| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/renderer/content_settings_observer.h" | 5 #include "chrome/renderer/content_settings_observer.h" |
| 6 | 6 |
| 7 #include "base/command_line.h" | 7 #include "base/command_line.h" |
| 8 #include "base/metrics/histogram.h" | 8 #include "base/metrics/histogram.h" |
| 9 #include "chrome/common/chrome_switches.h" | 9 #include "chrome/common/chrome_switches.h" |
| 10 #include "chrome/common/render_messages.h" | 10 #include "chrome/common/render_messages.h" |
| (...skipping 215 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 226 temporarily_allowed_plugins_.clear(); | 226 temporarily_allowed_plugins_.clear(); |
| 227 } | 227 } |
| 228 | 228 |
| 229 GURL url = frame->document().url(); | 229 GURL url = frame->document().url(); |
| 230 // If we start failing this DCHECK, please makes sure we don't regress | 230 // If we start failing this DCHECK, please makes sure we don't regress |
| 231 // this bug: http://code.google.com/p/chromium/issues/detail?id=79304 | 231 // this bug: http://code.google.com/p/chromium/issues/detail?id=79304 |
| 232 DCHECK(frame->document().securityOrigin().toString() == "null" || | 232 DCHECK(frame->document().securityOrigin().toString() == "null" || |
| 233 !url.SchemeIs(content::kDataScheme)); | 233 !url.SchemeIs(content::kDataScheme)); |
| 234 } | 234 } |
| 235 | 235 |
| 236 bool ContentSettingsObserver::allowDatabase(WebFrame* frame, | 236 bool ContentSettingsObserver::allowDatabase( |
| 237 const WebString& name, | 237 blink::WebFrame* frame, |
| 238 const blink::WebString& name, |
| 239 const blink::WebString& display_name, |
| 240 unsigned long estimated_size) { |
| 241 return allowDatabase(name, display_name, estimated_size); |
| 242 } |
| 243 |
| 244 bool ContentSettingsObserver::allowFileSystem(blink::WebFrame* frame) { |
| 245 return allowFileSystem(); |
| 246 } |
| 247 |
| 248 bool ContentSettingsObserver::allowImage(blink::WebFrame* frame, |
| 249 bool enabled_per_settings, |
| 250 const blink::WebURL& image_url) { |
| 251 return allowImage(enabled_per_settings, image_url); |
| 252 } |
| 253 |
| 254 bool ContentSettingsObserver::allowIndexedDB( |
| 255 blink::WebFrame* frame, |
| 256 const blink::WebString& name, |
| 257 const blink::WebSecurityOrigin& origin) { |
| 258 return allowIndexedDB(name, origin); |
| 259 } |
| 260 |
| 261 bool ContentSettingsObserver::allowPlugins(blink::WebFrame* frame, |
| 262 bool enabled_per_settings) { |
| 263 return allowPlugins(enabled_per_settings); |
| 264 } |
| 265 |
| 266 bool ContentSettingsObserver::allowScript(blink::WebFrame* frame, |
| 267 bool enabled_per_settings) { |
| 268 return allowScript(enabled_per_settings); |
| 269 } |
| 270 |
| 271 bool ContentSettingsObserver::allowScriptFromSource( |
| 272 blink::WebFrame* frame, |
| 273 bool enabled_per_settings, |
| 274 const blink::WebURL& script_url) { |
| 275 return allowScriptFromSource(enabled_per_settings, script_url); |
| 276 } |
| 277 |
| 278 bool ContentSettingsObserver::allowStorage(blink::WebFrame* frame, bool local) { |
| 279 return allowStorage(local); |
| 280 } |
| 281 |
| 282 bool ContentSettingsObserver::allowReadFromClipboard(blink::WebFrame* frame, |
| 283 bool default_value) { |
| 284 return allowReadFromClipboard(default_value); |
| 285 } |
| 286 |
| 287 bool ContentSettingsObserver::allowWriteToClipboard(blink::WebFrame* frame, |
| 288 bool default_value) { |
| 289 return allowWriteToClipboard(default_value); |
| 290 } |
| 291 |
| 292 bool ContentSettingsObserver::allowWebComponents(blink::WebFrame* frame, |
| 293 bool default_value) { |
| 294 return allowWebComponents(default_value); |
| 295 } |
| 296 |
| 297 bool ContentSettingsObserver::allowMutationEvents(blink::WebFrame* frame, |
| 298 bool default_value) { |
| 299 return allowMutationEvents(default_value); |
| 300 } |
| 301 |
| 302 bool ContentSettingsObserver::allowPushState(blink::WebFrame* frame) { |
| 303 return allowPushState(); |
| 304 } |
| 305 |
| 306 void ContentSettingsObserver::didNotAllowPlugins(blink::WebFrame* frame) { |
| 307 return didNotAllowPlugins(); |
| 308 } |
| 309 |
| 310 void ContentSettingsObserver::didNotAllowScript(blink::WebFrame* frame) { |
| 311 return didNotAllowScript(); |
| 312 } |
| 313 |
| 314 bool ContentSettingsObserver::allowDisplayingInsecureContent( |
| 315 blink::WebFrame* frame, |
| 316 bool allowed_per_settings, |
| 317 const blink::WebSecurityOrigin& context, |
| 318 const blink::WebURL& url) { |
| 319 return allowDisplayingInsecureContent(allowed_per_settings, context, url); |
| 320 } |
| 321 |
| 322 bool ContentSettingsObserver::allowRunningInsecureContent( |
| 323 blink::WebFrame* frame, |
| 324 bool allowed_per_settings, |
| 325 const blink::WebSecurityOrigin& context, |
| 326 const blink::WebURL& url) { |
| 327 return allowRunningInsecureContent(allowed_per_settings, context, url); |
| 328 } |
| 329 |
| 330 bool ContentSettingsObserver::allowDatabase(const WebString& name, |
| 238 const WebString& display_name, | 331 const WebString& display_name, |
| 239 unsigned long estimated_size) { | 332 unsigned long estimated_size) { |
| 333 WebFrame* frame = render_frame()->GetWebFrame(); |
| 240 if (frame->document().securityOrigin().isUnique() || | 334 if (frame->document().securityOrigin().isUnique() || |
| 241 frame->top()->document().securityOrigin().isUnique()) | 335 frame->top()->document().securityOrigin().isUnique()) |
| 242 return false; | 336 return false; |
| 243 | 337 |
| 244 bool result = false; | 338 bool result = false; |
| 245 Send(new ChromeViewHostMsg_AllowDatabase( | 339 Send(new ChromeViewHostMsg_AllowDatabase( |
| 246 routing_id(), GURL(frame->document().securityOrigin().toString()), | 340 routing_id(), GURL(frame->document().securityOrigin().toString()), |
| 247 GURL(frame->top()->document().securityOrigin().toString()), | 341 GURL(frame->top()->document().securityOrigin().toString()), |
| 248 name, display_name, &result)); | 342 name, display_name, &result)); |
| 249 return result; | 343 return result; |
| 250 } | 344 } |
| 251 | 345 |
| 252 bool ContentSettingsObserver::allowFileSystem(WebFrame* frame) { | 346 bool ContentSettingsObserver::allowFileSystem() { |
| 347 WebFrame* frame = render_frame()->GetWebFrame(); |
| 253 if (frame->document().securityOrigin().isUnique() || | 348 if (frame->document().securityOrigin().isUnique() || |
| 254 frame->top()->document().securityOrigin().isUnique()) | 349 frame->top()->document().securityOrigin().isUnique()) |
| 255 return false; | 350 return false; |
| 256 | 351 |
| 257 bool result = false; | 352 bool result = false; |
| 258 Send(new ChromeViewHostMsg_AllowFileSystem( | 353 Send(new ChromeViewHostMsg_AllowFileSystem( |
| 259 routing_id(), GURL(frame->document().securityOrigin().toString()), | 354 routing_id(), GURL(frame->document().securityOrigin().toString()), |
| 260 GURL(frame->top()->document().securityOrigin().toString()), &result)); | 355 GURL(frame->top()->document().securityOrigin().toString()), &result)); |
| 261 return result; | 356 return result; |
| 262 } | 357 } |
| 263 | 358 |
| 264 bool ContentSettingsObserver::allowImage(WebFrame* frame, | 359 bool ContentSettingsObserver::allowImage(bool enabled_per_settings, |
| 265 bool enabled_per_settings, | |
| 266 const WebURL& image_url) { | 360 const WebURL& image_url) { |
| 267 bool allow = enabled_per_settings; | 361 bool allow = enabled_per_settings; |
| 268 if (enabled_per_settings) { | 362 if (enabled_per_settings) { |
| 269 if (is_interstitial_page_) | 363 if (is_interstitial_page_) |
| 270 return true; | 364 return true; |
| 365 |
| 366 WebFrame* frame = render_frame()->GetWebFrame(); |
| 271 if (IsWhitelistedForContentSettings(frame)) | 367 if (IsWhitelistedForContentSettings(frame)) |
| 272 return true; | 368 return true; |
| 273 | 369 |
| 274 if (content_setting_rules_) { | 370 if (content_setting_rules_) { |
| 275 GURL secondary_url(image_url); | 371 GURL secondary_url(image_url); |
| 276 allow = GetContentSettingFromRules( | 372 allow = GetContentSettingFromRules( |
| 277 content_setting_rules_->image_rules, | 373 content_setting_rules_->image_rules, |
| 278 frame, secondary_url) != CONTENT_SETTING_BLOCK; | 374 frame, secondary_url) != CONTENT_SETTING_BLOCK; |
| 279 } | 375 } |
| 280 } | 376 } |
| 281 if (!allow) | 377 if (!allow) |
| 282 DidBlockContentType(CONTENT_SETTINGS_TYPE_IMAGES); | 378 DidBlockContentType(CONTENT_SETTINGS_TYPE_IMAGES); |
| 283 return allow; | 379 return allow; |
| 284 } | 380 } |
| 285 | 381 |
| 286 bool ContentSettingsObserver::allowIndexedDB(WebFrame* frame, | 382 bool ContentSettingsObserver::allowIndexedDB(const WebString& name, |
| 287 const WebString& name, | |
| 288 const WebSecurityOrigin& origin) { | 383 const WebSecurityOrigin& origin) { |
| 384 WebFrame* frame = render_frame()->GetWebFrame(); |
| 289 if (frame->document().securityOrigin().isUnique() || | 385 if (frame->document().securityOrigin().isUnique() || |
| 290 frame->top()->document().securityOrigin().isUnique()) | 386 frame->top()->document().securityOrigin().isUnique()) |
| 291 return false; | 387 return false; |
| 292 | 388 |
| 293 bool result = false; | 389 bool result = false; |
| 294 Send(new ChromeViewHostMsg_AllowIndexedDB( | 390 Send(new ChromeViewHostMsg_AllowIndexedDB( |
| 295 routing_id(), GURL(frame->document().securityOrigin().toString()), | 391 routing_id(), GURL(frame->document().securityOrigin().toString()), |
| 296 GURL(frame->top()->document().securityOrigin().toString()), | 392 GURL(frame->top()->document().securityOrigin().toString()), |
| 297 name, &result)); | 393 name, &result)); |
| 298 return result; | 394 return result; |
| 299 } | 395 } |
| 300 | 396 |
| 301 bool ContentSettingsObserver::allowPlugins(WebFrame* frame, | 397 bool ContentSettingsObserver::allowPlugins(bool enabled_per_settings) { |
| 302 bool enabled_per_settings) { | |
| 303 return enabled_per_settings; | 398 return enabled_per_settings; |
| 304 } | 399 } |
| 305 | 400 |
| 306 bool ContentSettingsObserver::allowScript(WebFrame* frame, | 401 bool ContentSettingsObserver::allowScript(bool enabled_per_settings) { |
| 307 bool enabled_per_settings) { | |
| 308 if (!enabled_per_settings) | 402 if (!enabled_per_settings) |
| 309 return false; | 403 return false; |
| 310 if (is_interstitial_page_) | 404 if (is_interstitial_page_) |
| 311 return true; | 405 return true; |
| 312 | 406 |
| 407 WebFrame* frame = render_frame()->GetWebFrame(); |
| 313 std::map<WebFrame*, bool>::const_iterator it = | 408 std::map<WebFrame*, bool>::const_iterator it = |
| 314 cached_script_permissions_.find(frame); | 409 cached_script_permissions_.find(frame); |
| 315 if (it != cached_script_permissions_.end()) | 410 if (it != cached_script_permissions_.end()) |
| 316 return it->second; | 411 return it->second; |
| 317 | 412 |
| 318 // Evaluate the content setting rules before | 413 // Evaluate the content setting rules before |
| 319 // |IsWhitelistedForContentSettings|; if there is only the default rule | 414 // |IsWhitelistedForContentSettings|; if there is only the default rule |
| 320 // allowing all scripts, it's quicker this way. | 415 // allowing all scripts, it's quicker this way. |
| 321 bool allow = true; | 416 bool allow = true; |
| 322 if (content_setting_rules_) { | 417 if (content_setting_rules_) { |
| 323 ContentSetting setting = GetContentSettingFromRules( | 418 ContentSetting setting = GetContentSettingFromRules( |
| 324 content_setting_rules_->script_rules, | 419 content_setting_rules_->script_rules, |
| 325 frame, | 420 frame, |
| 326 GURL(frame->document().securityOrigin().toString())); | 421 GURL(frame->document().securityOrigin().toString())); |
| 327 allow = setting != CONTENT_SETTING_BLOCK; | 422 allow = setting != CONTENT_SETTING_BLOCK; |
| 328 } | 423 } |
| 329 allow = allow || IsWhitelistedForContentSettings(frame); | 424 allow = allow || IsWhitelistedForContentSettings(frame); |
| 330 | 425 |
| 331 cached_script_permissions_[frame] = allow; | 426 cached_script_permissions_[frame] = allow; |
| 332 return allow; | 427 return allow; |
| 333 } | 428 } |
| 334 | 429 |
| 335 bool ContentSettingsObserver::allowScriptFromSource( | 430 bool ContentSettingsObserver::allowScriptFromSource( |
| 336 WebFrame* frame, | |
| 337 bool enabled_per_settings, | 431 bool enabled_per_settings, |
| 338 const blink::WebURL& script_url) { | 432 const blink::WebURL& script_url) { |
| 339 if (!enabled_per_settings) | 433 if (!enabled_per_settings) |
| 340 return false; | 434 return false; |
| 341 if (is_interstitial_page_) | 435 if (is_interstitial_page_) |
| 342 return true; | 436 return true; |
| 343 | 437 |
| 344 bool allow = true; | 438 bool allow = true; |
| 439 WebFrame* frame = render_frame()->GetWebFrame(); |
| 345 if (content_setting_rules_) { | 440 if (content_setting_rules_) { |
| 346 ContentSetting setting = GetContentSettingFromRules( | 441 ContentSetting setting = GetContentSettingFromRules( |
| 347 content_setting_rules_->script_rules, | 442 content_setting_rules_->script_rules, |
| 348 frame, | 443 frame, |
| 349 GURL(script_url)); | 444 GURL(script_url)); |
| 350 allow = setting != CONTENT_SETTING_BLOCK; | 445 allow = setting != CONTENT_SETTING_BLOCK; |
| 351 } | 446 } |
| 352 return allow || IsWhitelistedForContentSettings(frame); | 447 return allow || IsWhitelistedForContentSettings(frame); |
| 353 } | 448 } |
| 354 | 449 |
| 355 bool ContentSettingsObserver::allowStorage(WebFrame* frame, bool local) { | 450 bool ContentSettingsObserver::allowStorage(bool local) { |
| 451 WebFrame* frame = render_frame()->GetWebFrame(); |
| 356 if (frame->document().securityOrigin().isUnique() || | 452 if (frame->document().securityOrigin().isUnique() || |
| 357 frame->top()->document().securityOrigin().isUnique()) | 453 frame->top()->document().securityOrigin().isUnique()) |
| 358 return false; | 454 return false; |
| 359 bool result = false; | 455 bool result = false; |
| 360 | 456 |
| 361 StoragePermissionsKey key( | 457 StoragePermissionsKey key( |
| 362 GURL(frame->document().securityOrigin().toString()), local); | 458 GURL(frame->document().securityOrigin().toString()), local); |
| 363 std::map<StoragePermissionsKey, bool>::const_iterator permissions = | 459 std::map<StoragePermissionsKey, bool>::const_iterator permissions = |
| 364 cached_storage_permissions_.find(key); | 460 cached_storage_permissions_.find(key); |
| 365 if (permissions != cached_storage_permissions_.end()) | 461 if (permissions != cached_storage_permissions_.end()) |
| 366 return permissions->second; | 462 return permissions->second; |
| 367 | 463 |
| 368 Send(new ChromeViewHostMsg_AllowDOMStorage( | 464 Send(new ChromeViewHostMsg_AllowDOMStorage( |
| 369 routing_id(), GURL(frame->document().securityOrigin().toString()), | 465 routing_id(), GURL(frame->document().securityOrigin().toString()), |
| 370 GURL(frame->top()->document().securityOrigin().toString()), | 466 GURL(frame->top()->document().securityOrigin().toString()), |
| 371 local, &result)); | 467 local, &result)); |
| 372 cached_storage_permissions_[key] = result; | 468 cached_storage_permissions_[key] = result; |
| 373 return result; | 469 return result; |
| 374 } | 470 } |
| 375 | 471 |
| 376 bool ContentSettingsObserver::allowReadFromClipboard(WebFrame* frame, | 472 bool ContentSettingsObserver::allowReadFromClipboard(bool default_value) { |
| 377 bool default_value) { | |
| 378 bool allowed = false; | 473 bool allowed = false; |
| 474 WebFrame* frame = render_frame()->GetWebFrame(); |
| 379 // TODO(dcheng): Should we consider a toURL() method on WebSecurityOrigin? | 475 // TODO(dcheng): Should we consider a toURL() method on WebSecurityOrigin? |
| 380 Send(new ChromeViewHostMsg_CanTriggerClipboardRead( | 476 Send(new ChromeViewHostMsg_CanTriggerClipboardRead( |
| 381 GURL(frame->document().securityOrigin().toString()), &allowed)); | 477 GURL(frame->document().securityOrigin().toString()), &allowed)); |
| 382 return allowed; | 478 return allowed; |
| 383 } | 479 } |
| 384 | 480 |
| 385 bool ContentSettingsObserver::allowWriteToClipboard(WebFrame* frame, | 481 bool ContentSettingsObserver::allowWriteToClipboard(bool default_value) { |
| 386 bool default_value) { | |
| 387 bool allowed = false; | 482 bool allowed = false; |
| 483 WebFrame* frame = render_frame()->GetWebFrame(); |
| 388 Send(new ChromeViewHostMsg_CanTriggerClipboardWrite( | 484 Send(new ChromeViewHostMsg_CanTriggerClipboardWrite( |
| 389 GURL(frame->document().securityOrigin().toString()), &allowed)); | 485 GURL(frame->document().securityOrigin().toString()), &allowed)); |
| 390 return allowed; | 486 return allowed; |
| 391 } | 487 } |
| 392 | 488 |
| 393 bool ContentSettingsObserver::allowWebComponents(WebFrame* frame, | 489 bool ContentSettingsObserver::allowWebComponents(bool default_value) { |
| 394 bool defaultValue) { | 490 if (default_value) |
| 395 if (defaultValue) | |
| 396 return true; | 491 return true; |
| 397 | 492 |
| 493 WebFrame* frame = render_frame()->GetWebFrame(); |
| 398 WebSecurityOrigin origin = frame->document().securityOrigin(); | 494 WebSecurityOrigin origin = frame->document().securityOrigin(); |
| 399 if (EqualsASCII(origin.protocol(), content::kChromeUIScheme)) | 495 if (EqualsASCII(origin.protocol(), content::kChromeUIScheme)) |
| 400 return true; | 496 return true; |
| 401 | 497 |
| 402 if (const extensions::Extension* extension = GetExtension(origin)) { | 498 if (const extensions::Extension* extension = GetExtension(origin)) { |
| 403 if (extension->HasAPIPermission(APIPermission::kExperimental)) | 499 if (extension->HasAPIPermission(APIPermission::kExperimental)) |
| 404 return true; | 500 return true; |
| 405 } | 501 } |
| 406 | 502 |
| 407 return false; | 503 return false; |
| 408 } | 504 } |
| 409 | 505 |
| 410 bool ContentSettingsObserver::allowMutationEvents(WebFrame* frame, | 506 bool ContentSettingsObserver::allowMutationEvents(bool default_value) { |
| 411 bool default_value) { | 507 WebFrame* frame = render_frame()->GetWebFrame(); |
| 412 WebSecurityOrigin origin = frame->document().securityOrigin(); | 508 WebSecurityOrigin origin = frame->document().securityOrigin(); |
| 413 const extensions::Extension* extension = GetExtension(origin); | 509 const extensions::Extension* extension = GetExtension(origin); |
| 414 if (extension && extension->is_platform_app()) | 510 if (extension && extension->is_platform_app()) |
| 415 return false; | 511 return false; |
| 416 return default_value; | 512 return default_value; |
| 417 } | 513 } |
| 418 | 514 |
| 419 bool ContentSettingsObserver::allowPushState(WebFrame* frame) { | 515 bool ContentSettingsObserver::allowPushState() { |
| 516 WebFrame* frame = render_frame()->GetWebFrame(); |
| 420 WebSecurityOrigin origin = frame->document().securityOrigin(); | 517 WebSecurityOrigin origin = frame->document().securityOrigin(); |
| 421 const extensions::Extension* extension = GetExtension(origin); | 518 const extensions::Extension* extension = GetExtension(origin); |
| 422 return !extension || !extension->is_platform_app(); | 519 return !extension || !extension->is_platform_app(); |
| 423 } | 520 } |
| 424 | 521 |
| 425 static void SendInsecureContentSignal(int signal) { | 522 static void SendInsecureContentSignal(int signal) { |
| 426 UMA_HISTOGRAM_ENUMERATION("SSL.InsecureContent", signal, | 523 UMA_HISTOGRAM_ENUMERATION("SSL.InsecureContent", signal, |
| 427 INSECURE_CONTENT_NUM_EVENTS); | 524 INSECURE_CONTENT_NUM_EVENTS); |
| 428 } | 525 } |
| 429 | 526 |
| 430 bool ContentSettingsObserver::allowDisplayingInsecureContent( | 527 bool ContentSettingsObserver::allowDisplayingInsecureContent( |
| 431 blink::WebFrame* frame, | |
| 432 bool allowed_per_settings, | 528 bool allowed_per_settings, |
| 433 const blink::WebSecurityOrigin& origin, | 529 const blink::WebSecurityOrigin& origin, |
| 434 const blink::WebURL& resource_url) { | 530 const blink::WebURL& resource_url) { |
| 435 SendInsecureContentSignal(INSECURE_CONTENT_DISPLAY); | 531 SendInsecureContentSignal(INSECURE_CONTENT_DISPLAY); |
| 436 | 532 |
| 437 std::string origin_host(origin.host().utf8()); | 533 std::string origin_host(origin.host().utf8()); |
| 534 WebFrame* frame = render_frame()->GetWebFrame(); |
| 438 GURL frame_gurl(frame->document().url()); | 535 GURL frame_gurl(frame->document().url()); |
| 439 if (IsHostInDomain(origin_host, kGoogleDotCom)) { | 536 if (IsHostInDomain(origin_host, kGoogleDotCom)) { |
| 440 SendInsecureContentSignal(INSECURE_CONTENT_DISPLAY_HOST_GOOGLE); | 537 SendInsecureContentSignal(INSECURE_CONTENT_DISPLAY_HOST_GOOGLE); |
| 441 if (StartsWithASCII(frame_gurl.path(), kGoogleSupportPathPrefix, false)) { | 538 if (StartsWithASCII(frame_gurl.path(), kGoogleSupportPathPrefix, false)) { |
| 442 SendInsecureContentSignal(INSECURE_CONTENT_DISPLAY_HOST_GOOGLE_SUPPORT); | 539 SendInsecureContentSignal(INSECURE_CONTENT_DISPLAY_HOST_GOOGLE_SUPPORT); |
| 443 } else if (StartsWithASCII(frame_gurl.path(), | 540 } else if (StartsWithASCII(frame_gurl.path(), |
| 444 kGoogleIntlPathPrefix, | 541 kGoogleIntlPathPrefix, |
| 445 false)) { | 542 false)) { |
| 446 SendInsecureContentSignal(INSECURE_CONTENT_DISPLAY_HOST_GOOGLE_INTL); | 543 SendInsecureContentSignal(INSECURE_CONTENT_DISPLAY_HOST_GOOGLE_INTL); |
| 447 } | 544 } |
| (...skipping 29 matching lines...) Expand all Loading... |
| 477 | 574 |
| 478 if (allowed_per_settings || allow_displaying_insecure_content_) | 575 if (allowed_per_settings || allow_displaying_insecure_content_) |
| 479 return true; | 576 return true; |
| 480 | 577 |
| 481 Send(new ChromeViewHostMsg_DidBlockDisplayingInsecureContent(routing_id())); | 578 Send(new ChromeViewHostMsg_DidBlockDisplayingInsecureContent(routing_id())); |
| 482 | 579 |
| 483 return false; | 580 return false; |
| 484 } | 581 } |
| 485 | 582 |
| 486 bool ContentSettingsObserver::allowRunningInsecureContent( | 583 bool ContentSettingsObserver::allowRunningInsecureContent( |
| 487 blink::WebFrame* frame, | |
| 488 bool allowed_per_settings, | 584 bool allowed_per_settings, |
| 489 const blink::WebSecurityOrigin& origin, | 585 const blink::WebSecurityOrigin& origin, |
| 490 const blink::WebURL& resource_url) { | 586 const blink::WebURL& resource_url) { |
| 491 std::string origin_host(origin.host().utf8()); | 587 std::string origin_host(origin.host().utf8()); |
| 588 WebFrame* frame = render_frame()->GetWebFrame(); |
| 492 GURL frame_gurl(frame->document().url()); | 589 GURL frame_gurl(frame->document().url()); |
| 493 DCHECK_EQ(frame_gurl.host(), origin_host); | 590 DCHECK_EQ(frame_gurl.host(), origin_host); |
| 494 | 591 |
| 495 bool is_google = IsHostInDomain(origin_host, kGoogleDotCom); | 592 bool is_google = IsHostInDomain(origin_host, kGoogleDotCom); |
| 496 if (is_google) { | 593 if (is_google) { |
| 497 SendInsecureContentSignal(INSECURE_CONTENT_RUN_HOST_GOOGLE); | 594 SendInsecureContentSignal(INSECURE_CONTENT_RUN_HOST_GOOGLE); |
| 498 if (StartsWithASCII(frame_gurl.path(), kGoogleSupportPathPrefix, false)) { | 595 if (StartsWithASCII(frame_gurl.path(), kGoogleSupportPathPrefix, false)) { |
| 499 SendInsecureContentSignal(INSECURE_CONTENT_RUN_HOST_GOOGLE_SUPPORT); | 596 SendInsecureContentSignal(INSECURE_CONTENT_RUN_HOST_GOOGLE_SUPPORT); |
| 500 } else if (StartsWithASCII(frame_gurl.path(), | 597 } else if (StartsWithASCII(frame_gurl.path(), |
| 501 kGoogleIntlPathPrefix, | 598 kGoogleIntlPathPrefix, |
| (...skipping 40 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 542 SendInsecureContentSignal(INSECURE_CONTENT_RUN_SWF); | 639 SendInsecureContentSignal(INSECURE_CONTENT_RUN_SWF); |
| 543 | 640 |
| 544 if (!allow_running_insecure_content_ && !allowed_per_settings) { | 641 if (!allow_running_insecure_content_ && !allowed_per_settings) { |
| 545 DidBlockContentType(CONTENT_SETTINGS_TYPE_MIXEDSCRIPT); | 642 DidBlockContentType(CONTENT_SETTINGS_TYPE_MIXEDSCRIPT); |
| 546 return false; | 643 return false; |
| 547 } | 644 } |
| 548 | 645 |
| 549 return true; | 646 return true; |
| 550 } | 647 } |
| 551 | 648 |
| 552 void ContentSettingsObserver::didNotAllowPlugins(WebFrame* frame) { | 649 void ContentSettingsObserver::didNotAllowPlugins() { |
| 553 DidBlockContentType(CONTENT_SETTINGS_TYPE_PLUGINS); | 650 DidBlockContentType(CONTENT_SETTINGS_TYPE_PLUGINS); |
| 554 } | 651 } |
| 555 | 652 |
| 556 void ContentSettingsObserver::didNotAllowScript(WebFrame* frame) { | 653 void ContentSettingsObserver::didNotAllowScript() { |
| 557 DidBlockContentType(CONTENT_SETTINGS_TYPE_JAVASCRIPT); | 654 DidBlockContentType(CONTENT_SETTINGS_TYPE_JAVASCRIPT); |
| 558 } | 655 } |
| 559 | 656 |
| 560 bool ContentSettingsObserver::AreNPAPIPluginsBlocked() const { | 657 bool ContentSettingsObserver::AreNPAPIPluginsBlocked() const { |
| 561 return npapi_plugins_blocked_; | 658 return npapi_plugins_blocked_; |
| 562 } | 659 } |
| 563 | 660 |
| 564 void ContentSettingsObserver::OnLoadBlockedPlugins( | 661 void ContentSettingsObserver::OnLoadBlockedPlugins( |
| 565 const std::string& identifier) { | 662 const std::string& identifier) { |
| 566 temporarily_allowed_plugins_.insert(identifier); | 663 temporarily_allowed_plugins_.insert(identifier); |
| (...skipping 82 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 649 | 746 |
| 650 // If the scheme is file:, an empty file name indicates a directory listing, | 747 // If the scheme is file:, an empty file name indicates a directory listing, |
| 651 // which requires JavaScript to function properly. | 748 // which requires JavaScript to function properly. |
| 652 if (EqualsASCII(origin.protocol(), content::kFileScheme)) { | 749 if (EqualsASCII(origin.protocol(), content::kFileScheme)) { |
| 653 return document_url.SchemeIs(content::kFileScheme) && | 750 return document_url.SchemeIs(content::kFileScheme) && |
| 654 document_url.ExtractFileName().empty(); | 751 document_url.ExtractFileName().empty(); |
| 655 } | 752 } |
| 656 | 753 |
| 657 return false; | 754 return false; |
| 658 } | 755 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 216983003:
Chrome side changes to removing WebFrame parameter from WebPermissionClient, since it's redundant n… (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/