Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(87)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/renderer/chrome_content_renderer_client.cc

Issue 7748022: Protect sensistive chrome: and chrome-extension: schemes as not being able to be manipulated by b... (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Created 9 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chrome/renderer/chrome_content_renderer_client.h" 5 #include "chrome/renderer/chrome_content_renderer_client.h"
6 6
7 #include <string> 7 #include <string>
8 8
9 #include "base/command_line.h" 9 #include "base/command_line.h"
10 #include "base/message_loop.h" 10 #include "base/message_loop.h"
(...skipping 188 matching lines...) Expand 10 before | Expand all | Expand 10 after
199 199
200 WebString dev_tools_scheme(ASCIIToUTF16(chrome::kChromeDevToolsScheme)); 200 WebString dev_tools_scheme(ASCIIToUTF16(chrome::kChromeDevToolsScheme));
201 WebSecurityPolicy::registerURLSchemeAsDisplayIsolated(dev_tools_scheme); 201 WebSecurityPolicy::registerURLSchemeAsDisplayIsolated(dev_tools_scheme);
202 202
203 WebString internal_scheme(ASCIIToUTF16(chrome::kChromeInternalScheme)); 203 WebString internal_scheme(ASCIIToUTF16(chrome::kChromeInternalScheme));
204 WebSecurityPolicy::registerURLSchemeAsDisplayIsolated(internal_scheme); 204 WebSecurityPolicy::registerURLSchemeAsDisplayIsolated(internal_scheme);
205 205
206 // chrome-extension: resources shouldn't trigger insecure content warnings. 206 // chrome-extension: resources shouldn't trigger insecure content warnings.
207 WebString extension_scheme(ASCIIToUTF16(chrome::kExtensionScheme)); 207 WebString extension_scheme(ASCIIToUTF16(chrome::kExtensionScheme));
208 WebSecurityPolicy::registerURLSchemeAsSecure(extension_scheme); 208 WebSecurityPolicy::registerURLSchemeAsSecure(extension_scheme);
209
210 // chrome: and chrome-extension: pages should not be accessible by
211 // bookmarklets or javascript: URLs typed in the omnibox.
212 WebSecurityPolicy::registerURLSchemeAsNotAllowingJavascriptURLs(
213 chrome_ui_scheme);
214 WebSecurityPolicy::registerURLSchemeAsNotAllowingJavascriptURLs(
215 extension_scheme);
Mihai Parparita -not on Chrome 2011/08/25 18:30:56 This also includes packaged apps, users might expe
209 } 216 }
210 217
211 void ChromeContentRendererClient::RenderViewCreated(RenderView* render_view) { 218 void ChromeContentRendererClient::RenderViewCreated(RenderView* render_view) {
212 ContentSettingsObserver* content_settings = 219 ContentSettingsObserver* content_settings =
213 new ContentSettingsObserver(render_view); 220 new ContentSettingsObserver(render_view);
214 new ExtensionHelper(render_view, extension_dispatcher_.get()); 221 new ExtensionHelper(render_view, extension_dispatcher_.get());
215 new PageLoadHistograms(render_view, histogram_snapshots_.get()); 222 new PageLoadHistograms(render_view, histogram_snapshots_.get());
216 new PrintWebViewHelper(render_view); 223 new PrintWebViewHelper(render_view);
217 new SearchBox(render_view); 224 new SearchBox(render_view);
218 spellcheck_provider_ = new SpellCheckProvider(render_view, spellcheck_.get()); 225 spellcheck_provider_ = new SpellCheckProvider(render_view, spellcheck_.get());
(...skipping 517 matching lines...) Expand 10 before | Expand all | Expand 10 after
736 if (spellcheck_.get()) 743 if (spellcheck_.get())
737 thread->RemoveObserver(spellcheck_.get()); 744 thread->RemoveObserver(spellcheck_.get());
738 SpellCheck* new_spellcheck = new SpellCheck(); 745 SpellCheck* new_spellcheck = new SpellCheck();
739 if (spellcheck_provider_) 746 if (spellcheck_provider_)
740 spellcheck_provider_->SetSpellCheck(new_spellcheck); 747 spellcheck_provider_->SetSpellCheck(new_spellcheck);
741 spellcheck_.reset(new_spellcheck); 748 spellcheck_.reset(new_spellcheck);
742 thread->AddObserver(new_spellcheck); 749 thread->AddObserver(new_spellcheck);
743 } 750 }
744 751
745 } // namespace chrome 752 } // namespace chrome
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698