| Index: content/browser/web_contents/web_contents_impl.cc
|
| diff --git a/content/browser/web_contents/web_contents_impl.cc b/content/browser/web_contents/web_contents_impl.cc
|
| index 05dafcd5a03c47149959973c9ea7ad5ec9ee9b18..b372c0bc8c6956e3557a36bde4acdc4da98538b7 100644
|
| --- a/content/browser/web_contents/web_contents_impl.cc
|
| +++ b/content/browser/web_contents/web_contents_impl.cc
|
| @@ -2335,10 +2335,18 @@ void WebContentsImpl::DocumentOnLoadCompletedInMainFrame(
|
| content::Details<int>(&page_id));
|
| }
|
|
|
| -void WebContentsImpl::RequestOpenURL(const GURL& url,
|
| +void WebContentsImpl::RequestOpenURL(RenderViewHost* rvh,
|
| + const GURL& url,
|
| const content::Referrer& referrer,
|
| WindowOpenDisposition disposition,
|
| int64 source_frame_id) {
|
| + // If this came from a swapped out RenderViewHost, we only allow the request
|
| + // if we are still in the same BrowsingInstance.
|
| + if (static_cast<RenderViewHostImpl*>(rvh)->is_swapped_out() &&
|
| + !rvh->GetSiteInstance()->IsRelatedSiteInstance(GetSiteInstance())) {
|
| + return;
|
| + }
|
| +
|
| // Delegate to RequestTransferURL because this is just the generic
|
| // case where |old_request_id| is empty.
|
| RequestTransferURL(url, referrer, disposition, source_frame_id,
|
|
|
Chromium Code Reviews
Issue 10350013:
Don't allow targeted navigations across BrowsingInstances. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src