Apply frame-src content-security-policy to WebUI pages.

chrome/browser/ui/webui/chrome_url_data_manager_backend.cc

Index: chrome/browser/ui/webui/chrome_url_data_manager_backend.cc
===================================================================
--- chrome/browser/ui/webui/chrome_url_data_manager_backend.cc	(revision 152132)
+++ chrome/browser/ui/webui/chrome_url_data_manager_backend.cc	(working copy)
@@ -88,23 +88,38 @@
   }
 };
 
-// It is OK to add URLs to this set which slightly reduces the CSP for them.
-class ChromeURLContentSecurityPolicyObjectTagSet
-    : public std::set<std::string> {
+// It is OK to add URLs to these maps and slightly reduce the CSP protection
+// applied to the WebUI page.

[Evan Stade, 2012/08/21 20:56:26]

documentation for what this is a map from and to

+class ChromeURLObjectSrcExceptionMap
+    : public std::map<std::string, std::string> {
  public:
-  ChromeURLContentSecurityPolicyObjectTagSet() : std::set<std::string>() {
-    insert(chrome::kChromeUIPrintHost);
+  ChromeURLObjectSrcExceptionMap() : std::map<std::string, std::string>() {
+    insert(std::pair<std::string, std::string>(
+        chrome::kChromeUIPrintHost, "object-src 'self';"));
   }
 };
 
+class ChromeURLFrameSrcExceptionMap
+    : public std::map<std::string, std::string> {
+ public:
+  ChromeURLFrameSrcExceptionMap() : std::map<std::string, std::string>() {
+    insert(std::pair<std::string, std::string>(
+        chrome::kChromeUIUberHost, "frame-src chrome:;"));
+    insert(std::pair<std::string, std::string>(
+        chrome::kChromeUIUberFrameHost, "frame-src chrome:;"));
+  }
+};
+
 base::LazyInstance<ChromeURLContentSecurityPolicyExceptionSet>
     g_chrome_url_content_security_policy_exception_set =
         LAZY_INSTANCE_INITIALIZER;
 
-base::LazyInstance<ChromeURLContentSecurityPolicyObjectTagSet>
-    g_chrome_url_content_security_policy_object_tag_set =
-        LAZY_INSTANCE_INITIALIZER;
+base::LazyInstance<ChromeURLObjectSrcExceptionMap>
+    g_chrome_url_object_src_exception_map = LAZY_INSTANCE_INITIALIZER;
 
+base::LazyInstance<ChromeURLFrameSrcExceptionMap>
+    g_chrome_url_frame_src_exception_map = LAZY_INSTANCE_INITIALIZER;
+
 // Determine the least-privileged content security policy header, if any,
 // that is compatible with a given WebUI URL, and append it to the existing
 // response headers.
@@ -115,13 +130,21 @@
 
   if (exceptions->find(url.host()) == exceptions->end()) {
     std::string base = kChromeURLContentSecurityPolicyHeaderBase;
-    ChromeURLContentSecurityPolicyObjectTagSet* object_tag_set =
-        g_chrome_url_content_security_policy_object_tag_set.Pointer();
 
-    base.append(object_tag_set->find(url.host()) == object_tag_set->end() ?
-                "object-src 'none';" :
-                "object-src 'self';");
+    ChromeURLObjectSrcExceptionMap* object_map =
+        g_chrome_url_object_src_exception_map.Pointer();
+    ChromeURLObjectSrcExceptionMap::iterator object_iter =
+        object_map->find(url.host());
+    base.append(object_iter == object_map->end() ?
+                "object-src 'none';" : object_iter->second);
 
+    ChromeURLFrameSrcExceptionMap* frame_map =
+        g_chrome_url_frame_src_exception_map.Pointer();
+    ChromeURLFrameSrcExceptionMap::iterator frame_iter =
+        frame_map->find(url.host());
+    base.append(frame_iter == frame_map->end() ?
+                "frame-src 'none';" : frame_iter->second);
+
     headers->AddHeader(base);
   }
 }