Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(378)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/browser/frame_host/render_frame_host_impl.cc

Issue 1266273006: Don't crash the browser if something tries to inject JavaScript (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 5 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2013 The Chromium Authors. All rights reserved. 1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "content/browser/frame_host/render_frame_host_impl.h" 5 #include "content/browser/frame_host/render_frame_host_impl.h"
6 6
7 #include "base/bind.h" 7 #include "base/bind.h"
8 #include "base/command_line.h" 8 #include "base/command_line.h"
9 #include "base/containers/hash_tables.h" 9 #include "base/containers/hash_tables.h"
10 #include "base/debug/dump_without_crashing.h"
10 #include "base/lazy_instance.h" 11 #include "base/lazy_instance.h"
11 #include "base/metrics/histogram.h" 12 #include "base/metrics/histogram.h"
12 #include "base/process/kill.h" 13 #include "base/process/kill.h"
13 #include "base/time/time.h" 14 #include "base/time/time.h"
14 #include "content/browser/accessibility/accessibility_mode_helper.h" 15 #include "content/browser/accessibility/accessibility_mode_helper.h"
15 #include "content/browser/accessibility/browser_accessibility_manager.h" 16 #include "content/browser/accessibility/browser_accessibility_manager.h"
16 #include "content/browser/accessibility/browser_accessibility_state_impl.h" 17 #include "content/browser/accessibility/browser_accessibility_state_impl.h"
17 #include "content/browser/bad_message.h" 18 #include "content/browser/bad_message.h"
18 #include "content/browser/child_process_security_policy_impl.h" 19 #include "content/browser/child_process_security_policy_impl.h"
19 #include "content/browser/frame_host/cross_process_frame_connector.h" 20 #include "content/browser/frame_host/cross_process_frame_connector.h"
(...skipping 256 matching lines...) Expand 10 before | Expand all | Expand 10 after
276 return view->GetNativeView(); 277 return view->GetNativeView();
277 } 278 }
278 279
279 void RenderFrameHostImpl::AddMessageToConsole(ConsoleMessageLevel level, 280 void RenderFrameHostImpl::AddMessageToConsole(ConsoleMessageLevel level,
280 const std::string& message) { 281 const std::string& message) {
281 Send(new FrameMsg_AddMessageToConsole(routing_id_, level, message)); 282 Send(new FrameMsg_AddMessageToConsole(routing_id_, level, message));
282 } 283 }
283 284
284 void RenderFrameHostImpl::ExecuteJavaScript( 285 void RenderFrameHostImpl::ExecuteJavaScript(
285 const base::string16& javascript) { 286 const base::string16& javascript) {
286 CHECK(CanExecuteJavaScript()); 287 if (!CanExecuteJavaScript())
288 return;
287 Send(new FrameMsg_JavaScriptExecuteRequest(routing_id_, 289 Send(new FrameMsg_JavaScriptExecuteRequest(routing_id_,
288 javascript, 290 javascript,
289 0, false)); 291 0, false));
290 } 292 }
291 293
292 void RenderFrameHostImpl::ExecuteJavaScript( 294 void RenderFrameHostImpl::ExecuteJavaScript(
293 const base::string16& javascript, 295 const base::string16& javascript,
294 const JavaScriptResultCallback& callback) { 296 const JavaScriptResultCallback& callback) {
295 CHECK(CanExecuteJavaScript()); 297 if (!CanExecuteJavaScript())
298 return;
296 int key = g_next_javascript_callback_id++; 299 int key = g_next_javascript_callback_id++;
297 Send(new FrameMsg_JavaScriptExecuteRequest(routing_id_, 300 Send(new FrameMsg_JavaScriptExecuteRequest(routing_id_,
298 javascript, 301 javascript,
299 key, true)); 302 key, true));
300 javascript_callbacks_.insert(std::make_pair(key, callback)); 303 javascript_callbacks_.insert(std::make_pair(key, callback));
301 } 304 }
302 305
303 void RenderFrameHostImpl::ExecuteJavaScriptForTests( 306 void RenderFrameHostImpl::ExecuteJavaScriptForTests(
304 const base::string16& javascript) { 307 const base::string16& javascript) {
305 Send(new FrameMsg_JavaScriptExecuteRequestForTests(routing_id_, 308 Send(new FrameMsg_JavaScriptExecuteRequestForTests(routing_id_,
(...skipping 1891 matching lines...) Expand 10 before | Expand all | Expand 10 after
2197 // We may be returning to an existing NavigationEntry that had been granted 2200 // We may be returning to an existing NavigationEntry that had been granted
2198 // file access. If this is a different process, we will need to grant the 2201 // file access. If this is a different process, we will need to grant the
2199 // access again. The files listed in the page state are validated when they 2202 // access again. The files listed in the page state are validated when they
2200 // are received from the renderer to prevent abuse. 2203 // are received from the renderer to prevent abuse.
2201 if (request_params.page_state.IsValid()) { 2204 if (request_params.page_state.IsValid()) {
2202 render_view_host_->GrantFileAccessFromPageState(request_params.page_state); 2205 render_view_host_->GrantFileAccessFromPageState(request_params.page_state);
2203 } 2206 }
2204 } 2207 }
2205 2208
2206 bool RenderFrameHostImpl::CanExecuteJavaScript() { 2209 bool RenderFrameHostImpl::CanExecuteJavaScript() {
2207 return g_allow_injecting_javascript || 2210 bool can_execute_script =
2208 !frame_tree_node_->current_url().is_valid() || 2211 g_allow_injecting_javascript ||
2209 frame_tree_node_->current_url().SchemeIs(kChromeDevToolsScheme) || 2212 !frame_tree_node_->current_url().is_valid() ||
2210 ChildProcessSecurityPolicyImpl::GetInstance()->HasWebUIBindings( 2213 frame_tree_node_->current_url().SchemeIs(kChromeDevToolsScheme) ||
2211 GetProcess()->GetID()) || 2214 ChildProcessSecurityPolicyImpl::GetInstance()->HasWebUIBindings(
2212 // It's possible to load about:blank in a Web UI renderer. 2215 GetProcess()->GetID()) ||
2213 // See http://crbug.com/42547 2216 // It's possible to load about:blank in a Web UI renderer.
2214 (frame_tree_node_->current_url().spec() == url::kAboutBlankURL) || 2217 // See http://crbug.com/42547
2215 // InterstitialPageImpl should be the only case matching this. 2218 (frame_tree_node_->current_url().spec() == url::kAboutBlankURL) ||
2216 (delegate_->GetAsWebContents() == nullptr); 2219 // InterstitialPageImpl should be the only case matching this.
2220 (delegate_->GetAsWebContents() == nullptr);
2221
2222 DCHECK(can_execute_script) << "Please fix your code to not inject JavaScript "
2223 "into regular web contents.";
2224 base::debug::DumpWithoutCrashing();
2225 return can_execute_script;
2217 } 2226 }
2218 2227
2219 } // namespace content 2228 } // namespace content
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698