zhangqd / chromiumembedded

Automatically exported from code.google.com/p/chromiumembedded
0 stars 1 forks source link

javascript: URLs - callbacks and/or policy. Possibly detecting malicious such scripts? #1090

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1. Open any CEF-based browser (cefclient would do).
2. Type in address bar
  javascript:while(1) { document.write('lets kill this'); }
3. Freeze.

What is the expected output? 
CEF stopping/detecting infinite loop.

What do you see instead?
CEF freezes in script execution (WebCore, in fact).

What version of the product are you using? On what operating system?
CEF (CEF1 1364, to be more precise) on Win7 x64. Not tested on CEF3.

Please provide any additional information below.
CEF should have a callback (LoadHandler?) that can be called before loading a 
javascript, either via address bar thru direct navigation, or using a HTML like
<html>
  <body>
    <a href="javascript:while(1) {document.write('lets kill this');}">JS infinite loop</a>
</body>
</html>

And/or this could be controller using some policy flags exposed in settings? 
(javascript_allow_javascript_url or so, mapping to policy corresponding 
ScriptController flags).

Original issue reported on code.google.com by chaos.de...@gmail.com on 1 Oct 2013 at 4:28

GoogleCodeExporter commented 9 years ago
CEF is transitioning from Google Code to Bitbucket project hosting. If you 
would like to continue receiving notifications on this issue please add 
yourself as a Watcher at the new location: 
https://bitbucket.org/chromiumembedded/cef/issue/1090

Original comment by magreenb...@gmail.com on 14 Mar 2015 at 3:28