You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In the course of implementing RequestOTRTab #28750, we want in some circumstances to set no_javascript_access to true via an overridden BraveContentBrowserClient::CanCreateWindow method, which allows this (by passing a pointer to the variable) and documents it in the upstream header files.
Unfortunately, calling window.open under such conditions leads to a hard application-level crash.
The root cause appears to be that the immediate caller (RenderFrameHostImpl::CreateNewWindow) properly handles the case of no_javascript_access being true, but this is only a local variable and does not affect the new window params that are then passed around. Later, in WebContentsImpl::CreateNewWindow, there is logic https://source.chromium.org/chromium/chromium/src/+/main:content/browser/web_contents/web_contents_impl.cc;l=4175 that checks params.opener_suppressed and conditionally skips some code and view widgets. This is the block that is crashing. It seems like Chromium would also want to skip this block in the case where opener_suppressed=false but no_javascript_access=true. Unfortunately, no_javascript_access is no longer available by this point.
Potential solution is to set opener_suppressed=true based if no_javascript_access=true, back in RenderFrameHostImpl. This seems to resolve the crash by skipping the problematic block later.
The text was updated successfully, but these errors were encountered:
In the course of implementing RequestOTRTab #28750, we want in some circumstances to set
no_javascript_access
totrue
via an overriddenBraveContentBrowserClient::CanCreateWindow
method, which allows this (by passing a pointer to the variable) and documents it in the upstream header files.Unfortunately, calling
window.open
under such conditions leads to a hard application-level crash.The root cause appears to be that the immediate caller (
RenderFrameHostImpl::CreateNewWindow
) properly handles the case ofno_javascript_access
beingtrue
, but this is only a local variable and does not affect the new window params that are then passed around. Later, inWebContentsImpl::CreateNewWindow
, there is logic https://source.chromium.org/chromium/chromium/src/+/main:content/browser/web_contents/web_contents_impl.cc;l=4175 that checksparams.opener_suppressed
and conditionally skips some code and view widgets. This is the block that is crashing. It seems like Chromium would also want to skip this block in the case whereopener_suppressed=false
butno_javascript_access=true
. Unfortunately,no_javascript_access
is no longer available by this point.Potential solution is to set
opener_suppressed=true
based ifno_javascript_access=true
, back inRenderFrameHostImpl
. This seems to resolve the crash by skipping the problematic block later.The text was updated successfully, but these errors were encountered: