summaryrefslogtreecommitdiffstats
path: root/chrome/browser/tab_contents.cc
diff options
context:
space:
mode:
authordarin@chromium.org <darin@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2008-09-26 23:40:45 +0000
committerdarin@chromium.org <darin@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2008-09-26 23:40:45 +0000
commit92db537b4746c329ba9ed15b028f9a33f5fb09e4 (patch)
treefd9bb4e9febcf9ad1f06e71e3dcc8b92283559c6 /chrome/browser/tab_contents.cc
parent7f081364c5fb7ff6e35eef3242e26097225fd10e (diff)
downloadchromium_src-92db537b4746c329ba9ed15b028f9a33f5fb09e4.zip
chromium_src-92db537b4746c329ba9ed15b028f9a33f5fb09e4.tar.gz
chromium_src-92db537b4746c329ba9ed15b028f9a33f5fb09e4.tar.bz2
Don't let a malicious web site open an unbounded number of constrained popups.
Patch by abarth@chromium.org R=ben BUG=2632 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@2654 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome/browser/tab_contents.cc')
-rw-r--r--chrome/browser/tab_contents.cc7
1 files changed, 7 insertions, 0 deletions
diff --git a/chrome/browser/tab_contents.cc b/chrome/browser/tab_contents.cc
index 7794b32..2a2a03c 100644
--- a/chrome/browser/tab_contents.cc
+++ b/chrome/browser/tab_contents.cc
@@ -19,6 +19,8 @@
#include "generated_resources.h"
+static size_t kMaxNumberOfConstrainedPopups = 20;
+
namespace {
BOOL CALLBACK InvalidateWindow(HWND hwnd, LPARAM lparam) {
@@ -277,6 +279,11 @@ void TabContents::AddNewContents(TabContents* new_contents,
void TabContents::AddConstrainedPopup(TabContents* new_contents,
const gfx::Rect& initial_pos) {
+ if (child_windows_.size() > kMaxNumberOfConstrainedPopups) {
+ new_contents->CloseContents();
+ return;
+ }
+
ConstrainedWindow* window =
ConstrainedWindow::CreateConstrainedPopup(
this, initial_pos, new_contents);
generated by cgit v1.1 at 2025-01-19 09:21:29 +0000