| OLD | NEW |
|---|
| 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/renderer_host/renderer_security_policy.h" | 5 #include "chrome/browser/renderer_host/renderer_security_policy.h" |
| 6 | 6 |
| 7 #include "base/logging.h" | 7 #include "base/logging.h" |
| 8 #include "base/string_util.h" | 8 #include "base/string_util.h" |
| 9 #include "chrome/common/url_constants.h" | 9 #include "chrome/common/url_constants.h" |
| 10 #ifdef CHROME_PERSONALIZATION | 10 #ifdef CHROME_PERSONALIZATION |
| (...skipping 116 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 127 | 127 |
| 128 bool RendererSecurityPolicy::IsWebSafeScheme(const std::string& scheme) { | 128 bool RendererSecurityPolicy::IsWebSafeScheme(const std::string& scheme) { |
| 129 AutoLock lock(lock_); | 129 AutoLock lock(lock_); |
| 130 | 130 |
| 131 return (web_safe_schemes_.find(scheme) != web_safe_schemes_.end()); | 131 return (web_safe_schemes_.find(scheme) != web_safe_schemes_.end()); |
| 132 } | 132 } |
| 133 | 133 |
| 134 void RendererSecurityPolicy::RegisterPseudoScheme(const std::string& scheme) { | 134 void RendererSecurityPolicy::RegisterPseudoScheme(const std::string& scheme) { |
| 135 AutoLock lock(lock_); | 135 AutoLock lock(lock_); |
| 136 DCHECK(pseudo_schemes_.count(scheme) == 0) << "Add schemes at most once."; | 136 DCHECK(pseudo_schemes_.count(scheme) == 0) << "Add schemes at most once."; |
| 137 DCHECK(web_safe_schemes_.count(scheme) == 0) << "Psuedo implies not web-safe."
; | 137 DCHECK(web_safe_schemes_.count(scheme) == 0) << |
| 138 "Psuedo implies not web-safe."; |
| 138 | 139 |
| 139 pseudo_schemes_.insert(scheme); | 140 pseudo_schemes_.insert(scheme); |
| 140 } | 141 } |
| 141 | 142 |
| 142 bool RendererSecurityPolicy::IsPseudoScheme(const std::string& scheme) { | 143 bool RendererSecurityPolicy::IsPseudoScheme(const std::string& scheme) { |
| 143 AutoLock lock(lock_); | 144 AutoLock lock(lock_); |
| 144 | 145 |
| 145 return (pseudo_schemes_.find(scheme) != pseudo_schemes_.end()); | 146 return (pseudo_schemes_.find(scheme) != pseudo_schemes_.end()); |
| 146 } | 147 } |
| 147 | 148 |
| 148 void RendererSecurityPolicy::GrantRequestURL(int renderer_id, const GURL& url) { | 149 void RendererSecurityPolicy::GrantRequestURL(int renderer_id, const GURL& url) { |
| 149 | 150 |
| 150 if (!url.is_valid()) | 151 if (!url.is_valid()) |
| 151 return; // Can't grant the capability to request invalid URLs. | 152 return; // Can't grant the capability to request invalid URLs. |
| 152 | 153 |
| 153 if (IsWebSafeScheme(url.scheme())) | 154 if (IsWebSafeScheme(url.scheme())) |
| 154 return; // The scheme has already been white-listed for every renderer. | 155 return; // The scheme has already been white-listed for every renderer. |
| 155 | 156 |
| 156 if (IsPseudoScheme(url.scheme())) { | 157 if (IsPseudoScheme(url.scheme())) { |
| 157 // The view-source scheme is a special case of a pseudo URL that eventually | 158 // The view-source scheme is a special case of a pseudo URL that eventually |
| 158 // results in requesting its embedded URL. | 159 // results in requesting its embedded URL. |
| 159 if (url.SchemeIs(chrome::kViewSourceScheme)) { | 160 if (url.SchemeIs(chrome::kViewSourceScheme)) { |
| 160 // URLs with the view-source scheme typically look like: | 161 // URLs with the view-source scheme typically look like: |
| 161 // view-source:http://www.google.com/a | 162 // view-source:http://www.google.com/a |
| 162 // In order to request these URLs, the renderer needs to be able to reques
t | 163 // In order to request these URLs, the renderer needs to be able to |
| 163 // the embedded URL. | 164 // request the embedded URL. |
| 164 GrantRequestURL(renderer_id, GURL(url.path())); | 165 GrantRequestURL(renderer_id, GURL(url.path())); |
| 165 } | 166 } |
| 166 | 167 |
| 167 return; // Can't grant the capability to request pseudo schemes. | 168 return; // Can't grant the capability to request pseudo schemes. |
| 168 } | 169 } |
| 169 | 170 |
| 170 { | 171 { |
| 171 AutoLock lock(lock_); | 172 AutoLock lock(lock_); |
| 172 SecurityStateMap::iterator state = security_state_.find(renderer_id); | 173 SecurityStateMap::iterator state = security_state_.find(renderer_id); |
| 173 if (state == security_state_.end()) | 174 if (state == security_state_.end()) |
| (...skipping 104 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 278 bool RendererSecurityPolicy::HasDOMUIBindings(int renderer_id) { | 279 bool RendererSecurityPolicy::HasDOMUIBindings(int renderer_id) { |
| 279 AutoLock lock(lock_); | 280 AutoLock lock(lock_); |
| 280 | 281 |
| 281 SecurityStateMap::iterator state = security_state_.find(renderer_id); | 282 SecurityStateMap::iterator state = security_state_.find(renderer_id); |
| 282 if (state == security_state_.end()) | 283 if (state == security_state_.end()) |
| 283 return false; | 284 return false; |
| 284 | 285 |
| 285 return state->second->has_dom_ui_bindings(); | 286 return state->second->has_dom_ui_bindings(); |
| 286 } | 287 } |
| 287 | 288 |
| OLD | NEW |
|---|
Chromium Code Reviews
