OLD | NEW |
---|---|
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 /* | 5 /* |
6 * Copyright (C) 2006, 2007, 2008, 2009 Apple Inc. All rights reserved. | 6 * Copyright (C) 2006, 2007, 2008, 2009 Apple Inc. All rights reserved. |
7 * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies) | 7 * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies) |
8 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. | 8 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. |
9 * (http://www.torchmobile.com/) | 9 * (http://www.torchmobile.com/) |
10 * | 10 * |
(...skipping 856 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
867 } else { | 867 } else { |
868 details->did_replace_entry = pending_entry_ && | 868 details->did_replace_entry = pending_entry_ && |
869 pending_entry_->should_replace_entry(); | 869 pending_entry_->should_replace_entry(); |
870 } | 870 } |
871 | 871 |
872 // Do navigation-type specific actions. These will make and commit an entry. | 872 // Do navigation-type specific actions. These will make and commit an entry. |
873 details->type = ClassifyNavigation(rfh, params); | 873 details->type = ClassifyNavigation(rfh, params); |
874 | 874 |
875 // is_in_page must be computed before the entry gets committed. | 875 // is_in_page must be computed before the entry gets committed. |
876 details->is_in_page = IsURLInPageNavigation( | 876 details->is_in_page = IsURLInPageNavigation( |
877 params.url, params.was_within_same_page, rfh); | 877 params.url, params.was_within_same_page, rfh, false); |
Charlie Reis
2016/02/26 20:11:57
This looks odd at first glance (since we do get he
| |
878 | 878 |
879 switch (details->type) { | 879 switch (details->type) { |
880 case NAVIGATION_TYPE_NEW_PAGE: | 880 case NAVIGATION_TYPE_NEW_PAGE: |
881 RendererDidNavigateToNewPage(rfh, params, details->did_replace_entry); | 881 RendererDidNavigateToNewPage(rfh, params, details->did_replace_entry); |
882 break; | 882 break; |
883 case NAVIGATION_TYPE_EXISTING_PAGE: | 883 case NAVIGATION_TYPE_EXISTING_PAGE: |
884 details->did_replace_entry = details->is_in_page; | 884 details->did_replace_entry = details->is_in_page; |
885 RendererDidNavigateToExistingPage(rfh, params); | 885 RendererDidNavigateToExistingPage(rfh, params); |
886 break; | 886 break; |
887 case NAVIGATION_TYPE_SAME_PAGE: | 887 case NAVIGATION_TYPE_SAME_PAGE: |
(...skipping 497 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1385 // the same origin. | 1385 // the same origin. |
1386 // However, due to reloads, even identical urls are *not* guaranteed to be | 1386 // However, due to reloads, even identical urls are *not* guaranteed to be |
1387 // in-page navigations, we have to trust the renderer almost entirely. | 1387 // in-page navigations, we have to trust the renderer almost entirely. |
1388 // The one thing we do know is that cross-origin navigations will *never* be | 1388 // The one thing we do know is that cross-origin navigations will *never* be |
1389 // in-page. Therefore, trust the renderer if the URLs are on the same origin, | 1389 // in-page. Therefore, trust the renderer if the URLs are on the same origin, |
1390 // and assume the renderer is malicious if a cross-origin navigation claims to | 1390 // and assume the renderer is malicious if a cross-origin navigation claims to |
1391 // be in-page. | 1391 // be in-page. |
1392 bool NavigationControllerImpl::IsURLInPageNavigation( | 1392 bool NavigationControllerImpl::IsURLInPageNavigation( |
1393 const GURL& url, | 1393 const GURL& url, |
1394 bool renderer_says_in_page, | 1394 bool renderer_says_in_page, |
1395 RenderFrameHost* rfh) const { | 1395 RenderFrameHost* rfh, |
1396 bool will_swap) const { | |
1396 GURL last_committed_url; | 1397 GURL last_committed_url; |
1397 if (rfh->GetParent()) { | 1398 if (rfh->GetParent()) { |
1398 last_committed_url = rfh->GetLastCommittedURL(); | 1399 last_committed_url = rfh->GetLastCommittedURL(); |
1399 } else { | 1400 } else { |
1400 NavigationEntry* last_committed = GetLastCommittedEntry(); | 1401 NavigationEntry* last_committed = GetLastCommittedEntry(); |
1401 // There must be a last-committed entry to compare URLs to. TODO(avi): When | 1402 // There must be a last-committed entry to compare URLs to. TODO(avi): When |
1402 // might Blink say that a navigation is in-page yet there be no last- | 1403 // might Blink say that a navigation is in-page yet there be no last- |
1403 // committed entry? | 1404 // committed entry? |
1404 if (!last_committed) | 1405 if (!last_committed) |
1405 return false; | 1406 return false; |
1406 last_committed_url = last_committed->GetURL(); | 1407 last_committed_url = last_committed->GetURL(); |
1407 } | 1408 } |
1408 | 1409 |
1409 WebPreferences prefs = rfh->GetRenderViewHost()->GetWebkitPreferences(); | 1410 WebPreferences prefs = rfh->GetRenderViewHost()->GetWebkitPreferences(); |
1410 const url::Origin& committed_origin = static_cast<RenderFrameHostImpl*>(rfh) | 1411 const url::Origin& committed_origin = static_cast<RenderFrameHostImpl*>(rfh) |
1411 ->frame_tree_node() | 1412 ->frame_tree_node() |
1412 ->current_origin(); | 1413 ->current_origin(); |
1413 bool is_same_origin = last_committed_url.is_empty() || | 1414 bool maybe_in_page = !will_swap && |
1415 (last_committed_url.is_empty() || | |
1414 // TODO(japhet): We should only permit navigations | 1416 // TODO(japhet): We should only permit navigations |
1415 // originating from about:blank to be in-page if the | 1417 // originating from about:blank to be in-page if the |
1416 // about:blank is the first document that frame loaded. | 1418 // about:blank is the first document that frame loaded. |
1417 // We don't have sufficient information to identify | 1419 // We don't have sufficient information to identify |
1418 // that case at the moment, so always allow about:blank | 1420 // that case at the moment, so always allow about:blank |
1419 // for now. | 1421 // for now. |
1420 last_committed_url == GURL(url::kAboutBlankURL) || | 1422 last_committed_url == GURL(url::kAboutBlankURL) || |
1421 last_committed_url.GetOrigin() == url.GetOrigin() || | 1423 last_committed_url.GetOrigin() == url.GetOrigin() || |
1422 !prefs.web_security_enabled || | 1424 !prefs.web_security_enabled || |
1423 (prefs.allow_universal_access_from_file_urls && | 1425 (prefs.allow_universal_access_from_file_urls && |
1424 committed_origin.scheme() == url::kFileScheme); | 1426 committed_origin.scheme() == url::kFileScheme)); |
1425 if (!is_same_origin && renderer_says_in_page) { | 1427 if (!maybe_in_page && renderer_says_in_page) { |
1426 bad_message::ReceivedBadMessage(rfh->GetProcess(), | 1428 bad_message::ReceivedBadMessage(rfh->GetProcess(), |
1427 bad_message::NC_IN_PAGE_NAVIGATION); | 1429 bad_message::NC_IN_PAGE_NAVIGATION); |
1428 } | 1430 } |
1429 return is_same_origin && renderer_says_in_page; | 1431 return maybe_in_page && renderer_says_in_page; |
1430 } | 1432 } |
1431 | 1433 |
1432 void NavigationControllerImpl::CopyStateFrom( | 1434 void NavigationControllerImpl::CopyStateFrom( |
1433 const NavigationController& temp) { | 1435 const NavigationController& temp) { |
1434 const NavigationControllerImpl& source = | 1436 const NavigationControllerImpl& source = |
1435 static_cast<const NavigationControllerImpl&>(temp); | 1437 static_cast<const NavigationControllerImpl&>(temp); |
1436 // Verify that we look new. | 1438 // Verify that we look new. |
1437 DCHECK(GetEntryCount() == 0 && !GetPendingEntry()); | 1439 DCHECK(GetEntryCount() == 0 && !GetPendingEntry()); |
1438 | 1440 |
1439 if (source.GetEntryCount() == 0) | 1441 if (source.GetEntryCount() == 0) |
(...skipping 623 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
2063 } | 2065 } |
2064 } | 2066 } |
2065 } | 2067 } |
2066 | 2068 |
2067 void NavigationControllerImpl::SetGetTimestampCallbackForTest( | 2069 void NavigationControllerImpl::SetGetTimestampCallbackForTest( |
2068 const base::Callback<base::Time()>& get_timestamp_callback) { | 2070 const base::Callback<base::Time()>& get_timestamp_callback) { |
2069 get_timestamp_callback_ = get_timestamp_callback; | 2071 get_timestamp_callback_ = get_timestamp_callback; |
2070 } | 2072 } |
2071 | 2073 |
2072 } // namespace content | 2074 } // namespace content |
OLD | NEW |