Adding <keygen> Content Setting (Blink)

chrome/renderer/content_settings_observer.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/renderer/content_settings_observer.h"
 
 #include "base/command_line.h"
 #include "base/metrics/histogram.h"
 #include "components/content_settings/content/common/content_settings_messages.h"
 #include "content/public/common/url_constants.h"
@@ skipping 240 matching lines @@
 
 void ContentSettingsObserver::DidCommitProvisionalLoad(
     bool is_new_navigation,
     bool is_same_page_navigation) {
   WebFrame* frame = render_frame()->GetWebFrame();
   if (frame->parent())
     return;  // Not a top-level navigation.
 
   if (!is_same_page_navigation) {
     // Clear "block" flags for the new page. This needs to happen before any of
-    // |allowScript()|, |allowScriptFromSource()|, |allowImage()|, or
-    // |allowPlugins()| is called for the new page so that these functions can
-    // correctly detect that a piece of content flipped from "not blocked" to
-    // "blocked".
+    // |allowScript()|, |allowScriptFromSource()|, |allowImage()|,
+    // |allowPlugins()|, or |allowKeygen()| is called for the new page so that
+    // these functions can correctly detect that a piece of content flipped from
+    // "not blocked" to "blocked".
     ClearBlockedContentSettings();
     temporarily_allowed_plugins_.clear();
   }
 
   GURL url = frame->document().url();
   // If we start failing this DCHECK, please makes sure we don't regress
   // this bug: http://code.google.com/p/chromium/issues/detail?id=79304
   DCHECK(frame->document().securityOrigin().toString() == "null" ||
          !url.SchemeIs(url::kDataScheme));
 }
@@ skipping 67 matching lines @@
       frame->top()->securityOrigin().isUnique())
     return false;
 
   bool result = false;
   Send(new ChromeViewHostMsg_AllowIndexedDB(
       routing_id(), GURL(frame->securityOrigin().toString()),
       GURL(frame->top()->securityOrigin().toString()), name, &result));
   return result;
 }
 
+bool ContentSettingsObserver::allowKeygen(bool enabled_per_settings) {
+  if (!enabled_per_settings)
+    return false;
+  if (is_interstitial_page_)
+    return true;
+
+  WebFrame* frame = render_frame()->GetWebFrame();
+  std::map<WebFrame*, bool>::const_iterator it =
+      cached_keygen_permissions_.find(frame);
+  if (it != cached_keygen_permissions_.end())
+    return it->second;
+
+  // Evaluate the content setting rules before
+  // |IsWhitelistedForContentSettings|; if there is only the default rule
+  // allowing all keygen, it's quicker this way.

[Bernhard Bauer, 2015/11/05 11:12:13]

This comment made _some_ sense before you copy-and-pasted it from below and
replaced "scripts" with "keygen", but now it doesn't really anymore.

[svaldez, 2015/11/05 16:35:19]

Done.

+  bool allow = true;

[Bernhard Bauer, 2015/11/05 11:12:13]

You can probably just send an IPC to the browser to call
ContentBrowserClient::AllowKeygen() instead of pushing the rules to each
renderer. Or see my other comment below -- I'm not sure we even need this check
at all in the renderer.

[svaldez, 2015/11/05 16:35:19]

Done.

+  if (content_setting_rules_) {
+    ContentSetting setting = GetContentSettingFromRules(
+        content_setting_rules_->keygen_rules,
+        frame,
+        GURL(frame->document().securityOrigin().toString()));
+    allow = setting != CONTENT_SETTING_BLOCK;
+  }
+
+  cached_keygen_permissions_[frame] = allow;
+  return allow;
+}
+
 bool ContentSettingsObserver::allowPlugins(bool enabled_per_settings) {
   return enabled_per_settings;
 }
 
 bool ContentSettingsObserver::allowScript(bool enabled_per_settings) {
   if (!enabled_per_settings)
     return false;
   if (is_interstitial_page_)
     return true;
 
@@ skipping 224 matching lines @@
     SendInsecureContentSignal(INSECURE_CONTENT_RUN_SWF);
 
   if (!allow_running_insecure_content_ && !allowed_per_settings) {
     DidBlockContentType(CONTENT_SETTINGS_TYPE_MIXEDSCRIPT, origin.host());
     return false;
   }
 
   return true;
 }
 
+void ContentSettingsObserver::didNotAllowKeygen() {
+  DidBlockContentType(CONTENT_SETTINGS_TYPE_KEYGEN);
+}
+
 void ContentSettingsObserver::didNotAllowPlugins() {
   DidBlockContentType(CONTENT_SETTINGS_TYPE_PLUGINS);
 }
 
 void ContentSettingsObserver::didNotAllowScript() {
   DidBlockContentType(CONTENT_SETTINGS_TYPE_JAVASCRIPT);
 }
 
 bool ContentSettingsObserver::AreNPAPIPluginsBlocked() const {
   return npapi_plugins_blocked_;
@@ skipping 41 matching lines @@
     callbacks.doAllow();
     return;
   }
   callbacks.doDeny();
 }
 
 void ContentSettingsObserver::ClearBlockedContentSettings() {
   content_blocked_.clear();
   cached_storage_permissions_.clear();
   cached_script_permissions_.clear();
+  cached_keygen_permissions_.clear();
 }
 
 bool ContentSettingsObserver::IsPlatformApp() {
 #if defined(ENABLE_EXTENSIONS)
   WebFrame* frame = render_frame()->GetWebFrame();
   WebSecurityOrigin origin = frame->document().securityOrigin();
   const extensions::Extension* extension = GetExtension(origin);
   return extension && extension->is_platform_app();
 #else
   return false;
@@ skipping 57 matching lines @@
 
   // If the scheme is file:, an empty file name indicates a directory listing,
   // which requires JavaScript to function properly.
   if (base::EqualsASCII(protocol, url::kFileScheme)) {
     return document_url.SchemeIs(url::kFileScheme) &&
            document_url.ExtractFileName().empty();
   }
 
   return false;
 }