Chromium Code Reviews Chromium Code Reviews
Issue 1645313002:
Don't apply the SandboxPlugins flag until we know a plugin will be used (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| Index: third_party/WebKit/Source/core/html/HTMLPlugInElement.cpp |
| diff --git a/third_party/WebKit/Source/core/html/HTMLPlugInElement.cpp b/third_party/WebKit/Source/core/html/HTMLPlugInElement.cpp |
| index e6a69bc8e321bb99769291a911d6fb780830fb39..2ba4e25a842dcd6bc0ab0d7ac3db25d3f6dffefa 100644 |
| --- a/third_party/WebKit/Source/core/html/HTMLPlugInElement.cpp |
| +++ b/third_party/WebKit/Source/core/html/HTMLPlugInElement.cpp |
| @@ -38,6 +38,7 @@ |
| #include "core/html/HTMLImageLoader.h" |
| #include "core/html/PluginDocument.h" |
| #include "core/input/EventHandler.h" |
| +#include "core/inspector/ConsoleMessage.h" |
| #include "core/layout/LayoutBlockFlow.h" |
| #include "core/layout/LayoutEmbeddedObject.h" |
| #include "core/layout/LayoutImage.h" |
| @@ -474,12 +475,15 @@ bool HTMLPlugInElement::requestObject(const String& url, const String& mimeType, |
| return false; |
| KURL completedURL = url.isEmpty() ? KURL() : document().completeURL(url); |
| - if (!pluginIsLoadable(completedURL, mimeType)) |
| + if (!objectIsLoadable(completedURL, mimeType)) |
| return false; |
| bool useFallback; |
| - if (shouldUsePlugin(completedURL, mimeType, hasFallbackContent(), useFallback)) |
| + if (shouldUsePlugin(completedURL, mimeType, hasFallbackContent(), useFallback)) { |
| + if (!pluginIsLoadable(completedURL, mimeType)) |
| + return false; |
| return loadPlugin(completedURL, mimeType, paramNames, paramValues, useFallback, true); |
| + } |
| // If the plugin element already contains a subframe, |
| // loadOrRedirectSubframe will re-use it. Otherwise, it will create a new |
| @@ -541,8 +545,10 @@ bool HTMLPlugInElement::shouldUsePlugin(const KURL& url, const String& mimeType, |
| if (document().frame()->page() && (mimeType == "image/tiff" || mimeType == "image/tif" || mimeType == "image/x-tiff")) { |
| const PluginData* pluginData = document().frame()->page()->pluginData(); |
| String pluginName = pluginData ? pluginData->pluginNameForMimeType(mimeType) : String(); |
| - if (!pluginName.isEmpty() && !pluginName.contains("QuickTime", TextCaseInsensitive)) |
| + if (!pluginName.isEmpty() && !pluginName.contains("QuickTime", TextCaseInsensitive)) { |
| + useFallback = false; |
| return true; |
| + } |
| } |
| ObjectContentType objectType = document().frame()->loader().client()->objectContentType(url, mimeType, shouldPreferPlugInsForImages()); |
| @@ -561,7 +567,7 @@ void HTMLPlugInElement::dispatchErrorEvent() |
| dispatchEvent(Event::create(EventTypeNames::error)); |
| } |
| -bool HTMLPlugInElement::pluginIsLoadable(const KURL& url, const String& mimeType) |
| +bool HTMLPlugInElement::objectIsLoadable(const KURL& url, const String& mimeType) |
| { |
| if (url.isEmpty() && mimeType.isEmpty()) |
| return false; |
| @@ -574,24 +580,35 @@ bool HTMLPlugInElement::pluginIsLoadable(const KURL& url, const String& mimeType |
| if (MIMETypeRegistry::isJavaAppletMIMEType(mimeType)) |
| return false; |
| - if (document().isSandboxed(SandboxPlugins)) |
| - return false; |
| - |
| if (!document().securityOrigin()->canDisplay(url)) { |
| FrameLoader::reportLocalLoadFailed(frame, url.string()); |
| return false; |
| } |
| + if (!document().contentSecurityPolicy()->allowObjectFromSource(url)) { |
| + layoutEmbeddedObject()->setPluginUnavailabilityReason(LayoutEmbeddedObject::PluginBlockedByContentSecurityPolicy); |
| + return false; |
| + } |
| + |
| + return (!mimeType.isEmpty() && url.isEmpty()) || !MixedContentChecker::shouldBlockFetch(frame, WebURLRequest::RequestContextObject, WebURLRequest::FrameTypeNone, url); |
| +} |
| + |
| +bool HTMLPlugInElement::pluginIsLoadable(const KURL& url, const String& mimeType) |
| +{ |
|
pdr.
2016/02/02 04:32:42
Can you add an assert here so future refactorings
fs
2016/02/22 18:36:56
Done.
|
| + if (document().isSandboxed(SandboxPlugins)) { |
| + document().addConsoleMessage(ConsoleMessage::create(SecurityMessageSource, ErrorMessageLevel, |
| + "Failed to load '" + url.elidedString() + "' as a plugin, because the frame into which the plugin is loading is sandboxed.")); |
| + return false; |
| + } |
| + |
| AtomicString declaredMimeType = document().isPluginDocument() && document().ownerElement() ? |
| document().ownerElement()->fastGetAttribute(HTMLNames::typeAttr) : |
| fastGetAttribute(HTMLNames::typeAttr); |
| - if (!document().contentSecurityPolicy()->allowObjectFromSource(url) |
| - || !document().contentSecurityPolicy()->allowPluginTypeForDocument(document(), mimeType, declaredMimeType, url)) { |
| + if (!document().contentSecurityPolicy()->allowPluginTypeForDocument(document(), mimeType, declaredMimeType, url)) { |
| layoutEmbeddedObject()->setPluginUnavailabilityReason(LayoutEmbeddedObject::PluginBlockedByContentSecurityPolicy); |
| return false; |
| } |
| - |
| - return (!mimeType.isEmpty() && url.isEmpty()) || !MixedContentChecker::shouldBlockFetch(frame, WebURLRequest::RequestContextObject, WebURLRequest::FrameTypeNone, url); |
| + return true; |
| } |
| void HTMLPlugInElement::didAddUserAgentShadowRoot(ShadowRoot&) |
