OLD | NEW |
---|---|
1 /* | 1 /* |
2 * Copyright (C) 1998, 1999 Torben Weis <weis@kde.org> | 2 * Copyright (C) 1998, 1999 Torben Weis <weis@kde.org> |
3 * 1999 Lars Knoll <knoll@kde.org> | 3 * 1999 Lars Knoll <knoll@kde.org> |
4 * 1999 Antti Koivisto <koivisto@kde.org> | 4 * 1999 Antti Koivisto <koivisto@kde.org> |
5 * 2000 Simon Hausmann <hausmann@kde.org> | 5 * 2000 Simon Hausmann <hausmann@kde.org> |
6 * 2000 Stefan Schimanski <1Stein@gmx.de> | 6 * 2000 Stefan Schimanski <1Stein@gmx.de> |
7 * 2001 George Staikos <staikos@kde.org> | 7 * 2001 George Staikos <staikos@kde.org> |
8 * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All r ights reserved. | 8 * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All r ights reserved. |
9 * Copyright (C) 2005 Alexey Proskuryakov <ap@nypop.com> | 9 * Copyright (C) 2005 Alexey Proskuryakov <ap@nypop.com> |
10 * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies) | 10 * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies) |
(...skipping 24 matching lines...) Expand all Loading... | |
35 #include "core/frame/LocalDOMWindow.h" | 35 #include "core/frame/LocalDOMWindow.h" |
36 #include "core/frame/Settings.h" | 36 #include "core/frame/Settings.h" |
37 #include "core/frame/UseCounter.h" | 37 #include "core/frame/UseCounter.h" |
38 #include "core/html/HTMLFrameElementBase.h" | 38 #include "core/html/HTMLFrameElementBase.h" |
39 #include "core/input/EventHandler.h" | 39 #include "core/input/EventHandler.h" |
40 #include "core/inspector/InspectorInstrumentation.h" | 40 #include "core/inspector/InspectorInstrumentation.h" |
41 #include "core/inspector/InstanceCounters.h" | 41 #include "core/inspector/InstanceCounters.h" |
42 #include "core/layout/LayoutPart.h" | 42 #include "core/layout/LayoutPart.h" |
43 #include "core/loader/EmptyClients.h" | 43 #include "core/loader/EmptyClients.h" |
44 #include "core/loader/FrameLoaderClient.h" | 44 #include "core/loader/FrameLoaderClient.h" |
45 #include "core/loader/NavigationScheduler.h" | |
45 #include "core/page/FocusController.h" | 46 #include "core/page/FocusController.h" |
46 #include "core/page/Page.h" | 47 #include "core/page/Page.h" |
47 #include "platform/Histogram.h" | 48 #include "platform/Histogram.h" |
48 #include "platform/UserGestureIndicator.h" | 49 #include "platform/UserGestureIndicator.h" |
49 | 50 |
50 namespace blink { | 51 namespace blink { |
51 | 52 |
52 using namespace HTMLNames; | 53 using namespace HTMLNames; |
53 | 54 |
54 Frame::~Frame() | 55 Frame::~Frame() |
(...skipping 106 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
161 } | 162 } |
162 | 163 |
163 return false; | 164 return false; |
164 } | 165 } |
165 | 166 |
166 bool Frame::canNavigate(const Frame& targetFrame) | 167 bool Frame::canNavigate(const Frame& targetFrame) |
167 { | 168 { |
168 String errorReason; | 169 String errorReason; |
169 bool isAllowedNavigation = canNavigateWithoutFramebusting(targetFrame, error Reason); | 170 bool isAllowedNavigation = canNavigateWithoutFramebusting(targetFrame, error Reason); |
170 | 171 |
171 // Frame-busting is generally allowed, but blocked for sandboxed frames lack ing the 'allow-top-navigation' flag. | |
172 if (targetFrame != this && !securityContext()->isSandboxed(SandboxTopNavigat ion) && targetFrame == tree().top()) { | 172 if (targetFrame != this && !securityContext()->isSandboxed(SandboxTopNavigat ion) && targetFrame == tree().top()) { |
173 DEFINE_STATIC_LOCAL(EnumerationHistogram, framebustHistogram, ("WebCore. Framebust", 4)); | 173 DEFINE_STATIC_LOCAL(EnumerationHistogram, framebustHistogram, ("WebCore. Framebust", 4)); |
174 const unsigned userGestureBit = 0x1; | 174 const unsigned userGestureBit = 0x1; |
175 const unsigned allowedBit = 0x2; | 175 const unsigned allowedBit = 0x2; |
176 unsigned framebustParams = 0; | 176 unsigned framebustParams = 0; |
177 UseCounter::count(&targetFrame, UseCounter::TopNavigationFromSubFrame); | 177 UseCounter::count(&targetFrame, UseCounter::TopNavigationFromSubFrame); |
178 if (UserGestureIndicator::processingUserGesture()) | 178 bool hasUserGesture = UserGestureIndicator::processingUserGesture(); |
179 if (hasUserGesture) | |
179 framebustParams |= userGestureBit; | 180 framebustParams |= userGestureBit; |
180 if (isAllowedNavigation) | 181 if (isAllowedNavigation) |
181 framebustParams |= allowedBit; | 182 framebustParams |= allowedBit; |
182 framebustHistogram.count(framebustParams); | 183 framebustHistogram.count(framebustParams); |
183 return true; | 184 // Frame-busting used to be generally allowed in most situations, but ma y now blocked if there is no user gesture. |
185 if (!RuntimeEnabledFeatures::framebustingNeedsSameOriginOrUserGestureEna bled()) | |
Mike West
2016/08/31 13:14:48
Is the "same origin" bit accurate? I don't see a s
| |
186 return true; | |
187 if (hasUserGesture || isAllowedNavigation) | |
188 return true; | |
189 errorReason = "The frame attempting navigation is targeting its top-leve l window, but is neither same-origin with its target nor is it processing a user gesture. See https://www.chromestatus.com/features/5851021045661696."; | |
190 printNavigationErrorMessage(targetFrame, errorReason.latin1().data()); | |
191 if (isLocalFrame()) | |
192 toLocalFrame(this)->navigationScheduler().schedulePageBlock(toLocalF rame(this)->document()); | |
193 return false; | |
184 } | 194 } |
185 if (!isAllowedNavigation && !errorReason.isNull()) | 195 if (!isAllowedNavigation && !errorReason.isNull()) |
186 printNavigationErrorMessage(targetFrame, errorReason.latin1().data()); | 196 printNavigationErrorMessage(targetFrame, errorReason.latin1().data()); |
187 return isAllowedNavigation; | 197 return isAllowedNavigation; |
188 } | 198 } |
189 | 199 |
190 bool Frame::canNavigateWithoutFramebusting(const Frame& targetFrame, String& rea son) | 200 bool Frame::canNavigateWithoutFramebusting(const Frame& targetFrame, String& rea son) |
191 { | 201 { |
192 if (securityContext()->isSandboxed(SandboxNavigation)) { | 202 if (securityContext()->isSandboxed(SandboxNavigation)) { |
193 // Sandboxed frames can navigate their own children. | 203 // Sandboxed frames can navigate their own children. |
194 if (targetFrame.tree().isDescendantOf(this)) | 204 if (targetFrame.tree().isDescendantOf(this)) |
195 return true; | 205 return true; |
196 | 206 |
197 // They can also navigate popups, if the 'allow-sandbox-escape-via-popup ' flag is specified. | 207 // They can also navigate popups, if the 'allow-sandbox-escape-via-popup ' flag is specified. |
198 if (targetFrame == targetFrame.tree().top() && targetFrame.tree().top() != tree().top() && !securityContext()->isSandboxed(SandboxPropagatesToAuxiliaryB rowsingContexts)) | 208 if (targetFrame == targetFrame.tree().top() && targetFrame.tree().top() != tree().top() && !securityContext()->isSandboxed(SandboxPropagatesToAuxiliaryB rowsingContexts)) |
199 return true; | 209 return true; |
200 | 210 |
211 // Top navigation can be opted-in. | |
212 if (!securityContext()->isSandboxed(SandboxTopNavigation) && targetFrame == tree().top()) | |
213 return true; | |
214 | |
201 // Otherwise, block the navigation. | 215 // Otherwise, block the navigation. |
202 if (securityContext()->isSandboxed(SandboxTopNavigation) && targetFrame == tree().top()) | 216 if (securityContext()->isSandboxed(SandboxTopNavigation) && targetFrame == tree().top()) |
203 reason = "The frame attempting navigation of the top-level window is sandboxed, but the 'allow-top-navigation' flag is not set."; | 217 reason = "The frame attempting navigation of the top-level window is sandboxed, but the 'allow-top-navigation' flag is not set."; |
204 else | 218 else |
205 reason = "The frame attempting navigation is sandboxed, and is there fore disallowed from navigating its ancestors."; | 219 reason = "The frame attempting navigation is sandboxed, and is there fore disallowed from navigating its ancestors."; |
206 return false; | 220 return false; |
207 } | 221 } |
208 | 222 |
209 ASSERT(securityContext()->getSecurityOrigin()); | 223 ASSERT(securityContext()->getSecurityOrigin()); |
210 SecurityOrigin& origin = *securityContext()->getSecurityOrigin(); | 224 SecurityOrigin& origin = *securityContext()->getSecurityOrigin(); |
(...skipping 87 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
298 | 312 |
299 ASSERT(page()); | 313 ASSERT(page()); |
300 | 314 |
301 if (m_owner) | 315 if (m_owner) |
302 m_owner->setContentFrame(*this); | 316 m_owner->setContentFrame(*this); |
303 else | 317 else |
304 page()->setMainFrame(this); | 318 page()->setMainFrame(this); |
305 } | 319 } |
306 | 320 |
307 } // namespace blink | 321 } // namespace blink |
OLD | NEW |