Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(197)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/browser/frame_host/navigation_controller_impl.cc

Issue 1457053004: Fix in-page logic for allow_universal_access_from_files. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Fixes from review Created 5 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « content/browser/frame_host/frame_tree_node.h ('k') | content/browser/frame_host/navigation_controller_impl_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2013 The Chromium Authors. All rights reserved. 1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 /* 5 /*
6 * Copyright (C) 2006, 2007, 2008, 2009 Apple Inc. All rights reserved. 6 * Copyright (C) 2006, 2007, 2008, 2009 Apple Inc. All rights reserved.
7 * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies) 7 * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies)
8 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. 8 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved.
9 * (http://www.torchmobile.com/) 9 * (http://www.torchmobile.com/)
10 * 10 *
(...skipping 1364 matching lines...) Expand 10 before | Expand all | Expand 10 after
1375 NavigationEntry* last_committed = GetLastCommittedEntry(); 1375 NavigationEntry* last_committed = GetLastCommittedEntry();
1376 // There must be a last-committed entry to compare URLs to. TODO(avi): When 1376 // There must be a last-committed entry to compare URLs to. TODO(avi): When
1377 // might Blink say that a navigation is in-page yet there be no last- 1377 // might Blink say that a navigation is in-page yet there be no last-
1378 // committed entry? 1378 // committed entry?
1379 if (!last_committed) 1379 if (!last_committed)
1380 return false; 1380 return false;
1381 last_committed_url = last_committed->GetURL(); 1381 last_committed_url = last_committed->GetURL();
1382 } 1382 }
1383 1383
1384 WebPreferences prefs = rfh->GetRenderViewHost()->GetWebkitPreferences(); 1384 WebPreferences prefs = rfh->GetRenderViewHost()->GetWebkitPreferences();
1385 const url::Origin& committed_origin = static_cast<RenderFrameHostImpl*>(rfh)
1386 ->frame_tree_node()
1387 ->current_origin();
1385 bool is_same_origin = last_committed_url.is_empty() || 1388 bool is_same_origin = last_committed_url.is_empty() ||
1386 // TODO(japhet): We should only permit navigations 1389 // TODO(japhet): We should only permit navigations
1387 // originating from about:blank to be in-page if the 1390 // originating from about:blank to be in-page if the
1388 // about:blank is the first document that frame loaded. 1391 // about:blank is the first document that frame loaded.
1389 // We don't have sufficient information to identify 1392 // We don't have sufficient information to identify
1390 // that case at the moment, so always allow about:blank 1393 // that case at the moment, so always allow about:blank
1391 // for now. 1394 // for now.
1392 last_committed_url == GURL(url::kAboutBlankURL) || 1395 last_committed_url == GURL(url::kAboutBlankURL) ||
1393 last_committed_url.GetOrigin() == url.GetOrigin() || 1396 last_committed_url.GetOrigin() == url.GetOrigin() ||
1394 !prefs.web_security_enabled || 1397 !prefs.web_security_enabled ||
1395 (prefs.allow_universal_access_from_file_urls && 1398 (prefs.allow_universal_access_from_file_urls &&
1396 last_committed_url.SchemeIs(url::kFileScheme)); 1399 committed_origin.scheme() == url::kFileScheme);
1397 if (!is_same_origin && renderer_says_in_page) { 1400 if (!is_same_origin && renderer_says_in_page) {
1398 bad_message::ReceivedBadMessage(rfh->GetProcess(), 1401 bad_message::ReceivedBadMessage(rfh->GetProcess(),
1399 bad_message::NC_IN_PAGE_NAVIGATION); 1402 bad_message::NC_IN_PAGE_NAVIGATION);
1400 } 1403 }
1401 return is_same_origin && renderer_says_in_page; 1404 return is_same_origin && renderer_says_in_page;
1402 } 1405 }
1403 1406
1404 void NavigationControllerImpl::CopyStateFrom( 1407 void NavigationControllerImpl::CopyStateFrom(
1405 const NavigationController& temp) { 1408 const NavigationController& temp) {
1406 const NavigationControllerImpl& source = 1409 const NavigationControllerImpl& source =
(...skipping 621 matching lines...) Expand 10 before | Expand all | Expand 10 after
2028 } 2031 }
2029 } 2032 }
2030 } 2033 }
2031 2034
2032 void NavigationControllerImpl::SetGetTimestampCallbackForTest( 2035 void NavigationControllerImpl::SetGetTimestampCallbackForTest(
2033 const base::Callback<base::Time()>& get_timestamp_callback) { 2036 const base::Callback<base::Time()>& get_timestamp_callback) {
2034 get_timestamp_callback_ = get_timestamp_callback; 2037 get_timestamp_callback_ = get_timestamp_callback;
2035 } 2038 }
2036 2039
2037 } // namespace content 2040 } // namespace content
OLDNEW
« no previous file with comments | « content/browser/frame_host/frame_tree_node.h ('k') | content/browser/frame_host/navigation_controller_impl_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698