OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights reserv
ed. | 2 * Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights reserv
ed. |
3 * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies) | 3 * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies) |
4 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. (http://www.t
orchmobile.com/) | 4 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. (http://www.t
orchmobile.com/) |
5 * Copyright (C) 2008 Alp Toker <alp@atoker.com> | 5 * Copyright (C) 2008 Alp Toker <alp@atoker.com> |
6 * Copyright (C) Research In Motion Limited 2009. All rights reserved. | 6 * Copyright (C) Research In Motion Limited 2009. All rights reserved. |
7 * Copyright (C) 2011 Kris Jordan <krisjordan@gmail.com> | 7 * Copyright (C) 2011 Kris Jordan <krisjordan@gmail.com> |
8 * Copyright (C) 2011 Google Inc. All rights reserved. | 8 * Copyright (C) 2011 Google Inc. All rights reserved. |
9 * | 9 * |
10 * Redistribution and use in source and binary forms, with or without | 10 * Redistribution and use in source and binary forms, with or without |
(...skipping 1313 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1324 // FIXME: CSP checks are broken for OOPI. For now, this policy always allows
frames with a remote parent... | 1324 // FIXME: CSP checks are broken for OOPI. For now, this policy always allows
frames with a remote parent... |
1325 if ((shouldCheckMainWorldContentSecurityPolicy == CheckContentSecurityPolicy
) && (m_frame->deprecatedLocalOwner() && !m_frame->deprecatedLocalOwner()->docum
ent().contentSecurityPolicy()->allowChildFrameFromSource(request.url(), request.
followedRedirect() ? ContentSecurityPolicy::DidRedirect : ContentSecurityPolicy:
:DidNotRedirect))) { | 1325 if ((shouldCheckMainWorldContentSecurityPolicy == CheckContentSecurityPolicy
) && (m_frame->deprecatedLocalOwner() && !m_frame->deprecatedLocalOwner()->docum
ent().contentSecurityPolicy()->allowChildFrameFromSource(request.url(), request.
followedRedirect() ? ContentSecurityPolicy::DidRedirect : ContentSecurityPolicy:
:DidNotRedirect))) { |
1326 // Fire a load event, as timing attacks would otherwise reveal that the | 1326 // Fire a load event, as timing attacks would otherwise reveal that the |
1327 // frame was blocked. This way, it looks like every other cross-origin | 1327 // frame was blocked. This way, it looks like every other cross-origin |
1328 // page load. | 1328 // page load. |
1329 m_frame->document()->enforceSandboxFlags(SandboxOrigin); | 1329 m_frame->document()->enforceSandboxFlags(SandboxOrigin); |
1330 m_frame->owner()->dispatchLoad(); | 1330 m_frame->owner()->dispatchLoad(); |
1331 return false; | 1331 return false; |
1332 } | 1332 } |
1333 | 1333 |
| 1334 bool isFormSubmission = type == NavigationTypeFormSubmitted || type == Navig
ationTypeFormResubmitted; |
| 1335 if (isFormSubmission && !m_frame->document()->contentSecurityPolicy()->allow
FormAction(request.url())) |
| 1336 return false; |
| 1337 |
1334 policy = client()->decidePolicyForNavigation(request, loader, type, policy,
replacesCurrentHistoryItem); | 1338 policy = client()->decidePolicyForNavigation(request, loader, type, policy,
replacesCurrentHistoryItem); |
1335 if (policy == NavigationPolicyCurrentTab) | 1339 if (policy == NavigationPolicyCurrentTab) |
1336 return true; | 1340 return true; |
1337 if (policy == NavigationPolicyIgnore) | 1341 if (policy == NavigationPolicyIgnore) |
1338 return false; | 1342 return false; |
1339 if (policy == NavigationPolicyHandledByClient) { | 1343 if (policy == NavigationPolicyHandledByClient) { |
1340 // Mark the frame as loading since the embedder is handling the navigati
on. | 1344 // Mark the frame as loading since the embedder is handling the navigati
on. |
1341 m_progressTracker->progressStarted(); | 1345 m_progressTracker->progressStarted(); |
1342 return false; | 1346 return false; |
1343 } | 1347 } |
(...skipping 210 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1554 // FIXME: We need a way to propagate insecure requests policy flags to | 1558 // FIXME: We need a way to propagate insecure requests policy flags to |
1555 // out-of-process frames. For now, we'll always use default behavior. | 1559 // out-of-process frames. For now, we'll always use default behavior. |
1556 if (!parentFrame->isLocalFrame()) | 1560 if (!parentFrame->isLocalFrame()) |
1557 return nullptr; | 1561 return nullptr; |
1558 | 1562 |
1559 ASSERT(toLocalFrame(parentFrame)->document()); | 1563 ASSERT(toLocalFrame(parentFrame)->document()); |
1560 return toLocalFrame(parentFrame)->document()->insecureNavigationsToUpgrade()
; | 1564 return toLocalFrame(parentFrame)->document()->insecureNavigationsToUpgrade()
; |
1561 } | 1565 } |
1562 | 1566 |
1563 } // namespace blink | 1567 } // namespace blink |
OLD | NEW |