Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1111)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/browser/tab_contents/tab_contents.cc

Issue 172120: Revert "Revert "Allow DOMUI pages to call window.open(), giving DOMUI privileges to the new"" (Closed)
Patch Set: Created 11 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « chrome/browser/tab_contents/tab_contents.h ('k') | chrome/browser/tab_contents/tab_contents_view.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/browser/tab_contents/tab_contents.cc
diff --git a/chrome/browser/tab_contents/tab_contents.cc b/chrome/browser/tab_contents/tab_contents.cc
index b5b5111d409c69fd101683d6bb8cef92dd81e0ee..2b79923460f358e1d517c65f4e57ce87017d8804 100644
--- a/chrome/browser/tab_contents/tab_contents.cc
+++ b/chrome/browser/tab_contents/tab_contents.cc
@@ -259,7 +259,8 @@ TabContents::TabContents(Profile* profile,
message_box_active_(CreateEvent(NULL, TRUE, FALSE, NULL)),
#endif
last_javascript_message_dismissal_(),
- suppress_javascript_messages_(false) {
+ suppress_javascript_messages_(false),
+ opener_dom_ui_type_(DOMUIFactory::kNoDOMUI) {
pending_install_.page_id = 0;
pending_install_.callback_functor = NULL;
@@ -1268,6 +1269,21 @@ DOMUI* TabContents::GetDOMUIForCurrentState() {
void TabContents::DidNavigateMainFramePostCommit(
const NavigationController::LoadCommittedDetails& details,
const ViewHostMsg_FrameNavigate_Params& params) {
+ if (opener_dom_ui_type_ != DOMUIFactory::kNoDOMUI) {
+ // If this is a window.open navigation, use the same DOMUI as the renderer
+ // that opened the window, as long as both renderers have the same
+ // privileges.
+ if (opener_dom_ui_type_ == DOMUIFactory::GetDOMUIType(GetURL())) {
+ DOMUI* dom_ui = DOMUIFactory::CreateDOMUIForURL(this, GetURL());
+ // dom_ui might be NULL if the URL refers to a non-existent extension.
+ if (dom_ui) {
+ render_manager_.SetDOMUIPostCommit(dom_ui);
+ dom_ui->RenderViewCreated(render_view_host());
+ }
+ }
+ opener_dom_ui_type_ = DOMUIFactory::kNoDOMUI;
+ }
+
if (details.is_user_initiated_main_frame_load()) {
// Clear the status bubble. This is a workaround for a bug where WebKit
// doesn't let us know that the cursor left an element during a
@@ -2108,10 +2124,9 @@ void TabContents::ProcessDOMUIMessage(const std::string& message,
int request_id,
bool has_callback) {
if (!render_manager_.dom_ui()) {
- // We shouldn't get a DOM UI message when we haven't enabled the DOM UI.
- // Because the renderer might be owned and sending random messages, we need
- // to ignore these inproper ones.
- NOTREACHED();
+ // This can happen if someone uses window.open() to open an extension URL
+ // from a non-extension context.
+ render_view_host()->BlockExtensionRequest(request_id);
return;
}
render_manager_.dom_ui()->ProcessDOMUIMessage(message, content, request_id,
« no previous file with comments | « chrome/browser/tab_contents/tab_contents.h ('k') | chrome/browser/tab_contents/tab_contents_view.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698