OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/renderer/content_settings_observer.h" | 5 #include "chrome/renderer/content_settings_observer.h" |
6 | 6 |
7 #include "base/command_line.h" | 7 #include "base/command_line.h" |
8 #include "base/metrics/histogram.h" | 8 #include "base/metrics/histogram.h" |
9 #include "components/content_settings/content/common/content_settings_messages.h " | 9 #include "components/content_settings/content/common/content_settings_messages.h " |
10 #include "content/public/common/url_constants.h" | 10 #include "content/public/common/url_constants.h" |
11 #include "content/public/renderer/document_state.h" | |
12 #include "content/public/renderer/render_frame.h" | 11 #include "content/public/renderer/render_frame.h" |
13 #include "content/public/renderer/render_view.h" | 12 #include "content/public/renderer/render_view.h" |
14 #include "third_party/WebKit/public/platform/URLConversion.h" | 13 #include "third_party/WebKit/public/platform/URLConversion.h" |
15 #include "third_party/WebKit/public/platform/WebContentSettingCallbacks.h" | 14 #include "third_party/WebKit/public/platform/WebContentSettingCallbacks.h" |
16 #include "third_party/WebKit/public/platform/WebSecurityOrigin.h" | 15 #include "third_party/WebKit/public/platform/WebSecurityOrigin.h" |
17 #include "third_party/WebKit/public/platform/WebURL.h" | 16 #include "third_party/WebKit/public/platform/WebURL.h" |
18 #include "third_party/WebKit/public/web/WebDataSource.h" | 17 #include "third_party/WebKit/public/web/WebDataSource.h" |
19 #include "third_party/WebKit/public/web/WebDocument.h" | 18 #include "third_party/WebKit/public/web/WebDocument.h" |
20 #include "third_party/WebKit/public/web/WebFrameClient.h" | 19 #include "third_party/WebKit/public/web/WebFrameClient.h" |
21 #include "third_party/WebKit/public/web/WebLocalFrame.h" | 20 #include "third_party/WebKit/public/web/WebLocalFrame.h" |
(...skipping 10 matching lines...) Expand all Loading... | |
32 #endif | 31 #endif |
33 | 32 |
34 using blink::WebContentSettingCallbacks; | 33 using blink::WebContentSettingCallbacks; |
35 using blink::WebDataSource; | 34 using blink::WebDataSource; |
36 using blink::WebDocument; | 35 using blink::WebDocument; |
37 using blink::WebFrame; | 36 using blink::WebFrame; |
38 using blink::WebSecurityOrigin; | 37 using blink::WebSecurityOrigin; |
39 using blink::WebString; | 38 using blink::WebString; |
40 using blink::WebURL; | 39 using blink::WebURL; |
41 using blink::WebView; | 40 using blink::WebView; |
42 using content::DocumentState; | |
43 using content::NavigationState; | |
44 | 41 |
45 namespace { | 42 namespace { |
46 | 43 |
47 // This enum is histogrammed, so do not add, reorder, or remove values. | 44 // This enum is histogrammed, so do not add, reorder, or remove values. |
48 enum { | 45 enum { |
49 INSECURE_CONTENT_DISPLAY = 0, | 46 INSECURE_CONTENT_DISPLAY = 0, |
50 INSECURE_CONTENT_DISPLAY_HOST_GOOGLE, // deprecated | 47 INSECURE_CONTENT_DISPLAY_HOST_GOOGLE, // deprecated |
51 INSECURE_CONTENT_DISPLAY_HOST_WWW_GOOGLE, // deprecated | 48 INSECURE_CONTENT_DISPLAY_HOST_WWW_GOOGLE, // deprecated |
52 INSECURE_CONTENT_DISPLAY_HTML, | 49 INSECURE_CONTENT_DISPLAY_HTML, |
53 INSECURE_CONTENT_RUN, | 50 INSECURE_CONTENT_RUN, |
(...skipping 172 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
226 | 223 |
227 return false; | 224 return false; |
228 } | 225 } |
229 | 226 |
230 void ContentSettingsObserver::DidCommitProvisionalLoad( | 227 void ContentSettingsObserver::DidCommitProvisionalLoad( |
231 bool is_new_navigation, | 228 bool is_new_navigation, |
232 bool is_same_page_navigation) { | 229 bool is_same_page_navigation) { |
233 WebFrame* frame = render_frame()->GetWebFrame(); | 230 WebFrame* frame = render_frame()->GetWebFrame(); |
234 if (frame->parent()) | 231 if (frame->parent()) |
235 return; // Not a top-level navigation. | 232 return; // Not a top-level navigation. |
236 | |
237 if (!is_same_page_navigation) { | |
238 // Clear "block" flags for the new page. This needs to happen before any of | |
239 // |allowScript()|, |allowScriptFromSource()|, |allowImage()|, or | |
240 // |allowPlugins()| is called for the new page so that these functions can | |
241 // correctly detect that a piece of content flipped from "not blocked" to | |
242 // "blocked". | |
243 ClearBlockedContentSettings(); | |
244 temporarily_allowed_plugins_.clear(); | |
245 } | |
246 | |
247 GURL url = frame->document().url(); | 233 GURL url = frame->document().url(); |
248 // If we start failing this DCHECK, please makes sure we don't regress | 234 // If we start failing this DCHECK, please makes sure we don't regress |
249 // this bug: http://code.google.com/p/chromium/issues/detail?id=79304 | 235 // this bug: http://code.google.com/p/chromium/issues/detail?id=79304 |
250 DCHECK(frame->document().getSecurityOrigin().toString() == "null" || | 236 DCHECK(frame->document().getSecurityOrigin().toString() == "null" || |
251 !url.SchemeIs(url::kDataScheme)); | 237 !url.SchemeIs(url::kDataScheme)); |
252 } | 238 } |
253 | 239 |
240 void ContentSettingsObserver::DidStartProvisionalLoad() { | |
Bernhard Bauer
2016/03/29 08:33:33
Hm... isn't this called when we send out a network
meacer
2016/03/29 18:34:36
It sounds like this would only affect temporarily
| |
241 // Clear "block" flags for the new page. This needs to happen before any of | |
242 // |allowScript()|, |allowScriptFromSource()|, |allowImage()|, or | |
243 // |allowPlugins()| is called for the new page so that these functions can | |
244 // correctly detect that a piece of content flipped from "not blocked" to | |
245 // "blocked". | |
246 // This also needs to happen before the document load begins, as parsing the | |
247 // document can trigger calls to ScriptController::canExecuteScripts. | |
248 // There is no need to check for same page navigations here as those don't | |
249 // trigger DidStartProvisionalLoad. | |
250 ClearBlockedContentSettings(); | |
251 temporarily_allowed_plugins_.clear(); | |
252 } | |
253 | |
254 bool ContentSettingsObserver::allowDatabase(const WebString& name, | 254 bool ContentSettingsObserver::allowDatabase(const WebString& name, |
255 const WebString& display_name, | 255 const WebString& display_name, |
256 unsigned long estimated_size) { | 256 unsigned long estimated_size) { |
257 WebFrame* frame = render_frame()->GetWebFrame(); | 257 WebFrame* frame = render_frame()->GetWebFrame(); |
258 if (frame->getSecurityOrigin().isUnique() || | 258 if (frame->getSecurityOrigin().isUnique() || |
259 frame->top()->getSecurityOrigin().isUnique()) | 259 frame->top()->getSecurityOrigin().isUnique()) |
260 return false; | 260 return false; |
261 | 261 |
262 bool result = false; | 262 bool result = false; |
263 Send(new ChromeViewHostMsg_AllowDatabase( | 263 Send(new ChromeViewHostMsg_AllowDatabase( |
(...skipping 363 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
627 | 627 |
628 // If the scheme is file:, an empty file name indicates a directory listing, | 628 // If the scheme is file:, an empty file name indicates a directory listing, |
629 // which requires JavaScript to function properly. | 629 // which requires JavaScript to function properly. |
630 if (base::EqualsASCII(protocol, url::kFileScheme)) { | 630 if (base::EqualsASCII(protocol, url::kFileScheme)) { |
631 return document_url.SchemeIs(url::kFileScheme) && | 631 return document_url.SchemeIs(url::kFileScheme) && |
632 document_url.ExtractFileName().empty(); | 632 document_url.ExtractFileName().empty(); |
633 } | 633 } |
634 | 634 |
635 return false; | 635 return false; |
636 } | 636 } |
OLD | NEW |