ServiceWorker: Early reject error if url is something wrong.

content/browser/service_worker/service_worker_version.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/browser/service_worker/service_worker_version.h"
 
 #include <algorithm>
 #include <map>
 #include <string>
 
@@ skipping 1520 matching lines @@
 
   if (!url.is_valid()) {
     DVLOG(1) << "Received unexpected invalid URL from renderer process.";
     BrowserThread::PostTask(BrowserThread::UI, FROM_HERE,
                             base::Bind(&KillEmbeddedWorkerProcess,
                                        embedded_worker_->process_id(),
                                        RESULT_CODE_KILLED_BAD_MESSAGE));
     return;
   }
 
-  // The renderer treats all URLs in the about: scheme as being about:blank.
-  // Canonicalize about: URLs to about:blank.
-  if (url.SchemeIs(url::kAboutScheme))
-    url = GURL(url::kAboutBlankURL);
-
-  // Reject requests for URLs that the process is not allowed to access. It's
-  // possible to receive such requests since the renderer-side checks are
-  // slightly different. For example, the view-source scheme will not be
-  // filtered out by Blink.
-  if (!ChildProcessSecurityPolicyImpl::GetInstance()->CanRequestURL(
-          embedded_worker_->process_id(), url)) {
-    embedded_worker_->SendMessage(ServiceWorkerMsg_OpenWindowError(
-        request_id, url.spec() + " cannot be opened."));
-    return;
-  }

[nhiroki, 2015/12/09 08:35:42]

There would be a possibility that a compromised renderer sends these invalid
URLs. In the case, can you kill the renderer like line 1534?

-
   BrowserThread::PostTask(
       BrowserThread::UI, FROM_HERE,
       base::Bind(&OpenWindowOnUI,
                  url,
                  script_url_,
                  embedded_worker_->process_id(),
                  make_scoped_refptr(context_->wrapper()),
                  base::Bind(&ServiceWorkerVersion::DidOpenWindow,
                             weak_factory_.GetWeakPtr(),
                             request_id)));
@@ skipping 165 matching lines @@
 
   if (!url.is_valid() || !base::IsValidGUID(client_uuid)) {
     DVLOG(1) << "Received unexpected invalid URL/UUID from renderer process.";
     BrowserThread::PostTask(
         BrowserThread::UI, FROM_HERE,
         base::Bind(&KillEmbeddedWorkerProcess, embedded_worker_->process_id(),
                    RESULT_CODE_KILLED_BAD_MESSAGE));
     return;
   }
 
-  // Reject requests for URLs that the process is not allowed to access. It's
-  // possible to receive such requests since the renderer-side checks are
-  // slightly different. For example, the view-source scheme will not be
-  // filtered out by Blink.
-  if (!ChildProcessSecurityPolicyImpl::GetInstance()->CanRequestURL(
-          embedded_worker_->process_id(), url)) {
-    embedded_worker_->SendMessage(
-        ServiceWorkerMsg_NavigateClientError(request_id, url));
-    return;
-  }

[nhiroki, 2015/12/09 08:35:42]

ditto.

-
   ServiceWorkerProviderHost* provider_host =
       context_->GetProviderHostByClientID(client_uuid);
   if (!provider_host || provider_host->active_version() != this) {
     embedded_worker_->SendMessage(
         ServiceWorkerMsg_NavigateClientError(request_id, url));
     return;
   }
 
   BrowserThread::PostTask(
       BrowserThread::UI, FROM_HERE,
@@ skipping 660 matching lines @@
 void ServiceWorkerVersion::OnBeginEvent() {
   if (should_exclude_from_uma_ || running_status() != RUNNING ||
       idle_time_.is_null()) {
     return;
   }
   ServiceWorkerMetrics::RecordTimeBetweenEvents(base::TimeTicks::Now() -
                                                 idle_time_);
 }
 
 }  // namespace content