ubuntu-webapps-bugs team mailing list archive
-
ubuntu-webapps-bugs team
-
Mailing list archive
-
Message #04716
[Bug 1661405] [NEW] The foreground webview can't prevent alert dialogs before the first navigation
*** This bug is a security vulnerability ***
Private security bug reported:
I noticed this whilst writing tests for the UITK dialog implementation.
The foreground webview is unable to block dialogs from a background
webview if it hasn't been navigated yet. This is because
JavaScriptDialogContentsHelper depends on the RenderWidgetHostView, and
I suspect that this doesn't exist for a webview that hasn't been
navigated yet (so, it can never be considered to be in the foreground
before the first navigation).
** Affects: oxide
Importance: Low
Status: Triaged
** Changed in: oxide
Importance: Undecided => High
** Changed in: oxide
Status: New => Triaged
** Changed in: oxide
Milestone: None => branch-1.21
** Information type changed from Public to Private Security
--
You received this bug notification because you are a member of Ubuntu
WebApps bug tracking, which is subscribed to Oxide.
https://bugs.launchpad.net/bugs/1661405
Title:
The foreground webview can't prevent alert dialogs before the first
navigation
Status in Oxide:
Triaged
Bug description:
I noticed this whilst writing tests for the UITK dialog
implementation. The foreground webview is unable to block dialogs from
a background webview if it hasn't been navigated yet. This is because
JavaScriptDialogContentsHelper depends on the RenderWidgetHostView,
and I suspect that this doesn't exist for a webview that hasn't been
navigated yet (so, it can never be considered to be in the foreground
before the first navigation).
To manage notifications about this bug go to:
https://bugs.launchpad.net/oxide/+bug/1661405/+subscriptions