Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(94)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/browser/frame_host/navigation_controller_impl.cc

Issue 2032903007: Allow about:blank to be considered in-page if origin matches. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Fix unit tests and add test Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « content/browser/frame_host/navigation_controller_impl.h ('k') | content/browser/frame_host/navigation_controller_impl_browsertest.cc » ('j') | content/browser/frame_host/navigation_controller_impl_unittest.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/browser/frame_host/navigation_controller_impl.cc
diff --git a/content/browser/frame_host/navigation_controller_impl.cc b/content/browser/frame_host/navigation_controller_impl.cc
index d2012a51ef3584010466b4242aa9a25896fddbeb..2356d392d7c226dd1df3134a6fd104d036e4a61f 100644
--- a/content/browser/frame_host/navigation_controller_impl.cc
+++ b/content/browser/frame_host/navigation_controller_impl.cc
@@ -826,8 +826,8 @@ bool NavigationControllerImpl::RendererDidNavigate(
details->type = ClassifyNavigation(rfh, params);
// is_in_page must be computed before the entry gets committed.
- details->is_in_page = IsURLInPageNavigation(
- params.url, params.was_within_same_page, rfh);
+ details->is_in_page = IsURLInPageNavigation(params.url, params.origin,
+ params.was_within_same_page, rfh);
switch (details->type) {
case NAVIGATION_TYPE_NEW_PAGE:
@@ -1372,8 +1372,13 @@ int NavigationControllerImpl::GetIndexOfEntry(
// in-page. Therefore, trust the renderer if the URLs are on the same origin,
// and assume the renderer is malicious if a cross-origin navigation claims to
// be in-page.
+//
+// TODO(creis): Clean up and simplify the about:blank and origin checks below,
+// which are likely redundant with each other. Be careful about data URLs vs
+// about:blank, both of which are unique origins and thus not considered equal.
bool NavigationControllerImpl::IsURLInPageNavigation(
const GURL& url,
+ const url::Origin& origin,
bool renderer_says_in_page,
RenderFrameHost* rfh) const {
RenderFrameHostImpl* rfhi = static_cast<RenderFrameHostImpl*>(rfh);
@@ -1406,6 +1411,7 @@ bool NavigationControllerImpl::IsURLInPageNavigation(
// for now.
last_committed_url == GURL(url::kAboutBlankURL) ||
last_committed_url.GetOrigin() == url.GetOrigin() ||
Charlie Reis 2016/06/06 19:30:54 I'm eager to get rid of this line (since GURL::Get
Avi (use Gerrit) 2016/06/06 19:46:41 Acknowledged.
+ committed_origin == origin ||
!prefs.web_security_enabled ||
(prefs.allow_universal_access_from_file_urls &&
committed_origin.scheme() == url::kFileScheme);
« no previous file with comments | « content/browser/frame_host/navigation_controller_impl.h ('k') | content/browser/frame_host/navigation_controller_impl_browsertest.cc » ('j') | content/browser/frame_host/navigation_controller_impl_unittest.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698