content/browser/renderer_host/render_view_host_impl.cc - Issue 15017018: Prevent unauthorized commits of the Chrome Web Store URL.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: content/browser/renderer_host/render_view_host_impl.cc

Issue 15017018: Prevent unauthorized commits of the Chrome Web Store URL. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Update comment Created 7 years, 7 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: content/browser/renderer_host/render_view_host_impl.cc

diff --git a/content/browser/renderer_host/render_view_host_impl.cc b/content/browser/renderer_host/render_view_host_impl.cc

index 322cf35665265843ff616da4ba6bff57e4352d09..b34ce2bafc43df01344167b9ccd6579157733474 100644

--- a/content/browser/renderer_host/render_view_host_impl.cc

+++ b/content/browser/renderer_host/render_view_host_impl.cc

@@ -1202,22 +1202,15 @@ void RenderViewHostImpl::OnNavigate(const IPC::Message& msg) {

}

RenderProcessHost* process = GetProcess();

- // If the --site-per-process flag is passed, then the renderer process is

- // not allowed to request web pages from other sites than the one it is

- // dedicated to.

- // Kill the renderer process if it violates this policy.

- const CommandLine& command_line = *CommandLine::ForCurrentProcess();

- if (command_line.HasSwitch(switches::kSitePerProcess) &&

- static_cast<SiteInstanceImpl*>(GetSiteInstance())->HasSite() &&

- validated_params.url != GURL(chrome::kAboutBlankURL)) {

- if (!SiteInstance::IsSameWebSite(GetSiteInstance()->GetBrowserContext(),

- GetSiteInstance()->GetSiteURL(),

- validated_params.url) ||

- static_cast<SiteInstanceImpl*>(GetSiteInstance())->

- HasWrongProcessForURL(validated_params.url)) {

- // TODO(nasko): Removed the actual kill process call until out-of-process

- // iframes is ready to go.

- }

+ // Attempts to commit certain off-limits URL should be caught more strictly

+ // than our FilterURL checks below. If a renderer violates this policy, it

+ // should be killed.

+ if (!CanCommitURL(validated_params.url)) {

+ VLOG(1) << "Blocked URL " << validated_params.url.spec();

+ validated_params.url = GURL(chrome::kAboutBlankURL);

+ RecordAction(UserMetricsAction("CanCommitURL_BlockedAndKilled"));

+ // Kills the process.

+ process->ReceivedBadMessage();

}

ChildProcessSecurityPolicyImpl* policy =

@@ -1706,6 +1699,15 @@ void RenderViewHostImpl::ToggleSpeechInput() {

Send(new InputTagSpeechMsg_ToggleSpeechInput(GetRoutingID()));

}

+bool RenderViewHostImpl::CanCommitURL(const GURL& url) {

+ // TODO(creis): We should also check for WebUI pages here. Also, when the

+ // out-of-process iframes implementation is ready, we should check for

+ // cross-site URLs that are not allowed to commit in this process.

+ // Give the client a chance to disallow URLs from committing.

+ return GetContentClient()->browser()->CanCommitURL(GetProcess(), url);

void RenderViewHostImpl::FilterURL(ChildProcessSecurityPolicyImpl* policy,

const RenderProcessHost* process,

bool empty_allowed,

« no previous file with comments | « content/browser/renderer_host/render_view_host_impl.h ('k') | content/public/browser/content_browser_client.h » ('j') | no next file with comments »