OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/browser/renderer_host/render_view_host_impl.h" | 5 #include "content/browser/renderer_host/render_view_host_impl.h" |
6 | 6 |
7 #include <set> | 7 #include <set> |
8 #include <string> | 8 #include <string> |
9 #include <utility> | 9 #include <utility> |
10 #include <vector> | 10 #include <vector> |
(...skipping 113 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
124 return NULL; | 124 return NULL; |
125 return static_cast<RenderViewHostImpl*>(RenderWidgetHostImpl::From(widget)); | 125 return static_cast<RenderViewHostImpl*>(RenderWidgetHostImpl::From(widget)); |
126 } | 126 } |
127 | 127 |
128 // static | 128 // static |
129 RenderViewHost* RenderViewHost::From(RenderWidgetHost* rwh) { | 129 RenderViewHost* RenderViewHost::From(RenderWidgetHost* rwh) { |
130 return static_cast<RenderViewHostImpl*>(RenderWidgetHostImpl::From(rwh)); | 130 return static_cast<RenderViewHostImpl*>(RenderWidgetHostImpl::From(rwh)); |
131 } | 131 } |
132 | 132 |
133 // static | 133 // static |
134 void RenderViewHost::FilterURL(int renderer_id, | 134 void RenderViewHost::FilterURL(const RenderProcessHost* process, |
135 bool empty_allowed, | 135 bool empty_allowed, |
136 GURL* url) { | 136 GURL* url) { |
137 RenderViewHostImpl::FilterURL(ChildProcessSecurityPolicyImpl::GetInstance(), | 137 RenderViewHostImpl::FilterURL(ChildProcessSecurityPolicyImpl::GetInstance(), |
138 renderer_id, empty_allowed, url); | 138 process, empty_allowed, url); |
139 } | 139 } |
140 | 140 |
141 /////////////////////////////////////////////////////////////////////////////// | 141 /////////////////////////////////////////////////////////////////////////////// |
142 // RenderViewHostImpl, public: | 142 // RenderViewHostImpl, public: |
143 | 143 |
144 // static | 144 // static |
145 RenderViewHostImpl* RenderViewHostImpl::FromID(int render_process_id, | 145 RenderViewHostImpl* RenderViewHostImpl::FromID(int render_process_id, |
146 int render_view_id) { | 146 int render_view_id) { |
147 return static_cast<RenderViewHostImpl*>( | 147 return static_cast<RenderViewHostImpl*>( |
148 RenderViewHost::FromID(render_process_id, render_view_id)); | 148 RenderViewHost::FromID(render_process_id, render_view_id)); |
(...skipping 112 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
261 params.next_page_id = next_page_id; | 261 params.next_page_id = next_page_id; |
262 GetWebScreenInfo(¶ms.screen_info); | 262 GetWebScreenInfo(¶ms.screen_info); |
263 | 263 |
264 params.accessibility_mode = | 264 params.accessibility_mode = |
265 BrowserAccessibilityStateImpl::GetInstance()->GetAccessibilityMode(); | 265 BrowserAccessibilityStateImpl::GetInstance()->GetAccessibilityMode(); |
266 | 266 |
267 Send(new ViewMsg_New(params)); | 267 Send(new ViewMsg_New(params)); |
268 | 268 |
269 // If it's enabled, tell the renderer to set up the Javascript bindings for | 269 // If it's enabled, tell the renderer to set up the Javascript bindings for |
270 // sending messages back to the browser. | 270 // sending messages back to the browser. |
| 271 if (GetProcess()->IsGuest()) |
| 272 DCHECK_EQ(0, enabled_bindings_); |
271 Send(new ViewMsg_AllowBindings(GetRoutingID(), enabled_bindings_)); | 273 Send(new ViewMsg_AllowBindings(GetRoutingID(), enabled_bindings_)); |
272 // Let our delegate know that we created a RenderView. | 274 // Let our delegate know that we created a RenderView. |
273 delegate_->RenderViewCreated(this); | 275 delegate_->RenderViewCreated(this); |
274 | 276 |
275 FOR_EACH_OBSERVER( | 277 FOR_EACH_OBSERVER( |
276 RenderViewHostObserver, observers_, RenderViewHostInitialized()); | 278 RenderViewHostObserver, observers_, RenderViewHostInitialized()); |
277 | 279 |
278 return true; | 280 return true; |
279 } | 281 } |
280 | 282 |
281 bool RenderViewHostImpl::IsRenderViewLive() const { | 283 bool RenderViewHostImpl::IsRenderViewLive() const { |
282 return GetProcess()->HasConnection() && renderer_initialized_; | 284 return GetProcess()->HasConnection() && renderer_initialized_; |
283 } | 285 } |
284 | 286 |
285 void RenderViewHostImpl::SyncRendererPrefs() { | 287 void RenderViewHostImpl::SyncRendererPrefs() { |
286 Send(new ViewMsg_SetRendererPrefs(GetRoutingID(), | 288 Send(new ViewMsg_SetRendererPrefs(GetRoutingID(), |
287 delegate_->GetRendererPrefs( | 289 delegate_->GetRendererPrefs( |
288 GetProcess()->GetBrowserContext()))); | 290 GetProcess()->GetBrowserContext()))); |
289 } | 291 } |
290 | 292 |
291 void RenderViewHostImpl::Navigate(const ViewMsg_Navigate_Params& params) { | 293 void RenderViewHostImpl::Navigate(const ViewMsg_Navigate_Params& params) { |
292 ChildProcessSecurityPolicyImpl::GetInstance()->GrantRequestURL( | 294 // Browser plugin guests are not allowed to navigate outside web-safe schemes, |
293 GetProcess()->GetID(), params.url); | 295 // so do not grant them the ability to request additional URLs. |
294 if (params.url.SchemeIs(chrome::kDataScheme) && | 296 if (!GetProcess()->IsGuest()) { |
295 params.base_url_for_data_url.SchemeIs(chrome::kFileScheme)) { | |
296 // If 'data:' is used, and we have a 'file:' base url, grant access to | |
297 // local files. | |
298 ChildProcessSecurityPolicyImpl::GetInstance()->GrantRequestURL( | 297 ChildProcessSecurityPolicyImpl::GetInstance()->GrantRequestURL( |
299 GetProcess()->GetID(), params.base_url_for_data_url); | 298 GetProcess()->GetID(), params.url); |
| 299 if (params.url.SchemeIs(chrome::kDataScheme) && |
| 300 params.base_url_for_data_url.SchemeIs(chrome::kFileScheme)) { |
| 301 // If 'data:' is used, and we have a 'file:' base url, grant access to |
| 302 // local files. |
| 303 ChildProcessSecurityPolicyImpl::GetInstance()->GrantRequestURL( |
| 304 GetProcess()->GetID(), params.base_url_for_data_url); |
| 305 } |
300 } | 306 } |
301 | 307 |
302 ViewMsg_Navigate* nav_message = new ViewMsg_Navigate(GetRoutingID(), params); | 308 ViewMsg_Navigate* nav_message = new ViewMsg_Navigate(GetRoutingID(), params); |
303 | 309 |
304 // Only send the message if we aren't suspended at the start of a cross-site | 310 // Only send the message if we aren't suspended at the start of a cross-site |
305 // request. | 311 // request. |
306 if (navigations_suspended_) { | 312 if (navigations_suspended_) { |
307 // Shouldn't be possible to have a second navigation while suspended, since | 313 // Shouldn't be possible to have a second navigation while suspended, since |
308 // navigations will only be suspended during a cross-site request. If a | 314 // navigations will only be suspended during a cross-site request. If a |
309 // second navigation occurs, WebContentsImpl will cancel this pending RVH | 315 // second navigation occurs, WebContentsImpl will cancel this pending RVH |
(...skipping 274 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
584 const gfx::Point& screen_pt, | 590 const gfx::Point& screen_pt, |
585 WebDragOperationsMask operations_allowed, | 591 WebDragOperationsMask operations_allowed, |
586 int key_modifiers) { | 592 int key_modifiers) { |
587 const int renderer_id = GetProcess()->GetID(); | 593 const int renderer_id = GetProcess()->GetID(); |
588 ChildProcessSecurityPolicyImpl* policy = | 594 ChildProcessSecurityPolicyImpl* policy = |
589 ChildProcessSecurityPolicyImpl::GetInstance(); | 595 ChildProcessSecurityPolicyImpl::GetInstance(); |
590 | 596 |
591 // The URL could have been cobbled together from any highlighted text string, | 597 // The URL could have been cobbled together from any highlighted text string, |
592 // and can't be interpreted as a capability. | 598 // and can't be interpreted as a capability. |
593 WebDropData filtered_data(drop_data); | 599 WebDropData filtered_data(drop_data); |
594 FilterURL(policy, renderer_id, true, &filtered_data.url); | 600 FilterURL(policy, GetProcess(), true, &filtered_data.url); |
595 | 601 |
596 // The filenames vector, on the other hand, does represent a capability to | 602 // The filenames vector, on the other hand, does represent a capability to |
597 // access the given files. | 603 // access the given files. |
598 fileapi::IsolatedContext::FileInfoSet files; | 604 fileapi::IsolatedContext::FileInfoSet files; |
599 for (std::vector<WebDropData::FileInfo>::iterator iter( | 605 for (std::vector<WebDropData::FileInfo>::iterator iter( |
600 filtered_data.filenames.begin()); | 606 filtered_data.filenames.begin()); |
601 iter != filtered_data.filenames.end(); ++iter) { | 607 iter != filtered_data.filenames.end(); ++iter) { |
602 // A dragged file may wind up as the value of an input element, or it | 608 // A dragged file may wind up as the value of an input element, or it |
603 // may be used as the target of a navigation instead. We don't know | 609 // may be used as the target of a navigation instead. We don't know |
604 // which will happen at this point, so generously grant both access | 610 // which will happen at this point, so generously grant both access |
(...skipping 205 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
810 !ChildProcessSecurityPolicyImpl::GetInstance()->HasWebUIBindings( | 816 !ChildProcessSecurityPolicyImpl::GetInstance()->HasWebUIBindings( |
811 GetProcess()->GetID())) { | 817 GetProcess()->GetID())) { |
812 // This process has no bindings yet. Make sure it does not have more | 818 // This process has no bindings yet. Make sure it does not have more |
813 // than this single active view. | 819 // than this single active view. |
814 RenderProcessHostImpl* process = | 820 RenderProcessHostImpl* process = |
815 static_cast<RenderProcessHostImpl*>(GetProcess()); | 821 static_cast<RenderProcessHostImpl*>(GetProcess()); |
816 if (process->GetActiveViewCount() > 1) | 822 if (process->GetActiveViewCount() > 1) |
817 return; | 823 return; |
818 } | 824 } |
819 | 825 |
| 826 // Never grant any bindings to browser plugin guests. |
| 827 if (GetProcess()->IsGuest()) { |
| 828 NOTREACHED() << "Never grant bindings to a guest process."; |
| 829 return; |
| 830 } |
| 831 |
820 if (bindings_flags & BINDINGS_POLICY_WEB_UI) { | 832 if (bindings_flags & BINDINGS_POLICY_WEB_UI) { |
821 ChildProcessSecurityPolicyImpl::GetInstance()->GrantWebUIBindings( | 833 ChildProcessSecurityPolicyImpl::GetInstance()->GrantWebUIBindings( |
822 GetProcess()->GetID()); | 834 GetProcess()->GetID()); |
823 } | 835 } |
824 | 836 |
825 enabled_bindings_ |= bindings_flags; | 837 enabled_bindings_ |= bindings_flags; |
826 if (renderer_initialized_) | 838 if (renderer_initialized_) |
827 Send(new ViewMsg_AllowBindings(GetRoutingID(), enabled_bindings_)); | 839 Send(new ViewMsg_AllowBindings(GetRoutingID(), enabled_bindings_)); |
828 } | 840 } |
829 | 841 |
(...skipping 384 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1214 } | 1226 } |
1215 | 1227 |
1216 // If we're waiting for an unload ack from this renderer and we receive a | 1228 // If we're waiting for an unload ack from this renderer and we receive a |
1217 // Navigate message, then the renderer was navigating before it received the | 1229 // Navigate message, then the renderer was navigating before it received the |
1218 // unload request. It will either respond to the unload request soon or our | 1230 // unload request. It will either respond to the unload request soon or our |
1219 // timer will expire. Either way, we should ignore this message, because we | 1231 // timer will expire. Either way, we should ignore this message, because we |
1220 // have already committed to closing this renderer. | 1232 // have already committed to closing this renderer. |
1221 if (is_waiting_for_unload_ack_) | 1233 if (is_waiting_for_unload_ack_) |
1222 return; | 1234 return; |
1223 | 1235 |
1224 const int renderer_id = GetProcess()->GetID(); | 1236 RenderProcessHost* process = GetProcess(); |
1225 ChildProcessSecurityPolicyImpl* policy = | 1237 ChildProcessSecurityPolicyImpl* policy = |
1226 ChildProcessSecurityPolicyImpl::GetInstance(); | 1238 ChildProcessSecurityPolicyImpl::GetInstance(); |
1227 // Without this check, an evil renderer can trick the browser into creating | 1239 // Without this check, an evil renderer can trick the browser into creating |
1228 // a navigation entry for a banned URL. If the user clicks the back button | 1240 // a navigation entry for a banned URL. If the user clicks the back button |
1229 // followed by the forward button (or clicks reload, or round-trips through | 1241 // followed by the forward button (or clicks reload, or round-trips through |
1230 // session restore, etc), we'll think that the browser commanded the | 1242 // session restore, etc), we'll think that the browser commanded the |
1231 // renderer to load the URL and grant the renderer the privileges to request | 1243 // renderer to load the URL and grant the renderer the privileges to request |
1232 // the URL. To prevent this attack, we block the renderer from inserting | 1244 // the URL. To prevent this attack, we block the renderer from inserting |
1233 // banned URLs into the navigation controller in the first place. | 1245 // banned URLs into the navigation controller in the first place. |
1234 FilterURL(policy, renderer_id, false, &validated_params.url); | 1246 FilterURL(policy, process, false, &validated_params.url); |
1235 FilterURL(policy, renderer_id, true, &validated_params.referrer.url); | 1247 FilterURL(policy, process, true, &validated_params.referrer.url); |
1236 for (std::vector<GURL>::iterator it(validated_params.redirects.begin()); | 1248 for (std::vector<GURL>::iterator it(validated_params.redirects.begin()); |
1237 it != validated_params.redirects.end(); ++it) { | 1249 it != validated_params.redirects.end(); ++it) { |
1238 FilterURL(policy, renderer_id, false, &(*it)); | 1250 FilterURL(policy, process, false, &(*it)); |
1239 } | 1251 } |
1240 FilterURL(policy, renderer_id, true, &validated_params.searchable_form_url); | 1252 FilterURL(policy, process, true, &validated_params.searchable_form_url); |
1241 FilterURL(policy, renderer_id, true, &validated_params.password_form.origin); | 1253 FilterURL(policy, process, true, &validated_params.password_form.origin); |
1242 FilterURL(policy, renderer_id, true, &validated_params.password_form.action); | 1254 FilterURL(policy, process, true, &validated_params.password_form.action); |
1243 | 1255 |
1244 delegate_->DidNavigate(this, validated_params); | 1256 delegate_->DidNavigate(this, validated_params); |
1245 | 1257 |
1246 // TODO(nasko): Send frame tree update for the top level frame, once | 1258 // TODO(nasko): Send frame tree update for the top level frame, once |
1247 // http://crbug.com/153701 is fixed. | 1259 // http://crbug.com/153701 is fixed. |
1248 } | 1260 } |
1249 | 1261 |
1250 void RenderViewHostImpl::OnMsgUpdateState(int32 page_id, | 1262 void RenderViewHostImpl::OnMsgUpdateState(int32 page_id, |
1251 const std::string& state) { | 1263 const std::string& state) { |
1252 delegate_->UpdateState(this, page_id, state); | 1264 delegate_->UpdateState(this, page_id, state); |
(...skipping 63 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1316 | 1328 |
1317 void RenderViewHostImpl::OnMsgDocumentOnLoadCompletedInMainFrame( | 1329 void RenderViewHostImpl::OnMsgDocumentOnLoadCompletedInMainFrame( |
1318 int32 page_id) { | 1330 int32 page_id) { |
1319 delegate_->DocumentOnLoadCompletedInMainFrame(this, page_id); | 1331 delegate_->DocumentOnLoadCompletedInMainFrame(this, page_id); |
1320 } | 1332 } |
1321 | 1333 |
1322 void RenderViewHostImpl::OnMsgContextMenu(const ContextMenuParams& params) { | 1334 void RenderViewHostImpl::OnMsgContextMenu(const ContextMenuParams& params) { |
1323 // Validate the URLs in |params|. If the renderer can't request the URLs | 1335 // Validate the URLs in |params|. If the renderer can't request the URLs |
1324 // directly, don't show them in the context menu. | 1336 // directly, don't show them in the context menu. |
1325 ContextMenuParams validated_params(params); | 1337 ContextMenuParams validated_params(params); |
1326 int renderer_id = GetProcess()->GetID(); | 1338 RenderProcessHost* process = GetProcess(); |
1327 ChildProcessSecurityPolicyImpl* policy = | 1339 ChildProcessSecurityPolicyImpl* policy = |
1328 ChildProcessSecurityPolicyImpl::GetInstance(); | 1340 ChildProcessSecurityPolicyImpl::GetInstance(); |
1329 | 1341 |
1330 // We don't validate |unfiltered_link_url| so that this field can be used | 1342 // We don't validate |unfiltered_link_url| so that this field can be used |
1331 // when users want to copy the original link URL. | 1343 // when users want to copy the original link URL. |
1332 FilterURL(policy, renderer_id, true, &validated_params.link_url); | 1344 FilterURL(policy, process, true, &validated_params.link_url); |
1333 FilterURL(policy, renderer_id, true, &validated_params.src_url); | 1345 FilterURL(policy, process, true, &validated_params.src_url); |
1334 FilterURL(policy, renderer_id, false, &validated_params.page_url); | 1346 FilterURL(policy, process, false, &validated_params.page_url); |
1335 FilterURL(policy, renderer_id, true, &validated_params.frame_url); | 1347 FilterURL(policy, process, true, &validated_params.frame_url); |
1336 | 1348 |
1337 ContextMenuSourceType type = CONTEXT_MENU_SOURCE_MOUSE; | 1349 ContextMenuSourceType type = CONTEXT_MENU_SOURCE_MOUSE; |
1338 if (!in_process_event_types_.empty()) { | 1350 if (!in_process_event_types_.empty()) { |
1339 WebKit::WebInputEvent::Type event_type = in_process_event_types_.front(); | 1351 WebKit::WebInputEvent::Type event_type = in_process_event_types_.front(); |
1340 if (WebKit::WebInputEvent::isGestureEventType(event_type)) | 1352 if (WebKit::WebInputEvent::isGestureEventType(event_type)) |
1341 type = CONTEXT_MENU_SOURCE_TOUCH; | 1353 type = CONTEXT_MENU_SOURCE_TOUCH; |
1342 else if (WebKit::WebInputEvent::isKeyboardEventType(event_type)) | 1354 else if (WebKit::WebInputEvent::isKeyboardEventType(event_type)) |
1343 type = CONTEXT_MENU_SOURCE_KEYBOARD; | 1355 type = CONTEXT_MENU_SOURCE_KEYBOARD; |
1344 } | 1356 } |
1345 delegate_->ShowContextMenu(validated_params, type); | 1357 delegate_->ShowContextMenu(validated_params, type); |
1346 } | 1358 } |
1347 | 1359 |
1348 void RenderViewHostImpl::OnMsgToggleFullscreen(bool enter_fullscreen) { | 1360 void RenderViewHostImpl::OnMsgToggleFullscreen(bool enter_fullscreen) { |
1349 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 1361 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
1350 delegate_->ToggleFullscreenMode(enter_fullscreen); | 1362 delegate_->ToggleFullscreenMode(enter_fullscreen); |
1351 WasResized(); | 1363 WasResized(); |
1352 } | 1364 } |
1353 | 1365 |
1354 void RenderViewHostImpl::OnMsgOpenURL(const GURL& url, | 1366 void RenderViewHostImpl::OnMsgOpenURL(const GURL& url, |
1355 const Referrer& referrer, | 1367 const Referrer& referrer, |
1356 WindowOpenDisposition disposition, | 1368 WindowOpenDisposition disposition, |
1357 int64 source_frame_id) { | 1369 int64 source_frame_id) { |
1358 GURL validated_url(url); | 1370 GURL validated_url(url); |
1359 FilterURL(ChildProcessSecurityPolicyImpl::GetInstance(), | 1371 FilterURL(ChildProcessSecurityPolicyImpl::GetInstance(), |
1360 GetProcess()->GetID(), false, &validated_url); | 1372 GetProcess(), false, &validated_url); |
1361 | 1373 |
1362 delegate_->RequestOpenURL( | 1374 delegate_->RequestOpenURL( |
1363 this, validated_url, referrer, disposition, source_frame_id); | 1375 this, validated_url, referrer, disposition, source_frame_id); |
1364 } | 1376 } |
1365 | 1377 |
1366 void RenderViewHostImpl::OnMsgDidContentsPreferredSizeChange( | 1378 void RenderViewHostImpl::OnMsgDidContentsPreferredSizeChange( |
1367 const gfx::Size& new_size) { | 1379 const gfx::Size& new_size) { |
1368 delegate_->UpdatePreferredSize(new_size); | 1380 delegate_->UpdatePreferredSize(new_size); |
1369 } | 1381 } |
1370 | 1382 |
(...skipping 74 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1445 void RenderViewHostImpl::OnMsgStartDragging( | 1457 void RenderViewHostImpl::OnMsgStartDragging( |
1446 const WebDropData& drop_data, | 1458 const WebDropData& drop_data, |
1447 WebDragOperationsMask drag_operations_mask, | 1459 WebDragOperationsMask drag_operations_mask, |
1448 const SkBitmap& bitmap, | 1460 const SkBitmap& bitmap, |
1449 const gfx::Point& bitmap_offset_in_dip) { | 1461 const gfx::Point& bitmap_offset_in_dip) { |
1450 RenderViewHostDelegateView* view = delegate_->GetDelegateView(); | 1462 RenderViewHostDelegateView* view = delegate_->GetDelegateView(); |
1451 if (!view) | 1463 if (!view) |
1452 return; | 1464 return; |
1453 | 1465 |
1454 WebDropData filtered_data(drop_data); | 1466 WebDropData filtered_data(drop_data); |
| 1467 RenderProcessHost* process = GetProcess(); |
1455 ChildProcessSecurityPolicyImpl* policy = | 1468 ChildProcessSecurityPolicyImpl* policy = |
1456 ChildProcessSecurityPolicyImpl::GetInstance(); | 1469 ChildProcessSecurityPolicyImpl::GetInstance(); |
1457 | 1470 |
1458 // Allow drag of Javascript URLs to enable bookmarklet drag to bookmark bar. | 1471 // Allow drag of Javascript URLs to enable bookmarklet drag to bookmark bar. |
1459 if (!filtered_data.url.SchemeIs(chrome::kJavaScriptScheme)) | 1472 if (!filtered_data.url.SchemeIs(chrome::kJavaScriptScheme)) |
1460 FilterURL(policy, GetProcess()->GetID(), true, &filtered_data.url); | 1473 FilterURL(policy, process, true, &filtered_data.url); |
1461 FilterURL(policy, GetProcess()->GetID(), false, &filtered_data.html_base_url); | 1474 FilterURL(policy, process, false, &filtered_data.html_base_url); |
1462 // Filter out any paths that the renderer didn't have access to. This prevents | 1475 // Filter out any paths that the renderer didn't have access to. This prevents |
1463 // the following attack on a malicious renderer: | 1476 // the following attack on a malicious renderer: |
1464 // 1. StartDragging IPC sent with renderer-specified filesystem paths that it | 1477 // 1. StartDragging IPC sent with renderer-specified filesystem paths that it |
1465 // doesn't have read permissions for. | 1478 // doesn't have read permissions for. |
1466 // 2. We initiate a native DnD operation. | 1479 // 2. We initiate a native DnD operation. |
1467 // 3. DnD operation immediately ends since mouse is not held down. DnD events | 1480 // 3. DnD operation immediately ends since mouse is not held down. DnD events |
1468 // still fire though, which causes read permissions to be granted to the | 1481 // still fire though, which causes read permissions to be granted to the |
1469 // renderer for any file paths in the drop. | 1482 // renderer for any file paths in the drop. |
1470 filtered_data.filenames.clear(); | 1483 filtered_data.filenames.clear(); |
1471 for (std::vector<WebDropData::FileInfo>::const_iterator it = | 1484 for (std::vector<WebDropData::FileInfo>::const_iterator it = |
(...skipping 220 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1692 | 1705 |
1693 void RenderViewHostImpl::SendOrientationChangeEvent(int orientation) { | 1706 void RenderViewHostImpl::SendOrientationChangeEvent(int orientation) { |
1694 Send(new ViewMsg_OrientationChangeEvent(GetRoutingID(), orientation)); | 1707 Send(new ViewMsg_OrientationChangeEvent(GetRoutingID(), orientation)); |
1695 } | 1708 } |
1696 | 1709 |
1697 void RenderViewHostImpl::ToggleSpeechInput() { | 1710 void RenderViewHostImpl::ToggleSpeechInput() { |
1698 Send(new InputTagSpeechMsg_ToggleSpeechInput(GetRoutingID())); | 1711 Send(new InputTagSpeechMsg_ToggleSpeechInput(GetRoutingID())); |
1699 } | 1712 } |
1700 | 1713 |
1701 void RenderViewHostImpl::FilterURL(ChildProcessSecurityPolicyImpl* policy, | 1714 void RenderViewHostImpl::FilterURL(ChildProcessSecurityPolicyImpl* policy, |
1702 int renderer_id, | 1715 const RenderProcessHost* process, |
1703 bool empty_allowed, | 1716 bool empty_allowed, |
1704 GURL* url) { | 1717 GURL* url) { |
1705 if (empty_allowed && url->is_empty()) | 1718 if (empty_allowed && url->is_empty()) |
1706 return; | 1719 return; |
1707 | 1720 |
1708 if (!url->is_valid()) { | 1721 if (!url->is_valid()) { |
1709 // Have to use about:blank for the denied case, instead of an empty GURL. | 1722 // Have to use about:blank for the denied case, instead of an empty GURL. |
1710 // This is because the browser treats navigation to an empty GURL as a | 1723 // This is because the browser treats navigation to an empty GURL as a |
1711 // navigation to the home page. This is often a privileged page | 1724 // navigation to the home page. This is often a privileged page |
1712 // (chrome://newtab/) which is exactly what we don't want. | 1725 // (chrome://newtab/) which is exactly what we don't want. |
1713 *url = GURL(chrome::kAboutBlankURL); | 1726 *url = GURL(chrome::kAboutBlankURL); |
1714 return; | 1727 return; |
1715 } | 1728 } |
1716 | 1729 |
1717 if (url->SchemeIs(chrome::kAboutScheme)) { | 1730 if (url->SchemeIs(chrome::kAboutScheme)) { |
1718 // The renderer treats all URLs in the about: scheme as being about:blank. | 1731 // The renderer treats all URLs in the about: scheme as being about:blank. |
1719 // Canonicalize about: URLs to about:blank. | 1732 // Canonicalize about: URLs to about:blank. |
1720 *url = GURL(chrome::kAboutBlankURL); | 1733 *url = GURL(chrome::kAboutBlankURL); |
1721 } | 1734 } |
1722 | 1735 |
1723 if (!policy->CanRequestURL(renderer_id, *url)) { | 1736 // Do not allow browser plugin guests to navigate to non-web URLs, since they |
| 1737 // cannot swap processes or grant bindings. |
| 1738 bool non_web_url_in_guest = process->IsGuest() && |
| 1739 !(url->is_valid() && policy->IsWebSafeScheme(url->scheme())); |
| 1740 |
| 1741 if (non_web_url_in_guest || !policy->CanRequestURL(process->GetID(), *url)) { |
1724 // If this renderer is not permitted to request this URL, we invalidate the | 1742 // If this renderer is not permitted to request this URL, we invalidate the |
1725 // URL. This prevents us from storing the blocked URL and becoming confused | 1743 // URL. This prevents us from storing the blocked URL and becoming confused |
1726 // later. | 1744 // later. |
1727 VLOG(1) << "Blocked URL " << url->spec(); | 1745 VLOG(1) << "Blocked URL " << url->spec(); |
1728 *url = GURL(chrome::kAboutBlankURL); | 1746 *url = GURL(chrome::kAboutBlankURL); |
1729 } | 1747 } |
1730 } | 1748 } |
1731 | 1749 |
1732 void RenderViewHostImpl::SetAltErrorPageURL(const GURL& url) { | 1750 void RenderViewHostImpl::SetAltErrorPageURL(const GURL& url) { |
1733 Send(new ViewMsg_SetAltErrorPageURL(GetRoutingID(), url)); | 1751 Send(new ViewMsg_SetAltErrorPageURL(GetRoutingID(), url)); |
(...skipping 277 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2011 is_waiting_for_beforeunload_ack_ = false; | 2029 is_waiting_for_beforeunload_ack_ = false; |
2012 is_waiting_for_unload_ack_ = false; | 2030 is_waiting_for_unload_ack_ = false; |
2013 has_timed_out_on_unload_ = false; | 2031 has_timed_out_on_unload_ = false; |
2014 } | 2032 } |
2015 | 2033 |
2016 void RenderViewHostImpl::ClearPowerSaveBlockers() { | 2034 void RenderViewHostImpl::ClearPowerSaveBlockers() { |
2017 STLDeleteValues(&power_save_blockers_); | 2035 STLDeleteValues(&power_save_blockers_); |
2018 } | 2036 } |
2019 | 2037 |
2020 } // namespace content | 2038 } // namespace content |
OLD | NEW |