Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(249)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/browser/webui/web_ui_impl.cc

Issue 1332513002: Don't crash the browser when a webui page misbehaves (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 5 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "content/browser/webui/web_ui_impl.h" 5 #include "content/browser/webui/web_ui_impl.h"
6 6
7 #include "base/debug/dump_without_crashing.h"
7 #include "base/json/json_writer.h" 8 #include "base/json/json_writer.h"
8 #include "base/strings/utf_string_conversions.h" 9 #include "base/strings/utf_string_conversions.h"
9 #include "base/values.h" 10 #include "base/values.h"
10 #include "content/browser/child_process_security_policy_impl.h" 11 #include "content/browser/child_process_security_policy_impl.h"
11 #include "content/browser/renderer_host/dip_util.h" 12 #include "content/browser/renderer_host/dip_util.h"
12 #include "content/browser/renderer_host/render_process_host_impl.h" 13 #include "content/browser/renderer_host/render_process_host_impl.h"
13 #include "content/browser/web_contents/web_contents_impl.h" 14 #include "content/browser/web_contents/web_contents_impl.h"
14 #include "content/browser/web_contents/web_contents_view.h" 15 #include "content/browser/web_contents/web_contents_view.h"
15 #include "content/browser/webui/web_ui_controller_factory_registry.h" 16 #include "content/browser/webui/web_ui_controller_factory_registry.h"
16 #include "content/common/view_messages.h" 17 #include "content/common/view_messages.h"
(...skipping 192 matching lines...) Expand 10 before | Expand all | Expand 10 after
209 210
210 void WebUIImpl::AddMessageHandler(WebUIMessageHandler* handler) { 211 void WebUIImpl::AddMessageHandler(WebUIMessageHandler* handler) {
211 DCHECK(!handler->web_ui()); 212 DCHECK(!handler->web_ui());
212 handler->set_web_ui(this); 213 handler->set_web_ui(this);
213 handler->RegisterMessages(); 214 handler->RegisterMessages();
214 handlers_.push_back(handler); 215 handlers_.push_back(handler);
215 } 216 }
216 217
217 void WebUIImpl::ExecuteJavascript(const base::string16& javascript) { 218 void WebUIImpl::ExecuteJavascript(const base::string16& javascript) {
218 RenderFrameHost* target_frame = TargetFrame(); 219 RenderFrameHost* target_frame = TargetFrame();
219 if (target_frame) 220 if (target_frame) {
221 if (!(ChildProcessSecurityPolicyImpl::GetInstance()->HasWebUIBindings(
222 target_frame->GetProcess()->GetID()) ||
223 // It's possible to load about:blank in a Web UI renderer.
224 // See http://crbug.com/42547
225 target_frame->GetLastCommittedURL().spec() == url::kAboutBlankURL)) {
226 // Don't crash when we try to inject JavaScript into a non-WebUI page, but
227 // upload a crash report anyways. http://crbug.com/516690
228 base::debug::DumpWithoutCrashing();
229 return;
230 }
220 target_frame->ExecuteJavaScript(javascript); 231 target_frame->ExecuteJavaScript(javascript);
232 }
221 } 233 }
222 234
223 RenderFrameHost* WebUIImpl::TargetFrame() { 235 RenderFrameHost* WebUIImpl::TargetFrame() {
224 if (frame_name_.empty()) 236 if (frame_name_.empty())
225 return web_contents_->GetMainFrame(); 237 return web_contents_->GetMainFrame();
226 238
227 std::set<RenderFrameHost*> frame_set; 239 std::set<RenderFrameHost*> frame_set;
228 web_contents_->ForEachFrame(base::Bind(&WebUIImpl::AddToSetIfFrameNameMatches, 240 web_contents_->ForEachFrame(base::Bind(&WebUIImpl::AddToSetIfFrameNameMatches,
229 base::Unretained(this), 241 base::Unretained(this),
230 &frame_set)); 242 &frame_set));
231 243
232 // It happens that some sub-pages attempt to send JavaScript messages before 244 // It happens that some sub-pages attempt to send JavaScript messages before
233 // their frames are loaded. 245 // their frames are loaded.
234 DCHECK_GE(1U, frame_set.size()); 246 DCHECK_GE(1U, frame_set.size());
235 if (frame_set.empty()) 247 if (frame_set.empty())
236 return NULL; 248 return NULL;
237 return *frame_set.begin(); 249 return *frame_set.begin();
238 } 250 }
239 251
240 void WebUIImpl::AddToSetIfFrameNameMatches( 252 void WebUIImpl::AddToSetIfFrameNameMatches(
241 std::set<RenderFrameHost*>* frame_set, 253 std::set<RenderFrameHost*>* frame_set,
242 RenderFrameHost* host) { 254 RenderFrameHost* host) {
243 if (host->GetFrameName() == frame_name_) 255 if (host->GetFrameName() == frame_name_)
244 frame_set->insert(host); 256 frame_set->insert(host);
245 } 257 }
246 258
247 } // namespace content 259 } // namespace content
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698