OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/browser/child_process_security_policy_impl.h" | 5 #include "content/browser/child_process_security_policy_impl.h" |
6 | 6 |
7 #include <utility> | 7 #include <utility> |
8 | 8 |
9 #include "base/command_line.h" | 9 #include "base/command_line.h" |
10 #include "base/files/file_path.h" | 10 #include "base/files/file_path.h" |
(...skipping 375 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
386 void ChildProcessSecurityPolicyImpl::GrantRequestURL( | 386 void ChildProcessSecurityPolicyImpl::GrantRequestURL( |
387 int child_id, const GURL& url) { | 387 int child_id, const GURL& url) { |
388 | 388 |
389 if (!url.is_valid()) | 389 if (!url.is_valid()) |
390 return; // Can't grant the capability to request invalid URLs. | 390 return; // Can't grant the capability to request invalid URLs. |
391 | 391 |
392 if (IsWebSafeScheme(url.scheme())) | 392 if (IsWebSafeScheme(url.scheme())) |
393 return; // The scheme has already been whitelisted for every child process. | 393 return; // The scheme has already been whitelisted for every child process. |
394 | 394 |
395 if (IsPseudoScheme(url.scheme())) { | 395 if (IsPseudoScheme(url.scheme())) { |
396 // The view-source scheme is a special case of a pseudo-URL that eventually | |
397 // results in requesting its embedded URL. | |
398 if (url.SchemeIs(kViewSourceScheme)) { | |
399 // URLs with the view-source scheme typically look like: | |
400 // view-source:http://www.google.com/a | |
401 // In order to request these URLs, the child_id needs to be able to | |
402 // request the embedded URL. | |
403 GrantRequestURL(child_id, GURL(url.GetContent())); | |
404 } | |
405 | |
406 return; // Can't grant the capability to request pseudo schemes. | 396 return; // Can't grant the capability to request pseudo schemes. |
407 } | 397 } |
408 | 398 |
409 { | 399 { |
410 base::AutoLock lock(lock_); | 400 base::AutoLock lock(lock_); |
411 SecurityStateMap::iterator state = security_state_.find(child_id); | 401 SecurityStateMap::iterator state = security_state_.find(child_id); |
412 if (state == security_state_.end()) | 402 if (state == security_state_.end()) |
413 return; | 403 return; |
414 | 404 |
415 // When the child process has been commanded to request this scheme, | 405 // When the child process has been commanded to request this scheme, |
(...skipping 162 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
578 | 568 |
579 state->second->RevokeReadRawCookies(); | 569 state->second->RevokeReadRawCookies(); |
580 } | 570 } |
581 | 571 |
582 bool ChildProcessSecurityPolicyImpl::CanRequestURL( | 572 bool ChildProcessSecurityPolicyImpl::CanRequestURL( |
583 int child_id, const GURL& url) { | 573 int child_id, const GURL& url) { |
584 if (!url.is_valid()) | 574 if (!url.is_valid()) |
585 return false; // Can't request invalid URLs. | 575 return false; // Can't request invalid URLs. |
586 | 576 |
587 if (IsPseudoScheme(url.scheme())) { | 577 if (IsPseudoScheme(url.scheme())) { |
588 // There are a number of special cases for pseudo schemes. | 578 // Every child process can request <about:blank>. |
589 | |
590 if (url.SchemeIs(kViewSourceScheme)) { | |
591 // A view-source URL is allowed if the child process is permitted to | |
592 // request the embedded URL. Careful to avoid pointless recursion. | |
593 GURL child_url(url.GetContent()); | |
594 if (child_url.SchemeIs(kViewSourceScheme) && | |
595 url.SchemeIs(kViewSourceScheme)) | |
596 return false; | |
597 | |
598 return CanRequestURL(child_id, child_url); | |
599 } | |
600 | |
601 if (base::LowerCaseEqualsASCII(url.spec(), url::kAboutBlankURL)) | 579 if (base::LowerCaseEqualsASCII(url.spec(), url::kAboutBlankURL)) |
602 return true; // Every child process can request <about:blank>. | 580 return true; |
603 | 581 // URLs like <about:version>, <about:crash>, <view-source:...> shouldn't be |
604 // URLs like <about:version> and <about:crash> shouldn't be requestable by | 582 // requestable by any child process. Also, this case covers |
605 // any child process. Also, this case covers <javascript:...>, which should | 583 // <javascript:...>, which should be handled internally by the process and |
606 // be handled internally by the process and not kicked up to the browser. | 584 // not kicked up to the browser. |
607 return false; | 585 return false; |
608 } | 586 } |
609 | 587 |
610 // If the process can commit the URL, it can request it. | 588 // If the process can commit the URL, it can request it. |
611 if (CanCommitURL(child_id, url)) | 589 if (CanCommitURL(child_id, url)) |
612 return true; | 590 return true; |
613 | 591 |
614 // Also allow URLs destined for ShellExecute and not the browser itself. | 592 // Also allow URLs destined for ShellExecute and not the browser itself. |
615 return !GetContentClient()->browser()->IsHandledURL(url) && | 593 return !GetContentClient()->browser()->IsHandledURL(url) && |
616 !net::URLRequest::IsHandledURL(url); | 594 !net::URLRequest::IsHandledURL(url); |
(...skipping 253 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
870 base::AutoLock lock(lock_); | 848 base::AutoLock lock(lock_); |
871 | 849 |
872 SecurityStateMap::iterator state = security_state_.find(child_id); | 850 SecurityStateMap::iterator state = security_state_.find(child_id); |
873 if (state == security_state_.end()) | 851 if (state == security_state_.end()) |
874 return false; | 852 return false; |
875 | 853 |
876 return state->second->can_send_midi_sysex(); | 854 return state->second->can_send_midi_sysex(); |
877 } | 855 } |
878 | 856 |
879 } // namespace content | 857 } // namespace content |
OLD | NEW |