Oxide

Shouldn't be able to pass QObjects to WebContextDelegateWorker

Bug #1445673 reported by Chris Coulson on 2015-04-17

This bug affects 1 person

	Status	Importance	Assigned to	Milestone
Oxide	Fix Released	Medium	Chris Coulson	Oxide branch-1.9
webbrowser-app	Fix Released	Medium	Olivier Tilloy
webbrowser-app (Ubuntu)	Fix Released	Undecided	Olivier Tilloy

Bug Description

Calling WebContextDelegateWorker::sendMessage allows the caller to pass a QObject in to the script running on another thread. This isn't safe, and we shouldn't allow this in the API at all

Related branches

lp:~oxide-developers/oxide/oxide.trunk

lp:~osomon/webbrowser-app/worker-script-no-regexp

Merged into lp:webbrowser-app at revision 1042

Chris Coulson: Approve on 2015-05-26

PS Jenkins bot: Needs Fixing (continuous-integration) on 2015-05-25

lp:~oxide-developers/oxide/packaging.wily.next

lp:~oxide-developers/oxide/packaging.vivid.next

lp:~oxide-developers/oxide/packaging.trusty.next

lp:~oxide-developers/oxide/packaging.wily

lp:~oxide-developers/oxide/packaging.vivid

lp:~oxide-developers/oxide/packaging.trusty

Chris Coulson (chrisccoulson) on 2015-04-17

Changed in oxide:
importance:	Undecided → Medium
status:	New → In Progress
assignee:	nobody → Chris Coulson (chrisccoulson)
status:	In Progress → Fix Released
milestone:	none → branch-1.8

Revision history for this message

Chris Coulson (chrisccoulson) wrote on 2015-05-25:

Reverted due to bug 1455371

Changed in oxide:
status:	Fix Released → Triaged
milestone:	branch-1.8 → branch-1.9

Chris Coulson (chrisccoulson) on 2015-05-25

Changed in webbrowser-app:
status:	New → Triaged
importance:	Undecided → Medium

Olivier Tilloy (osomon) on 2015-05-25

Changed in webbrowser-app:
status:	Triaged → In Progress
assignee:	nobody → Olivier Tilloy (osomon)

Revision history for this message

Launchpad Janitor (janitor) wrote on 2015-06-02:

This bug was fixed in the package webbrowser-app - 0.23+15.10.20150602-0ubuntu1

---------------
webbrowser-app (0.23+15.10.20150602-0ubuntu1) wily; urgency=medium

[ CI Train Bot ]
* New rebuild forced.

  [ Olivier Tilloy ]
  * Actually clear the network cache by deleting the correct set of
    files in the correct directory. (LP: #1459956)
  * Bump build dependency on liboxideqt-qmlplugin to 1.6 to fix unit
    tests.
  * Do not cache favicons on disk when browsing in private mode. (LP:
    #1458963)
  * Do not try to remove a file that doesn’t exist.
  * Pass plain strings to the worker script instead of RegExps. (LP:
    #1445673)
  * Remove the upstreamcomponents folder, and use components from the
    UITK instead. Add autopilot tests for the new tab view.
  * Update translation template.
  * Updated icon. (LP: #1457424)

  [ Riccardo Padovani ]
  * New tab view refactoring. (LP: #1371248, #1444023, #1351157,
    #1389605, #1442190)
  * New tab view refactoring. (LP: #1371248, #1444023, #1351157,
    #1389605, #1442190)

-- CI Train Bot <email address hidden> Tue, 02 Jun 2015 14:26:50 +0000

Changed in webbrowser-app (Ubuntu):
status:	New → Fix Released

Olivier Tilloy (osomon) on 2015-06-02

Changed in webbrowser-app:
status:	In Progress → Fix Released
Changed in webbrowser-app (Ubuntu):
assignee:	nobody → Olivier Tilloy (osomon)

Revision history for this message

Chris Coulson (chrisccoulson) wrote on 2015-06-12:

Landed again

Changed in oxide:
status:	Triaged → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.