chrome/renderer/content_settings_observer.cc - Issue 2048303002: Fix broken mixed script Rappor metric and add browser test

Side by Side Diff: chrome/renderer/content_settings_observer.cc

Issue 2048303002: Fix broken mixed script Rappor metric and add browser test (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Created 4 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "chrome/renderer/content_settings_observer.h"	5 #include "chrome/renderer/content_settings_observer.h"

6	6

7 #include "base/command_line.h"	7 #include "base/command_line.h"

8 #include "base/metrics/histogram.h"	8 #include "base/metrics/histogram.h"

9 #include "components/content_settings/content/common/content_settings_messages.h "	9 #include "components/content_settings/content/common/content_settings_messages.h "

10 #include "content/public/common/url_constants.h"	10 #include "content/public/common/url_constants.h"

(...skipping 465 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
476 base::CompareCase::INSENSITIVE_ASCII))	476 base::CompareCase::INSENSITIVE_ASCII))

477 SendInsecureContentSignal(INSECURE_CONTENT_RUN_JS);	477 SendInsecureContentSignal(INSECURE_CONTENT_RUN_JS);

478 else if (base::EndsWith(resource_gurl.path(), kDotCSS,	478 else if (base::EndsWith(resource_gurl.path(), kDotCSS,

479 base::CompareCase::INSENSITIVE_ASCII))	479 base::CompareCase::INSENSITIVE_ASCII))

480 SendInsecureContentSignal(INSECURE_CONTENT_RUN_CSS);	480 SendInsecureContentSignal(INSECURE_CONTENT_RUN_CSS);

481 else if (base::EndsWith(resource_gurl.path(), kDotSWF,	481 else if (base::EndsWith(resource_gurl.path(), kDotSWF,

482 base::CompareCase::INSENSITIVE_ASCII))	482 base::CompareCase::INSENSITIVE_ASCII))

483 SendInsecureContentSignal(INSECURE_CONTENT_RUN_SWF);	483 SendInsecureContentSignal(INSECURE_CONTENT_RUN_SWF);

484	484

485 if (!allow_running_insecure_content_ && !allowed_per_settings) {	485 if (!allow_running_insecure_content_ && !allowed_per_settings) {

486 DidBlockContentType(CONTENT_SETTINGS_TYPE_MIXEDSCRIPT, origin.host());	486 DidBlockContentType(CONTENT_SETTINGS_TYPE_MIXEDSCRIPT, origin.toString());
	felt 2016/06/10 03:41:08 Man, this is a tricky bug. It wasn't obvious to me Man, this is a tricky bug. It wasn't obvious to me at first what was going on with this bug (or bugfix). I think it's so tricky for two reasons: 1. It isn't particularly clear that this string is going to end up turned back into a GURL. 2. I would have expected TabSpecificContentSettings::OnContentBlockedWithDetail to DCHECK that GURL(base::UTF16ToUTF8(details)).is_valid(). This would ensure that the contract was upheld by the caller a few layers back. I'm not suggesting that we change anything, since the bug is now found and fixed. However: it's something I'll keep in mind the next time I see a similar pattern! estark 2016/06/10 03:55:20 Easy enough to add a DCHECK, so I did that. Also w Show quoted text On 2016/06/10 03:41:08, felt wrote: > Man, this is a tricky bug. It wasn't obvious to me at first what was going on > with this bug (or bugfix). I think it's so tricky for two reasons: > > 1. It isn't particularly clear that this string is going to end up turned back > into a GURL. > 2. I would have expected TabSpecificContentSettings::OnContentBlockedWithDetail > to DCHECK that GURL(base::UTF16ToUTF8(details)).is_valid(). This would ensure > that the contract was upheld by the caller a few layers back. > > I'm not suggesting that we change anything, since the bug is now found and > fixed. However: it's something I'll keep in mind the next time I see a similar > pattern! Easy enough to add a DCHECK, so I did that. Also will crib jialiul's description of the issue that she had put in the CL she started and put it in this one, so that the fix is a bit easier to understand.
487 return false;	487 return false;

488 }	488 }

489	489

490 return true;	490 return true;

491 }	491 }

492	492

493 bool ContentSettingsObserver::allowAutoplay(bool default_value) {	493 bool ContentSettingsObserver::allowAutoplay(bool default_value) {

494 if (!content_setting_rules_)	494 if (!content_setting_rules_)

495 return default_value;	495 return default_value;

496	496

(...skipping 130 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
627	627

628 // If the scheme is file:, an empty file name indicates a directory listing,	628 // If the scheme is file:, an empty file name indicates a directory listing,

629 // which requires JavaScript to function properly.	629 // which requires JavaScript to function properly.

630 if (base::EqualsASCII(protocol, url::kFileScheme)) {	630 if (base::EqualsASCII(protocol, url::kFileScheme)) {

631 return document_url.SchemeIs(url::kFileScheme) &&	631 return document_url.SchemeIs(url::kFileScheme) &&

632 document_url.ExtractFileName().empty();	632 document_url.ExtractFileName().empty();

633 }	633 }

634	634

635 return false;	635 return false;

636 }	636 }

OLD	NEW