Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(878)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/browser/ui/webui/chrome_web_ui_controller_factory.cc

Issue 10080018: Don't allow sending data URLs to WebUI, unless in a ChromeOS BalloonHost. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Fix compile errors and crash in tests. Created 8 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « chrome/browser/ui/webui/chrome_web_ui_controller_factory.h ('k') | content/browser/site_instance_impl_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chrome/browser/ui/webui/chrome_web_ui_controller_factory.h" 5 #include "chrome/browser/ui/webui/chrome_web_ui_controller_factory.h"
6 6
7 #include "base/command_line.h" 7 #include "base/command_line.h"
8 #include "chrome/browser/about_flags.h" 8 #include "chrome/browser/about_flags.h"
9 #include "chrome/browser/browser_process.h" 9 #include "chrome/browser/browser_process.h"
10 #include "chrome/browser/extensions/extension_service.h" 10 #include "chrome/browser/extensions/extension_service.h"
(...skipping 376 matching lines...) Expand 10 before | Expand all | Expand 10 after
387 // Extensions are rendered via WebUI in tabs, but don't actually need WebUI 387 // Extensions are rendered via WebUI in tabs, but don't actually need WebUI
388 // bindings (see the ExtensionWebUI constructor). 388 // bindings (see the ExtensionWebUI constructor).
389 return !NeedsExtensionWebUI(NULL, 389 return !NeedsExtensionWebUI(NULL,
390 Profile::FromBrowserContext(browser_context), 390 Profile::FromBrowserContext(browser_context),
391 url) && 391 url) &&
392 UseWebUIForURL(browser_context, url); 392 UseWebUIForURL(browser_context, url);
393 } 393 }
394 394
395 bool ChromeWebUIControllerFactory::IsURLAcceptableForWebUI( 395 bool ChromeWebUIControllerFactory::IsURLAcceptableForWebUI(
396 content::BrowserContext* browser_context, 396 content::BrowserContext* browser_context,
397 const GURL& url) const { 397 const GURL& url,
398 bool data_urls_allowed) const {
398 return UseWebUIForURL(browser_context, url) || 399 return UseWebUIForURL(browser_context, url) ||
399 // javacsript: URLs are allowed to run in Web UI pages 400 // javacsript: URLs are allowed to run in Web UI pages
400 url.SchemeIs(chrome::kJavaScriptScheme) || 401 url.SchemeIs(chrome::kJavaScriptScheme) ||
401 // It's possible to load about:blank in a Web UI renderer. 402 // It's possible to load about:blank in a Web UI renderer.
402 // See http://crbug.com/42547 403 // See http://crbug.com/42547
403 url.spec() == chrome::kAboutBlankURL || 404 url.spec() == chrome::kAboutBlankURL ||
404 // Chrome URLs crash, kill, hang, and shorthang are allowed. 405 // Chrome URLs crash, kill, hang, and shorthang are allowed.
405 url == GURL(chrome::kChromeUICrashURL) || 406 url == GURL(chrome::kChromeUICrashURL) ||
406 url == GURL(chrome::kChromeUIKillURL) || 407 url == GURL(chrome::kChromeUIKillURL) ||
407 url == GURL(chrome::kChromeUIHangURL) || 408 url == GURL(chrome::kChromeUIHangURL) ||
408 url == GURL(chrome::kChromeUIShorthangURL); 409 url == GURL(chrome::kChromeUIShorthangURL) ||
410 // Data URLs are usually not allowed in WebUI for security reasons.
411 // BalloonHosts are one exception needed by ChromeOS, and are safe because
412 // they cannot be scripted by other pages.
413 (data_urls_allowed && url.SchemeIs(chrome::kDataScheme));
409 } 414 }
410 415
411 WebUIController* ChromeWebUIControllerFactory::CreateWebUIControllerForURL( 416 WebUIController* ChromeWebUIControllerFactory::CreateWebUIControllerForURL(
412 content::WebUI* web_ui, 417 content::WebUI* web_ui,
413 const GURL& url) const { 418 const GURL& url) const {
414 Profile* profile = Profile::FromWebUI(web_ui); 419 Profile* profile = Profile::FromWebUI(web_ui);
415 WebUIFactoryFunction function = GetWebUIFactoryFunction(web_ui, profile, url); 420 WebUIFactoryFunction function = GetWebUIFactoryFunction(web_ui, profile, url);
416 if (!function) 421 if (!function)
417 return NULL; 422 return NULL;
418 423
(...skipping 81 matching lines...) Expand 10 before | Expand all | Expand 10 after
500 if (page_url.host() == chrome::kChromeUISettingsFrameHost) 505 if (page_url.host() == chrome::kChromeUISettingsFrameHost)
501 return options2::OptionsUI::GetFaviconResourceBytes(); 506 return options2::OptionsUI::GetFaviconResourceBytes();
502 507
503 // Android doesn't use the plugins pages. 508 // Android doesn't use the plugins pages.
504 if (page_url.host() == chrome::kChromeUIPluginsHost) 509 if (page_url.host() == chrome::kChromeUIPluginsHost)
505 return PluginsUI::GetFaviconResourceBytes(); 510 return PluginsUI::GetFaviconResourceBytes();
506 #endif 511 #endif
507 512
508 return NULL; 513 return NULL;
509 } 514 }
OLDNEW
« no previous file with comments | « chrome/browser/ui/webui/chrome_web_ui_controller_factory.h ('k') | content/browser/site_instance_impl_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698