Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(12)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/browser/web_contents/web_contents_impl.cc

Issue 11313018: Prevent webview tags from navigating outside web-safe schemes. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Fix nit Created 8 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « content/browser/renderer_host/render_view_host_impl.cc ('k') | content/public/browser/render_view_host.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "content/browser/web_contents/web_contents_impl.h" 5 #include "content/browser/web_contents/web_contents_impl.h"
6 6
7 #include <utility> 7 #include <utility>
8 8
9 #include "base/command_line.h" 9 #include "base/command_line.h"
10 #include "base/metrics/histogram.h" 10 #include "base/metrics/histogram.h"
(...skipping 1939 matching lines...) Expand 10 before | Expand all | Expand 10 after
1950 int64 frame_id, 1950 int64 frame_id,
1951 int64 parent_frame_id, 1951 int64 parent_frame_id,
1952 bool is_main_frame, 1952 bool is_main_frame,
1953 const GURL& opener_url, 1953 const GURL& opener_url,
1954 const GURL& url) { 1954 const GURL& url) {
1955 bool is_error_page = (url.spec() == kUnreachableWebDataURL); 1955 bool is_error_page = (url.spec() == kUnreachableWebDataURL);
1956 GURL validated_url(url); 1956 GURL validated_url(url);
1957 GURL validated_opener_url(opener_url); 1957 GURL validated_opener_url(opener_url);
1958 RenderProcessHost* render_process_host = 1958 RenderProcessHost* render_process_host =
1959 render_view_host->GetProcess(); 1959 render_view_host->GetProcess();
1960 RenderViewHost::FilterURL( 1960 RenderViewHost::FilterURL(render_process_host, false, &validated_url);
1961 render_process_host->GetID(), 1961 RenderViewHost::FilterURL(render_process_host, true, &validated_opener_url);
1962 false,
1963 &validated_url);
1964 RenderViewHost::FilterURL(
1965 render_process_host->GetID(),
1966 true,
1967 &validated_opener_url);
1968 1962
1969 // Notify observers about the start of the provisional load. 1963 // Notify observers about the start of the provisional load.
1970 FOR_EACH_OBSERVER(WebContentsObserver, observers_, 1964 FOR_EACH_OBSERVER(WebContentsObserver, observers_,
1971 DidStartProvisionalLoadForFrame(frame_id, parent_frame_id, 1965 DidStartProvisionalLoadForFrame(frame_id, parent_frame_id,
1972 is_main_frame, validated_url, is_error_page, 1966 is_main_frame, validated_url, is_error_page,
1973 render_view_host)); 1967 render_view_host));
1974 1968
1975 if (is_main_frame) { 1969 if (is_main_frame) {
1976 // Notify observers about the provisional change in the main frame URL. 1970 // Notify observers about the provisional change in the main frame URL.
1977 FOR_EACH_OBSERVER(WebContentsObserver, observers_, 1971 FOR_EACH_OBSERVER(WebContentsObserver, observers_,
(...skipping 10 matching lines...) Expand all
1988 const GURL& source_url, 1982 const GURL& source_url,
1989 const GURL& target_url) { 1983 const GURL& target_url) {
1990 // TODO(creis): Remove this method and have the pre-rendering code listen to 1984 // TODO(creis): Remove this method and have the pre-rendering code listen to
1991 // the ResourceDispatcherHost's RESOURCE_RECEIVED_REDIRECT notification 1985 // the ResourceDispatcherHost's RESOURCE_RECEIVED_REDIRECT notification
1992 // instead. See http://crbug.com/78512. 1986 // instead. See http://crbug.com/78512.
1993 GURL validated_source_url(source_url); 1987 GURL validated_source_url(source_url);
1994 GURL validated_target_url(target_url); 1988 GURL validated_target_url(target_url);
1995 GURL validated_opener_url(opener_url); 1989 GURL validated_opener_url(opener_url);
1996 RenderProcessHost* render_process_host = 1990 RenderProcessHost* render_process_host =
1997 render_view_host->GetProcess(); 1991 render_view_host->GetProcess();
1998 RenderViewHostImpl::FilterURL( 1992 RenderViewHost::FilterURL(render_process_host, false, &validated_source_url);
1999 ChildProcessSecurityPolicyImpl::GetInstance(), 1993 RenderViewHost::FilterURL(render_process_host, false, &validated_target_url);
2000 render_process_host->GetID(), 1994 RenderViewHost::FilterURL(render_process_host, true, &validated_opener_url);
2001 false,
2002 &validated_source_url);
2003 RenderViewHostImpl::FilterURL(
2004 ChildProcessSecurityPolicyImpl::GetInstance(),
2005 render_process_host->GetID(),
2006 false,
2007 &validated_target_url);
2008 RenderViewHostImpl::FilterURL(
2009 ChildProcessSecurityPolicyImpl::GetInstance(),
2010 render_process_host->GetID(),
2011 true,
2012 &validated_opener_url);
2013 NavigationEntry* entry; 1995 NavigationEntry* entry;
2014 if (page_id == -1) { 1996 if (page_id == -1) {
2015 entry = controller_.GetPendingEntry(); 1997 entry = controller_.GetPendingEntry();
2016 } else { 1998 } else {
2017 entry = controller_.GetEntryWithPageID(render_view_host->GetSiteInstance(), 1999 entry = controller_.GetEntryWithPageID(render_view_host->GetSiteInstance(),
2018 page_id); 2000 page_id);
2019 } 2001 }
2020 if (!entry || entry->GetURL() != validated_source_url) 2002 if (!entry || entry->GetURL() != validated_source_url)
2021 return; 2003 return;
2022 2004
(...skipping 10 matching lines...) Expand all
2033 VLOG(1) << "Failed Provisional Load: " << params.url.possibly_invalid_spec() 2015 VLOG(1) << "Failed Provisional Load: " << params.url.possibly_invalid_spec()
2034 << ", error_code: " << params.error_code 2016 << ", error_code: " << params.error_code
2035 << ", error_description: " << params.error_description 2017 << ", error_description: " << params.error_description
2036 << ", is_main_frame: " << params.is_main_frame 2018 << ", is_main_frame: " << params.is_main_frame
2037 << ", showing_repost_interstitial: " << 2019 << ", showing_repost_interstitial: " <<
2038 params.showing_repost_interstitial 2020 params.showing_repost_interstitial
2039 << ", frame_id: " << params.frame_id; 2021 << ", frame_id: " << params.frame_id;
2040 GURL validated_url(params.url); 2022 GURL validated_url(params.url);
2041 RenderProcessHost* render_process_host = 2023 RenderProcessHost* render_process_host =
2042 render_view_host->GetProcess(); 2024 render_view_host->GetProcess();
2043 RenderViewHost::FilterURL( 2025 RenderViewHost::FilterURL(render_process_host, false, &validated_url);
2044 render_process_host->GetID(),
2045 false,
2046 &validated_url);
2047 2026
2048 if (net::ERR_ABORTED == params.error_code) { 2027 if (net::ERR_ABORTED == params.error_code) {
2049 // EVIL HACK ALERT! Ignore failed loads when we're showing interstitials. 2028 // EVIL HACK ALERT! Ignore failed loads when we're showing interstitials.
2050 // This means that the interstitial won't be torn down properly, which is 2029 // This means that the interstitial won't be torn down properly, which is
2051 // bad. But if we have an interstitial, go back to another tab type, and 2030 // bad. But if we have an interstitial, go back to another tab type, and
2052 // then load the same interstitial again, we could end up getting the first 2031 // then load the same interstitial again, we could end up getting the first
2053 // interstitial's "failed" message (as a result of the cancel) when we're on 2032 // interstitial's "failed" message (as a result of the cancel) when we're on
2054 // the second one. 2033 // the second one.
2055 // 2034 //
2056 // We can't tell this apart, so we think we're tearing down the current page 2035 // We can't tell this apart, so we think we're tearing down the current page
(...skipping 1291 matching lines...) Expand 10 before | Expand all | Expand 10 after
3348 3327
3349 BrowserPluginGuest* WebContentsImpl::GetBrowserPluginGuest() { 3328 BrowserPluginGuest* WebContentsImpl::GetBrowserPluginGuest() {
3350 return browser_plugin_guest_.get(); 3329 return browser_plugin_guest_.get();
3351 } 3330 }
3352 3331
3353 BrowserPluginEmbedder* WebContentsImpl::GetBrowserPluginEmbedder() { 3332 BrowserPluginEmbedder* WebContentsImpl::GetBrowserPluginEmbedder() {
3354 return browser_plugin_embedder_.get(); 3333 return browser_plugin_embedder_.get();
3355 } 3334 }
3356 3335
3357 } // namespace content 3336 } // namespace content
OLDNEW
« no previous file with comments | « content/browser/renderer_host/render_view_host_impl.cc ('k') | content/public/browser/render_view_host.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698