Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(208)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/browser/web_contents/web_contents_impl.cc

Issue 10080018: Don't allow sending data URLs to WebUI, unless in a ChromeOS BalloonHost. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Fix compile errors and crash in tests. Created 8 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « content/browser/web_contents/render_view_host_manager_unittest.cc ('k') | content/browser/web_contents/web_contents_impl_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "content/browser/web_contents/web_contents_impl.h" 5 #include "content/browser/web_contents/web_contents_impl.h"
6 6
7 #include <utility> 7 #include <utility>
8 8
9 #include "base/command_line.h" 9 #include "base/command_line.h"
10 #include "base/metrics/histogram.h" 10 #include "base/metrics/histogram.h"
(...skipping 1054 matching lines...) Expand 10 before | Expand all | Expand 10 after
1065 RenderViewHostImpl* dest_render_view_host = 1065 RenderViewHostImpl* dest_render_view_host =
1066 static_cast<RenderViewHostImpl*>(render_manager_.Navigate(entry)); 1066 static_cast<RenderViewHostImpl*>(render_manager_.Navigate(entry));
1067 if (!dest_render_view_host) 1067 if (!dest_render_view_host)
1068 return false; // Unable to create the desired render view host. 1068 return false; // Unable to create the desired render view host.
1069 1069
1070 // For security, we should never send non-Web-UI URLs to a Web UI renderer. 1070 // For security, we should never send non-Web-UI URLs to a Web UI renderer.
1071 // Double check that here. 1071 // Double check that here.
1072 int enabled_bindings = dest_render_view_host->GetEnabledBindings(); 1072 int enabled_bindings = dest_render_view_host->GetEnabledBindings();
1073 WebUIControllerFactory* factory = 1073 WebUIControllerFactory* factory =
1074 content::GetContentClient()->browser()->GetWebUIControllerFactory(); 1074 content::GetContentClient()->browser()->GetWebUIControllerFactory();
1075 bool data_urls_allowed = delegate_ && delegate_->CanLoadDataURLsInWebUI();
1075 bool is_allowed_in_web_ui_renderer = 1076 bool is_allowed_in_web_ui_renderer =
1076 factory && 1077 factory &&
1077 factory->IsURLAcceptableForWebUI(GetBrowserContext(), entry.GetURL()); 1078 factory->IsURLAcceptableForWebUI(GetBrowserContext(), entry.GetURL(),
1078 #if defined(OS_CHROMEOS) 1079 data_urls_allowed);
1079 is_allowed_in_web_ui_renderer |= entry.GetURL().SchemeIs(chrome::kDataScheme);
1080 #endif
1081 if ((enabled_bindings & content::BINDINGS_POLICY_WEB_UI) && 1080 if ((enabled_bindings & content::BINDINGS_POLICY_WEB_UI) &&
1082 !is_allowed_in_web_ui_renderer) { 1081 !is_allowed_in_web_ui_renderer) {
1083 // Log the URL to help us diagnose http://crbug.com/72235. 1082 // Log the URL to help us diagnose any future failures of this CHECK.
1084 content::GetContentClient()->SetActiveURL(entry.GetURL()); 1083 content::GetContentClient()->SetActiveURL(entry.GetURL());
1085 CHECK(0); 1084 CHECK(0);
1086 } 1085 }
1087 1086
1088 // Tell DevTools agent that it is attached prior to the navigation. 1087 // Tell DevTools agent that it is attached prior to the navigation.
1089 DevToolsManagerImpl::GetInstance()->OnNavigatingToPendingEntry( 1088 DevToolsManagerImpl::GetInstance()->OnNavigatingToPendingEntry(
1090 GetRenderViewHost(), 1089 GetRenderViewHost(),
1091 dest_render_view_host, 1090 dest_render_view_host,
1092 entry.GetURL()); 1091 entry.GetURL());
1093 1092
(...skipping 1529 matching lines...) Expand 10 before | Expand all | Expand 10 after
2623 void WebContentsImpl::CreateViewAndSetSizeForRVH(RenderViewHost* rvh) { 2622 void WebContentsImpl::CreateViewAndSetSizeForRVH(RenderViewHost* rvh) {
2624 RenderWidgetHostView* rwh_view = GetView()->CreateViewForWidget(rvh); 2623 RenderWidgetHostView* rwh_view = GetView()->CreateViewForWidget(rvh);
2625 // Can be NULL during tests. 2624 // Can be NULL during tests.
2626 if (rwh_view) 2625 if (rwh_view)
2627 rwh_view->SetSize(GetView()->GetContainerSize()); 2626 rwh_view->SetSize(GetView()->GetContainerSize());
2628 } 2627 }
2629 2628
2630 RenderViewHostImpl* WebContentsImpl::GetRenderViewHostImpl() { 2629 RenderViewHostImpl* WebContentsImpl::GetRenderViewHostImpl() {
2631 return static_cast<RenderViewHostImpl*>(GetRenderViewHost()); 2630 return static_cast<RenderViewHostImpl*>(GetRenderViewHost());
2632 } 2631 }
OLDNEW
« no previous file with comments | « content/browser/web_contents/render_view_host_manager_unittest.cc ('k') | content/browser/web_contents/web_contents_impl_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698