Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(7680)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/renderer/content_settings_observer.cc

Issue 8409006: Take script URLs into account when applying script content settings. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Cleanup. Created 9 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« chrome/renderer/chrome_render_view_observer.cc ('K') | « chrome/renderer/content_settings_observer.h ('k') | chrome/renderer/content_settings_observer_browsertest.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/renderer/content_settings_observer.cc
diff --git a/chrome/renderer/content_settings_observer.cc b/chrome/renderer/content_settings_observer.cc
index 525159f4535705ba1f6a0a5685bdab67e8f0c0b1..b325079c82903ead51ffc54360d3952a3e88cd28 100644
--- a/chrome/renderer/content_settings_observer.cc
+++ b/chrome/renderer/content_settings_observer.cc
@@ -67,6 +67,7 @@ ContentSettingsObserver::ContentSettingsObserver(
content::RenderView* render_view)
: content::RenderViewObserver(render_view),
content::RenderViewObserverTracker<ContentSettingsObserver>(render_view),
+ content_setting_rules_(NULL),
plugins_temporarily_allowed_(false) {
ClearBlockedContentSettings();
}
@@ -84,9 +85,9 @@ void ContentSettingsObserver::SetDefaultContentSettings(
default_settings_ = settings;
}
-void ContentSettingsObserver::SetImageSettingRules(
- const ContentSettingsForOneType* image_setting_rules) {
- image_setting_rules_ = image_setting_rules;
+void ContentSettingsObserver::SetContentSettingRules(
+ const ContentSettingsForOneType* content_setting_rules) {
+ content_setting_rules_ = content_setting_rules;
}
ContentSetting ContentSettingsObserver::GetContentSetting(
@@ -132,9 +133,10 @@ void ContentSettingsObserver::DidCommitProvisionalLoad(
NavigationState* state = NavigationState::FromDataSource(frame->dataSource());
if (!state->was_within_same_page()) {
// Clear "block" flags for the new page. This needs to happen before any of
- // allowScripts(), allowImage(), allowPlugins() is called for the new page
- // so that these functions can correctly detect that a piece of content
- // flipped from "not blocked" to "blocked".
+ // |AllowScript()|, |AllowScriptFromSource()|, |AllowImage()|, or
+ // |AllowPlugins()| is called for the new page so that these functions can
+ // correctly detect that a piece of content flipped from "not blocked" to
+ // "blocked".
ClearBlockedContentSettings();
plugins_temporarily_allowed_ = false;
}
@@ -218,11 +220,13 @@ bool ContentSettingsObserver::AllowImage(WebFrame* frame,
bool allow = enabled_per_settings;
const GURL& primary_url = GetOriginOrURL(frame);
GURL secondary_url(image_url);
- if (image_setting_rules_ &&
+ if (content_setting_rules_ &&
enabled_per_settings) {
+ const ContentSettingsForOneType& image_setting_rules =
+ content_setting_rules_[CONTENT_SETTINGS_TYPE_IMAGES];
ContentSettingsForOneType::const_iterator it;
- for (it = image_setting_rules_->begin();
- it != image_setting_rules_->end(); ++it) {
+ for (it = image_setting_rules.begin();
+ it != image_setting_rules.end(); ++it) {
if (it->primary_pattern.Matches(primary_url) &&
it->secondary_pattern.Matches(secondary_url)) {
allow = (it->setting != CONTENT_SETTING_BLOCK);
@@ -269,6 +273,32 @@ bool ContentSettingsObserver::AllowScript(WebFrame* frame,
return false; // Other protocols fall through here.
}
+bool ContentSettingsObserver::AllowScriptFromSource(
+ WebFrame* frame,
+ bool enabled_per_settings,
+ const WebKit::WebURL& script_url) {
+ if (!enabled_per_settings)
+ return false;
+ if (IsWhitelistedForContentSettings(frame))
+ return true;
+
+ if (content_setting_rules_) {
+ const ContentSettingsForOneType& script_setting_rules =
+ content_setting_rules_[CONTENT_SETTINGS_TYPE_JAVASCRIPT];
+ const GURL& primary_url = GetOriginOrURL(frame);
+ GURL secondary_url(script_url);
+ ContentSettingsForOneType::const_iterator it;
+ for (it = script_setting_rules.begin();
+ it != script_setting_rules.end(); ++it) {
+ if (it->primary_pattern.Matches(primary_url) &&
+ it->secondary_pattern.Matches(secondary_url)) {
+ return (it->setting != CONTENT_SETTING_BLOCK);
+ }
+ }
+ }
+ return true;
+}
+
bool ContentSettingsObserver::AllowStorage(WebFrame* frame, bool local) {
if (frame->document().securityOrigin().isEmpty() ||
frame->top()->document().securityOrigin().isEmpty())
« chrome/renderer/chrome_render_view_observer.cc ('K') | « chrome/renderer/content_settings_observer.h ('k') | chrome/renderer/content_settings_observer_browsertest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698