Index: content/browser/renderer_host/render_view_host_impl.cc |
=================================================================== |
--- content/browser/renderer_host/render_view_host_impl.cc (revision 178378) |
+++ content/browser/renderer_host/render_view_host_impl.cc (working copy) |
@@ -1094,8 +1094,10 @@ |
ViewHostMsg_CreateWindow_Params validated_params(params); |
ChildProcessSecurityPolicyImpl* policy = |
ChildProcessSecurityPolicyImpl::GetInstance(); |
- // TODO(cevans): also validate opener_url, opener_security_origin. |
FilterURL(policy, GetProcess(), false, &validated_params.target_url); |
+ FilterURL(policy, GetProcess(), false, &validated_params.opener_url); |
+ FilterURL(policy, GetProcess(), true, |
+ &validated_params.opener_security_origin); |
delegate_->CreateNewWindow(route_id, validated_params, |
session_storage_namespace); |