OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights reserv
ed. | 2 * Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights reserv
ed. |
3 * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies) | 3 * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies) |
4 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. (http://www.t
orchmobile.com/) | 4 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. (http://www.t
orchmobile.com/) |
5 * Copyright (C) 2008 Alp Toker <alp@atoker.com> | 5 * Copyright (C) 2008 Alp Toker <alp@atoker.com> |
6 * Copyright (C) Research In Motion Limited 2009. All rights reserved. | 6 * Copyright (C) Research In Motion Limited 2009. All rights reserved. |
7 * Copyright (C) 2011 Kris Jordan <krisjordan@gmail.com> | 7 * Copyright (C) 2011 Kris Jordan <krisjordan@gmail.com> |
8 * Copyright (C) 2011 Google Inc. All rights reserved. | 8 * Copyright (C) 2011 Google Inc. All rights reserved. |
9 * | 9 * |
10 * Redistribution and use in source and binary forms, with or without | 10 * Redistribution and use in source and binary forms, with or without |
(...skipping 1305 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1316 // FIXME: CSP checks are broken for OOPI. For now, this policy always allows
frames with a remote parent... | 1316 // FIXME: CSP checks are broken for OOPI. For now, this policy always allows
frames with a remote parent... |
1317 if ((shouldCheckMainWorldContentSecurityPolicy == CheckContentSecurityPolicy
) && (m_frame->deprecatedLocalOwner() && !m_frame->deprecatedLocalOwner()->docum
ent().contentSecurityPolicy()->allowChildFrameFromSource(request.url(), request.
followedRedirect() ? ContentSecurityPolicy::DidRedirect : ContentSecurityPolicy:
:DidNotRedirect))) { | 1317 if ((shouldCheckMainWorldContentSecurityPolicy == CheckContentSecurityPolicy
) && (m_frame->deprecatedLocalOwner() && !m_frame->deprecatedLocalOwner()->docum
ent().contentSecurityPolicy()->allowChildFrameFromSource(request.url(), request.
followedRedirect() ? ContentSecurityPolicy::DidRedirect : ContentSecurityPolicy:
:DidNotRedirect))) { |
1318 // Fire a load event, as timing attacks would otherwise reveal that the | 1318 // Fire a load event, as timing attacks would otherwise reveal that the |
1319 // frame was blocked. This way, it looks like every other cross-origin | 1319 // frame was blocked. This way, it looks like every other cross-origin |
1320 // page load. | 1320 // page load. |
1321 m_frame->document()->enforceSandboxFlags(SandboxOrigin); | 1321 m_frame->document()->enforceSandboxFlags(SandboxOrigin); |
1322 m_frame->owner()->dispatchLoad(); | 1322 m_frame->owner()->dispatchLoad(); |
1323 return false; | 1323 return false; |
1324 } | 1324 } |
1325 | 1325 |
| 1326 bool isFormSubmission = type == NavigationTypeFormSubmitted || type == Navig
ationTypeFormResubmitted; |
| 1327 if (isFormSubmission && !m_frame->document()->contentSecurityPolicy()->allow
FormAction(request.url())) |
| 1328 return false; |
| 1329 |
1326 policy = client()->decidePolicyForNavigation(request, loader, type, policy,
replacesCurrentHistoryItem); | 1330 policy = client()->decidePolicyForNavigation(request, loader, type, policy,
replacesCurrentHistoryItem); |
1327 if (policy == NavigationPolicyCurrentTab) | 1331 if (policy == NavigationPolicyCurrentTab) |
1328 return true; | 1332 return true; |
1329 if (policy == NavigationPolicyIgnore) | 1333 if (policy == NavigationPolicyIgnore) |
1330 return false; | 1334 return false; |
1331 if (policy == NavigationPolicyHandledByClient) { | 1335 if (policy == NavigationPolicyHandledByClient) { |
1332 // Mark the frame as loading since the embedder is handling the navigati
on. | 1336 // Mark the frame as loading since the embedder is handling the navigati
on. |
1333 m_progressTracker->progressStarted(); | 1337 m_progressTracker->progressStarted(); |
1334 return false; | 1338 return false; |
1335 } | 1339 } |
(...skipping 210 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1546 // FIXME: We need a way to propagate insecure requests policy flags to | 1550 // FIXME: We need a way to propagate insecure requests policy flags to |
1547 // out-of-process frames. For now, we'll always use default behavior. | 1551 // out-of-process frames. For now, we'll always use default behavior. |
1548 if (!parentFrame->isLocalFrame()) | 1552 if (!parentFrame->isLocalFrame()) |
1549 return nullptr; | 1553 return nullptr; |
1550 | 1554 |
1551 ASSERT(toLocalFrame(parentFrame)->document()); | 1555 ASSERT(toLocalFrame(parentFrame)->document()); |
1552 return toLocalFrame(parentFrame)->document()->insecureNavigationsToUpgrade()
; | 1556 return toLocalFrame(parentFrame)->document()->insecureNavigationsToUpgrade()
; |
1553 } | 1557 } |
1554 | 1558 |
1555 } // namespace blink | 1559 } // namespace blink |
OLD | NEW |