Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(4)

Side by Side Diff: chrome/renderer/chrome_render_view_observer.cc

Issue 8080004: Fix bug where --allow-running-insecure-content flag doesn't work against google.com sites in stab... (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: '' Created 9 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « chrome/common/chrome_switches.cc ('k') | content/common/content_switches.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chrome/renderer/chrome_render_view_observer.h" 5 #include "chrome/renderer/chrome_render_view_observer.h"
6 6
7 #include "base/command_line.h" 7 #include "base/command_line.h"
8 #include "base/message_loop.h" 8 #include "base/message_loop.h"
9 #include "base/metrics/histogram.h" 9 #include "base/metrics/histogram.h"
10 #include "base/string_util.h" 10 #include "base/string_util.h"
11 #include "chrome/common/chrome_constants.h" 11 #include "chrome/common/chrome_constants.h"
12 #include "chrome/common/chrome_switches.h" 12 #include "chrome/common/chrome_switches.h"
13 #include "chrome/common/chrome_version_info.h"
13 #include "chrome/common/icon_messages.h" 14 #include "chrome/common/icon_messages.h"
14 #include "chrome/common/render_messages.h" 15 #include "chrome/common/render_messages.h"
15 #include "chrome/common/thumbnail_score.h" 16 #include "chrome/common/thumbnail_score.h"
16 #include "chrome/common/url_constants.h" 17 #include "chrome/common/url_constants.h"
17 #include "chrome/renderer/about_handler.h" 18 #include "chrome/renderer/about_handler.h"
18 #include "chrome/renderer/automation/dom_automation_controller.h" 19 #include "chrome/renderer/automation/dom_automation_controller.h"
19 #include "chrome/renderer/content_settings_observer.h" 20 #include "chrome/renderer/content_settings_observer.h"
20 #include "chrome/renderer/extensions/extension_dispatcher.h" 21 #include "chrome/renderer/extensions/extension_dispatcher.h"
21 #include "chrome/renderer/external_host_bindings.h" 22 #include "chrome/renderer/external_host_bindings.h"
22 #include "chrome/renderer/frame_sniffer.h" 23 #include "chrome/renderer/frame_sniffer.h"
(...skipping 55 matching lines...) Expand 10 before | Expand all | Expand 10 after
78 // maximum number of characters in the document to index, any text beyond this 79 // maximum number of characters in the document to index, any text beyond this
79 // point will be clipped 80 // point will be clipped
80 static const size_t kMaxIndexChars = 65535; 81 static const size_t kMaxIndexChars = 65535;
81 82
82 // Size of the thumbnails that we'll generate 83 // Size of the thumbnails that we'll generate
83 static const int kThumbnailWidth = 212; 84 static const int kThumbnailWidth = 212;
84 static const int kThumbnailHeight = 132; 85 static const int kThumbnailHeight = 132;
85 86
86 // Constants for UMA statistic collection. 87 // Constants for UMA statistic collection.
87 static const char kSSLInsecureContent[] = "SSL.InsecureContent"; 88 static const char kSSLInsecureContent[] = "SSL.InsecureContent";
88 static const char kDotGoogleDotCom[] = ".google.com";
89 static const char kWWWDotGoogleDotCom[] = "www.google.com"; 89 static const char kWWWDotGoogleDotCom[] = "www.google.com";
90 static const char kMailDotGoogleDotCom[] = "mail.google.com"; 90 static const char kMailDotGoogleDotCom[] = "mail.google.com";
91 static const char kPlusDotGoogleDotCom[] = "plus.google.com"; 91 static const char kPlusDotGoogleDotCom[] = "plus.google.com";
92 static const char kDocsDotGoogleDotCom[] = "docs.google.com"; 92 static const char kDocsDotGoogleDotCom[] = "docs.google.com";
93 static const char kSitesDotGoogleDotCom[] = "sites.google.com"; 93 static const char kSitesDotGoogleDotCom[] = "sites.google.com";
94 static const char kPicasawebDotGoogleDotCom[] = "picasaweb.google.com"; 94 static const char kPicasawebDotGoogleDotCom[] = "picasaweb.google.com";
95 static const char kCodeDotGoogleDotCom[] = "code.google.com"; 95 static const char kCodeDotGoogleDotCom[] = "code.google.com";
96 static const char kGroupsDotGoogleDotCom[] = "groups.google.com"; 96 static const char kGroupsDotGoogleDotCom[] = "groups.google.com";
97 static const char kMapsDotGoogleDotCom[] = "maps.google.com"; 97 static const char kMapsDotGoogleDotCom[] = "maps.google.com";
98 static const char kWWWDotYoutubeDotCom[] = "www.youtube.com"; 98 static const char kWWWDotYoutubeDotCom[] = "www.youtube.com";
(...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after
137 INSECURE_CONTENT_RUN_HOST_GROUPS_GOOGLE, 137 INSECURE_CONTENT_RUN_HOST_GROUPS_GOOGLE,
138 INSECURE_CONTENT_DISPLAY_HOST_MAPS_GOOGLE, 138 INSECURE_CONTENT_DISPLAY_HOST_MAPS_GOOGLE,
139 INSECURE_CONTENT_RUN_HOST_MAPS_GOOGLE, 139 INSECURE_CONTENT_RUN_HOST_MAPS_GOOGLE,
140 INSECURE_CONTENT_DISPLAY_HOST_GOOGLE_SUPPORT, 140 INSECURE_CONTENT_DISPLAY_HOST_GOOGLE_SUPPORT,
141 INSECURE_CONTENT_RUN_HOST_GOOGLE_SUPPORT, 141 INSECURE_CONTENT_RUN_HOST_GOOGLE_SUPPORT,
142 INSECURE_CONTENT_DISPLAY_HOST_GOOGLE_INTL, 142 INSECURE_CONTENT_DISPLAY_HOST_GOOGLE_INTL,
143 INSECURE_CONTENT_RUN_HOST_GOOGLE_INTL, 143 INSECURE_CONTENT_RUN_HOST_GOOGLE_INTL,
144 INSECURE_CONTENT_NUM_EVENTS 144 INSECURE_CONTENT_NUM_EVENTS
145 }; 145 };
146 146
147 // Constants for mixed-content blocking.
148 static const char kGoogleDotCom[] = "google.com";
149 static const char kFacebookDotCom[] = "facebook.com";
scarybeasts 2011/10/04 01:30:30 Nit: recommend alphabetical order.
150 static const char kTwitterDotCom[] = "twitter.com";
151
147 static bool PaintViewIntoCanvas(WebView* view, 152 static bool PaintViewIntoCanvas(WebView* view,
148 skia::PlatformCanvas& canvas) { 153 skia::PlatformCanvas& canvas) {
149 view->layout(); 154 view->layout();
150 const WebSize& size = view->size(); 155 const WebSize& size = view->size();
151 156
152 if (!canvas.initialize(size.width, size.height, true)) 157 if (!canvas.initialize(size.width, size.height, true))
153 return false; 158 return false;
154 159
155 view->paint(webkit_glue::ToWebCanvas(&canvas), 160 view->paint(webkit_glue::ToWebCanvas(&canvas),
156 WebRect(0, 0, size.width, size.height)); 161 WebRect(0, 0, size.width, size.height));
(...skipping 23 matching lines...) Expand all
180 case WebIconURL::TypeTouch: 185 case WebIconURL::TypeTouch:
181 return FaviconURL::TOUCH_ICON; 186 return FaviconURL::TOUCH_ICON;
182 case WebIconURL::TypeTouchPrecomposed: 187 case WebIconURL::TypeTouchPrecomposed:
183 return FaviconURL::TOUCH_PRECOMPOSED_ICON; 188 return FaviconURL::TOUCH_PRECOMPOSED_ICON;
184 case WebIconURL::TypeInvalid: 189 case WebIconURL::TypeInvalid:
185 return FaviconURL::INVALID_ICON; 190 return FaviconURL::INVALID_ICON;
186 } 191 }
187 return FaviconURL::INVALID_ICON; 192 return FaviconURL::INVALID_ICON;
188 } 193 }
189 194
195 static bool isHostInDomain(const std::string& host, const std::string& domain) {
196 return (EndsWith(host, domain, false) &&
197 (host.length() == domain.length() ||
198 (host.length() > domain.length() &&
199 host[host.length() - domain.length() - 1] == '.')));
200 }
201
190 namespace { 202 namespace {
191 GURL StripRef(const GURL& url) { 203 GURL StripRef(const GURL& url) {
192 GURL::Replacements replacements; 204 GURL::Replacements replacements;
193 replacements.ClearRef(); 205 replacements.ClearRef();
194 return url.ReplaceComponents(replacements); 206 return url.ReplaceComponents(replacements);
195 } 207 }
196 } // namespace 208 } // namespace
197 209
198 ChromeRenderViewObserver::ChromeRenderViewObserver( 210 ChromeRenderViewObserver::ChromeRenderViewObserver(
199 RenderView* render_view, 211 RenderView* render_view,
(...skipping 223 matching lines...) Expand 10 before | Expand all | Expand 10 after
423 bool ChromeRenderViewObserver::allowDisplayingInsecureContent( 435 bool ChromeRenderViewObserver::allowDisplayingInsecureContent(
424 WebKit::WebFrame* frame, 436 WebKit::WebFrame* frame,
425 bool allowed_per_settings, 437 bool allowed_per_settings,
426 const WebKit::WebSecurityOrigin& origin, 438 const WebKit::WebSecurityOrigin& origin,
427 const WebKit::WebURL& url) { 439 const WebKit::WebURL& url) {
428 UMA_HISTOGRAM_ENUMERATION(kSSLInsecureContent, 440 UMA_HISTOGRAM_ENUMERATION(kSSLInsecureContent,
429 INSECURE_CONTENT_DISPLAY, 441 INSECURE_CONTENT_DISPLAY,
430 INSECURE_CONTENT_NUM_EVENTS); 442 INSECURE_CONTENT_NUM_EVENTS);
431 std::string host(origin.host().utf8()); 443 std::string host(origin.host().utf8());
432 GURL frame_url(frame->document().url()); 444 GURL frame_url(frame->document().url());
433 if (EndsWith(host, kDotGoogleDotCom, false)) { 445 if (isHostInDomain(host, kGoogleDotCom)) {
434 UMA_HISTOGRAM_ENUMERATION(kSSLInsecureContent, 446 UMA_HISTOGRAM_ENUMERATION(kSSLInsecureContent,
435 INSECURE_CONTENT_DISPLAY_HOST_GOOGLE, 447 INSECURE_CONTENT_DISPLAY_HOST_GOOGLE,
436 INSECURE_CONTENT_NUM_EVENTS); 448 INSECURE_CONTENT_NUM_EVENTS);
437 if (StartsWithASCII(frame_url.path(), kGoogleSupportPathPrefix, false)) { 449 if (StartsWithASCII(frame_url.path(), kGoogleSupportPathPrefix, false)) {
438 UMA_HISTOGRAM_ENUMERATION(kSSLInsecureContent, 450 UMA_HISTOGRAM_ENUMERATION(kSSLInsecureContent,
439 INSECURE_CONTENT_DISPLAY_HOST_GOOGLE_SUPPORT, 451 INSECURE_CONTENT_DISPLAY_HOST_GOOGLE_SUPPORT,
440 INSECURE_CONTENT_NUM_EVENTS); 452 INSECURE_CONTENT_NUM_EVENTS);
441 } else if (StartsWithASCII(frame_url.path(), 453 } else if (StartsWithASCII(frame_url.path(),
442 kGoogleIntlPathPrefix, 454 kGoogleIntlPathPrefix,
443 false)) { 455 false)) {
(...skipping 65 matching lines...) Expand 10 before | Expand all | Expand 10 after
509 bool ChromeRenderViewObserver::allowRunningInsecureContent( 521 bool ChromeRenderViewObserver::allowRunningInsecureContent(
510 WebKit::WebFrame* frame, 522 WebKit::WebFrame* frame,
511 bool allowed_per_settings, 523 bool allowed_per_settings,
512 const WebKit::WebSecurityOrigin& origin, 524 const WebKit::WebSecurityOrigin& origin,
513 const WebKit::WebURL& url) { 525 const WebKit::WebURL& url) {
514 UMA_HISTOGRAM_ENUMERATION(kSSLInsecureContent, 526 UMA_HISTOGRAM_ENUMERATION(kSSLInsecureContent,
515 INSECURE_CONTENT_RUN, 527 INSECURE_CONTENT_RUN,
516 INSECURE_CONTENT_NUM_EVENTS); 528 INSECURE_CONTENT_NUM_EVENTS);
517 std::string host(origin.host().utf8()); 529 std::string host(origin.host().utf8());
518 GURL frame_url(frame->document().url()); 530 GURL frame_url(frame->document().url());
519 if (EndsWith(host, kDotGoogleDotCom, false)) { 531 bool is_google = isHostInDomain(host, kGoogleDotCom);
532 if (is_google) {
520 UMA_HISTOGRAM_ENUMERATION(kSSLInsecureContent, 533 UMA_HISTOGRAM_ENUMERATION(kSSLInsecureContent,
521 INSECURE_CONTENT_RUN_HOST_GOOGLE, 534 INSECURE_CONTENT_RUN_HOST_GOOGLE,
522 INSECURE_CONTENT_NUM_EVENTS); 535 INSECURE_CONTENT_NUM_EVENTS);
523 if (StartsWithASCII(frame_url.path(), kGoogleSupportPathPrefix, false)) { 536 if (StartsWithASCII(frame_url.path(), kGoogleSupportPathPrefix, false)) {
524 UMA_HISTOGRAM_ENUMERATION(kSSLInsecureContent, 537 UMA_HISTOGRAM_ENUMERATION(kSSLInsecureContent,
525 INSECURE_CONTENT_RUN_HOST_GOOGLE_SUPPORT, 538 INSECURE_CONTENT_RUN_HOST_GOOGLE_SUPPORT,
526 INSECURE_CONTENT_NUM_EVENTS); 539 INSECURE_CONTENT_NUM_EVENTS);
527 } else if (StartsWithASCII(frame_url.path(), 540 } else if (StartsWithASCII(frame_url.path(),
528 kGoogleIntlPathPrefix, 541 kGoogleIntlPathPrefix,
529 false)) { 542 false)) {
(...skipping 65 matching lines...) Expand 10 before | Expand all | Expand 10 after
595 } else if (EndsWith(gurl.path(), kDotCSS, false)) { 608 } else if (EndsWith(gurl.path(), kDotCSS, false)) {
596 UMA_HISTOGRAM_ENUMERATION(kSSLInsecureContent, 609 UMA_HISTOGRAM_ENUMERATION(kSSLInsecureContent,
597 INSECURE_CONTENT_RUN_CSS, 610 INSECURE_CONTENT_RUN_CSS,
598 INSECURE_CONTENT_NUM_EVENTS); 611 INSECURE_CONTENT_NUM_EVENTS);
599 } else if (EndsWith(gurl.path(), kDotSWF, false)) { 612 } else if (EndsWith(gurl.path(), kDotSWF, false)) {
600 UMA_HISTOGRAM_ENUMERATION(kSSLInsecureContent, 613 UMA_HISTOGRAM_ENUMERATION(kSSLInsecureContent,
601 INSECURE_CONTENT_RUN_SWF, 614 INSECURE_CONTENT_RUN_SWF,
602 INSECURE_CONTENT_NUM_EVENTS); 615 INSECURE_CONTENT_NUM_EVENTS);
603 } 616 }
604 617
605 if (allowed_per_settings || allow_running_insecure_content_) 618 if (allow_running_insecure_content_ || allowed_per_settings)
606 return true; 619 return true;
607 620
621 bool enforce_insecure_content_on_all_domains =
622 (chrome::VersionInfo::GetChannel() != chrome::VersionInfo::CHANNEL_STABLE
623 || CommandLine::ForCurrentProcess()->HasSwitch(
624 switches::kNoRunningInsecureContent));
625
626 if (!enforce_insecure_content_on_all_domains) {
627 bool mandatory_enforcement = (is_google ||
628 isHostInDomain(host, kFacebookDotCom) ||
629 isHostInDomain(host, kTwitterDotCom));
630 if (!mandatory_enforcement)
631 return true;
632 }
633
608 Send(new ChromeViewHostMsg_DidBlockRunningInsecureContent(routing_id())); 634 Send(new ChromeViewHostMsg_DidBlockRunningInsecureContent(routing_id()));
609 return false; 635 return false;
610 } 636 }
611 637
612 void ChromeRenderViewObserver::didNotAllowPlugins(WebFrame* frame) { 638 void ChromeRenderViewObserver::didNotAllowPlugins(WebFrame* frame) {
613 content_settings_->DidNotAllowPlugins(frame); 639 content_settings_->DidNotAllowPlugins(frame);
614 } 640 }
615 641
616 void ChromeRenderViewObserver::didNotAllowScript(WebFrame* frame) { 642 void ChromeRenderViewObserver::didNotAllowScript(WebFrame* frame) {
617 content_settings_->DidNotAllowScript(frame); 643 content_settings_->DidNotAllowScript(frame);
(...skipping 384 matching lines...) Expand 10 before | Expand all | Expand 10 after
1002 // Decode the favicon using WebKit's image decoder. 1028 // Decode the favicon using WebKit's image decoder.
1003 webkit_glue::ImageDecoder decoder( 1029 webkit_glue::ImageDecoder decoder(
1004 gfx::Size(gfx::kFaviconSize, gfx::kFaviconSize)); 1030 gfx::Size(gfx::kFaviconSize, gfx::kFaviconSize));
1005 const unsigned char* src_data = 1031 const unsigned char* src_data =
1006 reinterpret_cast<const unsigned char*>(&data[0]); 1032 reinterpret_cast<const unsigned char*>(&data[0]);
1007 1033
1008 return decoder.Decode(src_data, data.size()); 1034 return decoder.Decode(src_data, data.size());
1009 } 1035 }
1010 return SkBitmap(); 1036 return SkBitmap();
1011 } 1037 }
OLDNEW
« no previous file with comments | « chrome/common/chrome_switches.cc ('k') | content/common/content_switches.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698