| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/renderer/content_settings_observer.h" | 5 #include "chrome/renderer/content_settings_observer.h" |
| 6 | 6 |
| 7 #include "base/command_line.h" | 7 #include "base/command_line.h" |
| 8 #include "base/metrics/histogram.h" | 8 #include "base/metrics/histogram.h" |
| 9 #include "components/content_settings/content/common/content_settings_messages.h
" | 9 #include "components/content_settings/content/common/content_settings_messages.h
" |
| 10 #include "content/public/common/url_constants.h" | 10 #include "content/public/common/url_constants.h" |
| (...skipping 89 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 100 static const char kGoogleIntlPathPrefix[] = "/intl/"; | 100 static const char kGoogleIntlPathPrefix[] = "/intl/"; |
| 101 static const char kDotJS[] = ".js"; | 101 static const char kDotJS[] = ".js"; |
| 102 static const char kDotCSS[] = ".css"; | 102 static const char kDotCSS[] = ".css"; |
| 103 static const char kDotSWF[] = ".swf"; | 103 static const char kDotSWF[] = ".swf"; |
| 104 static const char kDotHTML[] = ".html"; | 104 static const char kDotHTML[] = ".html"; |
| 105 | 105 |
| 106 // Constants for mixed-content blocking. | 106 // Constants for mixed-content blocking. |
| 107 static const char kGoogleDotCom[] = "google.com"; | 107 static const char kGoogleDotCom[] = "google.com"; |
| 108 | 108 |
| 109 static bool IsHostInDomain(const std::string& host, const std::string& domain) { | 109 static bool IsHostInDomain(const std::string& host, const std::string& domain) { |
| 110 return (base::EndsWith(host, domain, false) && | 110 return (base::EndsWith(host, domain, base::CompareCase::INSENSITIVE_ASCII) && |
| 111 (host.length() == domain.length() || | 111 (host.length() == domain.length() || |
| 112 (host.length() > domain.length() && | 112 (host.length() > domain.length() && |
| 113 host[host.length() - domain.length() - 1] == '.'))); | 113 host[host.length() - domain.length() - 1] == '.'))); |
| 114 } | 114 } |
| 115 | 115 |
| 116 GURL GetOriginOrURL(const WebFrame* frame) { | 116 GURL GetOriginOrURL(const WebFrame* frame) { |
| 117 WebString top_origin = frame->top()->securityOrigin().toString(); | 117 WebString top_origin = frame->top()->securityOrigin().toString(); |
| 118 // The |top_origin| is unique ("null") e.g., for file:// URLs. Use the | 118 // The |top_origin| is unique ("null") e.g., for file:// URLs. Use the |
| 119 // document URL as the primary URL in those cases. | 119 // document URL as the primary URL in those cases. |
| 120 // TODO(alexmos): This is broken for --site-per-process, since top() can be a | 120 // TODO(alexmos): This is broken for --site-per-process, since top() can be a |
| (...skipping 346 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 467 bool allowed_per_settings, | 467 bool allowed_per_settings, |
| 468 const blink::WebSecurityOrigin& origin, | 468 const blink::WebSecurityOrigin& origin, |
| 469 const blink::WebURL& resource_url) { | 469 const blink::WebURL& resource_url) { |
| 470 SendInsecureContentSignal(INSECURE_CONTENT_DISPLAY); | 470 SendInsecureContentSignal(INSECURE_CONTENT_DISPLAY); |
| 471 | 471 |
| 472 std::string origin_host(origin.host().utf8()); | 472 std::string origin_host(origin.host().utf8()); |
| 473 WebFrame* frame = render_frame()->GetWebFrame(); | 473 WebFrame* frame = render_frame()->GetWebFrame(); |
| 474 GURL frame_gurl(frame->document().url()); | 474 GURL frame_gurl(frame->document().url()); |
| 475 if (IsHostInDomain(origin_host, kGoogleDotCom)) { | 475 if (IsHostInDomain(origin_host, kGoogleDotCom)) { |
| 476 SendInsecureContentSignal(INSECURE_CONTENT_DISPLAY_HOST_GOOGLE); | 476 SendInsecureContentSignal(INSECURE_CONTENT_DISPLAY_HOST_GOOGLE); |
| 477 if (base::StartsWithASCII(frame_gurl.path(), kGoogleSupportPathPrefix, | 477 if (base::StartsWith(frame_gurl.path(), kGoogleSupportPathPrefix, |
| 478 false)) { | 478 base::CompareCase::INSENSITIVE_ASCII)) { |
| 479 SendInsecureContentSignal(INSECURE_CONTENT_DISPLAY_HOST_GOOGLE_SUPPORT); | 479 SendInsecureContentSignal(INSECURE_CONTENT_DISPLAY_HOST_GOOGLE_SUPPORT); |
| 480 } else if (base::StartsWithASCII(frame_gurl.path(), kGoogleIntlPathPrefix, | 480 } else if (base::StartsWith(frame_gurl.path(), kGoogleIntlPathPrefix, |
| 481 false)) { | 481 base::CompareCase::INSENSITIVE_ASCII)) { |
| 482 SendInsecureContentSignal(INSECURE_CONTENT_DISPLAY_HOST_GOOGLE_INTL); | 482 SendInsecureContentSignal(INSECURE_CONTENT_DISPLAY_HOST_GOOGLE_INTL); |
| 483 } | 483 } |
| 484 } | 484 } |
| 485 | 485 |
| 486 if (origin_host == kWWWDotGoogleDotCom) { | 486 if (origin_host == kWWWDotGoogleDotCom) { |
| 487 SendInsecureContentSignal(INSECURE_CONTENT_DISPLAY_HOST_WWW_GOOGLE); | 487 SendInsecureContentSignal(INSECURE_CONTENT_DISPLAY_HOST_WWW_GOOGLE); |
| 488 if (base::StartsWithASCII(frame_gurl.path(), kGoogleReaderPathPrefix, | 488 if (base::StartsWith(frame_gurl.path(), kGoogleReaderPathPrefix, |
| 489 false)) | 489 base::CompareCase::INSENSITIVE_ASCII)) |
| 490 SendInsecureContentSignal(INSECURE_CONTENT_DISPLAY_HOST_GOOGLE_READER); | 490 SendInsecureContentSignal(INSECURE_CONTENT_DISPLAY_HOST_GOOGLE_READER); |
| 491 } else if (origin_host == kMailDotGoogleDotCom) { | 491 } else if (origin_host == kMailDotGoogleDotCom) { |
| 492 SendInsecureContentSignal(INSECURE_CONTENT_DISPLAY_HOST_MAIL_GOOGLE); | 492 SendInsecureContentSignal(INSECURE_CONTENT_DISPLAY_HOST_MAIL_GOOGLE); |
| 493 } else if (origin_host == kPlusDotGoogleDotCom) { | 493 } else if (origin_host == kPlusDotGoogleDotCom) { |
| 494 SendInsecureContentSignal(INSECURE_CONTENT_DISPLAY_HOST_PLUS_GOOGLE); | 494 SendInsecureContentSignal(INSECURE_CONTENT_DISPLAY_HOST_PLUS_GOOGLE); |
| 495 } else if (origin_host == kDocsDotGoogleDotCom) { | 495 } else if (origin_host == kDocsDotGoogleDotCom) { |
| 496 SendInsecureContentSignal(INSECURE_CONTENT_DISPLAY_HOST_DOCS_GOOGLE); | 496 SendInsecureContentSignal(INSECURE_CONTENT_DISPLAY_HOST_DOCS_GOOGLE); |
| 497 } else if (origin_host == kSitesDotGoogleDotCom) { | 497 } else if (origin_host == kSitesDotGoogleDotCom) { |
| 498 SendInsecureContentSignal(INSECURE_CONTENT_DISPLAY_HOST_SITES_GOOGLE); | 498 SendInsecureContentSignal(INSECURE_CONTENT_DISPLAY_HOST_SITES_GOOGLE); |
| 499 } else if (origin_host == kPicasawebDotGoogleDotCom) { | 499 } else if (origin_host == kPicasawebDotGoogleDotCom) { |
| 500 SendInsecureContentSignal(INSECURE_CONTENT_DISPLAY_HOST_PICASAWEB_GOOGLE); | 500 SendInsecureContentSignal(INSECURE_CONTENT_DISPLAY_HOST_PICASAWEB_GOOGLE); |
| 501 } else if (origin_host == kCodeDotGoogleDotCom) { | 501 } else if (origin_host == kCodeDotGoogleDotCom) { |
| 502 SendInsecureContentSignal(INSECURE_CONTENT_DISPLAY_HOST_CODE_GOOGLE); | 502 SendInsecureContentSignal(INSECURE_CONTENT_DISPLAY_HOST_CODE_GOOGLE); |
| 503 } else if (origin_host == kGroupsDotGoogleDotCom) { | 503 } else if (origin_host == kGroupsDotGoogleDotCom) { |
| 504 SendInsecureContentSignal(INSECURE_CONTENT_DISPLAY_HOST_GROUPS_GOOGLE); | 504 SendInsecureContentSignal(INSECURE_CONTENT_DISPLAY_HOST_GROUPS_GOOGLE); |
| 505 } else if (origin_host == kMapsDotGoogleDotCom) { | 505 } else if (origin_host == kMapsDotGoogleDotCom) { |
| 506 SendInsecureContentSignal(INSECURE_CONTENT_DISPLAY_HOST_MAPS_GOOGLE); | 506 SendInsecureContentSignal(INSECURE_CONTENT_DISPLAY_HOST_MAPS_GOOGLE); |
| 507 } else if (origin_host == kWWWDotYoutubeDotCom) { | 507 } else if (origin_host == kWWWDotYoutubeDotCom) { |
| 508 SendInsecureContentSignal(INSECURE_CONTENT_DISPLAY_HOST_YOUTUBE); | 508 SendInsecureContentSignal(INSECURE_CONTENT_DISPLAY_HOST_YOUTUBE); |
| 509 } | 509 } |
| 510 | 510 |
| 511 GURL resource_gurl(resource_url); | 511 GURL resource_gurl(resource_url); |
| 512 if (base::EndsWith(resource_gurl.path(), kDotHTML, false)) | 512 if (base::EndsWith(resource_gurl.path(), kDotHTML, |
| 513 base::CompareCase::INSENSITIVE_ASCII)) |
| 513 SendInsecureContentSignal(INSECURE_CONTENT_DISPLAY_HTML); | 514 SendInsecureContentSignal(INSECURE_CONTENT_DISPLAY_HTML); |
| 514 | 515 |
| 515 if (allowed_per_settings || allow_displaying_insecure_content_) | 516 if (allowed_per_settings || allow_displaying_insecure_content_) |
| 516 return true; | 517 return true; |
| 517 | 518 |
| 518 Send(new ChromeViewHostMsg_DidBlockDisplayingInsecureContent(routing_id())); | 519 Send(new ChromeViewHostMsg_DidBlockDisplayingInsecureContent(routing_id())); |
| 519 | 520 |
| 520 return false; | 521 return false; |
| 521 } | 522 } |
| 522 | 523 |
| 523 bool ContentSettingsObserver::allowRunningInsecureContent( | 524 bool ContentSettingsObserver::allowRunningInsecureContent( |
| 524 bool allowed_per_settings, | 525 bool allowed_per_settings, |
| 525 const blink::WebSecurityOrigin& origin, | 526 const blink::WebSecurityOrigin& origin, |
| 526 const blink::WebURL& resource_url) { | 527 const blink::WebURL& resource_url) { |
| 527 std::string origin_host(origin.host().utf8()); | 528 std::string origin_host(origin.host().utf8()); |
| 528 WebFrame* frame = render_frame()->GetWebFrame(); | 529 WebFrame* frame = render_frame()->GetWebFrame(); |
| 529 GURL frame_gurl(frame->document().url()); | 530 GURL frame_gurl(frame->document().url()); |
| 530 DCHECK_EQ(frame_gurl.host(), origin_host); | 531 DCHECK_EQ(frame_gurl.host(), origin_host); |
| 531 | 532 |
| 532 bool is_google = IsHostInDomain(origin_host, kGoogleDotCom); | 533 bool is_google = IsHostInDomain(origin_host, kGoogleDotCom); |
| 533 if (is_google) { | 534 if (is_google) { |
| 534 SendInsecureContentSignal(INSECURE_CONTENT_RUN_HOST_GOOGLE); | 535 SendInsecureContentSignal(INSECURE_CONTENT_RUN_HOST_GOOGLE); |
| 535 if (base::StartsWithASCII(frame_gurl.path(), kGoogleSupportPathPrefix, | 536 if (base::StartsWith(frame_gurl.path(), kGoogleSupportPathPrefix, |
| 536 false)) { | 537 base::CompareCase::INSENSITIVE_ASCII)) { |
| 537 SendInsecureContentSignal(INSECURE_CONTENT_RUN_HOST_GOOGLE_SUPPORT); | 538 SendInsecureContentSignal(INSECURE_CONTENT_RUN_HOST_GOOGLE_SUPPORT); |
| 538 } else if (base::StartsWithASCII(frame_gurl.path(), kGoogleIntlPathPrefix, | 539 } else if (base::StartsWith(frame_gurl.path(), kGoogleIntlPathPrefix, |
| 539 false)) { | 540 base::CompareCase::INSENSITIVE_ASCII)) { |
| 540 SendInsecureContentSignal(INSECURE_CONTENT_RUN_HOST_GOOGLE_INTL); | 541 SendInsecureContentSignal(INSECURE_CONTENT_RUN_HOST_GOOGLE_INTL); |
| 541 } | 542 } |
| 542 } | 543 } |
| 543 | 544 |
| 544 if (origin_host == kWWWDotGoogleDotCom) { | 545 if (origin_host == kWWWDotGoogleDotCom) { |
| 545 SendInsecureContentSignal(INSECURE_CONTENT_RUN_HOST_WWW_GOOGLE); | 546 SendInsecureContentSignal(INSECURE_CONTENT_RUN_HOST_WWW_GOOGLE); |
| 546 if (base::StartsWithASCII(frame_gurl.path(), kGoogleReaderPathPrefix, | 547 if (base::StartsWith(frame_gurl.path(), kGoogleReaderPathPrefix, |
| 547 false)) | 548 base::CompareCase::INSENSITIVE_ASCII)) |
| 548 SendInsecureContentSignal(INSECURE_CONTENT_RUN_HOST_GOOGLE_READER); | 549 SendInsecureContentSignal(INSECURE_CONTENT_RUN_HOST_GOOGLE_READER); |
| 549 } else if (origin_host == kMailDotGoogleDotCom) { | 550 } else if (origin_host == kMailDotGoogleDotCom) { |
| 550 SendInsecureContentSignal(INSECURE_CONTENT_RUN_HOST_MAIL_GOOGLE); | 551 SendInsecureContentSignal(INSECURE_CONTENT_RUN_HOST_MAIL_GOOGLE); |
| 551 } else if (origin_host == kPlusDotGoogleDotCom) { | 552 } else if (origin_host == kPlusDotGoogleDotCom) { |
| 552 SendInsecureContentSignal(INSECURE_CONTENT_RUN_HOST_PLUS_GOOGLE); | 553 SendInsecureContentSignal(INSECURE_CONTENT_RUN_HOST_PLUS_GOOGLE); |
| 553 } else if (origin_host == kDocsDotGoogleDotCom) { | 554 } else if (origin_host == kDocsDotGoogleDotCom) { |
| 554 SendInsecureContentSignal(INSECURE_CONTENT_RUN_HOST_DOCS_GOOGLE); | 555 SendInsecureContentSignal(INSECURE_CONTENT_RUN_HOST_DOCS_GOOGLE); |
| 555 } else if (origin_host == kSitesDotGoogleDotCom) { | 556 } else if (origin_host == kSitesDotGoogleDotCom) { |
| 556 SendInsecureContentSignal(INSECURE_CONTENT_RUN_HOST_SITES_GOOGLE); | 557 SendInsecureContentSignal(INSECURE_CONTENT_RUN_HOST_SITES_GOOGLE); |
| 557 } else if (origin_host == kPicasawebDotGoogleDotCom) { | 558 } else if (origin_host == kPicasawebDotGoogleDotCom) { |
| 558 SendInsecureContentSignal(INSECURE_CONTENT_RUN_HOST_PICASAWEB_GOOGLE); | 559 SendInsecureContentSignal(INSECURE_CONTENT_RUN_HOST_PICASAWEB_GOOGLE); |
| 559 } else if (origin_host == kCodeDotGoogleDotCom) { | 560 } else if (origin_host == kCodeDotGoogleDotCom) { |
| 560 SendInsecureContentSignal(INSECURE_CONTENT_RUN_HOST_CODE_GOOGLE); | 561 SendInsecureContentSignal(INSECURE_CONTENT_RUN_HOST_CODE_GOOGLE); |
| 561 } else if (origin_host == kGroupsDotGoogleDotCom) { | 562 } else if (origin_host == kGroupsDotGoogleDotCom) { |
| 562 SendInsecureContentSignal(INSECURE_CONTENT_RUN_HOST_GROUPS_GOOGLE); | 563 SendInsecureContentSignal(INSECURE_CONTENT_RUN_HOST_GROUPS_GOOGLE); |
| 563 } else if (origin_host == kMapsDotGoogleDotCom) { | 564 } else if (origin_host == kMapsDotGoogleDotCom) { |
| 564 SendInsecureContentSignal(INSECURE_CONTENT_RUN_HOST_MAPS_GOOGLE); | 565 SendInsecureContentSignal(INSECURE_CONTENT_RUN_HOST_MAPS_GOOGLE); |
| 565 } else if (origin_host == kWWWDotYoutubeDotCom) { | 566 } else if (origin_host == kWWWDotYoutubeDotCom) { |
| 566 SendInsecureContentSignal(INSECURE_CONTENT_RUN_HOST_YOUTUBE); | 567 SendInsecureContentSignal(INSECURE_CONTENT_RUN_HOST_YOUTUBE); |
| 567 } else if (base::EndsWith(origin_host, kDotGoogleUserContentDotCom, false)) { | 568 } else if (base::EndsWith(origin_host, kDotGoogleUserContentDotCom, |
| 569 base::CompareCase::INSENSITIVE_ASCII)) { |
| 568 SendInsecureContentSignal(INSECURE_CONTENT_RUN_HOST_GOOGLEUSERCONTENT); | 570 SendInsecureContentSignal(INSECURE_CONTENT_RUN_HOST_GOOGLEUSERCONTENT); |
| 569 } | 571 } |
| 570 | 572 |
| 571 GURL resource_gurl(resource_url); | 573 GURL resource_gurl(resource_url); |
| 572 if (resource_gurl.host() == kWWWDotYoutubeDotCom) | 574 if (resource_gurl.host() == kWWWDotYoutubeDotCom) |
| 573 SendInsecureContentSignal(INSECURE_CONTENT_RUN_TARGET_YOUTUBE); | 575 SendInsecureContentSignal(INSECURE_CONTENT_RUN_TARGET_YOUTUBE); |
| 574 | 576 |
| 575 if (base::EndsWith(resource_gurl.path(), kDotJS, false)) | 577 if (base::EndsWith(resource_gurl.path(), kDotJS, |
| 578 base::CompareCase::INSENSITIVE_ASCII)) |
| 576 SendInsecureContentSignal(INSECURE_CONTENT_RUN_JS); | 579 SendInsecureContentSignal(INSECURE_CONTENT_RUN_JS); |
| 577 else if (base::EndsWith(resource_gurl.path(), kDotCSS, false)) | 580 else if (base::EndsWith(resource_gurl.path(), kDotCSS, |
| 581 base::CompareCase::INSENSITIVE_ASCII)) |
| 578 SendInsecureContentSignal(INSECURE_CONTENT_RUN_CSS); | 582 SendInsecureContentSignal(INSECURE_CONTENT_RUN_CSS); |
| 579 else if (base::EndsWith(resource_gurl.path(), kDotSWF, false)) | 583 else if (base::EndsWith(resource_gurl.path(), kDotSWF, |
| 584 base::CompareCase::INSENSITIVE_ASCII)) |
| 580 SendInsecureContentSignal(INSECURE_CONTENT_RUN_SWF); | 585 SendInsecureContentSignal(INSECURE_CONTENT_RUN_SWF); |
| 581 | 586 |
| 582 if (!allow_running_insecure_content_ && !allowed_per_settings) { | 587 if (!allow_running_insecure_content_ && !allowed_per_settings) { |
| 583 DidBlockContentType(CONTENT_SETTINGS_TYPE_MIXEDSCRIPT, origin.host()); | 588 DidBlockContentType(CONTENT_SETTINGS_TYPE_MIXEDSCRIPT, origin.host()); |
| 584 return false; | 589 return false; |
| 585 } | 590 } |
| 586 | 591 |
| 587 return true; | 592 return true; |
| 588 } | 593 } |
| 589 | 594 |
| (...skipping 127 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 717 | 722 |
| 718 // If the scheme is file:, an empty file name indicates a directory listing, | 723 // If the scheme is file:, an empty file name indicates a directory listing, |
| 719 // which requires JavaScript to function properly. | 724 // which requires JavaScript to function properly. |
| 720 if (base::EqualsASCII(origin.protocol(), url::kFileScheme)) { | 725 if (base::EqualsASCII(origin.protocol(), url::kFileScheme)) { |
| 721 return document_url.SchemeIs(url::kFileScheme) && | 726 return document_url.SchemeIs(url::kFileScheme) && |
| 722 document_url.ExtractFileName().empty(); | 727 document_url.ExtractFileName().empty(); |
| 723 } | 728 } |
| 724 | 729 |
| 725 return false; | 730 return false; |
| 726 } | 731 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1220963005:
Update base::StartsWith calls to new form (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@starts_with