LibWeb: Make frames nesting-aware and disallow deep nesting

A Frame now knows about its nesting-level. The FrameLoader checks whether the recursion level of the current frame allows it to be displayed and if not doesn't even load the requested resource. The nesting-check is done on a per-URL-basis, so there can be many many nested Frames as long as they have different URLs. If there are however Frames with the same URL nested inside each other we only allow this to happen 3 times. This mitigates infinetely recursing <iframe>s in an HTML-document crashing the browser with an OOM.
Author: https://github.com/TobyAsE Commit: 1b6824d296 Pull-request: https://github.com/SerenityOS/serenity/pull/6485 Issue: https://github.com/SerenityOS/serenity/issues/6449 Reviewed-by: https://github.com/awesomekling
2025-04-30 08:18:49 +00:00 · 2021-04-19 14:30:08 +02:00 · 2021-04-19 14:30:08 +02:00 · 1b6824d296 · 2024-07-18 18:34:28 +09:00
commit 1b6824d296
parent 9e49895bbf
4 changed files with 27 additions and 1 deletions
--- a/Userland/Libraries/LibWeb/HTML/FrameHostElement.cpp
+++ b/Userland/Libraries/LibWeb/HTML/FrameHostElement.cpp
@ -26,8 +26,11 @@ void FrameHostElement::inserted()
    HTMLElement::inserted();
    if (!is_connected())
        return;
-    if (auto* frame = document().frame())
+    if (auto* frame = document().frame()) {
        m_content_frame = Frame::create_subframe(*this, frame->main_frame());
+        m_content_frame->set_frame_nesting_levels(frame->frame_nesting_levels());
+        m_content_frame->register_frame_nesting(document().url());
+    }
 }

 Origin FrameHostElement::content_origin() const