Shouldn't be able to pass QObjects to WebContextDelegateWorker

Bug #1445673 reported by Chris Coulson on 2015-04-17
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Oxide
Medium
Chris Coulson
webbrowser-app
Fix Released
Medium
Olivier Tilloy
webbrowser-app (Ubuntu)
Undecided
Olivier Tilloy

Bug Description

Calling WebContextDelegateWorker::sendMessage allows the caller to pass a QObject in to the script running on another thread. This isn't safe, and we shouldn't allow this in the API at all

Changed in oxide:
importance: Undecided → Medium
status: New → In Progress
assignee: nobody → Chris Coulson (chrisccoulson)
status: In Progress → Fix Released
milestone: none → branch-1.8
Chris Coulson (chrisccoulson) wrote :

Reverted due to bug 1455371

Changed in oxide:
status: Fix Released → Triaged
milestone: branch-1.8 → branch-1.9
Changed in webbrowser-app:
status: New → Triaged
importance: Undecided → Medium
Olivier Tilloy (osomon) on 2015-05-25
Changed in webbrowser-app:
status: Triaged → In Progress
assignee: nobody → Olivier Tilloy (osomon)
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package webbrowser-app - 0.23+15.10.20150602-0ubuntu1

---------------
webbrowser-app (0.23+15.10.20150602-0ubuntu1) wily; urgency=medium

  [ CI Train Bot ]
  * New rebuild forced.

  [ Olivier Tilloy ]
  * Actually clear the network cache by deleting the correct set of
    files in the correct directory. (LP: #1459956)
  * Bump build dependency on liboxideqt-qmlplugin to 1.6 to fix unit
    tests.
  * Do not cache favicons on disk when browsing in private mode. (LP:
    #1458963)
  * Do not try to remove a file that doesn’t exist.
  * Pass plain strings to the worker script instead of RegExps. (LP:
    #1445673)
  * Remove the upstreamcomponents folder, and use components from the
    UITK instead. Add autopilot tests for the new tab view.
  * Update translation template.
  * Updated icon. (LP: #1457424)

  [ Riccardo Padovani ]
  * New tab view refactoring. (LP: #1371248, #1444023, #1351157,
    #1389605, #1442190)
  * New tab view refactoring. (LP: #1371248, #1444023, #1351157,
    #1389605, #1442190)

 -- CI Train Bot <email address hidden> Tue, 02 Jun 2015 14:26:50 +0000

Changed in webbrowser-app (Ubuntu):
status: New → Fix Released
Olivier Tilloy (osomon) on 2015-06-02
Changed in webbrowser-app:
status: In Progress → Fix Released
Changed in webbrowser-app (Ubuntu):
assignee: nobody → Olivier Tilloy (osomon)
Chris Coulson (chrisccoulson) wrote :

Landed again

Changed in oxide:
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers