Details
-
Bug
-
Resolution: Won't Do
-
P1: Critical
-
None
-
5.11.1, 5.12
-
None
-
All
Description
When a custom URL scheme handler does this in JS:
let blob = new Blob(['foo']); URL.createObjectURL(blob);
The renderer process crashes with:
[13767:13773:0906/181417.829985:VERBOSE1:blob_dispatcher_host.cc(70)] BlobDispatcherHost::OnRegisterPublicBlobURL(blob:qute:///ce823582-a3f7-4b90-95f9-b6061774ed5e, 1fc889a4-bdce-4c17-bda2-235db22a2c04): Invalid or prohibited URL. [13767:13773:0906/181417.829993:ERROR:bad_message.cc(25)] Terminating renderer for bad IPC message, reason 139
139 is BDH_DISALLOWED_ORIGIN and the message seems to be coming from BlobDispatcherHost::OnRegisterPublicBlobURL.
This can be observed by using the WebUI example, but commenting out the call to WebUiHandler::registerUrlScheme();, then starting it with QTWEBENGINE_REMOTE_DEBUGGING set and running the code above in the JS console.
When the URL scheme is registered (even with the default flags), things seem to be working fine - but that's not an option on Qt 5.11.
I originally saw this happen when using PDF.js via a custom URL scheme handler - there, a workaround is to set PDFJS.disableCreateObjectURL = true which causes it to use data: URLs instead.
Attachments
| For Gerrit Dashboard: QTBUG-70420 | ||||||
|---|---|---|---|---|---|---|
| # | Subject | Branch | Project | Status | CR | V |
| 239788,4 | Add test for URL.createObjectURL on custom schemes | 5.12 | qt/qtwebengine | Status: MERGED | -2 | 0 |