Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(145)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: extensions/browser/guest_view/web_view/web_view_guest.cc

Issue 1350893002: Revert of Don't refer browser-initiated navigations to web-safe URLs to delegate. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 5 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « chrome/browser/apps/guest_view/web_view_browsertest.cc ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "extensions/browser/guest_view/web_view/web_view_guest.h" 5 #include "extensions/browser/guest_view/web_view/web_view_guest.h"
6 6
7 #include "base/message_loop/message_loop.h" 7 #include "base/message_loop/message_loop.h"
8 #include "base/strings/stringprintf.h" 8 #include "base/strings/stringprintf.h"
9 #include "base/strings/utf_string_conversions.h" 9 #include "base/strings/utf_string_conversions.h"
10 #include "components/browsing_data/storage_partition_http_cache_data_remover.h" 10 #include "components/browsing_data/storage_partition_http_cache_data_remover.h"
(...skipping 1195 matching lines...) Expand 10 before | Expand all | Expand 10 after
1206 *was_blocked = false; 1206 *was_blocked = false;
1207 RequestNewWindowPermission(disposition, 1207 RequestNewWindowPermission(disposition,
1208 initial_rect, 1208 initial_rect,
1209 user_gesture, 1209 user_gesture,
1210 new_contents); 1210 new_contents);
1211 } 1211 }
1212 1212
1213 content::WebContents* WebViewGuest::OpenURLFromTab( 1213 content::WebContents* WebViewGuest::OpenURLFromTab(
1214 content::WebContents* source, 1214 content::WebContents* source,
1215 const content::OpenURLParams& params) { 1215 const content::OpenURLParams& params) {
1216 // Most navigations should be handled by WebViewGuest::LoadURLWithParams, 1216 // There are two use cases to consider from a security perspective:
1217 // which takes care of blocking chrome:// URLs and other web-unsafe schemes. 1217 // 1.) Renderer-initiated navigation to chrome:// must always be blocked even
1218 // (NavigateGuest and CreateNewGuestWebViewWindow also go through 1218 // if the <webview> is in WebUI. This is handled by
1219 // LoadURLWithParams.) 1219 // WebViewGuest::LoadURLWithParams. WebViewGuest::NavigateGuest will also
1220 // 1220 // call LoadURLWithParams. CreateNewGuestWebViewWindow creates a new
1221 // We make an exception here for context menu items, since the Language 1221 // WebViewGuest which will call NavigateGuest in DidInitialize.
1222 // Settings item uses a browser-initiated navigation to a chrome:// URL. 1222 // 2.) The Language Settings context menu item should always work, both in
1223 // These can be passed to the embedder's WebContentsDelegate so that the 1223 // Chrome Apps and WebUI. This is a browser initiated request and so
1224 // browser performs the action for the <webview>. 1224 // we pass it along to the embedder's WebContentsDelegate to get the
1225 if (!params.is_renderer_initiated && 1225 // browser to perform the action for the <webview>.
1226 !content::ChildProcessSecurityPolicy::GetInstance()->IsWebSafeScheme( 1226 if (!params.is_renderer_initiated) {
1227 params.url.scheme())) {
1228 if (!owner_web_contents()->GetDelegate()) 1227 if (!owner_web_contents()->GetDelegate())
1229 return nullptr; 1228 return nullptr;
1230 return owner_web_contents()->GetDelegate()->OpenURLFromTab( 1229 return owner_web_contents()->GetDelegate()->OpenURLFromTab(
1231 owner_web_contents(), params); 1230 owner_web_contents(), params);
1232 } 1231 }
1233 1232
1234 // If the guest wishes to navigate away prior to attachment then we save the 1233 // If the guest wishes to navigate away prior to attachment then we save the
1235 // navigation to perform upon attachment. Navigation initializes a lot of 1234 // navigation to perform upon attachment. Navigation initializes a lot of
1236 // state that assumes an embedder exists, such as RenderWidgetHostViewGuest. 1235 // state that assumes an embedder exists, such as RenderWidgetHostViewGuest.
1237 // Navigation also resumes resource loading which we don't want to allow 1236 // Navigation also resumes resource loading which we don't want to allow
(...skipping 213 matching lines...) Expand 10 before | Expand all | Expand 10 after
1451 scoped_ptr<base::DictionaryValue> args(new base::DictionaryValue()); 1450 scoped_ptr<base::DictionaryValue> args(new base::DictionaryValue());
1452 DispatchEventToView( 1451 DispatchEventToView(
1453 new GuestViewEvent(webview::kEventExitFullscreen, args.Pass())); 1452 new GuestViewEvent(webview::kEventExitFullscreen, args.Pass()));
1454 } 1453 }
1455 // Since we changed fullscreen state, sending a Resize message ensures that 1454 // Since we changed fullscreen state, sending a Resize message ensures that
1456 // renderer/ sees the change. 1455 // renderer/ sees the change.
1457 web_contents()->GetRenderViewHost()->WasResized(); 1456 web_contents()->GetRenderViewHost()->WasResized();
1458 } 1457 }
1459 1458
1460 } // namespace extensions 1459 } // namespace extensions
OLDNEW
« no previous file with comments | « chrome/browser/apps/guest_view/web_view_browsertest.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698