Block webpages from navigating to view-source URLs

content/browser/child_process_security_policy_impl.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/browser/child_process_security_policy_impl.h"
 
 #include <utility>
 
 #include "base/command_line.h"
 #include "base/files/file_path.h"
@@ skipping 375 matching lines @@
 void ChildProcessSecurityPolicyImpl::GrantRequestURL(
     int child_id, const GURL& url) {
 
   if (!url.is_valid())
     return;  // Can't grant the capability to request invalid URLs.
 
   if (IsWebSafeScheme(url.scheme()))
     return;  // The scheme has already been whitelisted for every child process.
 
   if (IsPseudoScheme(url.scheme())) {
-    // The view-source scheme is a special case of a pseudo-URL that eventually
-    // results in requesting its embedded URL.
-    if (url.SchemeIs(kViewSourceScheme)) {
-      // URLs with the view-source scheme typically look like:
-      //   view-source:http://www.google.com/a
-      // In order to request these URLs, the child_id needs to be able to
-      // request the embedded URL.
-      GrantRequestURL(child_id, GURL(url.GetContent()));
-    }
-
     return;  // Can't grant the capability to request pseudo schemes.
   }
 
   {
     base::AutoLock lock(lock_);
     SecurityStateMap::iterator state = security_state_.find(child_id);
     if (state == security_state_.end())
       return;
 
     // When the child process has been commanded to request this scheme,
@@ skipping 162 matching lines @@
 
   state->second->RevokeReadRawCookies();
 }
 
 bool ChildProcessSecurityPolicyImpl::CanRequestURL(
     int child_id, const GURL& url) {
   if (!url.is_valid())
     return false;  // Can't request invalid URLs.
 
   if (IsPseudoScheme(url.scheme())) {
-    // There are a number of special cases for pseudo schemes.
-
-    if (url.SchemeIs(kViewSourceScheme)) {
-      // A view-source URL is allowed if the child process is permitted to
-      // request the embedded URL. Careful to avoid pointless recursion.
-      GURL child_url(url.GetContent());
-      if (child_url.SchemeIs(kViewSourceScheme) &&
-          url.SchemeIs(kViewSourceScheme))
-          return false;
-
-      return CanRequestURL(child_id, child_url);
-    }
-
+    // Every child process can request <about:blank>.
     if (base::LowerCaseEqualsASCII(url.spec(), url::kAboutBlankURL))
-      return true;  // Every child process can request <about:blank>.
-
-    // URLs like <about:version> and <about:crash> shouldn't be requestable by
-    // any child process.  Also, this case covers <javascript:...>, which should
-    // be handled internally by the process and not kicked up to the browser.
+      return true;
+    // URLs like <about:version>, <about:crash>, <view-source:...> shouldn't be
+    // requestable by any child process.  Also, this case covers
+    // <javascript:...>, which should be handled internally by the process and
+    // not kicked up to the browser.
     return false;
   }
 
   // If the process can commit the URL, it can request it.
   if (CanCommitURL(child_id, url))
     return true;
 
   // Also allow URLs destined for ShellExecute and not the browser itself.
   return !GetContentClient()->browser()->IsHandledURL(url) &&
          !net::URLRequest::IsHandledURL(url);
@@ skipping 253 matching lines @@
   base::AutoLock lock(lock_);
 
   SecurityStateMap::iterator state = security_state_.find(child_id);
   if (state == security_state_.end())
     return false;
 
   return state->second->can_send_midi_sysex();
 }
 
 }  // namespace content