Index: third_party/WebKit/Source/core/html/HTMLPlugInElement.cpp |
diff --git a/third_party/WebKit/Source/core/html/HTMLPlugInElement.cpp b/third_party/WebKit/Source/core/html/HTMLPlugInElement.cpp |
index e6a69bc8e321bb99769291a911d6fb780830fb39..2ba4e25a842dcd6bc0ab0d7ac3db25d3f6dffefa 100644 |
--- a/third_party/WebKit/Source/core/html/HTMLPlugInElement.cpp |
+++ b/third_party/WebKit/Source/core/html/HTMLPlugInElement.cpp |
@@ -38,6 +38,7 @@ |
#include "core/html/HTMLImageLoader.h" |
#include "core/html/PluginDocument.h" |
#include "core/input/EventHandler.h" |
+#include "core/inspector/ConsoleMessage.h" |
#include "core/layout/LayoutBlockFlow.h" |
#include "core/layout/LayoutEmbeddedObject.h" |
#include "core/layout/LayoutImage.h" |
@@ -474,12 +475,15 @@ bool HTMLPlugInElement::requestObject(const String& url, const String& mimeType, |
return false; |
KURL completedURL = url.isEmpty() ? KURL() : document().completeURL(url); |
- if (!pluginIsLoadable(completedURL, mimeType)) |
+ if (!objectIsLoadable(completedURL, mimeType)) |
return false; |
bool useFallback; |
- if (shouldUsePlugin(completedURL, mimeType, hasFallbackContent(), useFallback)) |
+ if (shouldUsePlugin(completedURL, mimeType, hasFallbackContent(), useFallback)) { |
+ if (!pluginIsLoadable(completedURL, mimeType)) |
+ return false; |
return loadPlugin(completedURL, mimeType, paramNames, paramValues, useFallback, true); |
+ } |
// If the plugin element already contains a subframe, |
// loadOrRedirectSubframe will re-use it. Otherwise, it will create a new |
@@ -541,8 +545,10 @@ bool HTMLPlugInElement::shouldUsePlugin(const KURL& url, const String& mimeType, |
if (document().frame()->page() && (mimeType == "image/tiff" || mimeType == "image/tif" || mimeType == "image/x-tiff")) { |
const PluginData* pluginData = document().frame()->page()->pluginData(); |
String pluginName = pluginData ? pluginData->pluginNameForMimeType(mimeType) : String(); |
- if (!pluginName.isEmpty() && !pluginName.contains("QuickTime", TextCaseInsensitive)) |
+ if (!pluginName.isEmpty() && !pluginName.contains("QuickTime", TextCaseInsensitive)) { |
+ useFallback = false; |
return true; |
+ } |
} |
ObjectContentType objectType = document().frame()->loader().client()->objectContentType(url, mimeType, shouldPreferPlugInsForImages()); |
@@ -561,7 +567,7 @@ void HTMLPlugInElement::dispatchErrorEvent() |
dispatchEvent(Event::create(EventTypeNames::error)); |
} |
-bool HTMLPlugInElement::pluginIsLoadable(const KURL& url, const String& mimeType) |
+bool HTMLPlugInElement::objectIsLoadable(const KURL& url, const String& mimeType) |
{ |
if (url.isEmpty() && mimeType.isEmpty()) |
return false; |
@@ -574,24 +580,35 @@ bool HTMLPlugInElement::pluginIsLoadable(const KURL& url, const String& mimeType |
if (MIMETypeRegistry::isJavaAppletMIMEType(mimeType)) |
return false; |
- if (document().isSandboxed(SandboxPlugins)) |
- return false; |
- |
if (!document().securityOrigin()->canDisplay(url)) { |
FrameLoader::reportLocalLoadFailed(frame, url.string()); |
return false; |
} |
+ if (!document().contentSecurityPolicy()->allowObjectFromSource(url)) { |
+ layoutEmbeddedObject()->setPluginUnavailabilityReason(LayoutEmbeddedObject::PluginBlockedByContentSecurityPolicy); |
+ return false; |
+ } |
+ |
+ return (!mimeType.isEmpty() && url.isEmpty()) || !MixedContentChecker::shouldBlockFetch(frame, WebURLRequest::RequestContextObject, WebURLRequest::FrameTypeNone, url); |
+} |
+ |
+bool HTMLPlugInElement::pluginIsLoadable(const KURL& url, const String& mimeType) |
+{ |
pdr.
2016/02/02 04:32:42
Can you add an assert here so future refactorings
fs
2016/02/22 18:36:56
Done.
|
+ if (document().isSandboxed(SandboxPlugins)) { |
+ document().addConsoleMessage(ConsoleMessage::create(SecurityMessageSource, ErrorMessageLevel, |
+ "Failed to load '" + url.elidedString() + "' as a plugin, because the frame into which the plugin is loading is sandboxed.")); |
+ return false; |
+ } |
+ |
AtomicString declaredMimeType = document().isPluginDocument() && document().ownerElement() ? |
document().ownerElement()->fastGetAttribute(HTMLNames::typeAttr) : |
fastGetAttribute(HTMLNames::typeAttr); |
- if (!document().contentSecurityPolicy()->allowObjectFromSource(url) |
- || !document().contentSecurityPolicy()->allowPluginTypeForDocument(document(), mimeType, declaredMimeType, url)) { |
+ if (!document().contentSecurityPolicy()->allowPluginTypeForDocument(document(), mimeType, declaredMimeType, url)) { |
layoutEmbeddedObject()->setPluginUnavailabilityReason(LayoutEmbeddedObject::PluginBlockedByContentSecurityPolicy); |
return false; |
} |
- |
- return (!mimeType.isEmpty() && url.isEmpty()) || !MixedContentChecker::shouldBlockFetch(frame, WebURLRequest::RequestContextObject, WebURLRequest::FrameTypeNone, url); |
+ return true; |
} |
void HTMLPlugInElement::didAddUserAgentShadowRoot(ShadowRoot&) |