Chromium Code Reviews Chromium Code Reviews
Issue 8080004:
Fix bug where --allow-running-insecure-content flag doesn't work against google.com sites in stab... (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/| Index: chrome/renderer/chrome_render_view_observer.cc |
| =================================================================== |
| --- chrome/renderer/chrome_render_view_observer.cc (revision 103212) |
| +++ chrome/renderer/chrome_render_view_observer.cc (working copy) |
| @@ -10,6 +10,7 @@ |
| #include "base/string_util.h" |
| #include "chrome/common/chrome_constants.h" |
| #include "chrome/common/chrome_switches.h" |
| +#include "chrome/common/chrome_version_info.h" |
| #include "chrome/common/icon_messages.h" |
| #include "chrome/common/render_messages.h" |
| #include "chrome/common/thumbnail_score.h" |
| @@ -85,7 +86,6 @@ |
| // Constants for UMA statistic collection. |
| static const char kSSLInsecureContent[] = "SSL.InsecureContent"; |
| -static const char kDotGoogleDotCom[] = ".google.com"; |
| static const char kWWWDotGoogleDotCom[] = "www.google.com"; |
| static const char kMailDotGoogleDotCom[] = "mail.google.com"; |
| static const char kPlusDotGoogleDotCom[] = "plus.google.com"; |
| @@ -144,6 +144,11 @@ |
| INSECURE_CONTENT_NUM_EVENTS |
| }; |
| +// Constants for mixed-content blocking. |
| +static const char kGoogleDotCom[] = "google.com"; |
| +static const char kFacebookDotCom[] = "facebook.com"; |
|
scarybeasts
2011/10/04 01:30:30
Nit: recommend alphabetical order.
|
| +static const char kTwitterDotCom[] = "twitter.com"; |
| + |
| static bool PaintViewIntoCanvas(WebView* view, |
| skia::PlatformCanvas& canvas) { |
| view->layout(); |
| @@ -187,6 +192,13 @@ |
| return FaviconURL::INVALID_ICON; |
| } |
| +static bool isHostInDomain(const std::string& host, const std::string& domain) { |
| + return (EndsWith(host, domain, false) && |
| + (host.length() == domain.length() || |
| + (host.length() > domain.length() && |
| + host[host.length() - domain.length() - 1] == '.'))); |
| +} |
| + |
| namespace { |
| GURL StripRef(const GURL& url) { |
| GURL::Replacements replacements; |
| @@ -430,7 +442,7 @@ |
| INSECURE_CONTENT_NUM_EVENTS); |
| std::string host(origin.host().utf8()); |
| GURL frame_url(frame->document().url()); |
| - if (EndsWith(host, kDotGoogleDotCom, false)) { |
| + if (isHostInDomain(host, kGoogleDotCom)) { |
| UMA_HISTOGRAM_ENUMERATION(kSSLInsecureContent, |
| INSECURE_CONTENT_DISPLAY_HOST_GOOGLE, |
| INSECURE_CONTENT_NUM_EVENTS); |
| @@ -516,7 +528,8 @@ |
| INSECURE_CONTENT_NUM_EVENTS); |
| std::string host(origin.host().utf8()); |
| GURL frame_url(frame->document().url()); |
| - if (EndsWith(host, kDotGoogleDotCom, false)) { |
| + bool is_google = isHostInDomain(host, kGoogleDotCom); |
| + if (is_google) { |
| UMA_HISTOGRAM_ENUMERATION(kSSLInsecureContent, |
| INSECURE_CONTENT_RUN_HOST_GOOGLE, |
| INSECURE_CONTENT_NUM_EVENTS); |
| @@ -602,9 +615,22 @@ |
| INSECURE_CONTENT_NUM_EVENTS); |
| } |
| - if (allowed_per_settings || allow_running_insecure_content_) |
| + if (allow_running_insecure_content_ || allowed_per_settings) |
| return true; |
| + bool enforce_insecure_content_on_all_domains = |
| + (chrome::VersionInfo::GetChannel() != chrome::VersionInfo::CHANNEL_STABLE |
| + || CommandLine::ForCurrentProcess()->HasSwitch( |
| + switches::kNoRunningInsecureContent)); |
| + |
| + if (!enforce_insecure_content_on_all_domains) { |
| + bool mandatory_enforcement = (is_google || |
| + isHostInDomain(host, kFacebookDotCom) || |
| + isHostInDomain(host, kTwitterDotCom)); |
| + if (!mandatory_enforcement) |
| + return true; |
| + } |
| + |
| Send(new ChromeViewHostMsg_DidBlockRunningInsecureContent(routing_id())); |
| return false; |
| } |
