Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(555)

Side by Side Diff: Source/core/loader/DocumentLoader.cpp

Issue 131103010: CSP 1.1: Introduce the 'child-src' directive. (Closed) Base URL: svn://svn.chromium.org/blink/trunk
Patch Set: Tests. Created 6 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « Source/core/frame/ContentSecurityPolicy.cpp ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2006, 2007, 2008 Apple Inc. All rights reserved. 2 * Copyright (C) 2006, 2007, 2008 Apple Inc. All rights reserved.
3 * Copyright (C) 2011 Google Inc. All rights reserved. 3 * Copyright (C) 2011 Google Inc. All rights reserved.
4 * 4 *
5 * Redistribution and use in source and binary forms, with or without 5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions 6 * modification, are permitted provided that the following conditions
7 * are met: 7 * are met:
8 * 8 *
9 * 1. Redistributions of source code must retain the above copyright 9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer. 10 * notice, this list of conditions and the following disclaimer.
(...skipping 285 matching lines...) Expand 10 before | Expand all | Expand 10 after
296 // Don't ask if we are loading an empty URL. 296 // Don't ask if we are loading an empty URL.
297 if (request.url().isEmpty() || m_substituteData.isValid()) 297 if (request.url().isEmpty() || m_substituteData.isValid())
298 return true; 298 return true;
299 299
300 // If we're loading content into a subframe, check against the parent's Cont ent Security Policy 300 // If we're loading content into a subframe, check against the parent's Cont ent Security Policy
301 // and kill the load if that check fails. 301 // and kill the load if that check fails.
302 if (m_frame->ownerElement() && !m_frame->ownerElement()->document().contentS ecurityPolicy()->allowChildFrameFromSource(request.url())) { 302 if (m_frame->ownerElement() && !m_frame->ownerElement()->document().contentS ecurityPolicy()->allowChildFrameFromSource(request.url())) {
303 // Fire a load event, as timing attacks would otherwise reveal that the 303 // Fire a load event, as timing attacks would otherwise reveal that the
304 // frame was blocked. This way, it looks like every other cross-origin 304 // frame was blocked. This way, it looks like every other cross-origin
305 // page load. 305 // page load.
306 m_frame->document()->enforceSandboxFlags(SandboxOrigin);
306 m_frame->ownerElement()->dispatchEvent(Event::create(EventTypeNames::loa d)); 307 m_frame->ownerElement()->dispatchEvent(Event::create(EventTypeNames::loa d));
307 return false; 308 return false;
308 } 309 }
309 310
310 NavigationPolicy policy = m_triggeringAction.policy(); 311 NavigationPolicy policy = m_triggeringAction.policy();
311 policy = frameLoader()->client()->decidePolicyForNavigation(request, this, p olicy); 312 policy = frameLoader()->client()->decidePolicyForNavigation(request, this, p olicy);
312 if (policy == NavigationPolicyCurrentTab) 313 if (policy == NavigationPolicyCurrentTab)
313 return true; 314 return true;
314 if (policy == NavigationPolicyIgnore) 315 if (policy == NavigationPolicyIgnore)
315 return false; 316 return false;
(...skipping 527 matching lines...) Expand 10 before | Expand all | Expand 10 after
843 void DocumentLoader::replaceDocument(const String& source, Document* ownerDocume nt) 844 void DocumentLoader::replaceDocument(const String& source, Document* ownerDocume nt)
844 { 845 {
845 m_frame->loader().stopAllLoaders(); 846 m_frame->loader().stopAllLoaders();
846 m_writer = createWriterFor(m_frame, ownerDocument, m_frame->document()->url( ), mimeType(), m_writer ? m_writer->encoding() : emptyAtom, m_writer ? m_writer ->encodingWasChosenByUser() : false, true); 847 m_writer = createWriterFor(m_frame, ownerDocument, m_frame->document()->url( ), mimeType(), m_writer ? m_writer->encoding() : emptyAtom, m_writer ? m_writer ->encodingWasChosenByUser() : false, true);
847 if (!source.isNull()) 848 if (!source.isNull())
848 m_writer->appendReplacingData(source); 849 m_writer->appendReplacingData(source);
849 endWriting(m_writer.get()); 850 endWriting(m_writer.get());
850 } 851 }
851 852
852 } // namespace WebCore 853 } // namespace WebCore
OLDNEW
« no previous file with comments | « Source/core/frame/ContentSecurityPolicy.cpp ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698