Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(212)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/Source/core/frame/Frame.cpp

Issue 1583953005: Unsandboxed popups may also be navigated. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 4 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « third_party/WebKit/LayoutTests/http/tests/security/sandbox-inherit-to-blank-document-unsandboxed-navigate.html ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 1998, 1999 Torben Weis <weis@kde.org> 2 * Copyright (C) 1998, 1999 Torben Weis <weis@kde.org>
3 * 1999 Lars Knoll <knoll@kde.org> 3 * 1999 Lars Knoll <knoll@kde.org>
4 * 1999 Antti Koivisto <koivisto@kde.org> 4 * 1999 Antti Koivisto <koivisto@kde.org>
5 * 2000 Simon Hausmann <hausmann@kde.org> 5 * 2000 Simon Hausmann <hausmann@kde.org>
6 * 2000 Stefan Schimanski <1Stein@gmx.de> 6 * 2000 Stefan Schimanski <1Stein@gmx.de>
7 * 2001 George Staikos <staikos@kde.org> 7 * 2001 George Staikos <staikos@kde.org>
8 * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All r ights reserved. 8 * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All r ights reserved.
9 * Copyright (C) 2005 Alexey Proskuryakov <ap@nypop.com> 9 * Copyright (C) 2005 Alexey Proskuryakov <ap@nypop.com>
10 * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies) 10 * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies)
(...skipping 186 matching lines...) Expand 10 before | Expand all | Expand 10 after
197 return false; 197 return false;
198 } 198 }
199 199
200 bool Frame::canNavigate(const Frame& targetFrame) 200 bool Frame::canNavigate(const Frame& targetFrame)
201 { 201 {
202 // Frame-busting is generally allowed, but blocked for sandboxed frames lack ing the 'allow-top-navigation' flag. 202 // Frame-busting is generally allowed, but blocked for sandboxed frames lack ing the 'allow-top-navigation' flag.
203 if (!securityContext()->isSandboxed(SandboxTopNavigation) && targetFrame == tree().top()) 203 if (!securityContext()->isSandboxed(SandboxTopNavigation) && targetFrame == tree().top())
204 return true; 204 return true;
205 205
206 if (securityContext()->isSandboxed(SandboxNavigation)) { 206 if (securityContext()->isSandboxed(SandboxNavigation)) {
207 // Sandboxed frames can navigate their own children.
207 if (targetFrame.tree().isDescendantOf(this)) 208 if (targetFrame.tree().isDescendantOf(this))
208 return true; 209 return true;
209 210
211 // They can also navigate popups, if the 'allow-sandbox-escape-via-popup ' flag is specified.
212 if (targetFrame == targetFrame.tree().top() && targetFrame.tree().top() != tree().top() && !securityContext()->isSandboxed(SandboxPropagatesToAuxiliaryB rowsingContexts))
213 return true;
214
215 // Otherwise, block the navigation.
210 const char* reason = "The frame attempting navigation is sandboxed, and is therefore disallowed from navigating its ancestors."; 216 const char* reason = "The frame attempting navigation is sandboxed, and is therefore disallowed from navigating its ancestors.";
211 if (securityContext()->isSandboxed(SandboxTopNavigation) && targetFrame == tree().top()) 217 if (securityContext()->isSandboxed(SandboxTopNavigation) && targetFrame == tree().top())
212 reason = "The frame attempting navigation of the top-level window is sandboxed, but the 'allow-top-navigation' flag is not set."; 218 reason = "The frame attempting navigation of the top-level window is sandboxed, but the 'allow-top-navigation' flag is not set.";
213 219
214 printNavigationErrorMessage(targetFrame, reason); 220 printNavigationErrorMessage(targetFrame, reason);
215 return false; 221 return false;
216 } 222 }
217 223
218 ASSERT(securityContext()->securityOrigin()); 224 ASSERT(securityContext()->securityOrigin());
219 SecurityOrigin& origin = *securityContext()->securityOrigin(); 225 SecurityOrigin& origin = *securityContext()->securityOrigin();
(...skipping 85 matching lines...) Expand 10 before | Expand all | Expand 10 after
305 311
306 if (m_owner) { 312 if (m_owner) {
307 if (m_owner->isLocal()) 313 if (m_owner->isLocal())
308 toHTMLFrameOwnerElement(m_owner)->setContentFrame(*this); 314 toHTMLFrameOwnerElement(m_owner)->setContentFrame(*this);
309 } else { 315 } else {
310 page()->setMainFrame(this); 316 page()->setMainFrame(this);
311 } 317 }
312 } 318 }
313 319
314 } // namespace blink 320 } // namespace blink
OLDNEW
« no previous file with comments | « third_party/WebKit/LayoutTests/http/tests/security/sandbox-inherit-to-blank-document-unsandboxed-navigate.html ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698