| OLD | NEW |
|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/browser/renderer_host/render_view_host.h" | 5 #include "content/browser/renderer_host/render_view_host.h" |
| 6 | 6 |
| 7 #include <string> | 7 #include <string> |
| 8 #include <utility> | 8 #include <utility> |
| 9 #include <vector> | 9 #include <vector> |
| 10 | 10 |
| (...skipping 878 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 889 ChildProcessSecurityPolicy* policy = | 889 ChildProcessSecurityPolicy* policy = |
| 890 ChildProcessSecurityPolicy::GetInstance(); | 890 ChildProcessSecurityPolicy::GetInstance(); |
| 891 // Without this check, an evil renderer can trick the browser into creating | 891 // Without this check, an evil renderer can trick the browser into creating |
| 892 // a navigation entry for a banned URL. If the user clicks the back button | 892 // a navigation entry for a banned URL. If the user clicks the back button |
| 893 // followed by the forward button (or clicks reload, or round-trips through | 893 // followed by the forward button (or clicks reload, or round-trips through |
| 894 // session restore, etc), we'll think that the browser commanded the | 894 // session restore, etc), we'll think that the browser commanded the |
| 895 // renderer to load the URL and grant the renderer the privileges to request | 895 // renderer to load the URL and grant the renderer the privileges to request |
| 896 // the URL. To prevent this attack, we block the renderer from inserting | 896 // the URL. To prevent this attack, we block the renderer from inserting |
| 897 // banned URLs into the navigation controller in the first place. | 897 // banned URLs into the navigation controller in the first place. |
| 898 FilterURL(policy, renderer_id, &validated_params.url); | 898 FilterURL(policy, renderer_id, &validated_params.url); |
| 899 FilterURL(policy, renderer_id, &validated_params.referrer); | 899 FilterURL(policy, renderer_id, &validated_params.referrer.url); |
| 900 for (std::vector<GURL>::iterator it(validated_params.redirects.begin()); | 900 for (std::vector<GURL>::iterator it(validated_params.redirects.begin()); |
| 901 it != validated_params.redirects.end(); ++it) { | 901 it != validated_params.redirects.end(); ++it) { |
| 902 FilterURL(policy, renderer_id, &(*it)); | 902 FilterURL(policy, renderer_id, &(*it)); |
| 903 } | 903 } |
| 904 FilterURL(policy, renderer_id, &validated_params.searchable_form_url); | 904 FilterURL(policy, renderer_id, &validated_params.searchable_form_url); |
| 905 FilterURL(policy, renderer_id, &validated_params.password_form.origin); | 905 FilterURL(policy, renderer_id, &validated_params.password_form.origin); |
| 906 FilterURL(policy, renderer_id, &validated_params.password_form.action); | 906 FilterURL(policy, renderer_id, &validated_params.password_form.action); |
| 907 | 907 |
| 908 delegate_->DidNavigate(this, validated_params); | 908 delegate_->DidNavigate(this, validated_params); |
| 909 } | 909 } |
| (...skipping 90 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1000 | 1000 |
| 1001 view->ShowContextMenu(validated_params); | 1001 view->ShowContextMenu(validated_params); |
| 1002 } | 1002 } |
| 1003 | 1003 |
| 1004 void RenderViewHost::OnMsgToggleFullscreen(bool enter_fullscreen) { | 1004 void RenderViewHost::OnMsgToggleFullscreen(bool enter_fullscreen) { |
| 1005 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 1005 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
| 1006 delegate_->ToggleFullscreenMode(enter_fullscreen); | 1006 delegate_->ToggleFullscreenMode(enter_fullscreen); |
| 1007 } | 1007 } |
| 1008 | 1008 |
| 1009 void RenderViewHost::OnMsgOpenURL(const GURL& url, | 1009 void RenderViewHost::OnMsgOpenURL(const GURL& url, |
| 1010 const GURL& referrer, | 1010 const content::Referrer& referrer, |
| 1011 WindowOpenDisposition disposition, | 1011 WindowOpenDisposition disposition, |
| 1012 int64 source_frame_id) { | 1012 int64 source_frame_id) { |
| 1013 GURL validated_url(url); | 1013 GURL validated_url(url); |
| 1014 FilterURL(ChildProcessSecurityPolicy::GetInstance(), | 1014 FilterURL(ChildProcessSecurityPolicy::GetInstance(), |
| 1015 process()->GetID(), &validated_url); | 1015 process()->GetID(), &validated_url); |
| 1016 | 1016 |
| 1017 delegate_->RequestOpenURL( | 1017 delegate_->RequestOpenURL( |
| 1018 validated_url, referrer, disposition, source_frame_id); | 1018 validated_url, referrer, disposition, source_frame_id); |
| 1019 } | 1019 } |
| 1020 | 1020 |
| (...skipping 492 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1513 | 1513 |
| 1514 void RenderViewHost::OnWebUISend(const GURL& source_url, | 1514 void RenderViewHost::OnWebUISend(const GURL& source_url, |
| 1515 const std::string& name, | 1515 const std::string& name, |
| 1516 const base::ListValue& args) { | 1516 const base::ListValue& args) { |
| 1517 delegate_->WebUISend(this, source_url, name, args); | 1517 delegate_->WebUISend(this, source_url, name, args); |
| 1518 } | 1518 } |
| 1519 | 1519 |
| 1520 void RenderViewHost::ClearPowerSaveBlockers() { | 1520 void RenderViewHost::ClearPowerSaveBlockers() { |
| 1521 STLDeleteValues(&power_save_blockers_); | 1521 STLDeleteValues(&power_save_blockers_); |
| 1522 } | 1522 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 8774050:
Pass along the referrer policy (renderer side) (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src