| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/ui/webui/interstitials/interstitial_ui.h" | 5 #include "chrome/browser/ui/webui/interstitials/interstitial_ui.h" |
| 6 | 6 |
| 7 #include "base/strings/string_number_conversions.h" | 7 #include "base/strings/string_number_conversions.h" |
| 8 #include "base/strings/string_util.h" | 8 #include "base/strings/string_util.h" |
| 9 #include "chrome/browser/browser_process.h" | 9 #include "chrome/browser/browser_process.h" |
| 10 #include "chrome/browser/profiles/profile.h" | 10 #include "chrome/browser/profiles/profile.h" |
| 11 #include "chrome/browser/safe_browsing/safe_browsing_blocking_page.h" | 11 #include "chrome/browser/safe_browsing/safe_browsing_blocking_page.h" |
| 12 #include "chrome/browser/safe_browsing/safe_browsing_service.h" | 12 #include "chrome/browser/safe_browsing/safe_browsing_service.h" |
| 13 #include "chrome/browser/ssl/bad_clock_blocking_page.h" | 13 #include "chrome/browser/ssl/bad_clock_blocking_page.h" |
| 14 #include "chrome/browser/ssl/ssl_blocking_page.h" | 14 #include "chrome/browser/ssl/ssl_blocking_page.h" |
| 15 #include "chrome/common/url_constants.h" | 15 #include "chrome/common/url_constants.h" |
| 16 #include "chrome/grit/browser_resources.h" | 16 #include "chrome/grit/browser_resources.h" |
| 17 #include "components/grit/components_resources.h" | 17 #include "components/grit/components_resources.h" |
| 18 #include "components/security_interstitials/core/ssl_error_ui.h" | 18 #include "components/security_interstitials/core/ssl_error_ui.h" |
| 19 #include "content/public/browser/interstitial_page_delegate.h" | 19 #include "content/public/browser/interstitial_page_delegate.h" |
| 20 #include "content/public/browser/render_process_host.h" |
| 21 #include "content/public/browser/render_view_host.h" |
| 20 #include "content/public/browser/web_contents.h" | 22 #include "content/public/browser/web_contents.h" |
| 21 #include "content/public/browser/web_ui.h" | 23 #include "content/public/browser/web_ui.h" |
| 22 #include "content/public/browser/web_ui_controller.h" | 24 #include "content/public/browser/web_ui_controller.h" |
| 23 #include "content/public/browser/web_ui_data_source.h" | 25 #include "content/public/browser/web_ui_data_source.h" |
| 24 #include "net/base/net_errors.h" | 26 #include "net/base/net_errors.h" |
| 25 #include "net/base/url_util.h" | 27 #include "net/base/url_util.h" |
| 26 #include "net/cert/x509_certificate.h" | 28 #include "net/cert/x509_certificate.h" |
| 27 #include "net/ssl/ssl_info.h" | 29 #include "net/ssl/ssl_info.h" |
| 28 #include "ui/base/resource/resource_bundle.h" | 30 #include "ui/base/resource/resource_bundle.h" |
| 29 | 31 |
| 30 #if defined(ENABLE_CAPTIVE_PORTAL_DETECTION) | 32 #if defined(ENABLE_CAPTIVE_PORTAL_DETECTION) |
| 31 #include "chrome/browser/ssl/captive_portal_blocking_page.h" | 33 #include "chrome/browser/ssl/captive_portal_blocking_page.h" |
| 32 #endif | 34 #endif |
| 33 | 35 |
| 34 namespace { | 36 namespace { |
| 35 | 37 |
| 38 // Implementation of chrome://interstitials demonstration pages. This code is |
| 39 // not used in displaying any real interstitials. |
| 36 class InterstitialHTMLSource : public content::URLDataSource { | 40 class InterstitialHTMLSource : public content::URLDataSource { |
| 37 public: | 41 public: |
| 38 explicit InterstitialHTMLSource(content::WebContents* web_contents); | 42 explicit InterstitialHTMLSource(content::WebContents* web_contents); |
| 39 ~InterstitialHTMLSource() override; | 43 ~InterstitialHTMLSource() override; |
| 40 | 44 |
| 41 // content::URLDataSource: | 45 // content::URLDataSource: |
| 42 std::string GetMimeType(const std::string& mime_type) const override; | 46 std::string GetMimeType(const std::string& mime_type) const override; |
| 43 std::string GetSource() const override; | 47 std::string GetSource() const override; |
| 44 bool ShouldAddContentSecurityPolicy() const override; | 48 bool ShouldAddContentSecurityPolicy() const override; |
| 45 void StartDataRequest( | 49 void StartDataRequest( |
| (...skipping 134 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 180 safe_browsing::SBThreatType threat_type = | 184 safe_browsing::SBThreatType threat_type = |
| 181 safe_browsing::SB_THREAT_TYPE_URL_MALWARE; | 185 safe_browsing::SB_THREAT_TYPE_URL_MALWARE; |
| 182 GURL request_url("http://example.com"); | 186 GURL request_url("http://example.com"); |
| 183 std::string url_param; | 187 std::string url_param; |
| 184 if (net::GetValueForKeyInQuery(web_contents->GetURL(), | 188 if (net::GetValueForKeyInQuery(web_contents->GetURL(), |
| 185 "url", | 189 "url", |
| 186 &url_param)) { | 190 &url_param)) { |
| 187 if (GURL(url_param).is_valid()) | 191 if (GURL(url_param).is_valid()) |
| 188 request_url = GURL(url_param); | 192 request_url = GURL(url_param); |
| 189 } | 193 } |
| 194 GURL main_frame_url(request_url); |
| 195 // TODO(mattm): add flag to change main_frame_url or add dedicated flag to |
| 196 // test subresource interstitials. |
| 190 std::string type_param; | 197 std::string type_param; |
| 191 if (net::GetValueForKeyInQuery(web_contents->GetURL(), | 198 if (net::GetValueForKeyInQuery(web_contents->GetURL(), |
| 192 "type", | 199 "type", |
| 193 &type_param)) { | 200 &type_param)) { |
| 201 // TODO(mattm): add param for SB_THREAT_TYPE_URL_UNWANTED. |
| 194 if (type_param == "malware") { | 202 if (type_param == "malware") { |
| 195 threat_type = safe_browsing::SB_THREAT_TYPE_URL_MALWARE; | 203 threat_type = safe_browsing::SB_THREAT_TYPE_URL_MALWARE; |
| 196 } else if (type_param == "phishing") { | 204 } else if (type_param == "phishing") { |
| 197 threat_type = safe_browsing::SB_THREAT_TYPE_URL_PHISHING; | 205 threat_type = safe_browsing::SB_THREAT_TYPE_URL_PHISHING; |
| 198 } else if (type_param == "clientside_malware") { | 206 } else if (type_param == "clientside_malware") { |
| 199 threat_type = safe_browsing::SB_THREAT_TYPE_CLIENT_SIDE_MALWARE_URL; | 207 threat_type = safe_browsing::SB_THREAT_TYPE_CLIENT_SIDE_MALWARE_URL; |
| 200 } else if (type_param == "clientside_phishing") { | 208 } else if (type_param == "clientside_phishing") { |
| 201 threat_type = safe_browsing::SB_THREAT_TYPE_CLIENT_SIDE_PHISHING_URL; | 209 threat_type = safe_browsing::SB_THREAT_TYPE_CLIENT_SIDE_PHISHING_URL; |
| 202 // Interstitials for client side phishing urls load after the page loads | |
| 203 // (see SafeBrowsingBlockingPage::IsMainPageLoadBlocked), so there should | |
| 204 // either be a new navigation entry, or there shouldn't be any pending | |
| 205 // entries. Clear any pending navigation entries. | |
| 206 content::NavigationController* controller = | |
| 207 &web_contents->GetController(); | |
| 208 controller->DiscardNonCommittedEntries(); | |
| 209 } | 210 } |
| 210 } | 211 } |
| 211 safe_browsing::SafeBrowsingBlockingPage::UnsafeResource resource; | 212 safe_browsing::SafeBrowsingBlockingPage::UnsafeResource resource; |
| 212 resource.url = request_url; | 213 resource.url = request_url; |
| 213 resource.threat_type = threat_type; | 214 resource.is_subresource = request_url != main_frame_url; |
| 214 // Create a blocking page without showing the interstitial. | 215 resource.is_subframe = false; |
| 216 resource.threat_type = threat_type; |
| 217 resource.render_process_host_id = |
| 218 web_contents->GetRenderProcessHost()->GetID(); |
| 219 resource.render_view_id = web_contents->GetRenderViewHost()->GetRoutingID(); |
| 220 resource.threat_source = safe_browsing::ThreatSource::LOCAL_PVER3; |
| 221 |
| 222 // Normally safebrowsing interstitial types which block the main page load |
| 223 // (SB_THREAT_TYPE_URL_MALWARE, SB_THREAT_TYPE_URL_PHISHING, and |
| 224 // SB_THREAT_TYPE_URL_UNWANTED on main-frame loads) would expect there to be a |
| 225 // pending navigation when the SafeBrowsingBlockingPage is created. This demo |
| 226 // creates a SafeBrowsingBlockingPage but does not actually show a real |
| 227 // interstitial. Instead it extracts the html and displays it manually, so the |
| 228 // parts which depend on the NavigationEntry are not hit. |
| 215 return safe_browsing::SafeBrowsingBlockingPage::CreateBlockingPage( | 229 return safe_browsing::SafeBrowsingBlockingPage::CreateBlockingPage( |
| 216 g_browser_process->safe_browsing_service()->ui_manager().get(), | 230 g_browser_process->safe_browsing_service()->ui_manager().get(), |
| 217 web_contents, | 231 web_contents, main_frame_url, resource); |
| 218 resource); | |
| 219 } | 232 } |
| 220 | 233 |
| 221 #if defined(ENABLE_CAPTIVE_PORTAL_DETECTION) | 234 #if defined(ENABLE_CAPTIVE_PORTAL_DETECTION) |
| 222 CaptivePortalBlockingPage* CreateCaptivePortalBlockingPage( | 235 CaptivePortalBlockingPage* CreateCaptivePortalBlockingPage( |
| 223 content::WebContents* web_contents) { | 236 content::WebContents* web_contents) { |
| 224 bool is_wifi_connection = false; | 237 bool is_wifi_connection = false; |
| 225 GURL landing_url("https://captive.portal/login"); | 238 GURL landing_url("https://captive.portal/login"); |
| 226 GURL request_url("https://google.com"); | 239 GURL request_url("https://google.com"); |
| 227 // Not initialized to a default value, since non-empty wifi_ssid is | 240 // Not initialized to a default value, since non-empty wifi_ssid is |
| 228 // considered a wifi connection, even if is_wifi_connection is false. | 241 // considered a wifi connection, even if is_wifi_connection is false. |
| (...skipping 95 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 324 html = interstitial_delegate.get()->GetHTMLContents(); | 337 html = interstitial_delegate.get()->GetHTMLContents(); |
| 325 } else { | 338 } else { |
| 326 html = ResourceBundle::GetSharedInstance() | 339 html = ResourceBundle::GetSharedInstance() |
| 327 .GetRawDataResource(IDR_SECURITY_INTERSTITIAL_UI_HTML) | 340 .GetRawDataResource(IDR_SECURITY_INTERSTITIAL_UI_HTML) |
| 328 .as_string(); | 341 .as_string(); |
| 329 } | 342 } |
| 330 scoped_refptr<base::RefCountedString> html_bytes = new base::RefCountedString; | 343 scoped_refptr<base::RefCountedString> html_bytes = new base::RefCountedString; |
| 331 html_bytes->data().assign(html.begin(), html.end()); | 344 html_bytes->data().assign(html.begin(), html.end()); |
| 332 callback.Run(html_bytes.get()); | 345 callback.Run(html_bytes.get()); |
| 333 } | 346 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1509073002:
Fixes for Safe Browsing with unrelated pending navigations. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master