Chromium Code Reviews Chromium Code Reviews
Issue 8080004:
Fix bug where --allow-running-insecure-content flag doesn't work against google.com sites in stab... (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/renderer/chrome_render_view_observer.h" | 5 #include "chrome/renderer/chrome_render_view_observer.h" |
| 6 | 6 |
| 7 #include "base/command_line.h" | 7 #include "base/command_line.h" |
| 8 #include "base/message_loop.h" | 8 #include "base/message_loop.h" |
| 9 #include "base/metrics/histogram.h" | 9 #include "base/metrics/histogram.h" |
| 10 #include "base/string_util.h" | 10 #include "base/string_util.h" |
| 11 #include "chrome/common/chrome_constants.h" | 11 #include "chrome/common/chrome_constants.h" |
| 12 #include "chrome/common/chrome_switches.h" | 12 #include "chrome/common/chrome_switches.h" |
| 13 #include "chrome/common/chrome_version_info.h" | |
| 13 #include "chrome/common/icon_messages.h" | 14 #include "chrome/common/icon_messages.h" |
| 14 #include "chrome/common/render_messages.h" | 15 #include "chrome/common/render_messages.h" |
| 15 #include "chrome/common/thumbnail_score.h" | 16 #include "chrome/common/thumbnail_score.h" |
| 16 #include "chrome/common/url_constants.h" | 17 #include "chrome/common/url_constants.h" |
| 17 #include "chrome/renderer/about_handler.h" | 18 #include "chrome/renderer/about_handler.h" |
| 18 #include "chrome/renderer/automation/dom_automation_controller.h" | 19 #include "chrome/renderer/automation/dom_automation_controller.h" |
| 19 #include "chrome/renderer/content_settings_observer.h" | 20 #include "chrome/renderer/content_settings_observer.h" |
| 20 #include "chrome/renderer/extensions/extension_dispatcher.h" | 21 #include "chrome/renderer/extensions/extension_dispatcher.h" |
| 21 #include "chrome/renderer/external_host_bindings.h" | 22 #include "chrome/renderer/external_host_bindings.h" |
| 22 #include "chrome/renderer/frame_sniffer.h" | 23 #include "chrome/renderer/frame_sniffer.h" |
| (...skipping 55 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 78 // maximum number of characters in the document to index, any text beyond this | 79 // maximum number of characters in the document to index, any text beyond this |
| 79 // point will be clipped | 80 // point will be clipped |
| 80 static const size_t kMaxIndexChars = 65535; | 81 static const size_t kMaxIndexChars = 65535; |
| 81 | 82 |
| 82 // Size of the thumbnails that we'll generate | 83 // Size of the thumbnails that we'll generate |
| 83 static const int kThumbnailWidth = 212; | 84 static const int kThumbnailWidth = 212; |
| 84 static const int kThumbnailHeight = 132; | 85 static const int kThumbnailHeight = 132; |
| 85 | 86 |
| 86 // Constants for UMA statistic collection. | 87 // Constants for UMA statistic collection. |
| 87 static const char kSSLInsecureContent[] = "SSL.InsecureContent"; | 88 static const char kSSLInsecureContent[] = "SSL.InsecureContent"; |
| 88 static const char kDotGoogleDotCom[] = ".google.com"; | |
| 89 static const char kWWWDotGoogleDotCom[] = "www.google.com"; | 89 static const char kWWWDotGoogleDotCom[] = "www.google.com"; |
| 90 static const char kMailDotGoogleDotCom[] = "mail.google.com"; | 90 static const char kMailDotGoogleDotCom[] = "mail.google.com"; |
| 91 static const char kPlusDotGoogleDotCom[] = "plus.google.com"; | 91 static const char kPlusDotGoogleDotCom[] = "plus.google.com"; |
| 92 static const char kDocsDotGoogleDotCom[] = "docs.google.com"; | 92 static const char kDocsDotGoogleDotCom[] = "docs.google.com"; |
| 93 static const char kSitesDotGoogleDotCom[] = "sites.google.com"; | 93 static const char kSitesDotGoogleDotCom[] = "sites.google.com"; |
| 94 static const char kPicasawebDotGoogleDotCom[] = "picasaweb.google.com"; | 94 static const char kPicasawebDotGoogleDotCom[] = "picasaweb.google.com"; |
| 95 static const char kCodeDotGoogleDotCom[] = "code.google.com"; | 95 static const char kCodeDotGoogleDotCom[] = "code.google.com"; |
| 96 static const char kGroupsDotGoogleDotCom[] = "groups.google.com"; | 96 static const char kGroupsDotGoogleDotCom[] = "groups.google.com"; |
| 97 static const char kMapsDotGoogleDotCom[] = "maps.google.com"; | 97 static const char kMapsDotGoogleDotCom[] = "maps.google.com"; |
| 98 static const char kWWWDotYoutubeDotCom[] = "www.youtube.com"; | 98 static const char kWWWDotYoutubeDotCom[] = "www.youtube.com"; |
| (...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 137 INSECURE_CONTENT_RUN_HOST_GROUPS_GOOGLE, | 137 INSECURE_CONTENT_RUN_HOST_GROUPS_GOOGLE, |
| 138 INSECURE_CONTENT_DISPLAY_HOST_MAPS_GOOGLE, | 138 INSECURE_CONTENT_DISPLAY_HOST_MAPS_GOOGLE, |
| 139 INSECURE_CONTENT_RUN_HOST_MAPS_GOOGLE, | 139 INSECURE_CONTENT_RUN_HOST_MAPS_GOOGLE, |
| 140 INSECURE_CONTENT_DISPLAY_HOST_GOOGLE_SUPPORT, | 140 INSECURE_CONTENT_DISPLAY_HOST_GOOGLE_SUPPORT, |
| 141 INSECURE_CONTENT_RUN_HOST_GOOGLE_SUPPORT, | 141 INSECURE_CONTENT_RUN_HOST_GOOGLE_SUPPORT, |
| 142 INSECURE_CONTENT_DISPLAY_HOST_GOOGLE_INTL, | 142 INSECURE_CONTENT_DISPLAY_HOST_GOOGLE_INTL, |
| 143 INSECURE_CONTENT_RUN_HOST_GOOGLE_INTL, | 143 INSECURE_CONTENT_RUN_HOST_GOOGLE_INTL, |
| 144 INSECURE_CONTENT_NUM_EVENTS | 144 INSECURE_CONTENT_NUM_EVENTS |
| 145 }; | 145 }; |
| 146 | 146 |
| 147 // Constants for mixed-content blocking. | |
| 148 static const char kGoogleDotCom[] = "google.com"; | |
| 149 static const char kFacebookDotCom[] = "facebook.com"; | |
|
scarybeasts
2011/10/04 01:30:30
Nit: recommend alphabetical order.
| |
| 150 static const char kTwitterDotCom[] = "twitter.com"; | |
| 151 | |
| 147 static bool PaintViewIntoCanvas(WebView* view, | 152 static bool PaintViewIntoCanvas(WebView* view, |
| 148 skia::PlatformCanvas& canvas) { | 153 skia::PlatformCanvas& canvas) { |
| 149 view->layout(); | 154 view->layout(); |
| 150 const WebSize& size = view->size(); | 155 const WebSize& size = view->size(); |
| 151 | 156 |
| 152 if (!canvas.initialize(size.width, size.height, true)) | 157 if (!canvas.initialize(size.width, size.height, true)) |
| 153 return false; | 158 return false; |
| 154 | 159 |
| 155 view->paint(webkit_glue::ToWebCanvas(&canvas), | 160 view->paint(webkit_glue::ToWebCanvas(&canvas), |
| 156 WebRect(0, 0, size.width, size.height)); | 161 WebRect(0, 0, size.width, size.height)); |
| (...skipping 23 matching lines...) Expand all Loading... | |
| 180 case WebIconURL::TypeTouch: | 185 case WebIconURL::TypeTouch: |
| 181 return FaviconURL::TOUCH_ICON; | 186 return FaviconURL::TOUCH_ICON; |
| 182 case WebIconURL::TypeTouchPrecomposed: | 187 case WebIconURL::TypeTouchPrecomposed: |
| 183 return FaviconURL::TOUCH_PRECOMPOSED_ICON; | 188 return FaviconURL::TOUCH_PRECOMPOSED_ICON; |
| 184 case WebIconURL::TypeInvalid: | 189 case WebIconURL::TypeInvalid: |
| 185 return FaviconURL::INVALID_ICON; | 190 return FaviconURL::INVALID_ICON; |
| 186 } | 191 } |
| 187 return FaviconURL::INVALID_ICON; | 192 return FaviconURL::INVALID_ICON; |
| 188 } | 193 } |
| 189 | 194 |
| 195 static bool isHostInDomain(const std::string& host, const std::string& domain) { | |
| 196 return (EndsWith(host, domain, false) && | |
| 197 (host.length() == domain.length() || | |
| 198 (host.length() > domain.length() && | |
| 199 host[host.length() - domain.length() - 1] == '.'))); | |
| 200 } | |
| 201 | |
| 190 namespace { | 202 namespace { |
| 191 GURL StripRef(const GURL& url) { | 203 GURL StripRef(const GURL& url) { |
| 192 GURL::Replacements replacements; | 204 GURL::Replacements replacements; |
| 193 replacements.ClearRef(); | 205 replacements.ClearRef(); |
| 194 return url.ReplaceComponents(replacements); | 206 return url.ReplaceComponents(replacements); |
| 195 } | 207 } |
| 196 } // namespace | 208 } // namespace |
| 197 | 209 |
| 198 ChromeRenderViewObserver::ChromeRenderViewObserver( | 210 ChromeRenderViewObserver::ChromeRenderViewObserver( |
| 199 RenderView* render_view, | 211 RenderView* render_view, |
| (...skipping 223 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 423 bool ChromeRenderViewObserver::allowDisplayingInsecureContent( | 435 bool ChromeRenderViewObserver::allowDisplayingInsecureContent( |
| 424 WebKit::WebFrame* frame, | 436 WebKit::WebFrame* frame, |
| 425 bool allowed_per_settings, | 437 bool allowed_per_settings, |
| 426 const WebKit::WebSecurityOrigin& origin, | 438 const WebKit::WebSecurityOrigin& origin, |
| 427 const WebKit::WebURL& url) { | 439 const WebKit::WebURL& url) { |
| 428 UMA_HISTOGRAM_ENUMERATION(kSSLInsecureContent, | 440 UMA_HISTOGRAM_ENUMERATION(kSSLInsecureContent, |
| 429 INSECURE_CONTENT_DISPLAY, | 441 INSECURE_CONTENT_DISPLAY, |
| 430 INSECURE_CONTENT_NUM_EVENTS); | 442 INSECURE_CONTENT_NUM_EVENTS); |
| 431 std::string host(origin.host().utf8()); | 443 std::string host(origin.host().utf8()); |
| 432 GURL frame_url(frame->document().url()); | 444 GURL frame_url(frame->document().url()); |
| 433 if (EndsWith(host, kDotGoogleDotCom, false)) { | 445 if (isHostInDomain(host, kGoogleDotCom)) { |
| 434 UMA_HISTOGRAM_ENUMERATION(kSSLInsecureContent, | 446 UMA_HISTOGRAM_ENUMERATION(kSSLInsecureContent, |
| 435 INSECURE_CONTENT_DISPLAY_HOST_GOOGLE, | 447 INSECURE_CONTENT_DISPLAY_HOST_GOOGLE, |
| 436 INSECURE_CONTENT_NUM_EVENTS); | 448 INSECURE_CONTENT_NUM_EVENTS); |
| 437 if (StartsWithASCII(frame_url.path(), kGoogleSupportPathPrefix, false)) { | 449 if (StartsWithASCII(frame_url.path(), kGoogleSupportPathPrefix, false)) { |
| 438 UMA_HISTOGRAM_ENUMERATION(kSSLInsecureContent, | 450 UMA_HISTOGRAM_ENUMERATION(kSSLInsecureContent, |
| 439 INSECURE_CONTENT_DISPLAY_HOST_GOOGLE_SUPPORT, | 451 INSECURE_CONTENT_DISPLAY_HOST_GOOGLE_SUPPORT, |
| 440 INSECURE_CONTENT_NUM_EVENTS); | 452 INSECURE_CONTENT_NUM_EVENTS); |
| 441 } else if (StartsWithASCII(frame_url.path(), | 453 } else if (StartsWithASCII(frame_url.path(), |
| 442 kGoogleIntlPathPrefix, | 454 kGoogleIntlPathPrefix, |
| 443 false)) { | 455 false)) { |
| (...skipping 65 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 509 bool ChromeRenderViewObserver::allowRunningInsecureContent( | 521 bool ChromeRenderViewObserver::allowRunningInsecureContent( |
| 510 WebKit::WebFrame* frame, | 522 WebKit::WebFrame* frame, |
| 511 bool allowed_per_settings, | 523 bool allowed_per_settings, |
| 512 const WebKit::WebSecurityOrigin& origin, | 524 const WebKit::WebSecurityOrigin& origin, |
| 513 const WebKit::WebURL& url) { | 525 const WebKit::WebURL& url) { |
| 514 UMA_HISTOGRAM_ENUMERATION(kSSLInsecureContent, | 526 UMA_HISTOGRAM_ENUMERATION(kSSLInsecureContent, |
| 515 INSECURE_CONTENT_RUN, | 527 INSECURE_CONTENT_RUN, |
| 516 INSECURE_CONTENT_NUM_EVENTS); | 528 INSECURE_CONTENT_NUM_EVENTS); |
| 517 std::string host(origin.host().utf8()); | 529 std::string host(origin.host().utf8()); |
| 518 GURL frame_url(frame->document().url()); | 530 GURL frame_url(frame->document().url()); |
| 519 if (EndsWith(host, kDotGoogleDotCom, false)) { | 531 bool is_google = isHostInDomain(host, kGoogleDotCom); |
| 532 if (is_google) { | |
| 520 UMA_HISTOGRAM_ENUMERATION(kSSLInsecureContent, | 533 UMA_HISTOGRAM_ENUMERATION(kSSLInsecureContent, |
| 521 INSECURE_CONTENT_RUN_HOST_GOOGLE, | 534 INSECURE_CONTENT_RUN_HOST_GOOGLE, |
| 522 INSECURE_CONTENT_NUM_EVENTS); | 535 INSECURE_CONTENT_NUM_EVENTS); |
| 523 if (StartsWithASCII(frame_url.path(), kGoogleSupportPathPrefix, false)) { | 536 if (StartsWithASCII(frame_url.path(), kGoogleSupportPathPrefix, false)) { |
| 524 UMA_HISTOGRAM_ENUMERATION(kSSLInsecureContent, | 537 UMA_HISTOGRAM_ENUMERATION(kSSLInsecureContent, |
| 525 INSECURE_CONTENT_RUN_HOST_GOOGLE_SUPPORT, | 538 INSECURE_CONTENT_RUN_HOST_GOOGLE_SUPPORT, |
| 526 INSECURE_CONTENT_NUM_EVENTS); | 539 INSECURE_CONTENT_NUM_EVENTS); |
| 527 } else if (StartsWithASCII(frame_url.path(), | 540 } else if (StartsWithASCII(frame_url.path(), |
| 528 kGoogleIntlPathPrefix, | 541 kGoogleIntlPathPrefix, |
| 529 false)) { | 542 false)) { |
| (...skipping 65 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 595 } else if (EndsWith(gurl.path(), kDotCSS, false)) { | 608 } else if (EndsWith(gurl.path(), kDotCSS, false)) { |
| 596 UMA_HISTOGRAM_ENUMERATION(kSSLInsecureContent, | 609 UMA_HISTOGRAM_ENUMERATION(kSSLInsecureContent, |
| 597 INSECURE_CONTENT_RUN_CSS, | 610 INSECURE_CONTENT_RUN_CSS, |
| 598 INSECURE_CONTENT_NUM_EVENTS); | 611 INSECURE_CONTENT_NUM_EVENTS); |
| 599 } else if (EndsWith(gurl.path(), kDotSWF, false)) { | 612 } else if (EndsWith(gurl.path(), kDotSWF, false)) { |
| 600 UMA_HISTOGRAM_ENUMERATION(kSSLInsecureContent, | 613 UMA_HISTOGRAM_ENUMERATION(kSSLInsecureContent, |
| 601 INSECURE_CONTENT_RUN_SWF, | 614 INSECURE_CONTENT_RUN_SWF, |
| 602 INSECURE_CONTENT_NUM_EVENTS); | 615 INSECURE_CONTENT_NUM_EVENTS); |
| 603 } | 616 } |
| 604 | 617 |
| 605 if (allowed_per_settings || allow_running_insecure_content_) | 618 if (allow_running_insecure_content_ || allowed_per_settings) |
| 606 return true; | 619 return true; |
| 607 | 620 |
| 621 bool enforce_insecure_content_on_all_domains = | |
| 622 (chrome::VersionInfo::GetChannel() != chrome::VersionInfo::CHANNEL_STABLE | |
| 623 || CommandLine::ForCurrentProcess()->HasSwitch( | |
| 624 switches::kNoRunningInsecureContent)); | |
| 625 | |
| 626 if (!enforce_insecure_content_on_all_domains) { | |
| 627 bool mandatory_enforcement = (is_google || | |
| 628 isHostInDomain(host, kFacebookDotCom) || | |
| 629 isHostInDomain(host, kTwitterDotCom)); | |
| 630 if (!mandatory_enforcement) | |
| 631 return true; | |
| 632 } | |
| 633 | |
| 608 Send(new ChromeViewHostMsg_DidBlockRunningInsecureContent(routing_id())); | 634 Send(new ChromeViewHostMsg_DidBlockRunningInsecureContent(routing_id())); |
| 609 return false; | 635 return false; |
| 610 } | 636 } |
| 611 | 637 |
| 612 void ChromeRenderViewObserver::didNotAllowPlugins(WebFrame* frame) { | 638 void ChromeRenderViewObserver::didNotAllowPlugins(WebFrame* frame) { |
| 613 content_settings_->DidNotAllowPlugins(frame); | 639 content_settings_->DidNotAllowPlugins(frame); |
| 614 } | 640 } |
| 615 | 641 |
| 616 void ChromeRenderViewObserver::didNotAllowScript(WebFrame* frame) { | 642 void ChromeRenderViewObserver::didNotAllowScript(WebFrame* frame) { |
| 617 content_settings_->DidNotAllowScript(frame); | 643 content_settings_->DidNotAllowScript(frame); |
| (...skipping 384 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1002 // Decode the favicon using WebKit's image decoder. | 1028 // Decode the favicon using WebKit's image decoder. |
| 1003 webkit_glue::ImageDecoder decoder( | 1029 webkit_glue::ImageDecoder decoder( |
| 1004 gfx::Size(gfx::kFaviconSize, gfx::kFaviconSize)); | 1030 gfx::Size(gfx::kFaviconSize, gfx::kFaviconSize)); |
| 1005 const unsigned char* src_data = | 1031 const unsigned char* src_data = |
| 1006 reinterpret_cast<const unsigned char*>(&data[0]); | 1032 reinterpret_cast<const unsigned char*>(&data[0]); |
| 1007 | 1033 |
| 1008 return decoder.Decode(src_data, data.size()); | 1034 return decoder.Decode(src_data, data.size()); |
| 1009 } | 1035 } |
| 1010 return SkBitmap(); | 1036 return SkBitmap(); |
| 1011 } | 1037 } |
| OLD | NEW |
