Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(184)

Side by Side Diff: chrome/browser/renderer_host/buffered_resource_handler.cc

Issue 201044: Refuse to render RSS as XML by treating the response as text/plain. This is... (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Created 11 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2009 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2009 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chrome/browser/renderer_host/buffered_resource_handler.h" 5 #include "chrome/browser/renderer_host/buffered_resource_handler.h"
6 6
7 #include "base/histogram.h" 7 #include "base/histogram.h"
8 #include "base/logging.h" 8 #include "base/logging.h"
9 #include "base/string_util.h" 9 #include "base/string_util.h"
10 #include "net/base/mime_sniffer.h" 10 #include "net/base/mime_sniffer.h"
(...skipping 160 matching lines...) Expand 10 before | Expand all | Expand 10 after
171 } 171 }
172 172
173 if (sniffing_blocked && mime_type.empty() && !no_data) { 173 if (sniffing_blocked && mime_type.empty() && !no_data) {
174 // Ugg. The server told us not to sniff the content but didn't give us a 174 // Ugg. The server told us not to sniff the content but didn't give us a
175 // mime type. What's a browser to do? Turns out, we're supposed to treat 175 // mime type. What's a browser to do? Turns out, we're supposed to treat
176 // the response as "text/plain". This is the most secure option. 176 // the response as "text/plain". This is the most secure option.
177 mime_type.assign("text/plain"); 177 mime_type.assign("text/plain");
178 response_->response_head.mime_type.assign(mime_type); 178 response_->response_head.mime_type.assign(mime_type);
179 } 179 }
180 180
181 if (mime_type == "application/rss+xml" ||
182 mime_type == "application/atom+xml") {
183 // Sad face. The server told us that they wanted us to treat the response
184 // as RSS or Atom. Unfortunately, we don't have a built-in feed previewer
185 // like other browsers. We can't just render the content as XML because
186 // web sites let third parties inject arbitrary script into their RSS
187 // feeds. That leaves us with little choice but to practically ignore the
188 // response. In the future, when we have an RSS feed previewer, we can
189 // remove this logic.
190 mime_type.assign("text/plain");
191 response_->response_head.mime_type.assign(mime_type);
192 }
193
181 if (ShouldBuffer(request_->url(), mime_type)) { 194 if (ShouldBuffer(request_->url(), mime_type)) {
182 // This is a temporary fix for the fact that webkit expects to have 195 // This is a temporary fix for the fact that webkit expects to have
183 // enough data to decode the doctype in order to select the rendering 196 // enough data to decode the doctype in order to select the rendering
184 // mode. 197 // mode.
185 should_buffer_ = true; 198 should_buffer_ = true;
186 LOG(INFO) << "To buffer: " << request_->url().spec(); 199 LOG(INFO) << "To buffer: " << request_->url().spec();
187 return true; 200 return true;
188 } 201 }
189 202
190 if (!no_data && ShouldWaitForPlugins()) { 203 if (!no_data && ShouldWaitForPlugins()) {
(...skipping 242 matching lines...) Expand 10 before | Expand all | Expand 10 after
433 wait_for_plugins_ = false; 446 wait_for_plugins_ = false;
434 if (request_) { 447 if (request_) {
435 ResourceDispatcherHostRequestInfo* info = 448 ResourceDispatcherHostRequestInfo* info =
436 ResourceDispatcherHost::InfoForRequest(request_); 449 ResourceDispatcherHost::InfoForRequest(request_);
437 host_->PauseRequest(info->child_id(), info->request_id(), false); 450 host_->PauseRequest(info->child_id(), info->request_id(), false);
438 if (!CompleteResponseStarted(info->request_id(), false)) 451 if (!CompleteResponseStarted(info->request_id(), false))
439 host_->CancelRequest(info->child_id(), info->request_id(), false); 452 host_->CancelRequest(info->child_id(), info->request_id(), false);
440 } 453 }
441 Release(); 454 Release();
442 } 455 }
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698