| OLD | NEW |
|---|
| 1 // Copyright (c) 2009 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2009 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/renderer/notification_provider.h" | 5 #include "chrome/renderer/notification_provider.h" |
| 6 | 6 |
| 7 #include "base/string_util.h" | 7 #include "base/string_util.h" |
| 8 #include "base/task.h" | 8 #include "base/task.h" |
| 9 #include "chrome/common/render_messages.h" | 9 #include "chrome/common/render_messages.h" |
| 10 #include "chrome/common/url_constants.h" | 10 #include "chrome/common/url_constants.h" |
| (...skipping 77 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 88 IPC_END_MESSAGE_MAP() | 88 IPC_END_MESSAGE_MAP() |
| 89 return handled; | 89 return handled; |
| 90 } | 90 } |
| 91 | 91 |
| 92 void NotificationProvider::OnNavigate() { | 92 void NotificationProvider::OnNavigate() { |
| 93 manager_.Clear(); | 93 manager_.Clear(); |
| 94 } | 94 } |
| 95 | 95 |
| 96 bool NotificationProvider::ShowHTML(const WebNotification& notification, | 96 bool NotificationProvider::ShowHTML(const WebNotification& notification, |
| 97 int id) { | 97 int id) { |
| 98 // Disallow HTML notifications from non-HTTP schemes. | 98 // Disallow HTML notifications from unwanted schemes. javascript: |
| 99 // in particular allows unwanted cross-domain access. |
| 99 GURL url = notification.url(); | 100 GURL url = notification.url(); |
| 100 if (!url.SchemeIs(chrome::kHttpScheme) && | 101 if (!url.SchemeIs(chrome::kHttpScheme) && |
| 101 !url.SchemeIs(chrome::kHttpsScheme) && | 102 !url.SchemeIs(chrome::kHttpsScheme) && |
| 102 !url.SchemeIs(chrome::kExtensionScheme)) | 103 !url.SchemeIs(chrome::kExtensionScheme) && |
| 104 !url.SchemeIs(chrome::kDataScheme)) |
| 103 return false; | 105 return false; |
| 104 | 106 |
| 105 DCHECK(notification.isHTML()); | 107 DCHECK(notification.isHTML()); |
| 106 return Send(new ViewHostMsg_ShowDesktopNotification(view_->routing_id(), | 108 return Send(new ViewHostMsg_ShowDesktopNotification(view_->routing_id(), |
| 107 GURL(view_->webview()->mainFrame()->url()).GetOrigin(), | 109 GURL(view_->webview()->mainFrame()->url()).GetOrigin(), |
| 108 notification.url(), id)); | 110 notification.url(), id)); |
| 109 } | 111 } |
| 110 | 112 |
| 111 bool NotificationProvider::ShowText(const WebNotification& notification, | 113 bool NotificationProvider::ShowText(const WebNotification& notification, |
| 112 int id) { | 114 int id) { |
| (...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 149 void NotificationProvider::OnPermissionRequestComplete(int id) { | 151 void NotificationProvider::OnPermissionRequestComplete(int id) { |
| 150 WebNotificationPermissionCallback* callback = manager_.GetCallback(id); | 152 WebNotificationPermissionCallback* callback = manager_.GetCallback(id); |
| 151 DCHECK(callback); | 153 DCHECK(callback); |
| 152 callback->permissionRequestComplete(); | 154 callback->permissionRequestComplete(); |
| 153 manager_.OnPermissionRequestComplete(id); | 155 manager_.OnPermissionRequestComplete(id); |
| 154 } | 156 } |
| 155 | 157 |
| 156 bool NotificationProvider::Send(IPC::Message* message) { | 158 bool NotificationProvider::Send(IPC::Message* message) { |
| 157 return RenderThread::current()->Send(message); | 159 return RenderThread::current()->Send(message); |
| 158 } | 160 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2779005:
Allow creating HTML notifications with the data: scheme. I've confirmed this... (Closed)
Base URL: svn://chrome-svn/chrome/trunk/src/