| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/browser/browser_plugin/browser_plugin_embedder.h" | 5 #include "content/browser/browser_plugin/browser_plugin_embedder.h" |
| 6 | 6 |
| 7 #include <set> | 7 #include <set> |
| 8 | 8 |
| 9 #include "base/logging.h" | 9 #include "base/logging.h" |
| 10 #include "base/stl_util.h" | 10 #include "base/stl_util.h" |
| (...skipping 121 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 132 GURL url(src); | 132 GURL url(src); |
| 133 WebContentsImpl* guest_web_contents = | 133 WebContentsImpl* guest_web_contents = |
| 134 static_cast<WebContentsImpl*>(guest->GetWebContents()); | 134 static_cast<WebContentsImpl*>(guest->GetWebContents()); |
| 135 | 135 |
| 136 // We do not load empty urls in web_contents. | 136 // We do not load empty urls in web_contents. |
| 137 // If a guest sets empty src attribute after it has navigated to some | 137 // If a guest sets empty src attribute after it has navigated to some |
| 138 // non-empty page, the action is considered no-op. This empty src navigation | 138 // non-empty page, the action is considered no-op. This empty src navigation |
| 139 // should never be sent to BrowserPluginEmbedder (browser process). | 139 // should never be sent to BrowserPluginEmbedder (browser process). |
| 140 DCHECK(!src.empty()); | 140 DCHECK(!src.empty()); |
| 141 if (!src.empty()) { | 141 if (!src.empty()) { |
| 142 // TODO(creis): Check the validity of the URL: http://crbug.com/139397. | 142 // Because guests do not swap processes on navigation, only navigations to |
| 143 // normal web URLs are supported. No protocol handlers are installed for |
| 144 // other schemes (e.g., WebUI or extensions), and no permissions or bindings |
| 145 // can be granted to the guest process. |
| 143 guest_web_contents->GetController().LoadURL(url, | 146 guest_web_contents->GetController().LoadURL(url, |
| 144 Referrer(), | 147 Referrer(), |
| 145 PAGE_TRANSITION_AUTO_TOPLEVEL, | 148 PAGE_TRANSITION_AUTO_TOPLEVEL, |
| 146 std::string()); | 149 std::string()); |
| 147 } | 150 } |
| 148 | 151 |
| 149 // Resize the guest if the resize parameter was set from the renderer. | 152 // Resize the guest if the resize parameter was set from the renderer. |
| 150 ResizeGuest(render_view_host, instance_id, resize_params); | 153 ResizeGuest(render_view_host, instance_id, resize_params); |
| 151 } | 154 } |
| 152 | 155 |
| (...skipping 173 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 326 bool visible = *Details<bool>(details).ptr(); | 329 bool visible = *Details<bool>(details).ptr(); |
| 327 WebContentsVisibilityChanged(visible); | 330 WebContentsVisibilityChanged(visible); |
| 328 break; | 331 break; |
| 329 } | 332 } |
| 330 default: | 333 default: |
| 331 NOTREACHED() << "Unexpected notification type: " << type; | 334 NOTREACHED() << "Unexpected notification type: " << type; |
| 332 } | 335 } |
| 333 } | 336 } |
| 334 | 337 |
| 335 } // namespace content | 338 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 11313018:
Prevent webview tags from navigating outside web-safe schemes. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src