Chromium Code Reviews Chromium Code Reviews
Issue 2099563002:
WebUI: DisallowJavascript only on Refresh and non-same-page navigations (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/browser/webui/web_ui_impl.h" | 5 #include "content/browser/webui/web_ui_impl.h" |
| 6 | 6 |
| 7 #include <stddef.h> | 7 #include <stddef.h> |
| 8 | 8 |
| 9 #include "base/debug/dump_without_crashing.h" | 9 #include "base/debug/dump_without_crashing.h" |
| 10 #include "base/json/json_writer.h" | 10 #include "base/json/json_writer.h" |
| 11 #include "base/strings/utf_string_conversions.h" | 11 #include "base/strings/utf_string_conversions.h" |
| 12 #include "base/values.h" | 12 #include "base/values.h" |
| 13 #include "content/browser/child_process_security_policy_impl.h" | 13 #include "content/browser/child_process_security_policy_impl.h" |
| 14 #include "content/browser/renderer_host/dip_util.h" | 14 #include "content/browser/renderer_host/dip_util.h" |
| 15 #include "content/browser/renderer_host/render_process_host_impl.h" | 15 #include "content/browser/renderer_host/render_process_host_impl.h" |
| 16 #include "content/browser/web_contents/web_contents_impl.h" | 16 #include "content/browser/web_contents/web_contents_impl.h" |
| 17 #include "content/browser/web_contents/web_contents_view.h" | 17 #include "content/browser/web_contents/web_contents_view.h" |
| 18 #include "content/browser/webui/web_ui_controller_factory_registry.h" | 18 #include "content/browser/webui/web_ui_controller_factory_registry.h" |
| 19 #include "content/common/view_messages.h" | 19 #include "content/common/view_messages.h" |
| 20 #include "content/public/browser/content_browser_client.h" | 20 #include "content/public/browser/content_browser_client.h" |
| 21 #include "content/public/browser/navigation_handle.h" | |
| 21 #include "content/public/browser/render_frame_host.h" | 22 #include "content/public/browser/render_frame_host.h" |
| 22 #include "content/public/browser/render_view_host.h" | 23 #include "content/public/browser/render_view_host.h" |
| 24 #include "content/public/browser/web_contents_observer.h" | |
| 23 #include "content/public/browser/web_ui_controller.h" | 25 #include "content/public/browser/web_ui_controller.h" |
| 24 #include "content/public/browser/web_ui_message_handler.h" | 26 #include "content/public/browser/web_ui_message_handler.h" |
| 25 #include "content/public/common/bindings_policy.h" | 27 #include "content/public/common/bindings_policy.h" |
| 26 #include "content/public/common/content_client.h" | 28 #include "content/public/common/content_client.h" |
| 27 | 29 |
| 28 namespace content { | 30 namespace content { |
| 29 | 31 |
| 32 class WebUIImpl::MainFrameNavigationObserver : public WebContentsObserver { | |
| 33 public: | |
| 34 MainFrameNavigationObserver(WebUIImpl* parent, WebContents* contents) | |
|
Charlie Reis
2016/06/25 00:02:19
nit: s/parent/web_ui/
tommycli
2016/06/25 00:12:17
Done.
| |
| 35 : WebContentsObserver(contents), web_ui_(parent) {} | |
| 36 ~MainFrameNavigationObserver() override {} | |
| 37 | |
| 38 private: | |
| 39 void DidFinishNavigation(NavigationHandle* navigation_handle) override { | |
| 40 // Only disallow JavaScript on cross-document navigations in the main frame. | |
| 41 if (!navigation_handle->IsInMainFrame() || | |
| 42 !navigation_handle->HasCommitted() || navigation_handle->IsSamePage()) { | |
| 43 return; | |
| 44 } | |
| 45 | |
| 46 web_ui_->DisallowJavascriptOnAllHandlers(); | |
| 47 } | |
| 48 | |
| 49 WebUIImpl* web_ui_; | |
| 50 }; | |
| 51 | |
| 30 const WebUI::TypeID WebUI::kNoWebUI = NULL; | 52 const WebUI::TypeID WebUI::kNoWebUI = NULL; |
| 31 | 53 |
| 32 // static | 54 // static |
| 33 base::string16 WebUI::GetJavascriptCall( | 55 base::string16 WebUI::GetJavascriptCall( |
| 34 const std::string& function_name, | 56 const std::string& function_name, |
| 35 const std::vector<const base::Value*>& arg_list) { | 57 const std::vector<const base::Value*>& arg_list) { |
| 36 base::string16 parameters; | 58 base::string16 parameters; |
| 37 std::string json; | 59 std::string json; |
| 38 for (size_t i = 0; i < arg_list.size(); ++i) { | 60 for (size_t i = 0; i < arg_list.size(); ++i) { |
| 39 if (i > 0) | 61 if (i > 0) |
| 40 parameters += base::char16(','); | 62 parameters += base::char16(','); |
| 41 | 63 |
| 42 base::JSONWriter::Write(*arg_list[i], &json); | 64 base::JSONWriter::Write(*arg_list[i], &json); |
| 43 parameters += base::UTF8ToUTF16(json); | 65 parameters += base::UTF8ToUTF16(json); |
| 44 } | 66 } |
| 45 return base::ASCIIToUTF16(function_name) + | 67 return base::ASCIIToUTF16(function_name) + |
| 46 base::char16('(') + parameters + base::char16(')') + base::char16(';'); | 68 base::char16('(') + parameters + base::char16(')') + base::char16(';'); |
| 47 } | 69 } |
| 48 | 70 |
| 49 WebUIImpl::WebUIImpl(WebContents* contents, const std::string& frame_name) | 71 WebUIImpl::WebUIImpl(WebContents* contents, const std::string& frame_name) |
| 50 : link_transition_type_(ui::PAGE_TRANSITION_LINK), | 72 : link_transition_type_(ui::PAGE_TRANSITION_LINK), |
| 51 bindings_(BINDINGS_POLICY_WEB_UI), | 73 bindings_(BINDINGS_POLICY_WEB_UI), |
| 52 web_contents_(contents), | 74 web_contents_(contents), |
| 75 web_contents_observer_(new MainFrameNavigationObserver(this, contents)), | |
| 53 frame_name_(frame_name) { | 76 frame_name_(frame_name) { |
| 54 DCHECK(contents); | 77 DCHECK(contents); |
| 55 } | 78 } |
| 56 | 79 |
| 57 WebUIImpl::~WebUIImpl() { | 80 WebUIImpl::~WebUIImpl() { |
| 58 // Delete the controller first, since it may also be keeping a pointer to some | 81 // Delete the controller first, since it may also be keeping a pointer to some |
| 59 // of the handlers and can call them at destruction. | 82 // of the handlers and can call them at destruction. |
| 60 controller_.reset(); | 83 controller_.reset(); |
| 61 } | 84 } |
| 62 | 85 |
| (...skipping 25 matching lines...) Expand all Loading... | |
| 88 void WebUIImpl::RenderViewCreated(RenderViewHost* render_view_host) { | 111 void WebUIImpl::RenderViewCreated(RenderViewHost* render_view_host) { |
| 89 controller_->RenderViewCreated(render_view_host); | 112 controller_->RenderViewCreated(render_view_host); |
| 90 } | 113 } |
| 91 | 114 |
| 92 void WebUIImpl::RenderViewReused(RenderViewHost* render_view_host, | 115 void WebUIImpl::RenderViewReused(RenderViewHost* render_view_host, |
| 93 bool was_main_frame) { | 116 bool was_main_frame) { |
| 94 if (was_main_frame) { | 117 if (was_main_frame) { |
| 95 GURL site_url = render_view_host->GetSiteInstance()->GetSiteURL(); | 118 GURL site_url = render_view_host->GetSiteInstance()->GetSiteURL(); |
| 96 GetContentClient()->browser()->LogWebUIUrl(site_url); | 119 GetContentClient()->browser()->LogWebUIUrl(site_url); |
| 97 } | 120 } |
| 98 | |
| 99 for (WebUIMessageHandler* handler : handlers_) | |
| 100 handler->RenderViewReused(); | |
| 101 } | 121 } |
| 102 | 122 |
| 103 void WebUIImpl::RenderFrameHostSwappingOut() { | 123 void WebUIImpl::RenderFrameHostSwappingOut() { |
| 104 for (WebUIMessageHandler* handler : handlers_) | 124 DisallowJavascriptOnAllHandlers(); |
| 105 handler->DisallowJavascript(); | |
| 106 } | 125 } |
| 107 | 126 |
| 108 WebContents* WebUIImpl::GetWebContents() const { | 127 WebContents* WebUIImpl::GetWebContents() const { |
| 109 return web_contents_; | 128 return web_contents_; |
| 110 } | 129 } |
| 111 | 130 |
| 112 float WebUIImpl::GetDeviceScaleFactor() const { | 131 float WebUIImpl::GetDeviceScaleFactor() const { |
| 113 return GetScaleFactorForView(web_contents_->GetRenderWidgetHostView()); | 132 return GetScaleFactorForView(web_contents_->GetRenderWidgetHostView()); |
| 114 } | 133 } |
| 115 | 134 |
| (...skipping 161 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 277 return *frame_set.begin(); | 296 return *frame_set.begin(); |
| 278 } | 297 } |
| 279 | 298 |
| 280 void WebUIImpl::AddToSetIfFrameNameMatches( | 299 void WebUIImpl::AddToSetIfFrameNameMatches( |
| 281 std::set<RenderFrameHost*>* frame_set, | 300 std::set<RenderFrameHost*>* frame_set, |
| 282 RenderFrameHost* host) { | 301 RenderFrameHost* host) { |
| 283 if (host->GetFrameName() == frame_name_) | 302 if (host->GetFrameName() == frame_name_) |
| 284 frame_set->insert(host); | 303 frame_set->insert(host); |
| 285 } | 304 } |
| 286 | 305 |
| 306 void WebUIImpl::DisallowJavascriptOnAllHandlers() { | |
| 307 for (WebUIMessageHandler* handler : handlers_) | |
| 308 handler->DisallowJavascript(); | |
| 309 } | |
| 310 | |
| 287 } // namespace content | 311 } // namespace content |
| OLD | NEW |
