Chromium Code Reviews Chromium Code Reviews
Issue 10387074:
Only disallow top-level navigations in platform apps (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| Index: content/renderer/render_view_impl.cc |
| diff --git a/content/renderer/render_view_impl.cc b/content/renderer/render_view_impl.cc |
| index 267af1bc84bb23d83e55049f6bbbca0c58f7bebf..e57b045792a61e9514a65673ae5c4f97c079a4cf 100644 |
| --- a/content/renderer/render_view_impl.cc |
| +++ b/content/renderer/render_view_impl.cc |
| @@ -389,6 +389,47 @@ static void MaybeHandleDebugURL(const GURL& url) { |
| } |
| } |
| +// Returns false unless this is a top-level navigation. |
| +static bool IsTopLevelNavigation(WebKit::WebFrame* frame) { |
| + return frame->parent() == NULL; |
| +} |
| + |
| +// Returns false unless this is a top-level navigation that crosses origins. |
| +static bool IsNonLocalTopLevelNavigation(const GURL& url, |
| + WebKit::WebFrame* frame, |
|
darin (slow to review)
2012/05/21 22:09:54
nit: should not need the WebKit:: prefixes due to
Mihai Parparita -not on Chrome
2012/05/21 22:13:01
Done.
|
| + WebKit::WebNavigationType type) { |
| + if (!IsTopLevelNavigation(frame)) |
| + return false; |
| + |
| + // Navigations initiated within Webkit are not sent out to the external host |
| + // in the following cases. |
| + // 1. The url scheme is not http/https |
| + // 2. The origin of the url and the opener is the same in which case the |
| + // opener relationship is maintained. |
| + // 3. Reloads/form submits/back forward navigations |
| + if (!url.SchemeIs(chrome::kHttpScheme) && !url.SchemeIs(chrome::kHttpsScheme)) |
|
abarth-chromium
2012/05/21 20:44:19
What about FTP? Whenever you find yourself listin
|
| + return false; |
| + |
| + // Not interested in reloads/form submits/resubmits/back forward navigations. |
| + if (type != WebKit::WebNavigationTypeReload && |
| + type != WebKit::WebNavigationTypeFormSubmitted && |
| + type != WebKit::WebNavigationTypeFormResubmitted && |
| + type != WebKit::WebNavigationTypeBackForward) { |
| + // The opener relationship between the new window and the parent allows the |
| + // new window to script the parent and vice versa. This is not allowed if |
| + // the origins of the two domains are different. This can be treated as a |
| + // top level navigation and routed back to the host. |
| + WebKit::WebFrame* opener = frame->opener(); |
| + if (!opener) { |
| + return true; |
| + } else { |
|
darin (slow to review)
2012/05/21 22:09:54
nit: no need for "else" after "return"
Mihai Parparita -not on Chrome
2012/05/21 22:13:01
Done.
|
| + if (url.GetOrigin() != GURL(opener->document().url()).GetOrigin()) |
|
abarth-chromium
2012/05/21 20:44:19
This isn't the right way to do an origin compariso
|
| + return true; |
| + } |
| + } |
| + return false; |
| +} |
| + |
| /////////////////////////////////////////////////////////////////////////////// |
| struct RenderViewImpl::PendingFileChooser { |
| @@ -2375,14 +2416,18 @@ WebNavigationPolicy RenderViewImpl::decidePolicyForNavigation( |
| } |
| } |
| - // If the browser is interested, then give it a chance to look at top level |
| - // navigations. |
| + // If the browser is interested, then give it a chance to look at the request. |
| if (is_content_initiated) { |
| - bool browser_handles_top_level_requests = |
| - renderer_preferences_.browser_handles_top_level_requests && |
| + bool browser_handles_request = |
| + renderer_preferences_.browser_handles_non_local_top_level_requests && |
| IsNonLocalTopLevelNavigation(url, frame, type); |
| - if (browser_handles_top_level_requests || |
| - renderer_preferences_.browser_handles_all_requests) { |
| + if (!browser_handles_request) { |
| + browser_handles_request = |
| + renderer_preferences_.browser_handles_all_top_level_requests && |
| + IsTopLevelNavigation(frame); |
| + } |
| + |
| + if (browser_handles_request) { |
| // Reset these counters as the RenderView could be reused for the next |
| // navigation. |
| page_id_ = -1; |
| @@ -5324,41 +5369,6 @@ WebKit::WebUserMediaClient* RenderViewImpl::userMediaClient() { |
| return media_stream_impl_; |
| } |
| -bool RenderViewImpl::IsNonLocalTopLevelNavigation( |
| - const GURL& url, WebKit::WebFrame* frame, WebKit::WebNavigationType type) { |
| - // Must be a top level frame. |
| - if (frame->parent() != NULL) |
| - return false; |
| - |
| - // Navigations initiated within Webkit are not sent out to the external host |
| - // in the following cases. |
| - // 1. The url scheme is not http/https |
| - // 2. The origin of the url and the opener is the same in which case the |
| - // opener relationship is maintained. |
| - // 3. Reloads/form submits/back forward navigations |
| - if (!url.SchemeIs(chrome::kHttpScheme) && !url.SchemeIs(chrome::kHttpsScheme)) |
| - return false; |
| - |
| - // Not interested in reloads/form submits/resubmits/back forward navigations. |
| - if (type != WebKit::WebNavigationTypeReload && |
| - type != WebKit::WebNavigationTypeFormSubmitted && |
| - type != WebKit::WebNavigationTypeFormResubmitted && |
| - type != WebKit::WebNavigationTypeBackForward) { |
| - // The opener relationship between the new window and the parent allows the |
| - // new window to script the parent and vice versa. This is not allowed if |
| - // the origins of the two domains are different. This can be treated as a |
| - // top level navigation and routed back to the host. |
| - WebKit::WebFrame* opener = frame->opener(); |
| - if (!opener) { |
| - return true; |
| - } else { |
| - if (url.GetOrigin() != GURL(opener->document().url()).GetOrigin()) |
| - return true; |
| - } |
| - } |
| - return false; |
| -} |
| - |
| void RenderViewImpl::OnAsyncFileOpened( |
| base::PlatformFileError error_code, |
| IPC::PlatformFileForTransit file_for_transit, |
