ubuntu-webapps-bugs team mailing list archive

Thread
Date

[Bug 1661405] [NEW] The foreground webview can't prevent alert dialogs before the first navigation

To: ubuntu-webapps-bugs@xxxxxxxxxxxxxxxxxxx
From: Chris Coulson <chrisccoulson@xxxxxxxxxx>
Date: Thu, 02 Feb 2017 22:09:00 -0000
Reply-to: Bug 1661405 <1661405@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

*** This bug is a security vulnerability ***

Private security bug reported:

I noticed this whilst writing tests for the UITK dialog implementation.
The foreground webview is unable to block dialogs from a background
webview if it hasn't been navigated yet. This is because
JavaScriptDialogContentsHelper depends on the RenderWidgetHostView, and
I suspect that this doesn't exist for a webview that hasn't been
navigated yet (so, it can never be considered to be in the foreground
before the first navigation).

** Affects: oxide
     Importance: Low
         Status: Triaged

** Changed in: oxide
   Importance: Undecided => High

** Changed in: oxide
       Status: New => Triaged

** Changed in: oxide
    Milestone: None => branch-1.21

** Information type changed from Public to Private Security

-- 
You received this bug notification because you are a member of Ubuntu
WebApps bug tracking, which is subscribed to Oxide.
https://bugs.launchpad.net/bugs/1661405

Title:
  The foreground webview can't prevent alert dialogs before the first
  navigation

Status in Oxide:
  Triaged

Bug description:
  I noticed this whilst writing tests for the UITK dialog
  implementation. The foreground webview is unable to block dialogs from
  a background webview if it hasn't been navigated yet. This is because
  JavaScriptDialogContentsHelper depends on the RenderWidgetHostView,
  and I suspect that this doesn't exist for a webview that hasn't been
  navigated yet (so, it can never be considered to be in the foreground
  before the first navigation).

To manage notifications about this bug go to:
https://bugs.launchpad.net/oxide/+bug/1661405/+subscriptions