Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(779)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/renderer/chrome_content_renderer_client.cc

Issue 7748022: Protect sensistive chrome: and chrome-extension: schemes as not being able to be manipulated by b... (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: '' Created 9 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | content/browser/renderer_host/resource_dispatcher_host_uitest.cc » ('j') | content/browser/renderer_host/resource_dispatcher_host_uitest.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chrome/renderer/chrome_content_renderer_client.h" 5 #include "chrome/renderer/chrome_content_renderer_client.h"
6 6
7 #include <string> 7 #include <string>
8 8
9 #include "base/command_line.h" 9 #include "base/command_line.h"
10 #include "base/message_loop.h" 10 #include "base/message_loop.h"
(...skipping 185 matching lines...) Expand 10 before | Expand all | Expand 10 after
196 // page could cause). 196 // page could cause).
197 WebString chrome_ui_scheme(ASCIIToUTF16(chrome::kChromeUIScheme)); 197 WebString chrome_ui_scheme(ASCIIToUTF16(chrome::kChromeUIScheme));
198 WebSecurityPolicy::registerURLSchemeAsDisplayIsolated(chrome_ui_scheme); 198 WebSecurityPolicy::registerURLSchemeAsDisplayIsolated(chrome_ui_scheme);
199 199
200 WebString dev_tools_scheme(ASCIIToUTF16(chrome::kChromeDevToolsScheme)); 200 WebString dev_tools_scheme(ASCIIToUTF16(chrome::kChromeDevToolsScheme));
201 WebSecurityPolicy::registerURLSchemeAsDisplayIsolated(dev_tools_scheme); 201 WebSecurityPolicy::registerURLSchemeAsDisplayIsolated(dev_tools_scheme);
202 202
203 WebString internal_scheme(ASCIIToUTF16(chrome::kChromeInternalScheme)); 203 WebString internal_scheme(ASCIIToUTF16(chrome::kChromeInternalScheme));
204 WebSecurityPolicy::registerURLSchemeAsDisplayIsolated(internal_scheme); 204 WebSecurityPolicy::registerURLSchemeAsDisplayIsolated(internal_scheme);
205 205
206 // chrome: pages should not be accessible by bookmarklets or javascript:
207 // URLs typed in the omnibox.
208 WebSecurityPolicy::registerURLSchemeAsNotAllowingJavascriptURLs(
209 chrome_ui_scheme);
210
206 // chrome-extension: resources shouldn't trigger insecure content warnings. 211 // chrome-extension: resources shouldn't trigger insecure content warnings.
207 WebString extension_scheme(ASCIIToUTF16(chrome::kExtensionScheme)); 212 WebString extension_scheme(ASCIIToUTF16(chrome::kExtensionScheme));
208 WebSecurityPolicy::registerURLSchemeAsSecure(extension_scheme); 213 WebSecurityPolicy::registerURLSchemeAsSecure(extension_scheme);
209 } 214 }
210 215
211 void ChromeContentRendererClient::RenderViewCreated(RenderView* render_view) { 216 void ChromeContentRendererClient::RenderViewCreated(RenderView* render_view) {
212 ContentSettingsObserver* content_settings = 217 ContentSettingsObserver* content_settings =
213 new ContentSettingsObserver(render_view); 218 new ContentSettingsObserver(render_view);
214 new ExtensionHelper(render_view, extension_dispatcher_.get()); 219 new ExtensionHelper(render_view, extension_dispatcher_.get());
215 new PageLoadHistograms(render_view, histogram_snapshots_.get()); 220 new PageLoadHistograms(render_view, histogram_snapshots_.get());
(...skipping 520 matching lines...) Expand 10 before | Expand all | Expand 10 after
736 if (spellcheck_.get()) 741 if (spellcheck_.get())
737 thread->RemoveObserver(spellcheck_.get()); 742 thread->RemoveObserver(spellcheck_.get());
738 SpellCheck* new_spellcheck = new SpellCheck(); 743 SpellCheck* new_spellcheck = new SpellCheck();
739 if (spellcheck_provider_) 744 if (spellcheck_provider_)
740 spellcheck_provider_->SetSpellCheck(new_spellcheck); 745 spellcheck_provider_->SetSpellCheck(new_spellcheck);
741 spellcheck_.reset(new_spellcheck); 746 spellcheck_.reset(new_spellcheck);
742 thread->AddObserver(new_spellcheck); 747 thread->AddObserver(new_spellcheck);
743 } 748 }
744 749
745 } // namespace chrome 750 } // namespace chrome
OLDNEW
« no previous file with comments | « no previous file | content/browser/renderer_host/resource_dispatcher_host_uitest.cc » ('j') | content/browser/renderer_host/resource_dispatcher_host_uitest.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698