3ec6ba3ab5f77bc68b5 (patch)
tree64f45efd5d2fc4e88716b6f0edf3a9762c361394 /Userland/Libraries/LibWeb/Loader
parent9e49895bbf941339e971be383723822fbd422b23 (diff)
downloadserenity-1b6824d2962b534b34b2d3ec6ba3ab5f77bc68b5.zip
LibWeb: Make frames nesting-aware and disallow deep nesting
A Frame now knows about its nesting-level. The FrameLoader checks whether the recursion level of the current frame allows it to be displayed and if not doesn't even load the requested resource. The nesting-check is done on a per-URL-basis, so there can be many many nested Frames as long as they have different URLs. If there are however Frames with the same URL nested inside each other we only allow this to happen 3 times. This mitigates infinetely recursing <iframe>s in an HTML-document crashing the browser with an OOM.
Diffstat (limited to 'Userland/Libraries/LibWeb/Loader')
-rw-r--r--Userland/Libraries/LibWeb/Loader/FrameLoader.cpp5
1 files changed, 5 insertions, 0 deletions
diff --git a/Userland/Libraries/LibWeb/Loader/FrameLoader.cpp b/Userland/Libraries/LibWeb/Loader/FrameLoader.cpp
index d0052aed99..c36000191b 100644
--- a/Userland/Libraries/LibWeb/Loader/FrameLoader.cpp
+++ b/Userland/Libraries/LibWeb/Loader/FrameLoader.cpp
@@ -136,6 +136,11 @@ bool FrameLoader::load(const LoadRequest& request, Type type)
return false;
}
+ if (!m_frame.is_frame_nesting_allowed(request.url())) {
+ dbgln("No further recursion is allowed for the frame, abort load!");
+ return false;
+ }
+
auto& url = request.url();
set_resource(ResourceLoader::the().load_resource(Resource::Type::Generic, request));
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-14 10:07:06 +0000