Chromium Code Reviews Chromium Code Reviews
Issue 1509073002:
Fixes for Safe Browsing with unrelated pending navigations. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/ui/webui/interstitials/interstitial_ui.h" | 5 #include "chrome/browser/ui/webui/interstitials/interstitial_ui.h" |
| 6 | 6 |
| 7 #include "base/strings/string_number_conversions.h" | 7 #include "base/strings/string_number_conversions.h" |
| 8 #include "base/strings/string_util.h" | 8 #include "base/strings/string_util.h" |
| 9 #include "chrome/browser/browser_process.h" | 9 #include "chrome/browser/browser_process.h" |
| 10 #include "chrome/browser/profiles/profile.h" | 10 #include "chrome/browser/profiles/profile.h" |
| 11 #include "chrome/browser/safe_browsing/safe_browsing_blocking_page.h" | 11 #include "chrome/browser/safe_browsing/safe_browsing_blocking_page.h" |
| 12 #include "chrome/browser/safe_browsing/safe_browsing_service.h" | 12 #include "chrome/browser/safe_browsing/safe_browsing_service.h" |
| 13 #include "chrome/browser/ssl/bad_clock_blocking_page.h" | 13 #include "chrome/browser/ssl/bad_clock_blocking_page.h" |
| 14 #include "chrome/browser/ssl/ssl_blocking_page.h" | 14 #include "chrome/browser/ssl/ssl_blocking_page.h" |
| 15 #include "chrome/common/url_constants.h" | 15 #include "chrome/common/url_constants.h" |
| 16 #include "chrome/grit/browser_resources.h" | 16 #include "chrome/grit/browser_resources.h" |
| 17 #include "components/grit/components_resources.h" | 17 #include "components/grit/components_resources.h" |
| 18 #include "components/security_interstitials/core/ssl_error_ui.h" | 18 #include "components/security_interstitials/core/ssl_error_ui.h" |
| 19 #include "content/public/browser/interstitial_page_delegate.h" | 19 #include "content/public/browser/interstitial_page_delegate.h" |
| 20 #include "content/public/browser/render_process_host.h" | |
| 21 #include "content/public/browser/render_view_host.h" | |
| 20 #include "content/public/browser/web_contents.h" | 22 #include "content/public/browser/web_contents.h" |
| 21 #include "content/public/browser/web_ui.h" | 23 #include "content/public/browser/web_ui.h" |
| 22 #include "content/public/browser/web_ui_controller.h" | 24 #include "content/public/browser/web_ui_controller.h" |
| 23 #include "content/public/browser/web_ui_data_source.h" | 25 #include "content/public/browser/web_ui_data_source.h" |
| 24 #include "net/base/net_errors.h" | 26 #include "net/base/net_errors.h" |
| 25 #include "net/base/url_util.h" | 27 #include "net/base/url_util.h" |
| 26 #include "net/cert/x509_certificate.h" | 28 #include "net/cert/x509_certificate.h" |
| 27 #include "net/ssl/ssl_info.h" | 29 #include "net/ssl/ssl_info.h" |
| 28 #include "ui/base/resource/resource_bundle.h" | 30 #include "ui/base/resource/resource_bundle.h" |
| 29 | 31 |
| (...skipping 138 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 168 int options_mask = 0; | 170 int options_mask = 0; |
| 169 if (overridable) | 171 if (overridable) |
| 170 options_mask |= security_interstitials::SSLErrorUI::SOFT_OVERRIDE_ENABLED; | 172 options_mask |= security_interstitials::SSLErrorUI::SOFT_OVERRIDE_ENABLED; |
| 171 if (strict_enforcement) | 173 if (strict_enforcement) |
| 172 options_mask |= security_interstitials::SSLErrorUI::STRICT_ENFORCEMENT; | 174 options_mask |= security_interstitials::SSLErrorUI::STRICT_ENFORCEMENT; |
| 173 return new BadClockBlockingPage(web_contents, cert_error, ssl_info, | 175 return new BadClockBlockingPage(web_contents, cert_error, ssl_info, |
| 174 request_url, time_triggered_, nullptr, | 176 request_url, time_triggered_, nullptr, |
| 175 base::Callback<void(bool)>()); | 177 base::Callback<void(bool)>()); |
| 176 } | 178 } |
| 177 | 179 |
| 178 safe_browsing::SafeBrowsingBlockingPage* CreateSafeBrowsingBlockingPage( | 180 safe_browsing::SafeBrowsingBlockingPage* CreateSafeBrowsingBlockingPage( |
|
Nathan Parker
2015/12/16 23:30:24
Can you add a comment at the top saying this is al
mattm
2015/12/17 01:43:57
Indeed, I was rather confused when I first came ac
| |
| 179 content::WebContents* web_contents) { | 181 content::WebContents* web_contents) { |
| 180 safe_browsing::SBThreatType threat_type = | 182 safe_browsing::SBThreatType threat_type = |
| 181 safe_browsing::SB_THREAT_TYPE_URL_MALWARE; | 183 safe_browsing::SB_THREAT_TYPE_URL_MALWARE; |
| 182 GURL request_url("http://example.com"); | 184 GURL request_url("http://example.com"); |
| 183 std::string url_param; | 185 std::string url_param; |
| 184 if (net::GetValueForKeyInQuery(web_contents->GetURL(), | 186 if (net::GetValueForKeyInQuery(web_contents->GetURL(), |
| 185 "url", | 187 "url", |
| 186 &url_param)) { | 188 &url_param)) { |
| 187 if (GURL(url_param).is_valid()) | 189 if (GURL(url_param).is_valid()) |
| 188 request_url = GURL(url_param); | 190 request_url = GURL(url_param); |
| 189 } | 191 } |
| 192 GURL main_frame_url(request_url); | |
| 193 // TODO(mattm): add flag to change main_frame_url or add dedicated flag to | |
| 194 // test subresource interstitials. | |
| 190 std::string type_param; | 195 std::string type_param; |
| 191 if (net::GetValueForKeyInQuery(web_contents->GetURL(), | 196 if (net::GetValueForKeyInQuery(web_contents->GetURL(), |
| 192 "type", | 197 "type", |
| 193 &type_param)) { | 198 &type_param)) { |
| 199 // TODO(mattm): add param for SB_THREAT_TYPE_URL_UNWANTED. | |
| 194 if (type_param == "malware") { | 200 if (type_param == "malware") { |
| 195 threat_type = safe_browsing::SB_THREAT_TYPE_URL_MALWARE; | 201 threat_type = safe_browsing::SB_THREAT_TYPE_URL_MALWARE; |
| 196 } else if (type_param == "phishing") { | 202 } else if (type_param == "phishing") { |
| 197 threat_type = safe_browsing::SB_THREAT_TYPE_URL_PHISHING; | 203 threat_type = safe_browsing::SB_THREAT_TYPE_URL_PHISHING; |
| 198 } else if (type_param == "clientside_malware") { | 204 } else if (type_param == "clientside_malware") { |
| 199 threat_type = safe_browsing::SB_THREAT_TYPE_CLIENT_SIDE_MALWARE_URL; | 205 threat_type = safe_browsing::SB_THREAT_TYPE_CLIENT_SIDE_MALWARE_URL; |
| 200 } else if (type_param == "clientside_phishing") { | 206 } else if (type_param == "clientside_phishing") { |
| 201 threat_type = safe_browsing::SB_THREAT_TYPE_CLIENT_SIDE_PHISHING_URL; | 207 threat_type = safe_browsing::SB_THREAT_TYPE_CLIENT_SIDE_PHISHING_URL; |
| 202 // Interstitials for client side phishing urls load after the page loads | |
| 203 // (see SafeBrowsingBlockingPage::IsMainPageLoadBlocked), so there should | |
| 204 // either be a new navigation entry, or there shouldn't be any pending | |
| 205 // entries. Clear any pending navigation entries. | |
| 206 content::NavigationController* controller = | |
| 207 &web_contents->GetController(); | |
| 208 controller->DiscardNonCommittedEntries(); | |
| 209 } | 208 } |
| 210 } | 209 } |
| 211 safe_browsing::SafeBrowsingBlockingPage::UnsafeResource resource; | 210 safe_browsing::SafeBrowsingBlockingPage::UnsafeResource resource; |
| 212 resource.url = request_url; | 211 resource.url = request_url; |
| 213 resource.threat_type = threat_type; | 212 resource.is_subresource = request_url != main_frame_url; |
| 214 // Create a blocking page without showing the interstitial. | 213 resource.is_subframe = false; |
| 214 resource.threat_type = threat_type; | |
| 215 resource.render_process_host_id = | |
| 216 web_contents->GetRenderProcessHost()->GetID(); | |
| 217 resource.render_view_id = web_contents->GetRenderViewHost()->GetRoutingID(); | |
| 218 resource.threat_source = safe_browsing::ThreatSource::LOCAL_PVER3; | |
| 219 | |
| 220 // Normally safebrowsing interstitial types which block the main page load | |
| 221 // (SB_THREAT_TYPE_URL_MALWARE, SB_THREAT_TYPE_URL_PHISHING, and | |
| 222 // SB_THREAT_TYPE_URL_UNWANTED on main-frame loads) would expect there to be a | |
| 223 // pending navigation when the SafeBrowsingBlockingPage is created. This demo | |
| 224 // creates a SafeBrowsingBlockingPage but does not actually show a real | |
| 225 // interstitial. Instead it extracts the html and displays it manually, so the | |
| 226 // parts which depend on the NavigationEntry are not hit. | |
| 215 return safe_browsing::SafeBrowsingBlockingPage::CreateBlockingPage( | 227 return safe_browsing::SafeBrowsingBlockingPage::CreateBlockingPage( |
| 216 g_browser_process->safe_browsing_service()->ui_manager().get(), | 228 g_browser_process->safe_browsing_service()->ui_manager().get(), |
| 217 web_contents, | 229 web_contents, main_frame_url, resource); |
| 218 resource); | |
| 219 } | 230 } |
| 220 | 231 |
| 221 #if defined(ENABLE_CAPTIVE_PORTAL_DETECTION) | 232 #if defined(ENABLE_CAPTIVE_PORTAL_DETECTION) |
| 222 CaptivePortalBlockingPage* CreateCaptivePortalBlockingPage( | 233 CaptivePortalBlockingPage* CreateCaptivePortalBlockingPage( |
| 223 content::WebContents* web_contents) { | 234 content::WebContents* web_contents) { |
| 224 bool is_wifi_connection = false; | 235 bool is_wifi_connection = false; |
| 225 GURL landing_url("https://captive.portal/login"); | 236 GURL landing_url("https://captive.portal/login"); |
| 226 GURL request_url("https://google.com"); | 237 GURL request_url("https://google.com"); |
| 227 // Not initialized to a default value, since non-empty wifi_ssid is | 238 // Not initialized to a default value, since non-empty wifi_ssid is |
| 228 // considered a wifi connection, even if is_wifi_connection is false. | 239 // considered a wifi connection, even if is_wifi_connection is false. |
| (...skipping 95 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 324 html = interstitial_delegate.get()->GetHTMLContents(); | 335 html = interstitial_delegate.get()->GetHTMLContents(); |
| 325 } else { | 336 } else { |
| 326 html = ResourceBundle::GetSharedInstance() | 337 html = ResourceBundle::GetSharedInstance() |
| 327 .GetRawDataResource(IDR_SECURITY_INTERSTITIAL_UI_HTML) | 338 .GetRawDataResource(IDR_SECURITY_INTERSTITIAL_UI_HTML) |
| 328 .as_string(); | 339 .as_string(); |
| 329 } | 340 } |
| 330 scoped_refptr<base::RefCountedString> html_bytes = new base::RefCountedString; | 341 scoped_refptr<base::RefCountedString> html_bytes = new base::RefCountedString; |
| 331 html_bytes->data().assign(html.begin(), html.end()); | 342 html_bytes->data().assign(html.begin(), html.end()); |
| 332 callback.Run(html_bytes.get()); | 343 callback.Run(html_bytes.get()); |
| 333 } | 344 } |
| OLD | NEW |
