content/browser/web_contents/web_contents_impl.cc - Issue 1678233003: Don't focus the location bar in a phishy situation.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: content/browser/web_contents/web_contents_impl.cc

Issue 1678233003: Don't focus the location bar in a phishy situation. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Respond to comments. Thanks! Created 4 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: content/browser/web_contents/web_contents_impl.cc

diff --git a/content/browser/web_contents/web_contents_impl.cc b/content/browser/web_contents/web_contents_impl.cc

index 0578dfad09f91aeb4c4110894b48e7c208cf31f7..26464d27ac6bf2a325ed57d7c655937fb218c4f2 100644

--- a/content/browser/web_contents/web_contents_impl.cc

+++ b/content/browser/web_contents/web_contents_impl.cc

@@ -2934,9 +2934,28 @@ void WebContentsImpl::ResumeLoadingCreatedWebContents() {

}

bool WebContentsImpl::FocusLocationBarByDefault() {

- NavigationEntry* entry = controller_.GetVisibleEntry();

- if (entry && entry->GetURL() == GURL(url::kAboutBlankURL))

+ // When the browser is started with about:blank as the startup URL, focus

+ // the location bar (which will also select its contents) so people can

+ // simply begin typing to navigate elsewhere.

+ //

+ // We need to be careful not to trigger this for anything other than the

+ // startup navigation. In particular, if we allow an attacker to open a

+ // popup to about:blank, then navigate, focusing the Omnibox will cause the

+ // end of the new URL to be scrolled into view instead of the start,

+ // allowing the attacker to spoof other URLs. The conditions checked here

+ // are all aimed at ensuring no such attacker-controlled navigation can

+ // trigger this.

+ //

+ // Note that we check the pending entry instead of the visible one; for the

+ // startup URL case these are the same, but for the attacker-controlled

+ // navigation case the visible entry is the committed "about:blank" URL and

+ // the pending entry is the problematic navigation elsewhere.

groby-ooo-7-16 2016/03/07 20:00:37 Thank you, thank you, thank you! Future Rachel is

+ NavigationEntryImpl* entry = controller_.GetPendingEntry();

+ if (controller_.IsInitialNavigation() && entry &&

+ !entry->is_renderer_initiated() &&

+ entry->GetURL() == GURL(url::kAboutBlankURL)) {

return true;

+ }

return delegate_ && delegate_->ShouldFocusLocationBarByDefault(this);

}

« no previous file with comments | « chrome/browser/ui/browser_focus_uitest.cc ('k') | no next file » | no next file with comments »