content/browser/frame_host/navigation_controller_impl.cc - Issue 2032903007: Allow about:blank to be considered in-page if origin matches.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: content/browser/frame_host/navigation_controller_impl.cc

Issue 2032903007: Allow about:blank to be considered in-page if origin matches. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Add document.close() to tests. Created 4 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« no previous file with comments | « content/browser/frame_host/navigation_controller_impl.h ('k') | content/browser/frame_host/navigation_controller_impl_browsertest.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: content/browser/frame_host/navigation_controller_impl.cc

diff --git a/content/browser/frame_host/navigation_controller_impl.cc b/content/browser/frame_host/navigation_controller_impl.cc

index d2012a51ef3584010466b4242aa9a25896fddbeb..2356d392d7c226dd1df3134a6fd104d036e4a61f 100644

--- a/content/browser/frame_host/navigation_controller_impl.cc

+++ b/content/browser/frame_host/navigation_controller_impl.cc

@@ -826,8 +826,8 @@ bool NavigationControllerImpl::RendererDidNavigate(

details->type = ClassifyNavigation(rfh, params);

// is_in_page must be computed before the entry gets committed.

- details->is_in_page = IsURLInPageNavigation(

- params.url, params.was_within_same_page, rfh);

+ details->is_in_page = IsURLInPageNavigation(params.url, params.origin,

+ params.was_within_same_page, rfh);

switch (details->type) {

case NAVIGATION_TYPE_NEW_PAGE:

@@ -1372,8 +1372,13 @@ int NavigationControllerImpl::GetIndexOfEntry(

// in-page. Therefore, trust the renderer if the URLs are on the same origin,

// and assume the renderer is malicious if a cross-origin navigation claims to

// be in-page.

+//

+// TODO(creis): Clean up and simplify the about:blank and origin checks below,

+// which are likely redundant with each other. Be careful about data URLs vs

+// about:blank, both of which are unique origins and thus not considered equal.

bool NavigationControllerImpl::IsURLInPageNavigation(

const GURL& url,

+ const url::Origin& origin,

bool renderer_says_in_page,

RenderFrameHost* rfh) const {

RenderFrameHostImpl* rfhi = static_cast<RenderFrameHostImpl*>(rfh);

@@ -1406,6 +1411,7 @@ bool NavigationControllerImpl::IsURLInPageNavigation(

// for now.

last_committed_url == GURL(url::kAboutBlankURL) ||

last_committed_url.GetOrigin() == url.GetOrigin() ||

+ committed_origin == origin ||

!prefs.web_security_enabled ||

(prefs.allow_universal_access_from_file_urls &&

committed_origin.scheme() == url::kFileScheme);