Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(71)

Side by Side Diff: third_party/WebKit/Source/core/html/HTMLIFrameElement.cpp

Issue 2183423002: Only do security checks on javascript: URLs for frames for loading (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 4 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
1 /* 1 /*
2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org) 2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org)
3 * (C) 1999 Antti Koivisto (koivisto@kde.org) 3 * (C) 1999 Antti Koivisto (koivisto@kde.org)
4 * (C) 2000 Simon Hausmann (hausmann@kde.org) 4 * (C) 2000 Simon Hausmann (hausmann@kde.org)
5 * (C) 2001 Dirk Mueller (mueller@kde.org) 5 * (C) 2001 Dirk Mueller (mueller@kde.org)
6 * Copyright (C) 2004, 2006, 2008, 2009 Apple Inc. All rights reserved. 6 * Copyright (C) 2004, 2006, 2008, 2009 Apple Inc. All rights reserved.
7 * Copyright (C) 2009 Ericsson AB. All rights reserved. 7 * Copyright (C) 2009 Ericsson AB. All rights reserved.
8 * 8 *
9 * This library is free software; you can redistribute it and/or 9 * This library is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Library General Public 10 * modify it under the terms of the GNU Library General Public
(...skipping 108 matching lines...) Expand 10 before | Expand all | Expand 10 after
119 m_permissions->setValue(value); 119 m_permissions->setValue(value);
120 } else { 120 } else {
121 if (name == srcAttr) 121 if (name == srcAttr)
122 logUpdateAttributeIfIsolatedWorldAndInDocument("iframe", srcAttr, ol dValue, value); 122 logUpdateAttributeIfIsolatedWorldAndInDocument("iframe", srcAttr, ol dValue, value);
123 HTMLFrameElementBase::parseAttribute(name, oldValue, value); 123 HTMLFrameElementBase::parseAttribute(name, oldValue, value);
124 } 124 }
125 } 125 }
126 126
127 bool HTMLIFrameElement::layoutObjectIsNeeded(const ComputedStyle& style) 127 bool HTMLIFrameElement::layoutObjectIsNeeded(const ComputedStyle& style)
128 { 128 {
129 return isURLAllowed() && HTMLElement::layoutObjectIsNeeded(style); 129 return isURLAllowed(WillNotLoadURL) && HTMLElement::layoutObjectIsNeeded(sty le);
130 } 130 }
131 131
132 LayoutObject* HTMLIFrameElement::createLayoutObject(const ComputedStyle&) 132 LayoutObject* HTMLIFrameElement::createLayoutObject(const ComputedStyle&)
133 { 133 {
134 return new LayoutIFrame(this); 134 return new LayoutIFrame(this);
135 } 135 }
136 136
137 Node::InsertionNotificationRequest HTMLIFrameElement::insertedInto(ContainerNode * insertionPoint) 137 Node::InsertionNotificationRequest HTMLIFrameElement::insertedInto(ContainerNode * insertionPoint)
138 { 138 {
139 InsertionNotificationRequest result = HTMLFrameElementBase::insertedInto(ins ertionPoint); 139 InsertionNotificationRequest result = HTMLFrameElementBase::insertedInto(ins ertionPoint);
(...skipping 46 matching lines...) Expand 10 before | Expand all | Expand 10 after
186 { 186 {
187 if (!RuntimeEnabledFeatures::permissionDelegationEnabled()) 187 if (!RuntimeEnabledFeatures::permissionDelegationEnabled())
188 return false; 188 return false;
189 189
190 if (!m_permissions) 190 if (!m_permissions)
191 m_permissions = HTMLIFrameElementPermissions::create(this); 191 m_permissions = HTMLIFrameElementPermissions::create(this);
192 return true; 192 return true;
193 } 193 }
194 194
195 } // namespace blink 195 } // namespace blink
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698