summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--desktop/browser.c13
1 files changed, 13 insertions, 0 deletions
diff --git a/desktop/browser.c b/desktop/browser.c
index a81df9274..12bec0f68 100644
--- a/desktop/browser.c
+++ b/desktop/browser.c
@@ -51,6 +51,9 @@
/** maximum frame resize margin */
#define FRAME_RESIZE 6
+/** maximum frame depth */
+#define FRAME_DEPTH 8
+
/** browser window which is being redrawn. Valid only during redraw. */
struct browser_window *current_redraw_browser;
@@ -746,10 +749,20 @@ void browser_window_go_post(struct browser_window *bw, const char *url,
char *hash;
url_func_result res;
char url_buf[256];
+ int depth = 0;
+ struct browser_window *cur;
LOG(("bw %p, url %s", bw, url));
assert(bw);
assert(url);
+
+ /* don't allow massively nested framesets */
+ for (cur = bw; cur->parent; cur = cur->parent)
+ depth++;
+ if (depth > FRAME_DEPTH) {
+ LOG(("frame depth too high."));
+ return;
+ }
res = url_normalize(url, &url2);
if (res != URL_FUNC_OK) {
generated by cgit v1.2.3 (git 2.39.1) at 2024-04-24 09:14:30 +0000