Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(16)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/browser/webui/web_ui_impl.cc

Issue 2099563002: WebUI: DisallowJavascript only on Refresh and non-same-page navigations (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: fix style Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « content/browser/webui/web_ui_impl.h ('k') | content/browser/webui/web_ui_message_handler.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/browser/webui/web_ui_impl.cc
diff --git a/content/browser/webui/web_ui_impl.cc b/content/browser/webui/web_ui_impl.cc
index 8e3aef02d4a46377df213cb9d3a7d8db6266a367..880029a3ee1c286657481e7bfacb2ec67b6db59c 100644
--- a/content/browser/webui/web_ui_impl.cc
+++ b/content/browser/webui/web_ui_impl.cc
@@ -18,8 +18,10 @@
#include "content/browser/webui/web_ui_controller_factory_registry.h"
#include "content/common/view_messages.h"
#include "content/public/browser/content_browser_client.h"
+#include "content/public/browser/navigation_handle.h"
#include "content/public/browser/render_frame_host.h"
#include "content/public/browser/render_view_host.h"
+#include "content/public/browser/web_contents_observer.h"
#include "content/public/browser/web_ui_controller.h"
#include "content/public/browser/web_ui_message_handler.h"
#include "content/public/common/bindings_policy.h"
@@ -27,6 +29,26 @@
namespace content {
+class WebUIImpl::MainFrameNavigationObserver : public WebContentsObserver {
+ public:
+ MainFrameNavigationObserver(WebUIImpl* web_ui, WebContents* contents)
+ : WebContentsObserver(contents), web_ui_(web_ui) {}
+ ~MainFrameNavigationObserver() override {}
+
+ private:
+ void DidFinishNavigation(NavigationHandle* navigation_handle) override {
+ // Only disallow JavaScript on cross-document navigations in the main frame.
+ if (!navigation_handle->IsInMainFrame() ||
+ !navigation_handle->HasCommitted() || navigation_handle->IsSamePage()) {
+ return;
+ }
+
+ web_ui_->DisallowJavascriptOnAllHandlers();
+ }
+
+ WebUIImpl* web_ui_;
+};
+
const WebUI::TypeID WebUI::kNoWebUI = NULL;
// static
@@ -50,6 +72,7 @@ WebUIImpl::WebUIImpl(WebContents* contents, const std::string& frame_name)
: link_transition_type_(ui::PAGE_TRANSITION_LINK),
bindings_(BINDINGS_POLICY_WEB_UI),
web_contents_(contents),
+ web_contents_observer_(new MainFrameNavigationObserver(this, contents)),
frame_name_(frame_name) {
DCHECK(contents);
}
@@ -95,14 +118,10 @@ void WebUIImpl::RenderViewReused(RenderViewHost* render_view_host,
GURL site_url = render_view_host->GetSiteInstance()->GetSiteURL();
GetContentClient()->browser()->LogWebUIUrl(site_url);
}
-
- for (WebUIMessageHandler* handler : handlers_)
- handler->RenderViewReused();
}
void WebUIImpl::RenderFrameHostSwappingOut() {
- for (WebUIMessageHandler* handler : handlers_)
- handler->DisallowJavascript();
+ DisallowJavascriptOnAllHandlers();
}
WebContents* WebUIImpl::GetWebContents() const {
@@ -284,4 +303,9 @@ void WebUIImpl::AddToSetIfFrameNameMatches(
frame_set->insert(host);
}
+void WebUIImpl::DisallowJavascriptOnAllHandlers() {
+ for (WebUIMessageHandler* handler : handlers_)
+ handler->DisallowJavascript();
+}
+
} // namespace content
« no previous file with comments | « content/browser/webui/web_ui_impl.h ('k') | content/browser/webui/web_ui_message_handler.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698