Don't send tab switching/killing/creating keyboard accelerators to pages. This avoids tabs maliciously preventing closing using ctrl+f4/ctrl+w/alt+f4, and also hung/slow renderers from making tab cycling sluggish.

BUG=5496
TEST=added ui test
Review URL: http://codereview.chromium.org/224023

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@27814 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 8 insertions, 1 deletions

diff --git a/chrome/browser/renderer_host/render_widget_host.cc b/chrome/browser/renderer_host/render_widget_host.cc
index d9971ec..01ee015 100644
--- a/chrome/browser/renderer_host/render_widget_host.cc
+++ b/chrome/browser/renderer_host/render_widget_host.cc
@@ -400,6 +400,13 @@ void RenderWidgetHost::ForwardKeyboardEvent(
     if (!process_->HasConnection())
       return;
 
+    // Tab switching/closing accelerators aren't sent to the renderer to avoid a
+    // hung/malicious renderer from interfering.
+    if (!ShouldSendToRenderer(key_event)) {
+      UnhandledKeyboardEvent(key_event);
+      return;
+    }
+
     // Put all WebKeyboardEvent objects in a queue since we can't trust the
     // renderer and we need to give something to the UnhandledInputEvent
     // handler.
@@ -754,7 +761,7 @@ void RenderWidgetHost::OnMsgInputEventAck(const IPC::Message& message) {
       if (!message.ReadBool(&iter, &processed))
         process()->ReceivedBadMessage(message.type());
 
-      KeyQueue::value_type front_item = key_queue_.front();
+      NativeWebKeyboardEvent front_item = key_queue_.front();
       key_queue_.pop();
 
       if (!processed) {