Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(432)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/browser/frame_host/navigation_controller_impl.cc

Issue 1738233002: Disallow was_within_same_page = true for a cross-process navigation (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 4 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « content/browser/frame_host/navigation_controller_impl.h ('k') | content/browser/frame_host/navigation_controller_impl_unittest.cc » ('j') | content/browser/frame_host/navigator_impl.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/browser/frame_host/navigation_controller_impl.cc
diff --git a/content/browser/frame_host/navigation_controller_impl.cc b/content/browser/frame_host/navigation_controller_impl.cc
index e1c24c7ff606c020ab72b233e1971917c9a510fb..b2169db3a6a3745ddc76890ea0f16037b8cd5353 100644
--- a/content/browser/frame_host/navigation_controller_impl.cc
+++ b/content/browser/frame_host/navigation_controller_impl.cc
@@ -874,7 +874,7 @@ bool NavigationControllerImpl::RendererDidNavigate(
// is_in_page must be computed before the entry gets committed.
details->is_in_page = IsURLInPageNavigation(
- params.url, params.was_within_same_page, rfh);
+ params.url, params.was_within_same_page, rfh, false);
Charlie Reis 2016/02/26 20:11:57 This looks odd at first glance (since we do get he
switch (details->type) {
case NAVIGATION_TYPE_NEW_PAGE:
@@ -1392,7 +1392,8 @@ int NavigationControllerImpl::GetIndexOfEntry(
bool NavigationControllerImpl::IsURLInPageNavigation(
const GURL& url,
bool renderer_says_in_page,
- RenderFrameHost* rfh) const {
+ RenderFrameHost* rfh,
+ bool will_swap) const {
GURL last_committed_url;
if (rfh->GetParent()) {
last_committed_url = rfh->GetLastCommittedURL();
@@ -1410,7 +1411,8 @@ bool NavigationControllerImpl::IsURLInPageNavigation(
const url::Origin& committed_origin = static_cast<RenderFrameHostImpl*>(rfh)
->frame_tree_node()
->current_origin();
- bool is_same_origin = last_committed_url.is_empty() ||
+ bool maybe_in_page = !will_swap &&
+ (last_committed_url.is_empty() ||
// TODO(japhet): We should only permit navigations
// originating from about:blank to be in-page if the
// about:blank is the first document that frame loaded.
@@ -1421,12 +1423,12 @@ bool NavigationControllerImpl::IsURLInPageNavigation(
last_committed_url.GetOrigin() == url.GetOrigin() ||
!prefs.web_security_enabled ||
(prefs.allow_universal_access_from_file_urls &&
- committed_origin.scheme() == url::kFileScheme);
- if (!is_same_origin && renderer_says_in_page) {
+ committed_origin.scheme() == url::kFileScheme));
+ if (!maybe_in_page && renderer_says_in_page) {
bad_message::ReceivedBadMessage(rfh->GetProcess(),
bad_message::NC_IN_PAGE_NAVIGATION);
}
- return is_same_origin && renderer_says_in_page;
+ return maybe_in_page && renderer_says_in_page;
}
void NavigationControllerImpl::CopyStateFrom(
« no previous file with comments | « content/browser/frame_host/navigation_controller_impl.h ('k') | content/browser/frame_host/navigation_controller_impl_unittest.cc » ('j') | content/browser/frame_host/navigator_impl.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698