Adding <keygen> Content Setting (Blink)

chrome/renderer/content_settings_observer.cc

Index: chrome/renderer/content_settings_observer.cc
diff --git a/chrome/renderer/content_settings_observer.cc b/chrome/renderer/content_settings_observer.cc
index 1e00b6cb13b413fc408f4680a4760943f5e11a2a..580bf0f0b537323e121b53866fea9c39699e8dc4 100644
--- a/chrome/renderer/content_settings_observer.cc
+++ b/chrome/renderer/content_settings_observer.cc
@@ -258,10 +258,10 @@ void ContentSettingsObserver::DidCommitProvisionalLoad(
 
   if (!is_same_page_navigation) {
     // Clear "block" flags for the new page. This needs to happen before any of
-    // |allowScript()|, |allowScriptFromSource()|, |allowImage()|, or
-    // |allowPlugins()| is called for the new page so that these functions can
-    // correctly detect that a piece of content flipped from "not blocked" to
-    // "blocked".
+    // |allowScript()|, |allowScriptFromSource()|, |allowImage()|,
+    // |allowPlugins()|, or |allowKeygen()| is called for the new page so that
+    // these functions can correctly detect that a piece of content flipped from
+    // "not blocked" to "blocked".
     ClearBlockedContentSettings();
     temporarily_allowed_plugins_.clear();
   }
@@ -349,6 +349,34 @@ bool ContentSettingsObserver::allowIndexedDB(const WebString& name,
   return result;
 }
 
+bool ContentSettingsObserver::allowKeygen(bool enabled_per_settings) {
+  if (!enabled_per_settings)
+    return false;
+  if (is_interstitial_page_)
+    return true;
+
+  WebFrame* frame = render_frame()->GetWebFrame();
+  std::map<WebFrame*, bool>::const_iterator it =
+      cached_keygen_permissions_.find(frame);
+  if (it != cached_keygen_permissions_.end())
+    return it->second;
+
+  // Evaluate the content setting rules before
+  // |IsWhitelistedForContentSettings|; if there is only the default rule
+  // allowing all keygen, it's quicker this way.

[Bernhard Bauer, 2015/11/05 11:12:13]

This comment made _some_ sense before you copy-and-pasted it from below and
replaced "scripts" with "keygen", but now it doesn't really anymore.

[svaldez, 2015/11/05 16:35:19]

Done.

+  bool allow = true;

[Bernhard Bauer, 2015/11/05 11:12:13]

You can probably just send an IPC to the browser to call
ContentBrowserClient::AllowKeygen() instead of pushing the rules to each
renderer. Or see my other comment below -- I'm not sure we even need this check
at all in the renderer.

[svaldez, 2015/11/05 16:35:19]

Done.

+  if (content_setting_rules_) {
+    ContentSetting setting = GetContentSettingFromRules(
+        content_setting_rules_->keygen_rules,
+        frame,
+        GURL(frame->document().securityOrigin().toString()));
+    allow = setting != CONTENT_SETTING_BLOCK;
+  }
+
+  cached_keygen_permissions_[frame] = allow;
+  return allow;
+}
+
 bool ContentSettingsObserver::allowPlugins(bool enabled_per_settings) {
   return enabled_per_settings;
 }
@@ -593,6 +621,10 @@ bool ContentSettingsObserver::allowRunningInsecureContent(
   return true;
 }
 
+void ContentSettingsObserver::didNotAllowKeygen() {
+  DidBlockContentType(CONTENT_SETTINGS_TYPE_KEYGEN);
+}
+
 void ContentSettingsObserver::didNotAllowPlugins() {
   DidBlockContentType(CONTENT_SETTINGS_TYPE_PLUGINS);
 }
@@ -654,6 +686,7 @@ void ContentSettingsObserver::ClearBlockedContentSettings() {
   content_blocked_.clear();
   cached_storage_permissions_.clear();
   cached_script_permissions_.clear();
+  cached_keygen_permissions_.clear();
 }
 
 bool ContentSettingsObserver::IsPlatformApp() {