OLD | NEW |
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/browser/tab_contents/navigation_controller.h" | 5 #include "content/browser/tab_contents/navigation_controller.h" |
6 | 6 |
7 #include "base/file_util.h" | 7 #include "base/file_util.h" |
8 #include "base/logging.h" | 8 #include "base/logging.h" |
9 #include "base/string_util.h" | 9 #include "base/string_util.h" |
10 #include "base/time.h" | 10 #include "base/time.h" |
(...skipping 272 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
283 if (transient_entry_index_ != -1) | 283 if (transient_entry_index_ != -1) |
284 return entries_[transient_entry_index_].get(); | 284 return entries_[transient_entry_index_].get(); |
285 if (pending_entry_) | 285 if (pending_entry_) |
286 return pending_entry_; | 286 return pending_entry_; |
287 return GetLastCommittedEntry(); | 287 return GetLastCommittedEntry(); |
288 } | 288 } |
289 | 289 |
290 NavigationEntry* NavigationController::GetVisibleEntry() const { | 290 NavigationEntry* NavigationController::GetVisibleEntry() const { |
291 if (transient_entry_index_ != -1) | 291 if (transient_entry_index_ != -1) |
292 return entries_[transient_entry_index_].get(); | 292 return entries_[transient_entry_index_].get(); |
293 // Only return pending_entry for new navigations. | 293 // Only return the pending_entry for new (non-history), browser-initiated |
294 if (pending_entry_ && pending_entry_->page_id() == -1) | 294 // navigations, in order to prevent URL spoof attacks. |
| 295 // Ideally we would also show the pending entry's URL for new renderer- |
| 296 // initiated navigations with no last committed entry (e.g., a link opening |
| 297 // in a new tab), but an attacker can insert content into the about:blank |
| 298 // page while the pending URL loads in that case. |
| 299 if (pending_entry_ && |
| 300 pending_entry_->page_id() == -1 && |
| 301 pending_entry_->IsBrowserInitiated()) |
295 return pending_entry_; | 302 return pending_entry_; |
296 return GetLastCommittedEntry(); | 303 return GetLastCommittedEntry(); |
297 } | 304 } |
298 | 305 |
299 int NavigationController::GetCurrentEntryIndex() const { | 306 int NavigationController::GetCurrentEntryIndex() const { |
300 if (transient_entry_index_ != -1) | 307 if (transient_entry_index_ != -1) |
301 return transient_entry_index_; | 308 return transient_entry_index_; |
302 if (pending_entry_index_ != -1) | 309 if (pending_entry_index_ != -1) |
303 return pending_entry_index_; | 310 return pending_entry_index_; |
304 return last_committed_entry_index_; | 311 return last_committed_entry_index_; |
(...skipping 889 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1194 size_t insert_index = 0; | 1201 size_t insert_index = 0; |
1195 for (int i = 0; i < max_index; i++) { | 1202 for (int i = 0; i < max_index; i++) { |
1196 // When cloning a tab, copy all entries except interstitial pages | 1203 // When cloning a tab, copy all entries except interstitial pages |
1197 if (source.entries_[i].get()->page_type() != INTERSTITIAL_PAGE) { | 1204 if (source.entries_[i].get()->page_type() != INTERSTITIAL_PAGE) { |
1198 entries_.insert(entries_.begin() + insert_index++, | 1205 entries_.insert(entries_.begin() + insert_index++, |
1199 linked_ptr<NavigationEntry>( | 1206 linked_ptr<NavigationEntry>( |
1200 new NavigationEntry(*source.entries_[i]))); | 1207 new NavigationEntry(*source.entries_[i]))); |
1201 } | 1208 } |
1202 } | 1209 } |
1203 } | 1210 } |
OLD | NEW |