| Index: ios/web/web_state/ui/crw_wk_web_view_web_controller.mm
|
| diff --git a/ios/web/web_state/ui/crw_wk_web_view_web_controller.mm b/ios/web/web_state/ui/crw_wk_web_view_web_controller.mm
|
| index ece3a51c7f1c7ba0c2303f93748c42398bdcfc46..a99d7a99f0364b887764138bbf6bc44b2d9c9d9b 100644
|
| --- a/ios/web/web_state/ui/crw_wk_web_view_web_controller.mm
|
| +++ b/ios/web/web_state/ui/crw_wk_web_view_web_controller.mm
|
| @@ -1433,9 +1433,15 @@ NSError* WKWebViewErrorWithSource(NSError* error, WKWebViewErrorSource source) {
|
| // TODO(crbug.com/546347): Extract necessary tasks for app specific URL
|
| // navigation rather than restarting the load.
|
| if (web::GetWebClient()->IsAppSpecificURL(webViewURL)) {
|
| - [self abortWebLoad];
|
| - NavigationManager::WebLoadParams params(webViewURL);
|
| - [self loadWithParams:params];
|
| + // Renderer-initiated loads of WebUI can be done only from other WebUI
|
| + // pages. WebUI pages may have increased power and using the same web
|
| + // process (which may potentially be controller by an attacker) is
|
| + // dangerous.
|
| + if (web::GetWebClient()->IsAppSpecificURL(_documentURL)) {
|
| + [self abortWebLoad];
|
| + NavigationManager::WebLoadParams params(webViewURL);
|
| + [self loadWithParams:params];
|
| + }
|
| return;
|
| } else {
|
| [self registerLoadRequest:webViewURL];
|
|
|
Chromium Code Reviews
Issue 1926563002:
[ios] Do not allow loading chrome:// URLs from regular http/https pages. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@2704