Chromium Code Reviews Chromium Code Reviews
Issue 8409006:
Take script URLs into account when applying script content settings. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| Index: chrome/renderer/content_settings_observer.cc |
| diff --git a/chrome/renderer/content_settings_observer.cc b/chrome/renderer/content_settings_observer.cc |
| index 24b0db39c33c0003016f48f1a924639a9df7302a..130f5756f6552a969f88008628710647224fe198 100644 |
| --- a/chrome/renderer/content_settings_observer.cc |
| +++ b/chrome/renderer/content_settings_observer.cc |
| @@ -59,6 +59,20 @@ GURL GetOriginOrURL(const WebFrame* frame) { |
| return GURL(top_origin); |
| } |
| +ContentSetting GetContentSettingFromRules( |
| + const ContentSettingsForOneType& rules, |
| + const GURL& primary_url, |
| + const GURL& secondary_url) { |
| + ContentSettingsForOneType::const_iterator it; |
| + for (it = rules.begin(); it != rules.end(); ++it) { |
| + if (it->primary_pattern.Matches(primary_url) && |
| + it->secondary_pattern.Matches(secondary_url)) { |
| + return it->setting; |
| + } |
| + } |
| + return CONTENT_SETTING_DEFAULT; |
|
jochen (gone - plz use gerrit)
2011/11/03 15:55:09
what if the default is to block all images?
marja
2011/11/03 16:28:39
Ahh, I should've put NOTREACHED() here but I forgo
|
| +} |
| + |
| } // namespace |
| ContentSettingsObserver::ContentSettingsObserver( |
| @@ -66,7 +80,7 @@ ContentSettingsObserver::ContentSettingsObserver( |
| : content::RenderViewObserver(render_view), |
| content::RenderViewObserverTracker<ContentSettingsObserver>(render_view), |
| default_content_settings_(NULL), |
| - image_setting_rules_(NULL), |
| + content_setting_rules_(NULL), |
| plugins_temporarily_allowed_(false) { |
| ClearBlockedContentSettings(); |
| } |
| @@ -84,9 +98,9 @@ void ContentSettingsObserver::SetDefaultContentSettings( |
| default_content_settings_ = settings; |
| } |
| -void ContentSettingsObserver::SetImageSettingRules( |
| - const ContentSettingsForOneType* image_setting_rules) { |
| - image_setting_rules_ = image_setting_rules; |
| +void ContentSettingsObserver::SetContentSettingRules( |
| + const RendererContentSettingRules* content_setting_rules) { |
| + content_setting_rules_ = content_setting_rules; |
| } |
| ContentSetting ContentSettingsObserver::GetContentSetting( |
| @@ -132,9 +146,10 @@ void ContentSettingsObserver::DidCommitProvisionalLoad( |
| NavigationState* state = NavigationState::FromDataSource(frame->dataSource()); |
| if (!state->was_within_same_page()) { |
| // Clear "block" flags for the new page. This needs to happen before any of |
| - // allowScripts(), allowImage(), allowPlugins() is called for the new page |
| - // so that these functions can correctly detect that a piece of content |
| - // flipped from "not blocked" to "blocked". |
| + // |AllowScript()|, |AllowScriptFromSource()|, |AllowImage()|, or |
| + // |AllowPlugins()| is called for the new page so that these functions can |
| + // correctly detect that a piece of content flipped from "not blocked" to |
| + // "blocked". |
| ClearBlockedContentSettings(); |
| plugins_temporarily_allowed_ = false; |
| } |
| @@ -217,19 +232,13 @@ bool ContentSettingsObserver::AllowImage(WebFrame* frame, |
| return true; |
| bool allow = enabled_per_settings; |
| - const GURL& primary_url = GetOriginOrURL(frame); |
| - GURL secondary_url(image_url); |
| - if (image_setting_rules_ && |
| + if (content_setting_rules_ && |
| enabled_per_settings) { |
|
jochen (gone - plz use gerrit)
2011/11/03 15:55:09
nit. doesn't this fit into one line?
marja
2011/11/03 16:28:39
Done.
|
| - ContentSettingsForOneType::const_iterator it; |
| - for (it = image_setting_rules_->begin(); |
| - it != image_setting_rules_->end(); ++it) { |
| - if (it->primary_pattern.Matches(primary_url) && |
| - it->secondary_pattern.Matches(secondary_url)) { |
| - allow = (it->setting != CONTENT_SETTING_BLOCK); |
| - break; |
| - } |
| - } |
| + const GURL& primary_url = GetOriginOrURL(frame); |
| + GURL secondary_url(image_url); |
| + allow = (GetContentSettingFromRules( |
| + content_setting_rules_->image_rules, |
| + primary_url, secondary_url) != CONTENT_SETTING_BLOCK); |
| } |
| if (!allow) |
| @@ -259,15 +268,38 @@ bool ContentSettingsObserver::AllowPlugins(WebFrame* frame, |
| bool ContentSettingsObserver::AllowScript(WebFrame* frame, |
| bool enabled_per_settings) { |
| - if (enabled_per_settings && |
| - AllowContentType(CONTENT_SETTINGS_TYPE_JAVASCRIPT)) { |
| + if (!enabled_per_settings) |
| + return false; |
| + if (IsWhitelistedForContentSettings(frame)) |
| return true; |
| + |
| + if (content_setting_rules_) { |
| + const GURL& primary_url = GetOriginOrURL(frame); |
| + GURL secondary_url(frame->document().securityOrigin().toString()); |
| + return (GetContentSettingFromRules( |
| + content_setting_rules_->script_rules, |
| + primary_url, secondary_url) != CONTENT_SETTING_BLOCK); |
| } |
| + return true; |
| +} |
| +bool ContentSettingsObserver::AllowScriptFromSource( |
| + WebFrame* frame, |
| + bool enabled_per_settings, |
| + const WebKit::WebURL& script_url) { |
| + if (!enabled_per_settings) |
| + return false; |
| if (IsWhitelistedForContentSettings(frame)) |
| return true; |
| - return false; // Other protocols fall through here. |
| + if (content_setting_rules_) { |
| + const GURL& primary_url = GetOriginOrURL(frame); |
| + GURL secondary_url(script_url); |
| + return (GetContentSettingFromRules( |
| + content_setting_rules_->script_rules, |
| + primary_url, secondary_url) != CONTENT_SETTING_BLOCK); |
| + } |
| + return true; |
| } |
| bool ContentSettingsObserver::AllowStorage(WebFrame* frame, bool local) { |
