Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1024)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/browser/frame_host/render_frame_host_impl.cc

Issue 1266273006: Don't crash the browser if something tries to inject JavaScript (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 5 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/browser/frame_host/render_frame_host_impl.cc
diff --git a/content/browser/frame_host/render_frame_host_impl.cc b/content/browser/frame_host/render_frame_host_impl.cc
index aa802dca8ca3ba8df35f4c26e0b16b507e26dd52..0db1b9f12ea48ee8c7807bb46b9106d7d469e468 100644
--- a/content/browser/frame_host/render_frame_host_impl.cc
+++ b/content/browser/frame_host/render_frame_host_impl.cc
@@ -7,6 +7,7 @@
#include "base/bind.h"
#include "base/command_line.h"
#include "base/containers/hash_tables.h"
+#include "base/debug/dump_without_crashing.h"
#include "base/lazy_instance.h"
#include "base/metrics/histogram.h"
#include "base/process/kill.h"
@@ -283,7 +284,8 @@ void RenderFrameHostImpl::AddMessageToConsole(ConsoleMessageLevel level,
void RenderFrameHostImpl::ExecuteJavaScript(
const base::string16& javascript) {
- CHECK(CanExecuteJavaScript());
+ if (!CanExecuteJavaScript())
+ return;
Send(new FrameMsg_JavaScriptExecuteRequest(routing_id_,
javascript,
0, false));
@@ -292,7 +294,8 @@ void RenderFrameHostImpl::ExecuteJavaScript(
void RenderFrameHostImpl::ExecuteJavaScript(
const base::string16& javascript,
const JavaScriptResultCallback& callback) {
- CHECK(CanExecuteJavaScript());
+ if (!CanExecuteJavaScript())
+ return;
int key = g_next_javascript_callback_id++;
Send(new FrameMsg_JavaScriptExecuteRequest(routing_id_,
javascript,
@@ -2204,16 +2207,22 @@ void RenderFrameHostImpl::UpdatePermissionsForNavigation(
}
bool RenderFrameHostImpl::CanExecuteJavaScript() {
- return g_allow_injecting_javascript ||
- !frame_tree_node_->current_url().is_valid() ||
- frame_tree_node_->current_url().SchemeIs(kChromeDevToolsScheme) ||
- ChildProcessSecurityPolicyImpl::GetInstance()->HasWebUIBindings(
- GetProcess()->GetID()) ||
- // It's possible to load about:blank in a Web UI renderer.
- // See http://crbug.com/42547
- (frame_tree_node_->current_url().spec() == url::kAboutBlankURL) ||
- // InterstitialPageImpl should be the only case matching this.
- (delegate_->GetAsWebContents() == nullptr);
+ bool can_execute_script =
+ g_allow_injecting_javascript ||
+ !frame_tree_node_->current_url().is_valid() ||
+ frame_tree_node_->current_url().SchemeIs(kChromeDevToolsScheme) ||
+ ChildProcessSecurityPolicyImpl::GetInstance()->HasWebUIBindings(
+ GetProcess()->GetID()) ||
+ // It's possible to load about:blank in a Web UI renderer.
+ // See http://crbug.com/42547
+ (frame_tree_node_->current_url().spec() == url::kAboutBlankURL) ||
+ // InterstitialPageImpl should be the only case matching this.
+ (delegate_->GetAsWebContents() == nullptr);
+
+ DCHECK(can_execute_script) << "Please fix your code to not inject JavaScript "
+ "into regular web contents.";
+ base::debug::DumpWithoutCrashing();
+ return can_execute_script;
}
} // namespace content
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698